FLM system logo

Menu

List of Data Processing Entities

Prepared: June 2026

The list below sets out the external entities with which FLM System shares personal data in the course of operating flmsystem.com. For each entity it specifies its role under the GDPR, the scope of data processed and the legal basis required for the cooperation.

Processors – data processing agreement (DPA) required

The following entities process personal data on FLM System's instructions, under a concluded data processing agreement (DPA).

1. Hetzner Online GmbH (Germany) – Processor

  • Data scope: Production server (Helsinki) and log and metrics servers (Falkenstein). System users' data.
  • Legal basis: DPA (provided by Hetzner). Data within the EEA – no additional transfer mechanism required.

2. Backblaze Inc. (Europe) – Processor

  • Data scope: Database backups and storage of match photos (containing individuals' images).
  • Legal basis: DPA. Data within the EEA – no additional transfer mechanism required.

3. Mailgun / Sinch Email (Europe) – Processor

  • Data scope: Sending transactional and system e-mails. Recipients' e-mail addresses and message content are processed.
  • Legal basis: DPA. Data within the EEA – no additional transfer mechanism required.

4. Fingoweb Sp. z o.o. Sp. k. (Poland) – Processor

  • Data scope: Development and maintenance of FLM System. Access to production databases and servers, and administration of logs and metrics.
  • Legal basis: Data processing agreement (DPA).

Independent controllers / joint controllers – no DPA

The following entities independently determine the purposes and means of processing (as independent controllers or joint controllers), so no data processing agreement applies between them and FLM System.

5. Microsoft Corporation (USA) – Clarity – Independent controller

  • Data scope: Recording of user sessions (mouse movements, clicks, scrolling, partial/masked IP addresses).
  • Legal basis: Notice in the privacy policy + user consent (cookie consent).

6. Stripe Inc. (USA) – Independent controller

  • Data scope: Customers' payment data. Stripe independently determines the purposes and means of processing.
  • Legal basis: No DPA. Notice in the FLM System privacy policy.

7. Google LLC (USA) – GA4, Google Ads – Independent controller

  • Data scope: Data on user behaviour on the website (IP, cookies, device identifiers). Triggered via GTM.
  • Legal basis: Notice in the privacy policy + user consent (cookie consent).

8. Meta Platforms (USA) – Pixel – Joint controller

  • Data scope: Data on users' activity on the website for advertising purposes.
  • Legal basis: Joint controller agreement (provided by Meta) + user consent.

9. LinkedIn Corp. (USA) – Insight Tag – Joint controller

  • Data scope: User data for analytics and advertising purposes.
  • Legal basis: Joint controller agreement + user consent.
Data Processing Entities | FLM System