Issues displaying this page on internet explorer? – try switching to another browser or download Microsoft Edge.

Free Trial

Sub-Processors

updated on: 3 February 2026

Introduction

This Sub-Processor List identifies all third-party service providers (“Sub-Processors”) that HQ Rental Software engages to process personal data on behalf of our customers located in the European Economic Area (EEA).

This list applies to customers whose data is primarily stored in our Netherlands data center. As outlined in our Data Processing Addendum, customer data may be replicated to our United States infrastructure and accessed by Sub-Processors as described below.

Change Notification Process

HQ Rental Software is committed to maintaining this Sub-Processor List with current and accurate information. This list is regularly reviewed and updated as needed. Customers should check this page periodically for any changes. The most current version of this list is always available at: https://hqrentalsoftware.com/dpa-subprocessors

Sub-Processors

Infrastructure & Hosting

DigitalOcean, LLC

Location: United States (New York, NY)
Data Processing Location: Netherlands (Amsterdam data center)
Purpose: Primary cloud hosting infrastructure for EEA customers
Data Processed: All customer data, including personal data of end-users (names, contact information, booking details, payment metadata)

Website: https://digitalocean.com

Linode, LLC (Akamai Technologies)

Location: United States (Philadelphia, PA)
Data Processing Location: United States
Purpose: Centralized data replication, application processing, internal analytics, and staging environments
Data Processed: Replicated customer data including personal data of end-users
Website: https://linode.com

Amazon Web Services, Inc. (AWS)

Location: United States (Seattle, WA)
Data Processing Location: United States
Purpose: Backup storage (S3 and Glacier services)

Data Processed: Encrypted backups of customer data including personal data
Website: https://aws.amazon.com

Cloudflare, Inc.

Location: United States (San Francisco, CA)
Data Processing Location: Global CDN network including EEA

Purpose: Content delivery network (CDN), DDoS protection, DNS services
Data Processed: IP addresses, HTTP headers, cookies (for security and performance)
Website: https://cloudflare.com

Communication Services

Postmark (ActiveCampaign, LLC)

Location: United States (Chicago, IL)
Data Processing Location: United States and global email infrastructure
Purpose: Transactional email delivery (booking confirmations, password resets, notifications)
Data Processed: Email addresses, customer names, transactional email content
Website: https://postmarkapp.com

Payment Processing

Stripe, Inc.

Location: United States (San Francisco, CA)
Data Processing Location: Global, including United States and EEA
Purpose: Payment gateway for credit/debit card processing
Data Processed: Payment card data, billing information, transaction details
Website: https://stripe.com

Redsys Servicios de Procesamiento, S.L.

Location: Spain (Madrid)
Data Processing Location: Spain and EEA
Purpose: Payment gateway (primarily for Spanish market)
Data Processed: Payment card data, billing information, transaction details
Website: https://redsys.es

Braintree (PayPal)

Location: United States (Chicago, IL / San Jose, CA)
Data Processing Location: United States and global payment network
Purpose: Payment gateway for credit/debit cards and PayPal
Data Processed: Payment card data, billing information, transaction details
Website: https://braintreepayments.com

PayPal Holdings, Inc.

Location: United States (San Jose, CA)
Data Processing Location: United States, EEA (Luxembourg operations), and global
Purpose: Alternative payment method
Data Processed: PayPal account information, transaction details
Website: https://paypal.com

Mollie B.V.

Location: Netherlands (Amsterdam)
Data Processing Location: Netherlands and EEA
Purpose: Payment gateway (popular in European markets)
Data Processed: Payment card data, billing information, transaction details
Website: https://mollie.com

CX Pay

Location: Curaçao (Willemstad)
Data Processing Location: Curaçao and international payment networks
Purpose: Payment gateway
Data Processed: Payment card data, billing information, transaction details

Global Payments Inc.

Location: United States (Atlanta, GA)
Data Processing Location: United States, EEA, and global operations
Purpose: Payment gateway and merchant services
Data Processed: Payment card data, billing information, transaction details
Website: https://globalpayments.com

Mobipaid

Location: United States (Pittsboro, NC) / South Africa operations
Data Processing Location: United States and global banking network
Purpose: Contactless payment processing and payment links
Data Processed: Payment card data, billing information, transaction details
Website: https://mobipaid.com

Customer Support

Zendesk, Inc.

