Sub-processor Policy
Sub-processor Policy
LWR-POL-CWC-008-R1: Sub-processor Policy
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.
Printed copies are uncontrolled. Refer to the online version for the current revision.
1. Introduction
This Subprocessor Policy explains how Enxèro Systems engages and manages third-party service providers (“Subprocessors”) that may process personal data in connection with the Services.
We use subprocessors only where reasonably necessary to support:
service delivery
infrastructure operations
security
communications
payment processing
technical support
This Policy should be read together with our:
Terms of Service
Privacy Policy
Data Processing Agreement (DPA)
Data Retention Policy
2. Who We Are
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
(“Company”, “we”, “us”, or “our”)
3. Scope
This Policy applies to sub-processors engaged by Enxèro Systems in connection with the provision, operation, maintenance, or support of the Services.
This Policy does not apply to:
third-party services independently selected by Customers
integrations controlled directly by Customers
external services outside our operational control
Customers remain responsible for evaluating third-party services they independently enable or use.
4. Use of Sub-processors
We may engage sub-processors to support functions including:
cloud hosting and infrastructure
payment processing
email delivery
monitoring and security
customer support
backup and recovery services
Sub-processors are authorized to process personal data only as necessary to perform the services we request.
5. Sub-processor Selection Principles
Before engaging a subprocessor, we may evaluate factors including:
security practices
reliability and operational capability
privacy and data protection commitments
legal and regulatory considerations
contractual safeguards
Selection decisions are based on operational and security requirements reasonably appropriate to the Services provided.
6. Contractual Safeguards
We require sub-processors handling personal data on our behalf to operate under written agreements containing appropriate obligations relating to:
confidentiality
security
restricted processing purposes
data protection responsibilities
Where required by applicable law, additional safeguards may be implemented for international transfers of personal data.
7. International Transfers
Sub-processors may process personal data in jurisdictions outside the country where the data was originally collected.
Where applicable, we implement reasonable safeguards designed to support lawful international data transfers.
8. Monitoring and Oversight
We maintain reasonable oversight of subprocessors supporting the Services.
Oversight measures may include:
contractual review
security assessment
operational review
incident management coordination
The level of oversight may vary depending on the nature of services provided and associated risks.
9. Changes to Sub-processors
We may update sub-processors from time to time as operational, technical, or business needs evolve.
Material changes to sub-processors may be reflected through updates to the Sub-processor List available in the Governance Hub.
Continued use of the Services after such updates constitutes acknowledgment of the updated Sub-processor List and related governance documentation.
10. Sub-processor List
A current list of sub-processors supporting the Services may be made available through the Governance Hub.
The Sub-processor List may include:
sub-processor name
service function
processing purpose
jurisdiction or hosting region where applicable
11. Customer Responsibilities
Customers remain responsible for:
determining whether the Services are appropriate for their regulatory environment
reviewing available governance documentation
evaluating Customer-controlled integrations and third-party services
Nothing in this Policy transfers control of Customer Data to Enxèro Systems or its subprocessors beyond what is necessary to provide the Services.
12. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated through:
email notification
publication in the Governance Hub
notification on the Service page
Updated versions become effective on the stated effective date.
13. Contact Information
For legal or governance inquiries:
Enxero System Ltd
P.O. Box 1036-00606
Nairobi, Kenya
[email protected]
LWR-POL-CWC-008-R1: Sub-processor Policy
Effective Date: 10 May 2026
© 2026 Enxèro Systems. All rights reserved.