• +44 (0) 191 825 0808
  • contact@aoitnetworks.com
Contact us

Subprocessor Information

AOIT Networks Ltd – Subprocessor Information

Effective Date: January 2026
Version: 1.0

1. Introduction

AOIT Networks Ltd (“AOIT”, “we”, “us”, or “our”) uses carefully selected third-party service providers (“Subprocessors”) to support the delivery of our services to customers and partners (“Customer”, “you”, or “your”).

This page provides information about our use of Subprocessors in accordance with our obligations under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

2. What Are Subprocessors?

Subprocessors are third-party service providers that AOIT engages to process personal data on behalf of our customers. This may include providers of:

  • Cloud infrastructure and hosting services
  • Backup and disaster recovery services
  • Monitoring and management platforms
  • Security and protection services
  • Communication and collaboration tools
  • Professional services automation and ticketing systems
  • Other technical infrastructure required to deliver our services

3. AOIT’s Subprocessor Standards

All Subprocessors engaged by AOIT are required to meet stringent standards:

Data Protection Compliance:

  • Full compliance with UK GDPR and Data Protection Act 2018
  • Appropriate technical and organizational measures to protect personal data
  • Data Processing Agreements in place with each Subprocessor
  • Regular review and assessment of Subprocessor compliance

Security Requirements:

  • Implementation of appropriate security measures equivalent to or exceeding AOIT’s own standards
  • Regular security assessments and audits
  • Incident response and breach notification procedures
  • Staff training and background checks where appropriate

Data Location:

  • Preference for UK and EU/EEA-based Subprocessors where technically feasible
  • Where data processing occurs outside UK/EU/EEA, appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions)
  • Transparency regarding data processing locations

Contractual Protections:

  • Written agreements with all Subprocessors governing data processing
  • Confidentiality obligations
  • Audit rights and inspection capabilities
  • Subprocessor liability for data protection breaches

4. Subprocessor List

4.1 Availability

A detailed list of current Subprocessors, including:

  • Subprocessor name and registered address
  • Nature of processing activities performed
  • Categories of personal data processed
  • Location(s) where data processing occurs

is maintained by AOIT and is available to customers upon request.

4.2 How to Request the Subprocessor List

Eligibility: The detailed Subprocessor list is available to existing customers under contract with AOIT. Requests from prospective customers will be considered on a case-by-case basis.

Request Process:

  1. Submit a written request via email to: support@aoitnetworks.com
  2. Include your company name, contact information, and contract reference (if applicable)
  3. Acknowledge that the information is confidential and subject to non-disclosure obligations

Response Timeframe: AOIT will respond to Subprocessor list requests within 10 Business Days of receipt.

Confidentiality: The Subprocessor list is provided on a confidential basis. Recipients agree not to disclose, share, or use the information for any purpose other than assessing AOIT’s data protection and compliance practices.

5. Changes to Subprocessors

5.1 Notification of Changes

AOIT will notify customers at least 30 days in advance of:

  • Adding new Subprocessors
  • Replacing existing Subprocessors with alternative providers
  • Material changes to Subprocessor processing activities or locations

Notification will be provided via:

  • Email to the customer’s designated technical and administrative contacts
  • Notice posted to the customer portal (where applicable)
  • Update to the Subprocessor list provided upon request

5.2 Customer Objection Rights

Customers have the right to object to the use of new Subprocessors or changes to existing Subprocessors.

Objection Process:

  1. Submit written objection via email to support@aoitnetworks.com within the 30-day notification period
  2. Provide specific reasons for the objection (e.g., security concerns, compliance requirements, data location restrictions)
  3. Reference the specific Subprocessor and processing activities of concern

Resolution: If a customer objects to a new or changed Subprocessor, AOIT will:

  1. Acknowledge the objection within 5 Business Days
  2. Work with the customer in good faith to address concerns, which may include:
    • Providing additional information about the Subprocessor’s security and compliance measures
    • Identifying alternative Subprocessors where technically and commercially feasible
    • Adjusting service delivery to avoid the objected Subprocessor
    • Implementing additional safeguards or contractual protections

If AOIT and the customer cannot reach a mutually acceptable solution, the customer may terminate the affected services in accordance with the termination provisions of the Master Services Agreement between AOIT and the customer.

5.3 Emergency Subprocessor Changes

In rare circumstances, AOIT may need to engage a new Subprocessor or change an existing Subprocessor with less than 30 days’ notice due to:

  • Service disruption or failure requiring immediate remediation
  • Security incidents requiring immediate response
  • Legal or regulatory requirements
  • Force majeure events

In such cases:

  • AOIT will notify customers as soon as reasonably practicable
  • AOIT will provide explanation of the circumstances requiring immediate change
  • Customers retain objection rights as described in Section 5.2
  • AOIT will work to provide the standard 30-day notice for any subsequent changes

6. Data Processing Agreement

The terms governing AOIT’s processing of personal data on behalf of customers, including the use of Subprocessors, are set forth in AOIT’s Data Processing Agreement, which is incorporated into the Master Services Agreement or is available as a standalone agreement.

The Data Processing Agreement can be reviewed at: www.aoitnetworks.com/data-processing-agreement

7. Audit Rights

Customers have the right to audit AOIT’s compliance with data protection obligations, including the use and management of Subprocessors, as set forth in the Data Processing Agreement.

Audit requests should be submitted in writing to support@aoitnetworks.com with reasonable advance notice (typically 30 days minimum) to allow for scheduling and preparation.

8. Questions and Concerns

If you have questions about AOIT’s use of Subprocessors or concerns about data protection and security, please contact us:

General Inquiries:
Email: support@aoitnetworks.com
Phone: 0191 825 0808

Data Protection Officer:
Email: support@aoitnetworks.com
Address: AOIT Networks Ltd, Jarrow Business Centre, Rolling Mill Road, Jarrow, Tyne and Wear, NE32 3DT, United Kingdom

9. Regulatory Authority

If you have concerns about how AOIT processes personal data that cannot be resolved through direct communication with AOIT, you have the right to lodge a complaint with the UK’s supervisory authority for data protection:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF