Floynk logo

Sub Processors

List of sub-processors used by Floynk for marketplace management services

Probeer Gratis

Sub Processors

Effective Date: January 1, 2025

This document lists the sub-processors that Floynk B.V. ("Floynk") engages to assist in providing our marketplace management services. This list is maintained in accordance with our Data Processing Agreement and applicable data protection regulations.

1. Introduction

As part of our commitment to transparency and compliance with data protection laws, Floynk maintains this comprehensive list of sub-processors who may process personal data on behalf of our customers.

1.1 Definition

A sub-processor is a third-party data processor engaged by Floynk to assist in providing services to our customers, which may involve the processing of personal data.

1.2 Customer Rights

  • Customers have the right to object to the use of specific sub-processors
  • We provide 30 days' notice before adding new sub-processors
  • We ensure all sub-processors meet our security and privacy standards

2. Sub-Processor Categories

2.1 Infrastructure Providers

Sub-processors that provide hosting, cloud services, and technical infrastructure.

2.2 Service Providers

Sub-processors that provide specialized services such as monitoring, analytics, or customer support tools.

2.3 Integration Partners

Sub-processors that facilitate connections with marketplaces and third-party services.

3. Current Sub-Processors

3.1 Cloud Infrastructure

Amazon Web Services (AWS)

  • Service: Cloud hosting and infrastructure
  • Location: Netherlands (EU-West-1), Ireland (EU-West-1)
  • Data Processed: All customer data and system data
  • Purpose: Primary hosting platform for applications and databases
  • Security Measures: SOC 2, ISO 27001, GDPR compliant

Microsoft Azure

  • Service: Backup cloud infrastructure and specific services
  • Location: Netherlands (West Europe), Germany (Germany West Central)
  • Data Processed: Backup data, monitoring data
  • Purpose: Disaster recovery and redundant services
  • Security Measures: SOC 2, ISO 27001, GDPR compliant

3.2 Database and Storage

MongoDB Atlas

  • Service: Database hosting and management
  • Location: Netherlands, Ireland
  • Data Processed: Application data, customer data
  • Purpose: Primary database services
  • Security Measures: SOC 2, ISO 27001, encryption at rest and in transit

Redis Labs

  • Service: Caching and session storage
  • Location: Ireland, Netherlands
  • Data Processed: Session data, cached application data
  • Purpose: Performance optimization and caching
  • Security Measures: Encryption, access controls, monitoring

3.3 Communication and Email

Mailgun (Sinch)

  • Service: Email delivery and management
  • Location: Ireland (EU region)
  • Data Processed: Email addresses, message content
  • Purpose: Transactional emails and notifications
  • Security Measures: GDPR compliant, encryption, access controls

Twilio

  • Service: SMS and communication services
  • Location: Ireland (EU region)
  • Data Processed: Phone numbers, SMS content
  • Purpose: Two-factor authentication and notifications
  • Security Measures: SOC 2, ISO 27001, GDPR compliant

3.4 Monitoring and Analytics

DataDog

  • Service: Application performance monitoring
  • Location: Germany (EU region)
  • Data Processed: System logs, performance metrics, error data
  • Purpose: System monitoring and performance optimization
  • Security Measures: SOC 2, GDPR compliant, data encryption

Sentry

  • Service: Error tracking and monitoring
  • Location: Germany (EU region)
  • Data Processed: Error logs, system diagnostics, user interaction data
  • Purpose: Application error tracking and debugging
  • Security Measures: GDPR compliant, data retention controls

3.5 Security Services

Cloudflare

  • Service: CDN, DDoS protection, security services
  • Location: Global network with EU data centers
  • Data Processed: Request logs, security event data
  • Purpose: Website security and performance
  • Security Measures: SOC 2, ISO 27001, GDPR compliant

Auth0 (Okta)

  • Service: Authentication and identity management
  • Location: Ireland (EU region)
  • Data Processed: User credentials, authentication data
  • Purpose: User authentication and access management
  • Security Measures: SOC 2, ISO 27001, GDPR compliant

3.6 Customer Support

Intercom

  • Service: Customer support and communication
  • Location: Ireland (EU region)
  • Data Processed: Customer messages, support tickets, user data
  • Purpose: Customer support and communication
  • Security Measures: SOC 2, GDPR compliant, data encryption

