On this page you find a list of all our sub-processors, sub-providers and data locations
Sub-processors & Sub-providers
Scope
Tables in this document lists House of Control and its Subsidiaries third party sub-processors, that
may process customer personal data under the Data Processing Agreement (DPA) applicable to House
of Control´s services (the “Services”). The sub-processors only process personal data for the purpose
of delivering the Services House of Control has engaged them to provide. They are not permitted to
use any personal data for any other purpose and never for they own purposes. These sub-processors
may provide services to one or more Services under the DPA. Each Subsidiary may act as a sub-
processor for any House of Control company in relation to any part of the Services.
Review
Last reviewed 2025.11.24
Versions
| Version | Major changes since last version |
| 2025:1 (V.4) | • The section “Versions” has been added. • The section “Scope” has been added. • Description in Specifications is updated. • DPA reference column added in lists. • HubSpot changed from sub-provider to sub-processor • Sub-provider UNLESS has been added. |
| 2024:1 (V.3) | • Adding Dustin Norway AS as Sub-provider. • Adding Orca Security UKJ Ltd as Sub-processor. • Extensive updates to include more detailed information on sub- processors used, scope, and customer separation. • Organisation numbers column added |
Included companies and services
This document is applicable for the following House of Control companies (henceforth named House of Control):
- House of Control AS,
a Norwegian registered company with organisation number 990 637 423 - House of Control A/S,
a Danish registered company with organisation number 36506822 - House of Control Sverige AB,
a Swedish registered company with organisation number 556628-3320 - Business Analyze AS,
a previous Norwegian company who was registered with organisation number 984 589 379.
Business Analyze AS is after August 2024 a part of House of Control AS
Specifications
House of Control differentiate sub-processors, sub-providers and data locations:
- A sub-processor
is a third-party data processor engaged by House of Control, including its Subsidiaries, who
have or potentially will have access to or process customer data (which may contain personal
data). House of Control engages different types of sub-processors to perform various
functions. - A sub-provider
is a third-party sub-provider House of Control use internally to deliver their services. Sub-
providers do not process or store any customer data, but they are important vendors to ensure
availability of House of Controls services. - A data storage location
is typically the data centre used for the storage of customers data as part of the service
delivery. The storage may include storage of personal data if personal data is stored in the
application.
Sub-processors for House of Control services:
| Sub-processor | Data owners | DPA Reference |
Purpose of Processing | Data processing & data storage location |
| Amazon Web services Inc., EU972013112 410 Terry Avenue North, Seattle, WA 98109-5210, USA |
All customers with Public cloud (AWS) Except UK Customers |
Standard Contractual Clauses |
Managed infrastructure hosting services Managed database- and file system services Managed backup services Managed container services 3rd line incident response |
Data is hosted at: Stockholm, Sweden AWS region eu-north-1 (Stockholm, Sweden) |
| Amazon Web services Inc., EU972013112 410 Terry Avenue North, Seattle, WA 98109-5210, USA |
All customers with Public cloud (AWS) UK Customers |
Standard Contractual Clauses |
Managed infrastructure hosting services Managed database- and file system services Managed backup services Managed container services 3rd line incident response |
Data is hosted at: London, United Kingdom AWS region eu-west-2 (London, UK) |
| GROUP.ONE NORWAY AS 984 106 211 Jernbanegaten 3, N-3111 Tønsberg, Norway |
For Norwegian customers in Private cloud (not AWS) |
Standard Contractual Clauses |
Managed server hosting Managed Backup Server monitoring and incident response |
Data is hosted at: DigiPlex Norway AS Selma Ellefsens vei 1, N-0581 Oslo, Norway |
| Powerhosting ApS, 33055048 Dalgasgade 11, DK-7400 Herning, Denmark |
For Danish customers in Private cloud (not AWS) |
Standard Contractual Clauses |
Managed server hosting Managed Backup Server monitoring and incident response |
Data is hosted at: GlobalConnect A/S Hørskætten 3, DK 2630 Taastrup, Denmark |
| Braathe AS, 981933311 Nærumveien 24, N-1580 Rygge, Norway |
For BA customers only | Standard Contractual Clauses |
Hosting and operation of servers for BA. |
Data is hosted at: DigiPlex Norway AS Selma Ellefsens vei 1, N-0581 Oslo, Norway |
