We use a small set of carefully selected partners to provide our services. We have a signed Data Processing Agreement (DPA) with each of them, and we ensure that all of our providers have a excellent security and privacy in place and are fully GDPR compliant.
We perform an annual review of our suppliers to ensure that they continue to be compliant with our legal requirements. We also receive regular security bulletins from these suppliers.
Our Due Diligence information provides more information about suppliers that process participant data.