Sub-processor List

This page provides a current list of sub-processors engaged by International Energy Club LLC to process personal data on its behalf in the course of providing the IEC platform. We update this list within 30 days of any change. Institutional members with a signed DPA will receive 30 days' advance notice of new or changed sub-processors via the notification email address on their account.

IEC Cloud Infrastructure (ru-central1, Moscow): Hosts the primary platform and database for Russian-resident data in compliance with 152-FZ. Data centre certified to TIER III equivalent. Purpose: platform hosting, database, file storage, CDN. Data transfers: Russia only for RF-resident data. EU-West Hosting (Frankfurt, Germany): Hosts the platform for EU/international members. Certified to ISO 27001. Purpose: platform hosting, CDN for EU members. Data transfers: EU region. Processing basis: Standard Contractual Clauses (SCCs).

Automated KYC/KYB Verification Service: Provides automated document verification, liveness checks, and AML database screening. Processes: ID document scans, selfie images, sanctions data. Data location: EU and Russia data centres with appropriate transfer safeguards. Retention by sub-processor: 90 days following completion of verification, then deleted. All sub-processors in this category are subject to signed DPAs with GDPR-equivalent obligations.

Payment Gateway Provider: Processes payment card data and bank transfer details for subscription and event payments. Data processed: cardholder name, card number (tokenised), billing address, transaction amount. Data location: PCI-DSS Level 1 compliant data centres. IEC does not store full card numbers; only payment tokens are retained. Processing basis: necessity for contract performance.

Transactional Email Provider: Sends account notifications, verification emails, and event confirmations. Data processed: email address, name, content of system-generated messages. Data location: EU. Processing basis: SCCs. IEC does not use this sub-processor for marketing emails without separate consent management. Marketing Email Provider (where consented): Used for opted-in marketing communications. Data processed: email, name, preference data. Opt-out honoured within 10 business days.

Yandex.Metrica: Web analytics processing visitor session data (IP address — anonymised for EU visitors, device fingerprint, page URL, session duration) to understand platform usage. With analytics consent, the Webvisor feature additionally records anonymised on-page interactions (mouse, clicks, scrolling, form-field focus, navigation) and clickmaps as session recordings for UX analysis; sensitive fields (passwords, payment data) are masked and excluded. Data processed under consent for non-essential cookies. Data location: Russia (Yandex infrastructure). EU visitor data processed in privacy/anonymisation mode. Members and visitors may opt out via the Yandex.Metrica opt-out add-on or the platform Cookie Preferences Centre, where withdrawing analytics consent immediately stops recording.