Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 74 Next »

55 Degrees uses the third-party companies below (each, a “sub-processor”) to process data, sometimes personal data (i) on behalf of 55 Degrees' customers; (ii) in accordance with customer instructions as communicated by 55 Degrees; and (iii) in strict accordance with the terms of a written contract, if one exists, between 55 Degrees and the sub-processor. If we use additional sub-processors to deliver our service but don't send personal or user-generated data (aka. customer data) to them for processing, they will not be listed in this document. The supplier (e.g., vendors or sub-processors) relevant to you will depend on your interactions with 55 Degrees.

55 Degrees thoroughly reviews its sub-processors regularly to check that it is up-to-date and that vendors implement appropriate technical and organizational measures ensuring that the sub-processing of personal data is protected to the standards required by applicable data protection laws. Further information on sub-processor security measures can be found via the external links below. 55 Degrees customers may subscribe to notifications of sub-processor changes to receive updates.

For each sub-processor below, processing of personal data will be for the duration that the customer uses and continues to use the applicable service(s) and for the retention periods as set out in our privacy policy and customer agreements. Please note that not all suppliers listed will be relevant to your usage of our tools and services. Therefore we have created sections that should help you clearly identify which suppliers are relevant for you. You can use the links below to navigate directly to relevant sections.

Jump to the list of sub-processors or suppliers relevant to:


General Communication and Subscription Management

Supplier

Purpose for the Processing or Storage

Which Data?

When?

Where?

Important Notes

Brevo (was SendinBlue)

Marketing Emails

  • Email Address

  • Date and method of consent

  • Newsletters subscribed to

  • Optional information provided such as Name, Company, Relevant interests

When you subscribe to our mailing lists

EU

Technically, we don’t transfer your information. We embed or use pages or forms hosted by Brevo.

Relevant documents

Google Ireland

(Google Workspace, including Email)

DPA | Privacy Policy

Customer Email Communication

  • Email subjects,

  • Email bodies,

  • Email attachments,

  • Email senders,

  • Email message recipients

When you email us.

All data is stored at rest in Europe.

What data is covered by a data region policy?

Technically, we don’t transfer your information. Your emails go directly to this sub-processor.

Relevant Documents:

Microsoft (Teams, OneDrive)

DPA | Privacy Statement

Video Meetings and Recording storage

  • Name and Email address of those registered for, and attending, a meeting

  • Chat logs

  • Video recordings (only upon consent of attendees)

When you register for or attend, a meeting hosted on the service.

EU

Technically, we don’t transfer your information. You either enter information directly into this subprocessor or another subprocessor (Google Workspace) transfers the data to Teams.

Planhat AB OUTGOING

(HQ: Sweden)

DPA | Privacy Policy

Customer Success Platform

  • Name and Email address for crucial account contacts and power users

  • A record of activities with and emails to/from users associated with an account

  • Subscription information (application, term, date paid, cost, etc.)

When your information is provided to us as a key contact for a new or existing subscription or evaluation.

When you communicate/interact with us regarding your organization’s subscription or evaluation.

EU

We transfer information.

Relevant documents

Startdeliver AB NEW

(HQ: Sweden)

Privacy Policy

DPA upon request

Customer Success Platform

  • Name and Email address for crucial account contacts and power users

  • A record of activities with and emails to/from users associated with an account

  • Subscription information (application, term, date paid, cost, etc.)

When your information is provided to us as a key contact for a new or existing subscription or evaluation.

When you communicate/interact with us regarding your organization’s subscription or evaluation.

EU

We transfer information.

Relevant documents

Stripe

(HQ: USA)

DPA | Privacy Policy

Credit card payment processing

  • Email address(es)

  • Full Name

  • Organization Name & VAT number

  • Billing Address

  • Credit Card Information

Upon purchase or renewal of a paid subscription for ActionableAgile Analytics (https://analytics.actionableagile.com ) or ActionableAgile for Azure DevOps.

USA

Technically, we don’t transfer your information. Our Subscription Management subprocessor, Recurly, communicates directly with Stripe for credit card payment processing.

Relevant documents

Visma Spcs AB

(HQ: Sweden)

Privacy Statement

Quoting and Invoicing for customers paying by wire transfer

  • Email address(es)

  • Full Name

  • Organization Name & VAT number

  • Billing Address

When you request a quote or an invoice for products or services sold directly from 55 Degrees.