Location: United States (San Francisco, CA)
Data Processing Location: United States and global data centers
Purpose: Customer support ticketing system
Data Processed: Support ticket content, customer contact information, conversation history
Website: https://zendesk.com

Error Monitoring & Application Performance

Sentry

Location: United States (San Francisco, CA)
Data Processing Location: United States
Purpose: Error tracking, application monitoring, and performance management
Data Processed: Error logs, stack traces, user context (may include usernames, email addresses, IP addresses), application performance data
Website: https://sentry.io

Geolocation Services

MaxMind, Inc.

Location: United States (Waltham, MA)
Data Processing Location: United States
Purpose: IP address geolocation services
Data Processed: IP addresses for location detection
Website: https://maxmind.com

Analytics Services

Google Analytics (Google LLC)

Location: United States (Mountain View, CA)
Data Processing Location: United States and global Google infrastructure
Purpose: Track trial account creation and conversion to subscriptions, website analytics
Data Processed: IP addresses (anonymized), browser information, user behavior data, conversion events
Website: https://analytics.google.com

Hotjar Ltd

Location: Malta
Data Processing Location: European Union (AWS EU regions)
Purpose: User behavior analytics, heatmaps, session recordings
Data Processed: User interactions, anonymized session data, feedback responses
Website: https://hotjar.com

Vehicle API Integrations (Optional)

Note: These services only process data if customers activate these optional features.

Axle Technologies, Inc.

Location: United States (Boston, MA)
Data Processing Location: United States
Purpose: Vehicle telematics API for fleet management integrations
Data Processed: Vehicle identification data, location, odometer, fuel levels (when feature is enabled)
Website: https://axleapi.com

Smartcar, Inc.

Location: United States (Mountain View, CA)
Data Processing Location: United States
Purpose: Connected vehicle API for car data access
Data Processed: Vehicle identification data, location, battery/fuel status, odometer (when feature is enabled)
Website: https://smartcar.com

Zubie, Inc.

Location: United States
Data Processing Location: United States
Purpose: Vehicle telematics and fleet tracking
Data Processed: Vehicle identification data, location, driving behavior data (when feature is enabled)
Website: https://zubie.com

Moovetrax

Location: United States (Orlando, FL)
Data Processing Location: United States
Purpose: Vehicle telematics platform
Data Processed: Vehicle identification data, location, telematics data (when feature is enabled)

Data Transfer Mechanisms

Transfers within the EEA

Sub-Processors located within the EEA (Redsys, Mollie, Hotjar, and DigitalOcean Netherlands data center) process data within the European Economic Area, requiring no additional transfer mechanisms under GDPR.

Transfers to the United States and Other Third Countries

For Sub-Processors located outside the EEA, HQ Rental Software relies on:

1. Standard Contractual Clauses (SCCs): We have implemented the European Commission’s Standard Contractual Clauses (2021) with all Sub-Processors that process EEA customer data outside the EEA.

2. Supplementary Measures: In addition to SCCs, we implement technical and organizational measures including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Strong access controls and authentication
  • Regular security audits and assessments
  • Contractual confidentiality obligations
  • Data minimization practices

3. Other Mechanisms: Some Sub-Processors (e.g., PayPal) rely on additional mechanisms such as Binding Corporate Rules (BCRs) approved by European data protection authorities.

Security and Compliance

All Sub-Processors are contractually required to:

  • Implement appropriate technical and organizational security measures
  • Process data only on documented instructions from HQ Rental Software
  • Maintain confidentiality of personal data
  • Assist with data subject rights requests
  • Notify HQ Rental Software of any data breaches
  • Delete or return data upon termination of services

Contact Information

HQ Rental Software

Mahaaiweg 4, Willemstad, Curaçao

Email: [email protected]

Email: https://hqrentalsoftware.com

Resources

Contact

Facebook Linkedin

Download the App

© 2026 HQ Rental Software – All rights reserved.
Get Started

Sorry, but You need to be on a desktop or laptop to sign up for a trial.

Start your 7-day free trial with HQ Rental Software