| Orca Security Ltd., 515961761 3 Tushia St., Tel Aviv, 6721803, Israel |
All customers in Public Cloud (AWS) |
Standard Contractual Clauses |
Vulnerability Management Threat detection Data protection |
Data is hosted at: AWS region eu-central-1 (Frankfurt, Germany) |
| Microsoft Ireland Operations Ltd, 256796 One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland |
All customers | Standard Contractual Clauses (opt-out possible) |
Incoming email (Inbox functionality in Complete Control) |
Data is hosted at: Microsoft Azure North-europe-Azure-region (Dublin, Ireland) |
|
SnowPlow, 07852221 |
All customers | Standard Contractual Clauses (opt-out possible) |
Data collection capabilities to capture more detailed information about customer behaviour within the service. |
Data is hosted at: AWS EU |
| MailJet, 524 536 992 43 rue de Dunkerque, 75010 Paris, France |
All customers | Standard Contractual Clauses |
Outgoing emails from the service | Data is hosted at: Google Cloud Platform in Frankfurt, Germany and Saint- Ghislain, Belgium. |
| Product Fruits, 09552618 Rozdelovska 1999/7, 169 00 Praha 6, Czech Republic |
All customers | Standard Contractual Clauses |
In-app messaging within the service | Data is hosted at: AWS EU |
| InMoment (Wootric), Wootric, Ink. 10355 South Jordan Gateway, Suite 600, South Jordan, UT 84095, USA |
All customers | Standard Contractual Clauses (opt-out possible) |
Net promoter Score (pNPS) for the service. |
Data is hosted at: AWS EU |
|
HubSpot |
HoC | Internal data processing. |
HoC CRM solution Customers might be mentioned, named customer reference person might be listed (including e-mail address and case context) |
All data is stored within EU. No data is transferred outside the EEA. |
| Link Mobility AS, 992 434 643 Langkaia 1, N- 0101 Oslo, Norway |
All customers | Standard Contractual Clauses (opt-out possible) |
Link Messaging Gateway | Data is hosted at: Microsoft Azure, EU, Ireland |
| Signicat AS, 989 584 022 Grensen 12B, N- 0159 Oslo, Norway |
Optional for all customers |
Standard Contractual Clauses |
Identity verification Electronic signatures Identity methods |
Data is hosted at: Google Ireland Limited, Google Cloud Platform |
| Svensk e-identitet AB 555 776-6992 Vaksalagatan 6, 753 20 Uppsala, Sweden |
Optional for all customers |
Standard Contractual Clauses |
Identity verification Electronic signatures Identity methods |
Data is hosted at: AWS EU |
| Google Cloud EMEA Ltd.IE660412 70 Sir John Rogersson´s Quay, Dublin 2 D02 NX53, Ireland |
HoC | Visma Internal data processing agreement. |
Google Mail service | Data is hosted at: Google EU/EMEA |
Sub-providers for House of Control internal:
| Name | Data owners | Legal basis | Purpose of Processing | Data processing & data storage location |
| Visma Software International AS, 980 858 073 Karenslyst Alle 56, 0277 Oslo, Norway |
HoC / Visma | Visma Internal data processing agreement. |
Patching of laptops and computers Office support tools (Google, Microsoft) SOC Service End-to-end Support Security and compliance |
All data is stored within EU. No data is transferred outside the EEA. |
| Dustin Norway AS 939 483 969 Tykkmyrveien 1, N-1597 Moss, Norway |
HoC | Internal data processing. |
Network Services House of Control´s office locations 24/7 monitoring and error handling Network Support Network Authentication and 2FA |
No data storage, processing in Norway |
| Unless 65190645 Panamalaan 8-D, 1019 AZ Amsterdam, The Netherlands |
HoC | Standard Contractual Clauses |
Customer support AI chatbot | Personal data is stored within EU. Non-personal/functional data is distributed globally (via AWS DynamoDB across EU and US. |
Changes
We encourage you to review the Statement regularly. If we make significant changes to
our Statement that materially alter our privacy practices, we may also notify you by other
means, such as sending an email or posting a notice on our website and/or within our
service (In-app messaging) prior to the changes taking effect.
The Privacy Statement is revised at least yearly. Last reviewed 2025.11.24
How to contact us:
The controller responsible for the processing of your personal data is:
House of Control
Head Office: House of Control AS, O.H. Bangs vei 70, N-1363 Høvik, Norway
Telephone number: +47 815 66 355
We value your opinion. If you have any comments or questions about our Sub-processors,
or any privacy concerns, including regarding a possible breach of your privacy, please send
them to privacy@houseofcontrol.com.
We will handle your requests or complaints confidentially. Our representative will contact
you to address your concerns and outline the options regarding how these may be
resolved. We aim to ensure that complaints are resolved in a timely and appropriate
manner.