Last Updated: 1 February 2023
MRI New Zealand Holdings Limited (“MRI”) uses certain subprocessors (and third parties, as listed below), subcontractors and content delivery networks to assist it in providing the MRI OnLocation Services as described in the Master Subscription Agreement (“MSA”). Defined terms used herein shall have the same meaning as defined in the MSA.
You can download the Subprocessors-Subcontractors here
What is a Subprocessor:
A subprocessor is a third party data processor engaged by MRI, who has or potentially will have access to or process Service Data (which may contain Personal Data). MRI engages different types of subprocessors to perform various functions as explained in the tables below. MRI refers to third parties that do not have access to or process Service Data but who are otherwise used to provide the Services as “subcontractors” and not subprocessors.
Due Diligence:
MRI undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to or process Service Data.
Contractual Safeguards:
MRI requires its subprocessors to satisfy equivalent obligations as those required from MRI (as a Data Processor) including but not limited to the requirements to:
- in connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
- implement and maintain appropriate technical and organizational measures (including measures consistent with those to which MRI is contractually committed to adhere insofar as they are equally relevant to the subprocessor’s processing of Personal Data on MRI’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification MRI reserves the right to audit the subprocessor;
- promptly inform MRI about any actual or potential security breach; and
- cooperate with MRI in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
This policy does not give Subscribers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate MRI’s engagement process for subprocessors as well as to provide the actual list of third party subprocessors, subcontractors and content delivery networks used by MRI as of the date of this policy (which MRI may use in the delivery and support of its Services).
Infrastructure Subprocessors – Service Data Storage
MRI owns or controls access to the infrastructure that MRI uses to host Service Data submitted to the Services, other than as set forth below. Currently, the MRI production systems for the Services are located in co-location facilities in the United States, Germany, United Kingdom, Canada, the UK, Australia, and New Zealand. Subscriber accounts are established in one of these regions based on where the Subscriber is located; the Subscriber’s Service Data subsequently remains in that region; but may be shifted among data centres within a region to ensure performance and availability of the Services. The following table describes the countries and legal entities engaged in the storage of Service Data by MRI.
| Entity Name | Entity Type | Entity Country | Location |
| Amazon Web Services, Inc. | Cloud Service Host Provider | United States | Virginia |
| Amazon Web Services, Inc. | Cloud Service Host Provider | Germany | Frankfurt |
| Amazon Web Services, Inc. | Cloud Service Host Provider | United Kingdom | London |
| Amazon Web Services, Inc. | Cloud Service Host Provider | Australia | Sydney |
| Amazon Web Services, Inc. | Cloud Service Host Provider | Canada | Montreal |
Service Specific Subprocessors
MRI uses certain third parties to provide specific functionality within the Services. These providers are the Subprocessors set forth below. In order to provide the relevant functionality these Subprocessors access Service Data. Their use is limited to the indicated Services.
| Entity Name | Purpose | Applicable Services | Entity Country |
| Bulletin Messenger | There are many areas of the Service that utilizes SMS messaging including visitor (Data Subject) arrivals, evacuation alerts,, and Triggers. Data contained in the messages is limited to: the Data Subject’s (visitor, contractor, or employee) Name and where they are from, and whom they are visiting (if applicable). Depending on the settings applied by the Data Controller (our Customer) messages may include the Data Subject’s mobile number if captured. | SMS Messaging and Notifications, Triggers, Evacuation Messaging | New Zealand and Global |
| Zendesk Inc | Zendesk Inc provides a cloud-based Knowledge Library and Customer Support software. MRI uses Zendesk as our Helpdesk and ticket management software. | Helpdesk and Support Ticketing | United States |
| Amazon Web Services, Inc. | Cloud Service Host Provider | United Kingdom | London |
| BackBlaze | BackBlaze is used by MRI as a secure back up service of our employees’ workstations, and laptops. | Backup | United States |
Subcontractors
As explained above, MRI uses certain “subcontractors” to assist in the operations necessary to provide the MRI OnLocation services as described in the Master Subscription Agreement. The following is a list (as of the date of this policy) of the names and locations of material third-party subcontractors. Subcontractors do not have access to Service Data.
| Entity Name | Entity Type | Entity Country |
| Slack | Internal IM communication Tool | United States |
| PipeDrive | CRM | United States |
| ScheduleOnce | Online Demo Scheduling Software | United States |
