Skip to content
Enterprise
🇩🇪 Deutsch 🇬🇧 English 🇫🇷 Français
Start your 90-day trial
Datargo OneEnterprise Single-pane-of-glass cockpit for enterprises. All modules from one source. Learn more
Flagships
Datargo Monitor Availability and security posture. Datargo CRM Support hub for every brand.
Operations & commerce
Datargo ID SSO and MFA for the whole suite. Datargo ERP GoBD-compliant commercial core.
Trust & crypto
NextPKINew Certificate lifecycle, 47-day ready.
Bundle of the month
Reliability Bundle

Datargo Monitor + NextPKI as a single billed package. NIS2 evidence and certificate lifecycle from one cockpit.

Learn more
By outcome
Reliability & security NIS2 evidence from monitoring + incident. Customer service hub Live chat, tickets, multi-brand. Identity & SSO One identity for all modules.
By compliance
NIS2-Evidence Evidence at the press of a button. DORA resilience Financial sector, register of information. ISO 27001 & GoBD Annex A controls and e-invoicing.
By size
Solo & indie team Productive in 5 minutes. Mid-market SSO, audit trail, multi-brand. Enterprise & public sector Hundreds of seats, region pinning.
Sovereignty Kit
NIS2 evidence package

Ready-made Datargo Monitor and Datargo CRM controls, mapped against NIS2 obligations. Start straight into the pilot.

Read the NIS2 whitepaper
Learn
Documentation Module guides, API reference, quick start. Best-practice guides NIS2 setup, multi-brand Datargo CRM, SSO rollout. Blog Release notes, compliance news, roadmap.
Trust
Trust Center Hosting, certificates, sub-processors. Status-Page Live availability of all Datargo modules. Legal & privacy DPA, sub-processor list.
Customers
Customer stories Case studies from finance, public, tech. Partner program System integrators, implementers, MSPs. Events & webinars it-sa, EIC, NIS2 roadshows.
From the cockpit
47-day TLS from 2029

NextPKI is already prepared for the new CA/B Forum reality. Whitepaper and migration guide available now.

Read the whitepaper
Platform Datargo Monitor Datargo CRM Datargo ID Datargo ERP NextPKI
Datargo One Pricing Compliance
Language
🇩🇪 Deutsch 🇬🇧 English 🇫🇷 Français
Start your 90-day trial Book a call
Skip to content
Legal

Sub-Processors

Overview of the sub-processors engaged by Datargo GmbH, their processing purposes and processing locations, as well as the procedure for change notification and objection.

1. Subject Matter and Relationship to the Data Processing Agreement

(1) This overview lists the sub-processors (hereinafter “sub-processors”) that Datargo GmbH, Frankfurt am Main (hereinafter “Datargo”), engages for the processing of personal data of its business customers in connection with the provision of the modules Datargo Monitor, Datargo CRM, Datargo ID, Datargo ERP and NextPKI, as well as the bundle offering Datargo One (individually and collectively hereinafter the “Services”).

(2) This overview forms part of the Data Processing Agreement (DPA) pursuant to Art. 28 GDPR and gives concrete effect to its Section 7 (engagement of further processors). To the extent there are conflicts between this overview and the DPA, the DPA shall prevail in matters concerning the processing of personal data. Where an individual agreement deviates from this overview, that individual agreement shall prevail (Section 305b BGB (German Civil Code)). This provision applies exclusively in relation to entrepreneurs within the meaning of Section 14 BGB, to legal persons under public law and to special funds under public law (purely B2B).

(3) A sub-processor is a further processor engaged by Datargo within the meaning of Art. 28 (4) GDPR who processes the customer’s personal data on behalf of Datargo. Datargo contractually binds each sub-processor to data protection obligations equivalent to those of the DPA, in particular to sufficient guarantees for the implementation of appropriate technical and organisational measures (Art. 28 (4) GDPR). If a sub-processor fails to fulfil its data protection obligations, Datargo shall remain liable to the customer for the sub-processor’s compliance with its obligations in accordance with the liability provision of the main agreement.

