List of Sub-processors

(Last updated: April 28, 2026)

This list forms an addendum to the Data Processing Agreement (DPA) between VeroMotion s.r.o. (operating the service RandomPicker.com) and the Customer (Controller). It details all sub-processors authorized to process personal data on behalf of the Processor in connection with the RandomPicker service. To receive notifications about updates to this list, contact dataprotection@randompicker.com.

Infrastructure & hosting

Nethost s.r.o.

  • Data location: EU (Prague, Czech Republic).
  • Purpose: Server hosting, infrastructure, storage, emailing and notifications.
  • Data processed: All customer data, including PII. Does not process personal data for any own purposes.
  • Safeguards: EU-based, subject to GDPR.

Active24, s.r.o.

  • Data location: EU servers (Prague, Czech Republic).
  • Purpose: VPS hosting for self-hosted analytics (Matomo) and Sendy emailing.
  • Data processed: IP addresses (anonymized), device info, usage data, email addresses. Does not process personal data for any own purposes.
  • Safeguards: EU-based, subject to GDPR.

Amazon Web Services EMEA SARL (AWS Europe)

  • Data location: EU servers (Frankfurt, Germany; Dublin, Ireland).
  • Purpose: Infrastructure, storage, emailing and notifications, hosting.
  • Data processed: All customer data, including PII. Does not process personal data for any own purposes.
  • Safeguards: Data hosted in the EU, with safeguards under Standard Contractual Clauses (SCCs) and GDPR-compliant processing terms.

Microsoft (Azure, Office 365)

  • Data location: EU servers (Frankfurt, Germany; Dublin, Ireland).
  • Purpose of processing: Infrastructure, storage, hosting, business productivity (Office 365).
  • Data categories processed: All customer data, including PII. Does not process personal data for any own purposes.
  • Safeguards: Data hosted in the EU, with safeguards under Standard Contractual Clauses (SCCs) and GDPR-compliant processing terms.

BunnyWay d.o.o. (Bunny.net)

  • Company headquartered in EU (Slovenia); content delivered through a global CDN edge network.
  • Purpose of processing: Image and static asset delivery via Content Delivery Network (CDN). Caches and serves static assets from edge servers near visitors.
  • Data categories processed: Visitor IP addresses, browser type, request metadata, timestamps. Does not process personal data for any own purposes.
  • Safeguards: EU-based company, GDPR-compliant. Standard Contractual Clauses apply for any processing at non-EU edge locations.

Software development, maintenance, system administration

Skeleton Software s.r.o.

  • Data location: EU (Czech Republic).
  • Purpose of processing: Software development, maintenance, testing, and system administration.
  • Data categories processed: All customer data, including PII. Does not process personal data for any own purposes.
  • Safeguards: EU-based, subject to GDPR.

DISCODE s.r.o.

  • Data location: EU (Czech Republic).
  • Purpose of processing: Software development, maintenance, testing, and system administration.
  • Data categories processed: All customer data, including PII. Does not process personal data for any own purposes.
  • Safeguards: EU-based, subject to GDPR.

Trustica s.r.o.

  • Data location: EU (Czech Republic).
  • Purpose of processing: System audit.
  • Data categories processed: Limited access to system data necessary for audit purposes. Does not process personal data for any own purposes.
  • Safeguards: EU-based, subject to GDPR.

Accounting, finance, audit

sehorsini s.r.o.

  • Data location: EU (Czech Republic).
  • Purpose: Accounting, invoicing, and tax support.
  • Data processed: Customer names, billing data. Does not process personal data for any own purposes.
  • Safeguards: EU-based, subject to GDPR

Payment processing

Stripe Payments Europe, Limited

  • Data location: EU (Ireland), with global processing infrastructure.
  • Purpose of processing: Payment processing, subscription billing.
  • Data categories processed: Customer name, email, billing address, payment card details. Stripe acts as an independent controller for fraud prevention and regulatory purposes.
  • Safeguards: SCCs, GDPR-compliant Data Processing Agreement, PCI-DSS Level 1 certified.

PayPal (Europe) S.à r.l. et Cie, S.C.A.

  • Data location: EU (Luxembourg), with global processing infrastructure.
  • Purpose of processing: Payment processing.
  • Data categories processed: Customer name, email, billing address, payment information. PayPal acts as an independent controller for fraud prevention and regulatory purposes.
  • Safeguards: SCCs, GDPR-compliant Data Processing Agreement.

Analytics and authentication

Google Ireland Limited

  • EU (Ireland), with global infrastructure.
  • Purpose of processing: Google Analytics, Google Sign-In (OAuth login), Google reCAPTCHA (bot protection), Google Fonts (CDN).
  • Data categories processed: IP addresses (anonymized), device info, usage data. For OAuth login: email and basic profile information shared by the user during sign-in.
  • Safeguards: EU-US Data Privacy Framework, consent-based loading for analytics, IP anonymization, Standard Contractual Clauses (SCCs), data minimization.

Meta Platforms Ireland Limited (Facebook)

  • EU (Ireland), with global infrastructure.
  • Purpose of processing: Facebook Sign-In (OAuth login).
  • Data categories processed: Email and basic profile information shared by the user during sign-in.
  • Safeguards: SCCs, GDPR-compliant Data Processing Agreement.

iubenda S.r.l.

  • Data location: EU (Italy).
  • Purpose of processing: Cookie consent management, privacy/cookie policy hosting and compliance with ePrivacy Directive.
  • Data categories processed: IP addresses (anonymized), cookie consent records, device info.
  • Safeguards: EU-based, subject to GDPR.

VeroMotion s.r.o.
Karla Engliše 3208/5
Prague 5, 150 00
Czech Republic

Email: info@randompicker.com
Web: https://www.randompicker.com

< Legal documents