FormEagle GDPR Compliance

This document supplements FormEagle's Privacy Policy and outlines our commitment to compliance with the General Data Protection Regulation (GDPR). It applies to all users of FormEagle whose personal data is processed within the European Economic Area (EEA) or whose personal data is processed by FormEagle, regardless of location.

1. Data Controller & Data Processor Roles

FormEagle as Data Controller: For certain limited data, FormEagle (Clicksambo OÜ) acts as the Data Controller. This includes account registration data (username, email, and phone number) used for account management, communication, and service delivery.

FormEagle as Data Processor: For lead data captured through your forms and processed via our Service, FormEagle acts as a Data Processor. Our customers (you) are the Data Controllers, responsible for determining the purposes and means of processing that lead data.

2. Personal Data Processed by FormEagle

As outlined in our Privacy Policy, the types of personal data processed by FormEagle include:

  • Contact Information: Username, email address, and phone number.
  • Billing Information: (Handled by our payment processor – FormEagle does not directly store this).
  • Lead Data: Information collected through integrated forms (Meta Ads, TikTok, Web Forms), which may include names, email addresses, phone numbers, and other contact details submitted by leads.
  • Usage Data: IP address, browser type, operating system, pages visited, timestamps, etc.
  • Cookie Data: Information collected through the use of cookies.

3. Legal Basis for Processing

We process personal data based on the following legal bases as defined in the GDPR:

  • Consent (Article 6(1)(a)): When we obtain your explicit consent to process your personal data for a specific purpose, such as sending marketing emails.
  • Contract (Article 6(1)(b)): When processing is necessary for the performance of a contract with you, such as providing access to the FormEagle Service and processing your payments.
  • Legitimate Interests (Article 6(1)(f)): When processing is necessary for our legitimate interests, including:
    • Improving our Service and User Experience
    • Preventing fraud and abuse
    • Ensuring data security
  • Legal Obligation (Article 6(1)(c)): When we are required to process your personal data to comply with a legal obligation.

4. Data Processing Agreement (DPA)

As FormEagle processes data on behalf of its customers (as Data Controllers), we offer a Data Processing Agreement (DPA) that outlines our obligations under the GDPR. Our DPA includes provisions related to:

  • Data Security: Implementing appropriate technical and organizational measures to protect personal data.
  • Confidentiality: Ensuring that personnel authorized to process personal data are subject to a duty of confidentiality.
  • Data Subject Rights: Assisting customers in responding to data subject requests (access, rectification, erasure, etc.).
  • Sub-Processors: A list of any sub-processors we use and our commitment to ensuring they meet GDPR requirements.
  • Data Breach Notification: Notifying customers of any data breaches affecting their personal data without undue delay.
  • Data Transfers: Ensuring lawful data transfers outside the EEA, using mechanisms such as Standard Contractual Clauses (SCCs).
  • Right to Audit: Customers have the right to audit FormEagle's data protection practices.

5. Your GDPR Rights

The GDPR grants you specific rights concerning your personal data. As a user of FormEagle, you have the following rights:

  • Right to Access (Article 15): To request information about the personal data we hold about you.
  • Right to Rectification (Article 16): To correct inaccurate or incomplete personal data.
  • Right to Erasure (Article 17) ("Right to be Forgotten"): To request the deletion of your personal data, under certain circumstances.
  • Right to Restriction of Processing (Article 18): To limit the way we use your personal data in certain cases.
  • Right to Data Portability (Article 20): To receive your personal data in a structured, machine-readable format.
  • Right to Object (Article 21): To object to the processing of your personal data under certain circumstances, including for direct marketing purposes.
  • Right to Withdraw Consent (Article 7): To withdraw your consent at any time, if we are processing your data based on consent.

6. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at support@clicksambo.com. We will respond to your request within one month.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in our Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods depend on the nature of the data and the purpose for which it is processed. After you delete your account the data will be kept in backups for up to 90 days.

8. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Data encryption (in transit and at rest)
  • Access controls
  • Regular security assessments
  • Intrusion detection and prevention systems
  • Incident response procedures

9. International Transfers of Information

If we transfer personal data to a country outside the EEA that has not been deemed to provide an adequate level of protection, we will implement appropriate safeguards, such as Standard Contractual Clauses, to ensure that your data is protected.

10. Subprocessors

A "subprocessor" is a third-party data processor engaged by us to process personal data on our behalf. We use the following subprocessors to provide and improve our services:

  • Meta Platforms Ireland Limited ("Meta"): Provides advertising and lead generation services through Meta Ads. Processes personal data for lead capture, ad targeting, and campaign optimization.
  • Microsoft Corporation ("Microsoft"): Provides advertising and lead generation services through Bing Ads. Processes personal data for lead capture, ad targeting, and campaign optimization.
  • TikTok Information Technologies UK Limited ("TikTok"): Provides advertising and lead generation services through TikTok Ads. Processes personal data for lead capture, ad targeting, and campaign optimization.
  • Google Ireland Limited ("Google"): Provides advertising, lead generation, and other services through Google Ads and various Google APIs. Processes personal data for lead capture, ad targeting, campaign optimization, and other functionalities.
  • Amazon Web Services, Inc. ("AWS"): Provides cloud computing services, including data storage and processing. Processes personal data for storing and managing user data, lead data, and other information related to the FormEagle service.
  • Stripe, Inc. ("Stripe"): Provides payment processing services. Processes personal data for handling payments and subscriptions.

We conduct due diligence on all subprocessors to ensure they meet GDPR compliance requirements and have appropriate safeguards in place to protect personal data. We also maintain data processing agreements (DPAs) with each subprocessor to ensure compliance with our obligations under the GDPR.

11. Contact Us

If you have any questions about this GDPR Compliance Document or our data handling practices, please contact us at support@clicksambo.com.

Cookie Preferences

This website uses cookies to improve user experience. By using our website, you consent to all cookies in accordance with our Cookie Policy. © 2025 ClickSambo OÜ, Estonia. All rights reserved.