2. EU Hosting and Processing Location

(1) Datargo engages sub-processors exclusively within the European Union. The processing of personal data takes place exclusively within the European Union; the hosting of the Services is carried out on Datargo GmbH’s own infrastructure with its own autonomous system (AS) in a data centre in Frankfurt am Main. The technical reachability and availability checks (check regions/check nodes) are carried out in part via the infrastructure of third-party providers worldwide; at these check nodes, only non-personal raw data of the server checks are processed, no personal data of the customers, which remain within the European Union.

(2) The sub-processors listed in this overview process personal data principally within the European Union. One exception is the delivery of app push notifications via Apple’s push service (Apple Inc., USA, Apple Push Notification service): the associated transfer to the USA is safeguarded by the EU-US Data Privacy Framework (Art. 45 GDPR) and supplementary Standard Contractual Clauses. Where Datargo engages the EU-based entity of a provider with a US parent company (Twilio Ireland Limited for SMS and voice alerting), processing nonetheless takes place exclusively within the EU; supplementary Standard Contractual Clauses are in place to counter any governmental access via the parent company (for instance under the US CLOUD Act). This is to be distinguished from payment processing in connection with Datargo’s own contract billing (payment service provider Stripe, Stripe, LLC, USA): this is carried out not as processing on behalf of the customer, but under Datargo’s own responsibility; the associated transfer to the USA is safeguarded by the EU-US Data Privacy Framework (Art. 45 GDPR) and supplementary Standard Contractual Clauses (details in the Privacy Policy ). Should, beyond this, exceptionally and subject to separate agreement, processing by a sub-processor outside the European Union come into consideration, this shall take place only under the conditions of Section 9 of the DPA (in particular an adequacy decision or Standard Contractual Clauses together with a Transfer Impact Assessment); such a sub-processor would be separately identified in the list below with the corresponding transfer mechanism.

3. General Authorisation, Change Notification and Objection

(1) General authorisation. Upon conclusion of the DPA , the customer grants Datargo general written authorisation to engage sub-processors within the meaning of Art. 28 (2) sentence 1 and (4) GDPR. The sub-processors listed below are deemed authorised upon conclusion of the contract.

(2) Change notification. Datargo shall inform the customer in advance of any intended addition or replacement of a sub-processor, with a notice period of at least 30 days before the intended engagement. Notification shall be made by updating this overview as well as additionally via the notification service described below (see Section 5).

(3) Right of objection. The customer may object to the addition or replacement of a sub-processor within 14 days of notification, in text form and for an important reason grounded in data protection law. If no objection is made within this period, the change shall be deemed authorised. An important data protection reason exists in particular where there are concrete indications that the sub-processor does not offer the guarantees required under the DPA and data protection law.

(4) Legal consequences of the objection. If the customer objects in due time and for an important reason, the parties shall endeavour to reach an amicable solution. Datargo will examine whether the Service concerned can be provided without the sub-processor or with an alternative sub-processor. If an amicable solution cannot be reached and Datargo adheres to the use of the sub-processor concerned, the customer is entitled to extraordinarily terminate the part of the Services affected by the change with reasonable notice. No further claims exist in this respect. The provisions of Section 7 of the DPA shall otherwise be authoritative.

4. Current Sub-Processors

(1) The overview below identifies the sub-processors engaged as at the date of publication, together with their processing purpose, processing location, categories of processed data and transfer mechanism.

Note: The list below names the sub-processors actually engaged as at the date of publication. It is published in the Trust Center and updated upon any change in accordance with Sections 3 and 5.

Provider / Sub-ProcessorPurpose / ServiceCategories of Processed DataProcessing LocationTransfer MechanismStatus
regfish GmbH, Germanytransactional email delivery (system and notification emails, in particular Datargo Monitor and Datargo CRM)recipient email address, name, message content of the notificationGermany (EU)EU processing, no third-country transferactive
Twilio Ireland Limited, Irelanddelivery of SMS notifications in connection with alerting (Datargo Monitor), EU data residencyrecipient telephone number, content of the notificationIreland (EU)EU processing; supplementary Standard Contractual Clauses vis-a-vis the US parent company (Twilio Inc.)active
Twilio Ireland Limited, Irelanddelivery of voice calls in connection with escalation and alerting workflows (Datargo Monitor), EU data residencyrecipient telephone number, content of the voice notificationIreland (EU)EU processing; supplementary Standard Contractual Clauses vis-a-vis the US parent company (Twilio Inc.)active
Apple Inc., USAdelivery of app push notifications to the mobile app (Datargo Monitor) via the Apple Push Notification servicedevice token, content of the push notificationUSAEU-US Data Privacy Framework (Art. 45 GDPR) and supplementary Standard Contractual Clausesactive

