FreeAgent subprocessors
Version 1.1: This list of subprocessors was updated July 2020. It may be updated in the future and we'll post the updated version here.
To support delivery of our Service, FreeAgent Central Ltd. ("FreeAgent") may engage and use data processors with access to certain Service data (each, a "Subprocessor"). This page provides important information about the identity, location and role of each Subprocessor. Terms used on this page but not defined have the meaning set forth in our Terms of Service and/or "Standard Framework Agreement" (the "Agreement"). Defined terms used herein shall have the same meaning as defined in the Agreement.
What is a subprocessor
A Subprocessor is a third party data processor engaged by FreeAgent who has or potentially will have access to or process Service data (which may contain Personal Data). FreeAgent engages different types of Subprocessors to perform various functions as explained in the tables below.
Due diligence
FreeAgent undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed Subprocessors that will or may have access to, or process, Service data.
Contractual Safeguards
FreeAgent requires its Subprocessors to satisfy equivalent obligations as those required from FreeAgent (as a Data Processor) as set forth in either FreeAgent's, or the corresponding Subprocessor's equivalent, Data Processing Addendum ("DPA"), incorporating Standard Contractual Clauses ("SCC") where appropriate, including but not limited to the requirements to:
- process Personal Data in accordance with FreeAgent's instructions;
- in connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
- implement and maintain appropriate technical and organisational measures (including measures consistent with those to which FreeAgent is contractually committed to adhere insofar as they are equally relevant to the Subprocessor's processing of Personal Data on FreeAgent's behalf);
- promptly inform FreeAgent about any actual or potential security breach; and
- cooperate with FreeAgent in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
This policy does not give users of the Service any additional rights or remedies and should not be construed as a binding agreement. The information here is provided for transparency purposes to illustrate FreeAgent's engagement process for Subprocessors as well as to provide the actual list of third party Subprocessors used by FreeAgent (as of the date of this policy) which FreeAgent may use in the delivery and support of its Service.
Process to engage new subprocessors
As our business grows and evolves, the Subprocessors we engage may also change. We will provide users of the Service with notice of any new Subprocessors to the extent required under the Agreement by posting such updates here.
FreeAgent will provide notice via this policy of updates to the list of Subprocessors that are utilised or which FreeAgent proposes to utilise to deliver its Service. FreeAgent undertakes to keep this list updated regularly to enable users of the Service to stay informed of the scope of subprocessing associated with the Service.
Please check back frequently for updates.
The following is an up-to-date list (as of the date of this policy) of the names and locations of FreeAgent Subprocessors.
Infrastructure Subprocessors - Service Data Storage
FreeAgent production systems for the Service are located in secure data centre facilities in Ireland. FreeAgent may use the following Subprocessors to host Service data or provide other infrastructure that helps with the delivery of the Service.
Entity Name | Subprocessing Activities | Country(ies) | Adequacy |
---|---|---|---|
Amazon Web Services, Inc. | Cloud service provider | United States; United Kingdom; Ireland | ISO 27001 GDPR Link DPA with SCC |
Google, Inc. | Cloud service provider | United States | ISO 27001 GDPR Link DPA with SCC |
Other Subprocessors
FreeAgent works with certain third parties to provide specific functionality around and within the Service. These providers are the Subprocessors detailed below. In order to provide the relevant functionality, we may transfer Service data to these Subprocessors. Their use is limited to the indicated activities.
Entity Name | Subprocessing Activities | Country(ies) | Adequacy |
---|---|---|---|
Salesforce | Customer management services | United Kingdom | ISO 27001 DPA |
ZenDesk | Customer support services | United States | ISO 27001 GDPR Link DPA with SCC |
Typeform | Online surveys | United States; Germany | GDPR Link DPA with SCC |
FormAssembly | Web form and survery generation | United States | GDPR Link DPA with SCC |
8x8 | Corporate VoIP | United Kingdom | ISO 27001 |
Moneypenny | Automated inbound answering service | United Kingdom | DPA |
DataDog | Application performance management | United States | SOC II GDPR Link DPA with SCC |
Humio | Log aggregation and analysis | Germany | GDPR Link DPA |
SendGrid | Email delivery service | United States | SOC II GDPR Link DPA with SCC |
Postmark | Email delivery service | United States | SOC II GDPR Link DPA with SCC |
Looker | Business intelligence visualisaton | Germany | ISO 27001 DPA |
Rollbar | Application exception management | United States | ISO 27001 GDPR Link DPA with SCC |
Sqreen | Application security monitoring | Ireland | DPA |
Sensibill | Receipt data extraction | Canada | DPA |
FreeAgent does not store payment card information or your bank account access details. Payment processing and account access information is handled directly by the following third parties according to their respective Privacy Policies and Terms of Service.
Entity Name | Subprocessing Activities | Country(ies) | Policy |
---|---|---|---|
Stripe | Outsourced payment management | United States; Europe | Privacy Policy |
Paypal | Outsourced payment management | United States; Europe | Privacy Policy |
GoCardless | Outsourced payment management | Europe | Privacy Policy |
Yodlee | Bank feeds access and aggregation | United Kingdom | Privacy Policy |