Note:
The information in this article pertains to the data processing activities we conduct as a processor in providing our contract management software to our customers. Information on data processing activities for which we are responsible can be found in our privacy policy.
fynk adheres to all relevant data protection regulations, particularly the requirements of the EU General Data Protection Regulation (GDPR), ensuring the highest standards of data protection and security. We see it as one of our primary duties to ensure the security and confidentiality of your data.
In this article, we would like to disclose where your data is processed and stored within fynk and under what circumstances data transfers outside the European Economic Area (EEA) may occur.
Processing Locations at fynk
Primarily, we use data centers within the EEA, including Germany and Sweden, for the operation of our infrastructure. In accordance with Article 28 GDPR, we have concluded Data Processing Agreements (DPAs) with all our subprocessors. The permanent storage of contract content is exclusively in our database located in Amazon Web Services (AWS) data centers in Germany. All other data processing generally takes place at the aforementioned locations. Additionally, we store encrypted backups at other locations within the EEA, which we do not disclose for security reasons.
For support and troubleshooting purposes, our employees at our office in Vienna, Austria, may have access to our systems, subject to all necessary technical and organizational measures.
Details on International Data Transfers
Since we utilize the most modern technologies and tools for our contract management software, we are sometimes subject to rate-limiting and availability issues that make international data transfers and the use of subprocessors from third countries necessary. This particularly includes the USA, but is limited to a few specific processing situations:
For our AI functionalities, we rely on the only currently available European site in Sweden and a location in the USA, which may lead to temporary data transfers to the USA. The data is processed in the USA only for the duration of handling the request and is not stored permanently. Customer data is never used for AI training, regardless of the processing location. The assignment to locations (USA or EEA) is random or based on optimal load distribution. This distribution across multiple locations is necessary to manage peak loads, such as mass uploads of numerous documents. If you wish to restrict the AI functions to the European location only, please contact us at: [email protected].
For customer support, usage analysis, user experience optimization, and automated error detection and logging, we partially use tools from U.S. providers. All customer data processing and storage occur exclusively within the EEA. However, in rare cases, it cannot be ruled out that data may be transferred to the USA as part of support inquiries or error handling, or due to temporary server issues.
For hosting our website (not the fynk web application), we use Cloudflare. This is a content delivery network and load balancing tool that allows us to host our website with high availability and mitigate potential denial-of-service attacks effectively. In this context, visiting our website may involve the transfer of browser data (IP address, user agent, etc.) to the USA. This exclusively pertains to the fynk website where information about our product is provided, not our contract management software at app.fynk.com.
All international data transfers are conducted in compliance with all relevant data protection regulations. Transfers occur only when a valid transfer instrument under Articles 44 ff. GDPR exists. Further details can be found in our data protection agreement.
Subprocessors
Regardless of processing location, here is a list of all subprocessors we use to provide our services:
Older Versions
Contact
If you have questions about the changes or about information security and data protection at fynk, please feel free to contact our compliance team at [email protected] or our external data protection and information security officer at [email protected]. We are happy to help and find a solution together.