Subprocessors
To support the delivery of our Services, Appfarm AS may engage and use data processors with access to certain Customer Data (each, a "Subprocessor"). This page provides vital information about the identity, location, and role of each Subprocessor. Terms used on this page but not defined have the meaning outlined in the Software Service Agreement or superseding written agreements between Customer and Appfarm.
Appfarm and its affiliates engage the following third-party entities to assist in connection with the Service as specified below:
Entity Name | Service location | Registered address | Country of registration | Service | Task performed | GDPR compliance | Schrems II | Link to DPA | Type of data stored | Storage period |
|---|---|---|---|---|---|---|---|---|---|---|
Report-URI Ltd. | Norway*** | 22 Shireburn Avenue, Clitheroe, Lancashire, United Kingdom, BB7 2PN | England and Wales | Report URI | Automated Content Security Policy anomaly reporting for platform users (Platform Security) | IP address, URL of Appfarm solution, Browser information (User Agent string) | Deleted after 30 days | |||
Functional Software, Inc. | USA | 132 Hawthorne Street, San Francisco, CA 94107 | USA | Sentry | Automated error reporting for platform users | IP address, browser information (User Agent string), internal Appfarm identifier and crash logs. End-users. | Deleted after 90 days | |||
Mailgun Technologies, Inc. | EU/EAA | 548 Market Street, Suite 43099, San Francisco, CA 94101 | USA | Email | Email services | Email address | Deleted after 30 days | |||
OnlineCity ApS | EU/EEA | Buchwaldsgade 50, 5000 Odense C | Denmark | Gateway API | SMS Services | Phone number, internal Appfarm identifier | * | |||
MongoDB Limited | Belgium | 3 Shelbourne Building, 3rd Floor, Crampton Avenue, Ballsbridge, Dublin 4 | Ireland | MongoDB Cloud | Database services | User’s given name, surname, email address, company name, all data stored through Appfarm Create and the applications created on the platform | * | |||
Amazon Web Services EMEA SARL | Sweden | 38 avenue John F. Kennedy, L-1855 Luxembourg, R.C.S. Luxemburg: B186284 | Luxembourg | Amazon Web Services | Cloud infrastructure for servers and databases. Email. | User IP-address and email address | * | |||
Google Cloud EMEA Limited | Belgium | Gordon House, Barrow Street, Dublin 4 | Ireland | Google Cloud Platform | Cloud infrastructure for servers and databases | User IP-address and email address | * |
* Customer data is continuously stored (and backed up) as long as the customer has an active Appfarm subscription. Customer data is stored up to 1 year after a subscription is canceled (if not otherwise instructed by the Customer) to facilitate Customer's data transfer procedures.
*** Data is sent to the closest Cloudflare edge node to the user. For users in Norway, this is Oslo, in other countries most likely country of origin.
Appfarm and its affiliates engage the following third-party entities to assist in delivering services to Appfarm Customers, but not connected to the Appfarm Platform. Hence, these Third-Party Subprocessors do not process or store personal data related to Appfarm Customers’ use of the Appfarm Platform and the Service. These Third-Party Subprocesses are used for auxiliary business activities such as customer relationship management, communication, project management, and other purposes where Appfarm have a legitimate interest to operate. For further information, please see Appfarm’s Privacy Policy.
Company | Service location | Registered address | Country of registration | Service | Task performed | GDPR compliance | Schrems II | Link to DPA | Type of data stored | Storage period |
|---|---|---|---|---|---|---|---|---|---|---|
Teamtailor AB | EU/EAA | Östgötagatan 16, 116 21 Stockholm | Sweden | Teamtailor | Applicant tracking software (ATS) | Given name, surname, phone number, CV, grades, references, messages, emails, reason for application response, interview notes | Data is deleted after 30 days | |||
Docspring, Inc. | EU/EAA | 2035 Sunset Lake Road, Suite B-2, Newark, Delaware 19702 | USA | Docspring | PDF-generator API service | View | Appfarm client specific PDF-data | Data is deleted after 7 days | ||
Civilized Discourse Construction Kit, Inc. | EU/EAA | 8 The Green Suite #8383, Dover, DE, 19901 | USA | Discourse | Discussion forum platform | Given name, surname, email address. | ** | |||
Webflow, Inc | USA | 398 11th Street, Floor 2, San Francisco, CA 94103 | USA | Webflow | Website building and hosting | View | Customer name, customer logo, given name, surname | ** | ||
Notion Labs, Inc. | USA | 548 Market St #74567, San Francisco | USA | Notion | Internal workspace and project management application | Customer name, partner name, email address, given name, surname and phone number | ** | |||
Contractbook ApS | EU/EAA | Masnedøgade 22, st, 2100 Copenhagen | Denmark | Contractbook | Contract management platform | Given name, surname, company name, address, email address, location | ** | |||
EdInvent, Inc. | EU/EAA | 113 Barksdale Professional Center, Newark, DE 19711, USA | USA/India | Mercer Mettl | Online examination and proctoring platform | View | Given name, surname, email address, birthdate, phone number, country of login, face image, image of valid ID, test results, webcam and screen recording during certification exams. | Exam data older than three months is deleted every three months | ||
Google Cloud EMEA Limited | EU/EAA | Gordon House, Barrow Street, Dublin 4 Ireland | EU/EAA | Google Workspace | Cloud computing, productivity and collaboration tools | View | View | Name and surname, company name, email address, phone number | ** | |
HubSpot, Inc. | EU/EAA | 25 First Street, 2nd Floor, Cambridge, MA 02141 | USA | Hubspot | Sales, marketing, and customer relationship management activities | Company name, given name, surname, email address, phone number, emails | ** | |||
Slack Technologies, Inc. | USA | 500 Howard Street, San Francisco, California 94105 | USA | Slack | Instant messaging services | Name and surname, company name, email address, phone number | Deleted after 90 days |
* Customer data is continuously stored (and backed up) as long as the customer has an active Appfarm subscription. Customer data is stored up to 1 year after a subscription is canceled (if not otherwise instructed by the Customer) to facilitate Customer's data transfer procedures.
