Sub-processors
This register lists third-party sub-processors engaged by EU Returns Hub — Dzianis Vislavus to deliver the service. We prefer EU locations where feasible and sign GDPR-compliant DPAs. Any restricted transfers rely on appropriate safeguards (e.g., SCCs) and data minimisation.
Current sub-processors
| Vendor | Service | Personal data (typical) | Primary location | Safeguards | Status |
|---|---|---|---|---|---|
| Google (Workspace & Apps Script) | Form intake (GAS), transactional email, spreadsheets for enrollments/partners/ops logs | Business contact details, plan/tier, referral code, operational form metadata | EEA/region selection where available; limited cross-region processing may occur per vendor design | DPA + SCCs; encryption in transit/at rest; access controls; least-privilege | Active |
| AWS Europe (Frankfurt) | Object storage for return photos/reports; internal ops hosting (EU region) | Return photos; operational metadata (no payment data) | eu-central-1 (Frankfurt), EU-only | DPA; region restriction; IAM least-privilege; encryption at rest | Active |
Conditional (Controller instruction)
| Vendor | Purpose | Personal data (typical) | Location | Safeguards | Status |
|---|---|---|---|---|---|
| Logistics & forwarders (e.g., DHL/UPS/forwarding partners) | Export to CN or intra-EU shipping per Controller instruction | Shipment labels; sender/recipient details necessary for dispatch | EU and non-EU, route-dependent | Controller instruction; data minimisation; standard carrier terms; SCCs/DPAs as applicable | As instructed |
| Tencent (WeChat) | Optional support channel when Client opts-in | Business contact (ID, messages) shared by Client | CN / global | Controller instruction; business comms only; avoid sensitive data; no buyer PII beyond contact handle; no returns photos via chat | As instructed |
Planned / not enabled
| Vendor | Purpose | Trigger & prerequisites | Status |
|---|---|---|---|
| Stripe / PayPal | Online payments (cards/wallets) | Enabled only if/when card payments are introduced; PCI-DSS and DPA in place | Planned |
| Privacy-preserving product analytics (EU-hosted) | Optional UX analytics in EU region, consent-based | Not enabled; requires prior notice and cookie opt-in (see Cookies) | Not enabled |
Change notifications
We provide at least 15 days prior notice of material changes (new sub-processor, location change, or materially different processing) on this page and/or by email, consistent with our DPA. You may object on reasonable grounds by emailing denis@eureturnshub.eu; if unresolved, you may terminate the affected services without penalty.
Marketplace disclaimer: EU Returns Hub is not affiliated with Amazon, AliExpress, Temu, or Shein.