Skip to Content

List of Sub-Processors

pursuant to Art. 28(2) General Data Protection Regulation (GDPR)

Controller: IT-Direkt GmbH, Aroser Allee 66, 13407 Berlin, Germany

IT-Direkt GmbH engages the following sub-processors in connection with the provision of the machine interface service (API integration). These sub-processors may have access to, or process, personal data in the course of service delivery:

1. Hetzner Online GmbH

  1. 1.1 Company: Hetzner Online GmbH
  2. 1.2 Registered address: Industriestraße 25, 91710 Gunzenhausen, Germany
  3. 1.3 Purpose of processing: Server hosting, data storage (encrypted access credentials), access logs, data backups
  4. 1.4 Categories of personal data: Access credentials (encrypted), authentication tokens, access logs
  5. 1.5 Location of processing: Germany (EU)
  6. 1.6 Legal basis: Data Processing Agreement (DPA) pursuant to Art. 28 GDPR, concluded via the Hetzner Cloud Console
  7. 1.7 Last reviewed: March 2026

2. Microsoft Ireland Operations Limited

  1. 2.1 Company: Microsoft Ireland Operations Limited
  2. 2.2 Registered address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (EU)
  3. 2.3 Purpose of processing: Email sending and receiving via Exchange Online; message delivery
  4. 2.4 Categories of personal data: Email addresses, message content, email delivery metadata
  5. 2.5 Location of processing: EU (Ireland); additional Microsoft EU data centres as per Microsoft DPA
  6. 2.6 Legal basis: Data Processing Agreement (DPA) pursuant to Art. 28 GDPR, concluded via Microsoft Online Services Terms (OST) / Microsoft Product Terms
  7. 2.7 Last reviewed: March 2026

3. Meta Platforms Ireland Limited

  1. 3.1 Company: Meta Platforms Ireland Limited
  2. 3.2 Registered address: Merrion Road, Dublin 4, D04 X2K5, Ireland (EU)
  3. 3.3 Purpose of processing: Provision of the WhatsApp Business API for handling customer support communication between IT-Direkt and its customers (sending and receiving WhatsApp messages)
  4. 3.4 Categories of personal data: Phone numbers, message content (including attached files), send and receive metadata (timestamps, delivery status, read receipts)
  5. 3.5 Location of processing: Ireland (EU); transfers to Meta Platforms, Inc. (USA) and affiliated companies outside the EU possible in individual cases
  6. 3.6 Safeguards for third-country transfers: European Commission adequacy decision regarding the EU-US Data Privacy Framework (Art. 45 GDPR); supplemented by Standard Contractual Clauses (Art. 46(2)(c) GDPR)
  7. 3.7 Legal basis: Data Processing Agreement (DPA) pursuant to Art. 28 GDPR, concluded with Meta Platforms Ireland Limited under the WhatsApp Business Solution Terms
  8. 3.8 Last reviewed: April 2026

4. Weenat SAS

  1. 4.1 Company: Weenat SAS
  2. 4.2 Registered address: 2 rue Crucy, 44000 Nantes, France (EU)
  3. 4.3 Purpose of processing: Provision of parcel- and site-specific weather and environmental data (virtual weather station) via the Weenat API on behalf of IT-Direkt GmbH
  4. 4.4 Categories of personal data: Geolocation data (coordinates) of the parcels or sites configured in the portal, internal parcel/site identifiers, query periods, and technical query parameters
  5. 4.5 Location of processing: France (EU)
  6. 4.6 Legal basis: Data Processing Agreement (DPA) pursuant to Art. 28 GDPR, concluded with Weenat SAS
  7. 4.7 Last reviewed: April 2026

5. Startec S.r.l.

  1. 5.1 Company: Startec S.r.l.
  2. 5.2 Registered address: Viale Stazione 26, 33079 Sesto al Reghena, Italy (EU)
  3. 5.3 Purpose of processing: Provision of the StarTec API for automated querying and control of machines connected by the customer, on behalf of IT-Direkt GmbH
  4. 5.4 Categories of personal data: Machine access codes (as printed on the machine), internal machine/integration identifiers within Raindancer, technical query parameters and control commands, as well as operational and status data reported back from the machine
  5. 5.5 Location of processing: Italy (EU)
  6. 5.6 Legal basis: Data Processing Agreement (DPA) pursuant to Art. 28 GDPR, concluded with Startec S.r.l.
  7. 5.7 Last reviewed: April 2026

6. Notes

  1. 6.1 External third-party providers whose interfaces (APIs) the Controller makes available for use within the services (e.g. machine interfaces, ERP systems, industry-specific platforms) are not sub-processors within the meaning of this list. They act as independent controllers pursuant to Art. 4(7) GDPR.
  2. 6.2 This list will be updated whenever sub-processors are added or replaced. Customers will be notified of any changes with a minimum notice period of 14 days by email, in accordance with § 6 of the Data Processing Agreement.
  3. 6.3 Für Rückfragen zu dieser Liste wenden Sie sich bitte an: datenschutz@it-direkt.de

Stand: April 2026 | IT-Direkt GmbH, Aroser Allee 66, 13407 Berlin | datenschutz@it-direkt.de