Legal · Document 03 · Sub-processors
Sub-processors.
Who else processes data when you use BinSense, what each one does, where the data sits, and what we have put in place to keep them honest. Every sub-processor on this page has a written contract with us that imposes the same data protection obligations on them as our contract with you imposes on us, in line with Article 28(4) UK GDPR.
01
How to read this list
"Sub-processor" has a specific meaning under the UK GDPR: another organisation we engage to process personal data on your behalf, subject to written terms that flow down from our agreement with you. It does not include parties to whom we send data on our own account (our accountants, our lawyers) or parties we communicate with on operational matters that do not involve your personal data.
The bulk of what flows through BinSense is sensor telemetry that is not personal data: fill-level readings, lift events, route metrics. Personal data appears in narrow places – staff accounts who administer the platform, driver and crew identifiers, and resident-submitted QR reports where the resident voluntarily provides contact details. This page focuses on the sub-processors that touch any of those, plus the infrastructure that holds them.
A TBD tag indicates a sub-processor we expect to appoint before the service goes live for our first paying Customers, and which we list here in good faith so that reviewers can see the shape of the supply chain.
02
Current sub-processors
Microsoft Corporation (Azure)
Hosting · Storage · Telemetry ingestion
Role
Underlying cloud platform: compute, storage, networking, the telemetry database, the dashboard, and operational logging. The LoRaWAN network server, sensor data pipeline and route-optimisation services all run on Azure.
Data categories
Sensor telemetry (fill levels, lift events), bin identifiers and locations, optimised route data, crew/driver account identifiers, resident QR-report submissions and any personal data attached, marketing-site contact-form submissions.
Location of processing
United Kingdom only – UK South and UK West regions.
Safeguards
Microsoft's Online Services Data Protection Addendum, including ISO 27001/27017/27018 and SOC 2 attestations. No transfers outside the UK in respect of Customer Data stored in these regions.
Microsoft Azure Communication Services
Transactional email
Role
Outbound transactional email for the marketing site (contact form delivery) and in-product notifications (alerts, reports, scheduled summaries).
Data categories
Email addresses and message bodies submitted via the contact form; notification recipients and message content sent to authority staff and crews.
Location of processing
United Kingdom data location.
Safeguards
Microsoft's Online Services DPA. Sender domain protected with SPF, DKIM, and (in due course) DMARC. ACS sits within Microsoft's ISO 27001/27017/27018 and SOC 2 scope.
Microsoft 365 (Exchange Online)
Operational mailboxes
Role
Shared mailboxes (pilot@binsense.co.uk, support@binsense.co.uk) that receive correspondence from customers, prospects and data subjects.
Data categories
Sender's name, email address, and whatever they choose to put in the body of their message.
Location of processing
European Union / United Kingdom (Microsoft 365 EU Data Boundary).
Safeguards
Microsoft's Online Services DPA applies. MFA required on all administrator accounts. Access limited to staff with a legitimate need.
Microsoft Azure Application Insights (Azure Monitor)
Operational telemetry
Role
Receives application errors, performance traces, request and dependency telemetry, and basic usage metrics, so we can diagnose and fix issues quickly.
Data categories
Diagnostic logs, stack traces, request and response metadata, exception detail. We strip personal data and resident report content from telemetry at source; what remains is identifier-free metadata about how the system is performing.
Location of processing
United Kingdom only – the Application Insights workspace is provisioned in a UK Azure region alongside the rest of the platform.
Safeguards
Microsoft's Online Services DPA applies and is the same agreement that covers Azure hosting and ACS. No additional sub-processor is introduced.
The Things Industries B.V. (LoRaWAN network server)
TBD · Network server
Role
Where a Customer opts for a managed LoRaWAN network rather than running gateways onto their own infrastructure, The Things Stack provides the network server that brokers messages between sensors and our application server. Where a Customer hosts their own network server (the default for the council-owned model), this entry does not apply.
Data categories
Device-level radio telemetry: sensor identifiers, payloads (fill level, lift events, battery, temperature), gateway identifiers and signal metrics. The payloads themselves are not personal data.
Location of processing
European Union (The Things Industries is headquartered in the Netherlands; managed instances run in EU regions).
Safeguards
The Things Industries DPA, including the UK Addendum to the EU Standard Contractual Clauses for any transfers outside the UK/EEA. ISO 27001 certified.
Mapbox / OpenStreetMap data (Mapping & routing)
TBD · Mapping
Role
Map tiles and routing primitives used by the driver tablet app and the operations dashboard. We resolve addresses to coordinates client-side where possible; reverse-geocoding is server-side for the resident QR-report intake.
Data categories
Bin coordinates, vehicle waypoints during a round, resident-submitted location pins. Authority staff IP addresses where map tiles are fetched directly by their browser.
Location of processing
Globally distributed CDN. Tile requests are typically served from the closest edge in the UK/EU.
Safeguards
Mapbox DPA, including the UK Addendum to the EU SCCs. We minimise the personal data sent to the mapping layer (no resident identifiers; truncated coordinates where possible).
Stripe Payments UK Limited
Billing · Card / Direct Debit
Role
PCI-DSS Level 1 card processing and direct debit collection for subscription and hardware fees. Card details are entered directly into Stripe-hosted elements; we never see or store them. Most council Customers will pay by purchase order and BACS rather than card.
Data categories
Billing contact name, billing email, billing address, masked payment instrument identifiers, transaction history.
Location of processing
Contracting entity is Stripe Payments UK Limited, an FCA-authorised payment institution. Stripe's processing infrastructure is global; transaction processing may take place in the United States and other Stripe regions.
Safeguards
Stripe's Services Agreement and Data Processing Addendum, including the UK Addendum to the EU Standard Contractual Clauses for any transfers outside the UK. PCI-DSS Level 1 Service Provider attestation. SOC 1, SOC 2 and ISO 27001 audited.
03
Not sub-processors
For the avoidance of doubt, the following parties are not sub-processors of Customer Data and are listed only because reviewers sometimes ask:
- GitHub, Inc. – source code repository hosting. Holds our code, not Customer Data.
- Azure Static Web Apps – delivery of the binsense.co.uk marketing site. The site itself collects no Customer Data; the contact form path is described under Azure above.
- Sensor and gateway hardware manufacturers (e.g. RAK Wireless) – supply the physical devices. They do not receive sensor telemetry or any other Customer Data in the course of normal operation.
- Our professional advisers (lawyers, accountants, auditors) – engaged on our own account, under confidentiality, and only receive personal data of named individuals where strictly necessary for their advice.
04
Notification of changes
If we propose to add or replace a sub-processor that processes Customer Data, we will:
- Update this page at least 30 days before the change takes effect;
- Notify the account administrator of each affected Customer by email;
- Give you the opportunity to object on reasonable data protection grounds. If we cannot adequately address the objection, you may terminate the affected Order Form without penalty and we will refund any fees paid in advance for the unexpired portion.
If a change is needed urgently for security reasons (for example, to terminate a sub-processor that has experienced a breach), we may make the change immediately and notify you as soon as we reasonably can.
05
Get in touch
Questions about anyone on (or off) this list? Write to compliance@binsense.co.uk and we'll answer in plain English.