(2) Processing by the sub-processors named in the list is in each case carried out exclusively for the stated purpose and within the scope of the customer’s instructions and Datargo’s specifications.

5. Notification Service for New Sub-Processors

(1) Datargo provides a notification service through which customers are informed of intended changes to the sub-processor list. Notification is made through a subscription by email via the Trust Center as well as publication on this page.

(2) Customers who wish to be informed of changes shall provide a contact for this purpose via the Trust Center or via hello@datargo.com . For the running of the periods under Section 3, the notification via the provided contact shall be authoritative; if no contact is provided, the updating of this page shall constitute notification.

(3) Datargo recommends that regulated customers (in particular financial entities within the meaning of Regulation (EU) 2022/2554 (DORA) as well as essential or important entities within the meaning of Directive (EU) 2022/2555 (NIS2) and its national transposition) subscribe to the notification service in order to be able to comply with their own obligations to monitor ICT third-party service providers and their subcontractors. Extended information and audit rights of regulated customers arise from the DORA Addendum and Section 12 of the DPA .

6. Distinction from Other Service Providers (Ancillary Services)

(1) Service providers that Datargo engages for ancillary services without a material connection to the processing of the customer’s personal data (such as telecommunications, maintenance, consulting or cleaning services) shall not be deemed sub-processors within the meaning of this overview. Datargo also takes appropriate measures in this respect to safeguard confidentiality.

(2) Intra-group support services as well as the deployment of Datargo’s own staff do not constitute the engagement of sub-processors and are directly subject to the DPA .

7. Currency and Maintenance of the List

(1) Datargo keeps this overview up to date and adjusts it upon each change that is authorised or deemed authorised. The date of the last update is stated on this page: June 2026.

(2) Business customers may obtain the signature-ready version of the DPA , including the respectively current sub-processor list, via hello@datargo.com or in the Trust Center .

Authoritative language version

This document is provided in German, English and French. The English and French versions are translations provided solely for convenience. The German version is authoritative and solely binding in the event of any dispute or any difference of interpretation or translation.

Datargo Datargo

The European Business Operations Platform. Monitoring, customer service, identity, accounting, and certificates in one sovereign suite. Auditable by design. Made in Germany.

EU hosting, Frankfurt GDPR-native Made in Germany
Platform
  • Datargo One
  • Datargo Monitor
  • Datargo CRM
  • Datargo ID
  • Datargo ERP
  • NextPKI
Solutions
  • Reliability & Posture
  • Customer service hub
  • Identity & SSO
  • Commerce & GoBD
  • Scaling
Compliance
  • NIS2 evidence
  • DORA resilience
  • ISO 27001 mapping
  • GoBD & e-invoicing
  • Sovereignty
Industries
  • Financial services
  • Public sector
  • Health & pharma
  • Industry & TISAX
  • SaaS & tech
Resources
  • Trust Center
  • Documentation
  • Status page
  • Customer stories
  • Partner program
  • Blog
Company
  • Datargo One for enterprises
  • Start your 90-day trial
  • Book a call
  • Contact
  • Careers
© 2026 Datargo GmbH. All rights reserved.
Imprint Privacy Terms DPA SLA Sub-processorsDORA / NIS2
Germany · English

Datargo® and Databurg® are registered trademarks of Datargo GmbH. All other product names, logos, and trademarks mentioned are the property of their respective owners.

Cookies & optional features. Datargo uses technically necessary cookies. Optionally we enable comfort features such as our live-chat support, an in-house Datargo service that processes personal data in the process. You can accept everything or keep only the necessary cookies.

More in the privacy policy