Sub-processor Change Notification Policy
Version 2.0 - Effective 2026-07-08 - Change log
Template document: review by a qualified data-protection lawyer or DPO before commercial reliance. Not legal advice.
1. Scope
This policy describes how Amaigo notifies clients before adding or replacing a sub-processor used to provide the Whistle service, and how clients can object. It implements clause 6 of the DPA and applies to every entity on the public list at /sub-processors. It covers additions and replacements; removals and non-material updates (for example, a corrected address) are recorded in the change log without advance notice.
2. Notice commitment
Amaigo gives at least 30 days advance notice before a new or replacement sub-processor begins processing client personal data. Notice is given by:
- Direct email to each active client's registered contact (the contact recorded during onboarding, per /legal/onboarding-sop);
- the change log, which is the canonical, timestamped record of every change; and
- the subscription list: prospects, DPOs, and other interested parties can subscribe by emailing [email protected] with the subject "Subscribe: sub-processor updates".
3. What a notice contains
Each notice identifies, for the new or replacement sub-processor:
- name and corporate identity;
- location and processing region;
- function (what it will do for the service);
- the categories of personal data it will process;
- the transfer mechanism, where processing occurs outside the EU or UK; and
- the planned start date of processing.
4. Objection procedure
- A client may object in writing, on reasonable data-protection grounds, within the 30-day notice window, by replying to the notice or emailing [email protected].
- Amaigo and the client will work in good faith to resolve the objection. Options include, where feasible, not deploying the new sub-processor for that client's data, or agreeing alternative safeguards.
- If the objection cannot be resolved before the change takes effect, the client may terminate the affected service and receive a pro-rata refund of prepaid fees for the period after termination, per clause 6.3 of the DPA.
5. Emergency replacements
Where a sub-processor must be replaced immediately for security reasons (for example, a serious vulnerability or a compromise at the sub-processor), Amaigo may make the replacement without 30 days advance notice. In that case Amaigo will notify clients as soon as practicable, explain the security grounds, and the objection procedure in section 4 applies from the date of the notice.
6. Roadmap note
Notices are currently sent individually to each registered client contact and to subscribers. As the client base grows, we plan to move to an automated broadcast list (v2 of this process) so that delivery is systematic rather than manual; the notice content and 30-day commitment will not change.
This document is a GDPR-aligned template and must be reviewed by a qualified data-protection lawyer or DPO before commercial reliance. It is not legal advice.