In some cases, Visma will use subcontractors to process personal data, and we may export your or our Customers data outside the EU. These subcontractors are typically vendors of cloud services or other IT hosting services. When using subcontractors, Visma will always enter into a data processing agreement (DPA) in order to safeguard your privacy rights and/or to fulfil our obligations towards our Customers.
If the processing of data is performed outside of the EU, we will make sure that the DPA is based on the EU Standard Contractual Clauses or that the data importer is certified according to the EU/US Privacy Shield framework, if located in the US. In such cases, we will also inform our Customers about the export of data. Visma is not responsible for providing such information to data subjects whose data is controlled by our Customers.