EU

We transfer information.

Relevant documents

WIX

(HQ: Israel)

DPA | Privacy Policy | Cookie Policy | ISO 27001 Compliance

Website Creation and Hosting Provider

  • WIX automatically collects information such as IP address, browser, OS, etc.

When you visit our website at https://55degrees.se

USA, EU, Japan, Israel (depending on what the information is and if WIX is using a subprocessor).

Relevant documents

  • Privacy Policy: Marketing (to be linked)

Wordpress by Automattic

(HQ: USA)

DPA upon request

Website Creation and Hosting Provider. Services used:

  • Wordpress.com

  • Akismet

  • Jetpack

  • Wordpress automatically collects information such as IP address, browser, OS, etc for their hosting logs.

When you visit our website at https://actionableagile.com

USA

Technically, we don’t transfer your information. Our site is run by Automattic on wordpress.com and they collect information directly to run and manage the service.

Relevant documents

  • Privacy Policy: Marketing (to be linked)

Zoom

(HQ: USA)

DPA | Privacy Statement

Video Meetings and Recording storage
Meeting Scheduling Service

  • Name and Email address of those registered for, and attending, a meeting

  • Chat logs

  • Video recordings (only upon consent of attendees)

When you register for or attend, a meeting hosted on the service.

USA (data at rest)

EU (data in transit)

Technically, we don’t transfer your information. You either enter information directly into this subprocessor or another subprocessor (Google Workspace, Mighty Networks) transfers the data to Zoom.

Jump to top

Our Jira Cloud Applications

Supplier

Purpose for the Processing or Storage

Which Data?

When?

Where?

Important Notes

Amazon AWS

DPA | Supplementary Addendum | UK Addendum

Hosting Logs (S3 Global, CloudFront)

  • IP address

When you use our Cloud applications

Global (Data stored in region of user)

We transfer information.

Relevant documents

Storage for configurations required for operation of applications or features.

  • Jira User Account IDs (a pseudonymized string created by Atlassian)

Depending on configurations required for providing functionality.

For example in ActionableAgile: We store Jira Account IDs for users who own and can access shared data sets.

EU

We transfer information.

Relevant documents

MixPanel

(HQ: USA)

DPA | Privacy Policy

Product Usage Analytics

  • Subscription ID

  • Email domain of billing contact

  • Events Triggered from the usage of the service (and Date/Time they occurred)

  • Information about the user’s computer, browser, and session length

  • Referrer URL/Domain

When you use our Cloud applications (not relevant for Server or Data Center Customers)

EU

We transfer information.

Relevant documents

Product Fruits

(HQ: Czech Republic)

DPA | Privacy Policy

In-App User Help and Messaging (General and Context-Specific)

Measuring usefulness of in-app user help and messaging.

  • Unique user ID

  • Analytics re interactions with the messages provided via the service.

  • Key user actions (to display contextual user messaging)

When you use our Cloud applications

EU

We transfer information.

Relevant documents

Sentry

(HQ: USA)

DPA | Privacy Policy

Error logging and handling

  • Organization’s subscription ID

  • Information about the user’s computer, browser

When you experience a javascript error while using one of our Cloud applications

USA

We transfer information.

Relevant documents

Jump to top

Our Azure Cloud and Standalone SaaS Applications

Supplier

Purpose for the Processing or Storage

Which Data?

When?

Where?

Important Notes

Amazon AWS

DPA | Supplementary Addendum | UK Addendum

Hosting Logs (S3 Global, CloudFront)

  • IP address

When you use our Cloud applications

Global (Data stored in region local to the user)

We transfer information.

Relevant documents

Authorization for OAuth connections to work management systems like Jira Cloud

  • OAuth Access Token (encrypted)

When you use an OAuth based wizard to connect to your work management system

EU (Frankfurt)

Authorization for our embedded Azure app. (processing data currently stored in Firestore Database)

  • Azure authenticated User ID

When you access ActionableAgile within your Azure DevOps Services instance we look for your ID in our Azure subscription files to see if you are listed as a user in a valid subscription.

