Sub-processors
Last updated: March 2026
Under Article 28 of the General Data Protection Regulation (GDPR), Alplink OÜ is required to inform its Customers about the sub-processors it engages to deliver the Service. A sub-processor is any third party that processes personal data on behalf of Alplink in connection with the managed hosting services we provide.
Below is the current list of sub-processors used by Alplink, along with their purpose, location, the categories of data they process, and the applicable data protection framework.
| Sub-processor | Purpose | Location | Data Processed | DPA / SCCs |
|---|---|---|---|---|
| Hetzner Online GmbH | Server infrastructure, object storage, backups | Germany, Finland | All customer data, backups | DPA with Hetzner |
| Cloudflare Inc. | CDN, DNS, DDoS protection, edge caching | Global (HQ: USA), EU edge nodes | IP addresses, HTTP headers, cached content | EU Standard Contractual Clauses |
| Stripe Inc. | Payment processing | USA, EU operations | Name, email, payment method, billing address | EU Standard Contractual Clauses |
| Cal.com Inc. | Appointment scheduling | USA | Name, email, booking details | EU Standard Contractual Clauses |
| Listmonk (self-hosted) | Newsletter, transactional emails | Germany (Hetzner) | Email address, subscription status | Self-hosted, no third-party access |
Change Notification
We notify Customers of any changes to this sub-processor list with at least 30 days' advance notice before a new sub-processor begins processing personal data. Notification is sent via email to the account holder's registered address.
Questions
If you have questions about our sub-processors or data processing practices, please contact our Data Protection Officer at dpo@alplink.eu.