Sovereignty Scan/Vendors/Anbieterprüfung

Risk indicator, not a GDPR compliance verdict. Point-in-time assessment based on public web stack signals.Methodology & LimitationsCorrect listing / submit response

Jurisdiction

Anbieterprüfung: GDPR Assessment & Vendor List

Anbieter, deren Konzernstruktur oder Datenverarbeitungsstandort sich nicht aus öffentlichen Quellen eindeutig bestimmen lässt. Vor Vertragsschluss manuell verifizieren.

72 curated profiles2,324 total detectedJurisdiktion noch nicht eindeutig bestimmt

Last updated: May 05, 2026

Vendors

Sorted by category

Each entry links to a dedicated profile with GDPR verdict, ownership chain, data categories, migration plan and FAQ.

Terminbuchung

All Terminbuchung vendors

3 providers · Online-Terminbuchung & Scheduling-Tools

CRM

All CRM vendors

8 providers · Customer Relationship Management

Formulare & Lead-Erfassung

All Formulare & Lead-Erfassung vendors

14 providers · Formular-Builder & Lead-Captures

Analytics & Tracking

All Analytics & Tracking vendors

29 providers · Web-Analytics & Tracking-Tools

Tag Management & CDPs

1 providers · Tag Manager & Customer Data Platforms

AdOpt
AdOpt
🌍

E-Mail-Marketing & Versand

All E-Mail-Marketing & Versand vendors

2 providers · Newsletter, Transaktions-E-Mail & Versand

Office & Kommunikation

All Office & Kommunikation vendors

1 providers · Office-Suites & Team-Kommunikation

Jitsi
8x8, Inc. (meet.jit.si) / Open-Source
🌍

Live-Chat & Support

All Live-Chat & Support vendors

4 providers · Live-Chat, Helpdesk & Customer-Support

Zahlungen

All Zahlungen vendors

1 providers · Payment-Provider & Zahlungsabwicklung

Razorpay
Razorpay Software Private Limited
🌍

CDN

All CDN vendors

5 providers · Content Delivery Networks

Hosting / Compute

All Hosting / Compute vendors

4 providers · Cloud-Hosting & Compute

Other jurisdictions:EU- & EWR-Anbieter UK & Schweiz US-Anbieter

Frequently asked questions

Anbieterprüfung: in brief

Why is the jurisdiction unclear for these providers?

We set ‘Provider review required’ when the corporate structure or data processing location cannot be clearly derived from public sources — for example because the legal notice is incomplete, multiple parent companies are listed, or the subprocessor list is not publicly accessible. For DACH B2B purchases, these providers should be manually verified before signing a contract.

How can I verify a provider’s jurisdiction myself?

Four sources: a commercial register extract of the parent company, the legal notice and privacy policy of the provider’s website, the DPA and its annex listing subprocessors, and on request the hosting region. A DPF entry (for US providers) is publicly verifiable on the DPF list. With US subprocessors within an EU provider, the CLOUD Act applies indirectly.

How did the Sovereignty Scan determine the jurisdiction?

We check the registered seat and parent company (commercial register, legal notice, privacy policy), the contractual partner for EU customers, the hosting region, and the subprocessor list. For multi-level structures (EU contractual partner + US parent), we label the primary jurisdiction and additionally flag ‘third-country transfer check required’.

Also by category

Vendor overview by application area

Terminbuchung26 Lead-Routing & Terminbuchung8 CRM33 Formulare & Lead-Erfassung39 E-Signatur7 Sales-Content / Deal Rooms2 Analytics & Tracking119 Tag Management & CDPs20 Session-Replay & Heatmaps9 E-Mail-Marketing & Versand44 Office & Kommunikation13 Live-Chat & Support33 Video-Konferenzen14 Zahlungen20 CDN17 Hosting / Compute25 DNS-Provider6 Error-Tracking4

Next Step

Which Anbieterprüfung are running on your website?

60 seconds, no login. The Sovereignty Scan lists all detected tools with jurisdiction, ownership chain and matching EU alternative.

Start Sovereignty Scan Back to vendor directory Methodology