EU (Frankfurt)

Google Cloud (Firebase)

DPA | Privacy Policy

Firestore Database

  • Azure authenticated User ID

This is anonymous for managed users in a subscription as we have no way to lookup the personal data associated with the Azure ID.

For the subscriber it is psuedonymized. We can connect this information to a subscriber email in Recurly.

When you access ActionableAgile within your Azure DevOps Services instance.

EU

We transfer information.

Relevant documents

Google Cloud (Firebase)

DPA | Privacy Policy

Firestore Database

Authentication (Firebase Authentication)

Authorisation (Firebase Functions)

  • Identifier (Email Address)

  • Authentication Provider Used

  • Created Date

  • Last logged-in date

  • Unique User ID

When you log into ActionableAgile Analytics (https://analytics.actionableagile.com)

EU

We transfer information.

Relevant Documents

MixPanel

(HQ: USA)

DPA | Privacy Policy

Product Usage Analytics

  • Subscription ID

  • Email domain of billing contact

  • Events Triggered from the usage of the service (and Date/Time they occurred)

  • Information about the user’s computer, browser, and session length

  • Referrer URL/Domain

When you use ActionableAgile Standalone or ActionableAgile for Azure DevOps Services

EU

We transfer information.

Relevant documents

Product Fruits

(HQ: Czech Republic)

DPA | Privacy Policy

In-App User Help and Messaging (General and Context-Specific)

Measuring usefulness of in-app user help and messaging.

  • Unique user ID

  • Analytics re interactions with the messages provided via the service.

  • Key user actions (to display contextual user messaging)

When you use our Cloud applications

EU

We transfer information.

Relevant documents

Recurly

(HQ: USA)

DPA | Privacy Policy

Subscription Management, including selected Transactional Emails

  • Email address(es)

  • Full Name

  • Organization Name & VAT number

  • Billing Address

  • Credit Card Information

  • Coupons applied

  • Account notes

  • Audit log of account management actions 

  • Audit log of system-generated emails sent to the customer

When you start, update, or cancel an evaluation or paid subscription for ActionableAgile Analytics (https://analytics.actionableagile.com ) or ActionableAgile for Azure DevOps.

USA

Technically, we don’t transfer your information. We use hosted account management pages and forms used in our app are hosted forms. So, you’re entering information directly into our subprocessor and we don’t handle the transfer.

Relevant Documents:

Sentry

(HQ: USA)

DPA | Privacy Policy

Error logging and handling

  • Organization’s subscription ID

  • IP address

When you experience a javascript error while using one of our Cloud applications

USA

We transfer information.

Relevant documents

Jump to top

Our Support Portal

Supplier

Purpose for the Processing or Storage

Which Data?

When?

Where?

Important Notes

Jira Service Management (Atlassian Corporation Plc)

(HQ: Australia)

DPA | Data Transfer Impact Assessment | Privacy Policy

Customer Support Request Management

  • Name and Email address of person reporting issue (aka customer)

  • Organization name

  • Email address for issue participants

  • Content added to support requests  

You create a support request through our support portal or via email to support@55degrees.se or support@actionableagile.com.

When we create a support request on your behalf because you contacted us through other channels.

EU/EEA (primary)

USA (subset of core data)

Technically, we don’t transfer your information. Refined, our Support Portal platform communicates directly with the JSM platform to authenticate users and manage support requests.

Relevant Documents:

Refined

(HQ: Sweden)

DPA upon request | Privacy Policy

Customer Support Request Management

  • User ids of logged-in users

  • IP address of site visitors (logged for 2 weeks)

The following data is processed, but not stored

  • Personally identifiable information.

  • Login credentials - authentication through Atlassian.

  • Atlassian Content - fetched on demand for the user requesting the data, never cached.

When you log into our support portal at https://support.55degrees.se and when you create or manage support requests via our support portal.

Refined provides a nice front-end to our Jira Service Management projects and is a proxy for Jira Service Management content.

EU

Technically, we don’t transfer your information. You interact directly with this subprocessor when using our support site. This subprocessor communicates with Atlassian’s Jira Service management platform for authentication and to manage support requests

Relevant Documents:

Jump to top

Our Community Site

Supplier

Purpose for the Processing or Storage

Which Data?

When?

Where?

