Data security

Freevacy Ltd have completed the Cyber Essentials 

Freevacy’s Information security processes were assessed as adequate against cyber-attack.  Cyber Essentials is mandatory for central government contracts which involve handling personal information and providing certain ICT products and services.

IT systems which process personal data

Freevacy uses several IT cloud service providers to process your personal:

  • Microsoft Office 365 
  • Salesforce 
  • QuickBooks Online
  • Google Analytics 
  • Eventbrite
  • MailChimp / MailJet 

3rd-party suppliers who have access to personal data

Freevacy work with the following IT and marketing third-party suppliers / contractors who through the course of facilitating their services to us may have access to your personal data:

Data location & level of protection

Vendor 

(Link to privacy notice)

Product

Data Stored within UK or EU

Data can be Stored outside UK or  EU under

Information Security measures in place to protect your data

Microsoft

 

Office 365

Exchange Online

SharePoint

Skype For Business 

Yes

EU Model Clauses

ISO/IEC 27001,  ISO/IEC 27018,  

Intuit Inc.

QuickBooks Online

-

EU –US Privacy Shield & Truste

ISO/IEC 27001

Salesforce.com

Salesforce.com

-

EU –US Privacy Shield & Truste

ISO/IEC 27001,  ISO/IEC 27018

MailChimp

MailChimp

-

EU –US Privacy Shield & Truste

 

MailJet

MailJet

Yes

-

ISO/IEC 27001

Eventbrite

Eventbrite

-

EU –US Privacy Shield

ISO/IEC 27001, PCI DSS

Google

Google Analytics

Google Tag Manager

Yes

EU –US Privacy Shield

ISO/IEC 27001

Iomart group Plc

Web Hosting

Yes

-

ISO/IEC 27001,  ISO/IEC 27018, PCI DSS, Cyber Essentials

Reviews.io

3rd-Party Customer Reviews

Yes

-

Encryption at rest, unused accounts are deleted after 3 months.