1. Introduction:
This Data Processing Agreement (DPA) is part of the Terms of Service for Falcos, a SaaS digital invoicing platform operated by Sales Magnet Holdings Limited, a company registered in the United Kingdom. Falcos is committed to protecting the personal data of our users in compliance with the Data Protection Act 2018 and the UK GDPR. All data processing activities are conducted in accordance with applicable laws to ensure the highest standards of data security and privacy.
Explanation of how user data is collected, stored, used, and protected.
Identification of the parties involved (e.g., "We," "Us," "Our Company" for the provider, and "You," "Your," "User" for the customer)
2. Data Processing Overview
Falcos, provided by Sales Magnet Holdings Limited, acts as a data processor on behalf of its customers who use our invoicing services. This DPA describes how we process personal data to provide our services and our responsibilities as both a data controller and processor.
3. Scope of Processing
The scope of the processing activities covered under this DPA includes the collection, storage, and management of personal data required to generate digital invoices. This data may include business contact information, billing details, and other identifiers required for invoicing. Falcos does not store any financial payment information. All digital payment processing is securely managed by our payment partner, Stripe.
4. Data Storage and Location
All user data processed by Falcos is held within the United Kingdom. We ensure compliance with the UK GDPR regarding the protection of personal data, ensuring that our data storage practices adhere to strict security and privacy standards.
5. Roles and Responsibilities
Data Controller : Customers of Falcos act as the data controller, deciding the purpose and means of processing personal data related to their invoicing operations.
Data Processor : Sales Magnet Holdings Limited (Falcos) acts as a data processor, processing personal data on behalf of customers as per their instructions and in accordance with this DPA.
6. Subprocessors
Falcos uses third-party subprocessors to assist in providing the invoicing service, specifically Stripe, which processes payments on behalf of users. Any subprocessors used by Falcos comply with relevant data protection regulations and are subject to the same obligations under this DPA.
7. Security Measures
We take all appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our data security measures include encryption, access controls, secure storage, and regular vulnerability assessments.
8. Data Subject Rights
As a data processor, Falcos supports its customers in complying with requests from individuals related to their personal data, such as rights to access, correction, erasure, or restriction of processing. Any requests will be directed to the data controller (i.e., the customer).
9. Data Retention
We retain personal data only for as long as it is necessary for providing our services or as required by applicable law. Upon termination of the agreement with a customer, system data will be retained for 60 days before being deleted or anonymized in compliance with our data retention policies. Contact information of the client (user of the product) may be retained for administrative purposes.
10. Data Breach Notification
In the event of a personal data breach, Falcos will notify affected customers within 24 hours of identifying the breach, in compliance with the Data Protection Act 2018 and the UK GDPR. We will provide all necessary information, including the nature of the breach, the data involved, and the actions taken to mitigate its impact. Falcos will also cooperate fully to address the incident and prevent future breaches, as required by applicable law.
11. Data Retention
We retain personal data only for as long as it is necessary for providing our services or as required by applicable law. Upon termination of the agreement with a customer, system data will be retained for 60 days before being deleted or anonymized in compliance with our data retention policies. Contact information of the client (user of the product) may be retained for administrative purposes.
12. Contact Information
If you have any questions regarding this DPA or need further assistance, you can contact us at:
Sales Magnet Holdings Limited
Falcos Support Team
Email: support@falcos.com
Address: C/O Mira Media Group Walker Road, Hoults Estates, Hoults Yard, Newcastle Upon Tyne, NE6 2HL United Kingdom
13. Changes to the Policy
Falcos reserves the right to modify this DPA to reflect changes in our processing practices or legal requirements. All changes will be communicated to customers with adequate notice before they take effect. Should any changes be made, Falcos will notify all customers to ensure they are aware of updates and have the opportunity to review the modifications.