Important Notes

Mighty Networks

(HQ: USA)

DPA | Remove your data | Privacy Policy | EU/EEA/UK Privacy Notice | Cookie Policy

Community Platform Provider (SaaS)

  • Membership and Profile Information

  • Your Content

  • Communication

  • Automatically Collected Information about your visits to the Mighty Network are logged (date, time, browser, device type, operating system, and originating IP address).

When you visit or log into our community site at community.55degrees.se

USA

Technically, we don’t transfer your information. You interact directly with this subprocessor when using our community site.

55 Degrees has limited access to some of the automatically collected information in the form of analytics known as Mighty Insights.

Mighty Networks will display a cookie banner for their own purposes and links directly to their cookie policy.

Stripe

(HQ: USA)

DPA | Privacy Policy

Credit card payment processing

  • Email address(es)

  • Full Name

  • Organization Name & VAT number

  • Billing Address

  • Credit Card Information

Upon purchase or renewal of a paid course or plan for the Community Site.

USA

Technically, we don’t transfer your information. Our community site platform subprocessor, Mighty Networks, communicates directly with Stripe to handle billing.

Relevant documents

Quaderno

(HQ: Spain)

DPA | Privacy Policy | Security Policy

SaaS VAT/Tax Compliance Service

  • Personal identification data: full name, address, phone number, and email address.

  • Financial data: tax ID, VAT number, bank account number, invoices, and credit notes.

  • Device-specific data: IP address (to comply with EU VAT rules for e-services).

When you purchase a paid course or other plans within the community

EU (Amsterdam)

via Digital Ocean’s data center

Technically, we don’t transfer your information. Our Credit Card payment processing platform subprocessor communicates directly with Quaderno to handle tax calculations.

Relevant documents

Jump to top

Our Training and Workshops

Supplier

Purpose for the Processing or Storage

Which Data?

When?

Where?

Important Notes

Automation Consultants (UK)

Privacy Policy | Why trust us?

Share information about you and your participation in a workshop when they perform a workshop for us so they can:

  • Administrate your attendance in a workshop

  • Communicate with you as a participant before or during the workshop

  • Name

  • E-mail address

  • Information about which company you represent

  • Position in your company

  • Former workshops you have participated in

Following registration for a workshop.

UK

We send this information to the sub-processor via email.

Relevant documents:

Google Ireland

(Google Workspace, including Email)

DPA | Privacy Policy

Customer Email Communication

  • Email subjects,

  • Email bodies,

  • Email attachments,

  • Email senders,

  • Email message recipients

When you email us.

All data is stored at rest in Europe.

https://support.google.com/a/answer/9223653?amp;rd=1&product_name=UnuFlow&visit_id=638048137949688124-3524331817&rd=2&src=supportwidget0

Technically, we don’t transfer your information. Your emails go directly to this sub-processor.

Relevant documents

Microsoft (Teams, OneDrive)

DPA | Privacy Statement

Video Meetings and Recording storage

  • Name and Email address of those registered for, and attending, a meeting

  • Chat logs

  • Video recordings (only upon consent of attendees)

When you register for or attend, a meeting hosted on the service.

EU

Technically, we don’t transfer your information. You either enter information directly into this subprocessor or another subprocessor (Google Workspace) transfers the data to Teams.

Relevant documents

Mighty Networks

(HQ: USA)

DPA | Remove your data | Privacy Policy | EU/EEA/UK Privacy Notice | Cookie Policy

Community Platform Provider (SaaS)

  • Membership and Profile Information

  • Your Content

  • Communication

  • Automatically Collected Information about your visits to the Mighty Network are logged (date, time, browser, device type, operating system, and originating IP address).

When you use our community platform to interact with others in a space dedicated to the training or workshop you’re enrolled in.

USA

Technically, we don’t transfer your information. You interact directly with this subprocessor when using our community site.

55 Degrees has limited access to some of the automatically collected information in the form of analytics known as Mighty Insights.

Mighty Networks will display a cookie banner for their own purposes and links directly to their cookie policy.

Mural

(HQ: USA)

DPAPrivacy Policy

Collaboration / Digital Whiteboarding Platform (SaaS)

  • Contact information (including name, email) OPTIONAL

  • Profile information (including employer, job title, location, team, role) OPTIONAL

  • Device identifiers (including IP address)

  • User Generated Content

When you join a mural you can join anonymously or as a guest. If you join as a guest, which gives you additional privileges then you need to provide contact information.

