Version 1.3 · Effective 17 July 2026

Subprocessor List

This list identifies the legal entities authorised to process Customer Data for the Policyflow SaaS service.

When Policyflow processes personal data on a customer's behalf, Policyflow acts as a processor and these providers act as its subprocessors. The Customer Processing Particulars record the applicable baseline date and any customer-specific departures.

Approved subprocessors

No other direct subprocessor is approved to receive Customer Data under this version.

Change notifications

To subscribe to intended subprocessor addition or replacement notices, email support@policyflow.co.uk with the subject Subprocessor change notices. Include the customer's legal name and the email address that should receive notices.

Policyflow will send notices required by DPA clause 5.4 to the customer's contractual-notice email address or subscribed change-alert address. Subscription does not replace Policyflow's contractual notice obligation.

Data-protection objections

A customer may object in writing within the period stated in its DPA on reasonable, evidenced data-protection grounds. Policyflow and the customer will then follow the objection process in the DPA.