Appfarm may also use other third-party service providers to process personal data from individuals, interacting with Appfarm outside the use of the Service, if it is necessary to provide you with a contractual service (GDPR art. 6.1 b), if we are required by law, court orders or legal processes to disclose your personal data (GDPR art. 6.1 c), or it can be justified based on our legitimate interest in doing so (GDPR art. 6.1 f). Examples of this would be cloud-based email, accounting, and CRM systems. Please see Appfarm’s Privacy Policy for more information.
As our business grows and evolves, the Subprocessors we engage may also change. We will endeavor to provide the owner of the Customer's account with notice of any new Subprocessors to the extent required under the Agreement, along with posting such updates here. Please check back frequently for updates.
The EU–US Data Privacy Framework is a transatlantic data transfer framework between the United States and the European Union. The European Commission adopted its adequacy decision for the framework on July 10th, 2023. The adequacy decision concludes that the United States ensures an adequate level of protection for personal data transferred from the EU to companies participating in the EU-U.S. Data Privacy Framework. With the adoption of the adequacy decision, European entities are able to transfer personal data to participating companies in the United States, without having to put in place additional data protection safeguards. Although Appfarm has put in place necessary safeguards (e.g., standard contractual clauses) with all US-based sub-processors outlined above, this decision will apply for all US-based sub-processors participating in the framework as the US is now considered a secure third country under GDPR.
The following companies listed as sub-processors in a third country currently not listed in the Data Privacy Framework are:
- Mailgun Technologies, Inc.
- Notion Labs, Inc.
- Docspring, Inc.
- Civilized Discourse Construction Kit, Inc.
- EdInvent, Inc.
Appfarm has engaged in dialog with the companies in question regarding their timeline to get registered on the list of the Data Privacy Framework.
Appfarm has discontinued use of Atlassian Inc. and their service Trello.
Appfarm has added new subprocessors in order to provide our existing and prospective customers, users, and partners an improved and more comprehensive product offering:
- Notion Labs, Inc. (with its service Notion): Internal communication tool, process management, and project management system.
- Contractbook ApS (with its service Contractbook): Contract management platform
- Webflow, Inc. (with its service Webflow): Website services
- Civilized Discourse Construction Kit, Inc. (with its service Discourse): Community and forum platform used to organize engagement and processes
- Docspring, Inc. (with its service Docspring): PDF template management and API service
- Teamtailor AB (with its service Teamtailor): Applicant tracking system
None of these new subprocessors are directly connected to the Service, but offer services Appfarm use for auxiliary business activities, of which some customer data may be processed.
Appfarm has, as of today, discontinued Freshworks, Inc. and its service Freshworks as a subprocessor.
Appfarm has, as of today, added EdInvent, Inc. and Mettl Technologies, Inc. as new subprocessors. Both vendors are used in relation to our certification program, and is not connected to the Appfarm Platform (“the Service”).
Appfarm has, as of today, added HubSpot, Inc. as a new subprocessor. Hubspot is used as a customer relationship management (CRM) system and is not connected to the Appfarm Platform (“the Service”). HubSpot offers regional data hosting, and all data is located in HubSpot’s product infrastructure hosted on Amazon Web Services (AWS) in Germany.
Appfarm has, as of today, added Amazon Web Services (AWS) as a new subprocessor for the Appfarm Platform (the "Service") processing Customer Personal Data. The current use of AWS in the Appfarm Platform will be restricted to the use of the Amazon Simple Email Service (SES). Other AWS services may be used at a later time.
The reason for the change is that several Appfarm customers have at times experienced poor delivery times with the internal Appfarm email service, which, among others, is used for delivery of PIN-codes for user authentication purposes. The Appfarm engineering team has concluded that the current vendor and subprocessor (Mailgun Technologies) should be replaced with a more reliable service to secure the highest service quality of the Appfarm platform.
All Appfarm customers have been notified of the change. In line with the Appfarm Data Processing Agreement (section 7.2), the new subprocessor will not take effect and become active in use in the Appfarm platform until 30 days (September 17th, 2021), if not otherwise instructed by Appfarm customers.
Although, in the light of European Court of Justice decision C-311/18 (Schrems-II) in which Privacy Shield as grounds for data transfers to third countries was invalidated, Appfarm is still ensuring that its Third-Party Subprocessors are compliant with the GDPR framework, either by implementing Standard Contractual Clauses ensuring the same level of protection for its users or similar grounds accepted by the EDPB. This includes, but is not limited to, already existing service providers and service providers in the future.
Last modified 24d ago