When you use Mural, the subprocessor collects information noted in their privacy policy.

When you interact in a Mural, you control the content that you add to the workspace.

US

Technically, we don’t transfer your information. You enter information directly into this subprocessor.

Relevant documents

ProKanban.org

Training curriculum provider and certification body

  • Name

  • Email

  • Course taken

  • Date(s) of course taken

When we send a list of candidates that are available for a free certification exam.

USA

We transfer information.

Relevant documents

Quaderno

(HQ: Spain)

DPA | Privacy Policy | Security Policy

SaaS VAT/Tax Compliance Service

  • Personal identification data: full name, address, phone number, and email address.

  • Financial data: tax ID, VAT number, bank account number, invoices, and credit notes.

  • Device-specific data: IP address (to comply with EU VAT rules for e-services).

When you use a credit card to pay for training or workshop and are subject to VAT.

EU (Amsterdam)

via Digital Ocean’s data center

Technically, we don’t transfer your information. Our Credit Card payment processing platform subprocessor communicates directly with Quaderno to handle tax calculations.

Relevant documents

Stripe

(HQ: USA)

DPA | Privacy Policy

Credit card payment processing

  • Email address(es)

  • Full Name

  • Organization Name & VAT number

  • Billing Address

  • Credit Card Information

When you pay by credit card for any training or workshop, whether live or on-demand in the community.

USA

Do we technically transfer your data?

If purchased through community site: No. Mighty Networks handles this.

If you receive an invoice from us (not self-service): Yes.

Relevant documents

Zoom

(HQ: USA)

DPA | Privacy Statement

Video Meetings and Recording storage

  • Name and Email address of those registered for, and attending, a meeting

  • Chat logs

  • Video recordings (only upon consent of attendees)

When you register for or attend, a meeting hosted on the service.

USA (data at rest)

EU (data in transit)

Technically, we don’t transfer your information. You either enter information directly into this subprocessor or another subprocessor (Google Workspace, Mighty Networks) transfers the data to Zoom.

Relevant documents

Jump to top


 Change Log

October 14, 2024: Adding Automation Consultants as a training partner who will deliver some of our customer workshops.

September 2, 2024: Adding startdeliver CSM tool which will replace planhat over the next few months. Removed all references to Google Firebase Functions in the US for Azure users.

July 19, 2024: Removed Scrum.org as a sub-processor, added additional data to Product Fruits sub-processor (marked NEW), noted the planned replacement of Google firebase functions in US with AWS in EU for Azure users starting September 1, removed references to standalone labs as that has been decommissioned..

April 15, 2024: Removed Calendly as a sub-processor, Added Product Fruits for our Cloud products.

October 10, 2023: Removed Pipedrive as a sub-processor.

June 30, 2023: Updated Data Storage and Processing region for our support portal supplier, Refined, as we migrated our data to EU now that that is an option.

June 8, 2023: Added information about Mighty Networks, Added WIX and Wordpress/Automattic, reordered suppliers in alphabetical order within each section.

May 15, 2023: Fixed links for AWS

March 29 - 31, 2023:

  1. Updated last column to include important notes.

  2. Added related 55 Degrees documents for each supplier (privacy policies, DPAs)

March 14, 2023:

  1. Adding information pertaining to the new OAuth connector to Jira Cloud in our ActionableAgile Standalone product.

  2. Adding information about how we’ll use AWS for configuration storage in upcoming features for Jira Cloud applications.

  3. Restructured the page by bringing subscription management rows up to the general table.

March 3, 2023: Added suppliers for our training and workshop business.

February 17, 2023: Added Planhat as a vendor. This vendor will end up replacing Pipedrive for customer success operations.

November 21 & 22, 2022:

  1. Change to the format of tabular information in order to provide clarity in regards to who actually transfers data (if a transfer occurs) and when you are directly interacting with a sub-processor. This should add clarity as to why we rely on our sub-processor’s SCCs and addendums and do not require any in our DPA as of this time.

  2. Updated Google Ireland (Google Workspace) to show that we are processing/storing data in EU.

  3. Updated Google Cloud (Firebase) to show more granularly what we are using in the US and what is in the EU.

  • No labels