Zendesk

  • Service: Customer support ticketing
  • Location: Ireland (EU region)
  • Data Processed: Support tickets, customer information
  • Purpose: Customer support management
  • Security Measures: SOC 2, ISO 27001, GDPR compliant

3.7 Marketplace Integrations

Amazon Seller Central API

  • Service: Marketplace integration
  • Location: Various (based on marketplace region)
  • Data Processed: Product data, order data, customer information
  • Purpose: Amazon marketplace management
  • Security Measures: Amazon's security standards, encrypted API access

bol.com Partner API

  • Service: Marketplace integration
  • Location: Netherlands
  • Data Processed: Product data, order data, customer information
  • Purpose: bol.com marketplace management
  • Security Measures: bol.com security standards, encrypted API access

Shopify API

  • Service: E-commerce platform integration
  • Location: Various (based on store location)
  • Data Processed: Store data, product data, order information
  • Purpose: Shopify store management
  • Security Measures: Shopify security standards, OAuth authentication

3.8 Payment Processing

Stripe

  • Service: Payment processing
  • Location: Ireland (EU operations)
  • Data Processed: Payment information, transaction data
  • Purpose: Subscription billing and payment processing
  • Security Measures: PCI DSS Level 1, SOC 2, GDPR compliant

3.9 Analytics and Business Intelligence

Google Analytics

  • Service: Website analytics
  • Location: Ireland (EU region configuration)
  • Data Processed: Website usage data, anonymized user behavior
  • Purpose: Website performance and user behavior analysis
  • Security Measures: GDPR compliant configuration, IP anonymization

4. Sub-Processor Management

4.1 Due Diligence

Before engaging any sub-processor, Floynk conducts:

  • Security and privacy assessments
  • Contract review and data protection clauses
  • Ongoing monitoring and compliance verification
  • Regular security and compliance audits

4.2 Contractual Requirements

All sub-processors must:

  • Provide adequate guarantees for data protection
  • Process personal data only on documented instructions
  • Maintain appropriate technical and organizational measures
  • Assist with data subject rights and compliance obligations
  • Notify Floynk of any data breaches or security incidents

4.3 Data Transfer Safeguards

For sub-processors outside the EEA:

  • Standard Contractual Clauses (SCCs) are implemented
  • Adequacy decisions are verified where applicable
  • Additional safeguards are implemented as required
  • Transfer impact assessments are conducted

5. Changes to Sub-Processors

5.1 Addition of New Sub-Processors

  • 30 days' advance notice to customers via email
  • Information about the sub-processor and processing activities
  • Opportunity for customers to object on reasonable grounds
  • Alternative solutions if customer objects

5.2 Removal of Sub-Processors

  • Immediate update to this list
  • Notification to customers if requested
  • Secure data deletion from removed sub-processors

5.3 Changes to Existing Sub-Processors

  • Material changes communicated to customers
  • Updated security and compliance assessments
  • Contract updates as necessary

6. Customer Rights and Objections

6.1 Right to Object

Customers may object to the use of specific sub-processors by:

  • Sending written notice to legal@floynk.com
  • Providing reasonable grounds for the objection
  • Requesting alternative solutions

6.2 Resolution Process

If a customer objects to a sub-processor:

  1. We will work with the customer to address concerns
  2. We will explore alternative solutions if possible
  3. If no resolution is found, either party may terminate the agreement

7. Compliance and Monitoring

7.1 Regular Reviews

  • Quarterly review of all sub-processor relationships
  • Annual security assessments and audits
  • Continuous monitoring of compliance status
  • Updates to contracts and agreements as needed

7.2 Incident Management

  • Sub-processors must report incidents immediately
  • Coordinated incident response procedures
  • Customer notification as required
  • Post-incident review and improvements

8. Contact Information

For questions about sub-processors or to submit objections:

Legal and Compliance Team
Floynk B.V.
Email: legal@floynk.com
Privacy: privacy@floynk.com
Address: Company Address
Netherlands

9. Document History

VersionDateChanges
1.0January 1, 2025Initial version

This document is updated regularly. For the most current version, please visit our website or contact our legal team.

Last updated: January 1, 2025