55 Degrees Sub-Processors and Suppliers

55 Degrees uses the third-party companies below (each, a “sub-processor”) to process data, sometimes personal data (i) on behalf of 55 Degrees' customers; (ii) in accordance with customer instructions as communicated by 55 Degrees; and (iii) in strict accordance with the terms of a written contract, if one exists, between 55 Degrees and the sub-processor. If we use additional sub-processors to deliver our service but don't send personal or user-generated data (aka. customer data) to them for processing, they will not be listed in this document. The supplier (e.g., vendors or sub-processors) relevant to you will depend on your interactions with 55 Degrees.

55 Degrees thoroughly reviews its sub-processors regularly to check that it is up-to-date and that vendors implement appropriate technical and organizational measures ensuring that the sub-processing of personal data is protected to the standards required by applicable data protection laws. Further information on sub-processor security measures can be found via the external links below. 55 Degrees customers may subscribe to notifications of sub-processor changes to receive updates.

For each sub-processor below, processing of personal data will be for the duration that the customer uses and continues to use the applicable service(s) and for the retention periods as set out in our privacy policy and customer agreements. Please note that not all suppliers listed will be relevant to your usage of our tools and services. Therefore we have created sections that should help you clearly identify which suppliers are relevant for you. You can use the links below to navigate directly to relevant sections.

Jump to the list of sub-processors or suppliers relevant to:

General Communication and Subscription Management

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes
Brevo (was SendinBlue)	Marketing Emails	Email Address Date and method of consent Newsletters subscribed to Optional information provided such as Name, Company, Relevant interests	When you subscribe to our mailing lists	EU	Technically, we don’t transfer your information. We embed or use pages or forms hosted by Brevo. Relevant documents Privacy Policy: If your company is a customer Privacy Policy: If you receive our surveys, newsletters, or other marketing
Google Ireland (Google Workspace, including Email) DPA \| Privacy Policy	Customer Email Communication	Email subjects, Email bodies, Email attachments, Email senders, Email message recipients	When you email us.	All data is stored at rest in Europe. What data is covered by a data region policy?	Technically, we don’t transfer your information. Your emails go directly to this sub-processor. Relevant Documents: DPA: Cloud Products Privacy Policy: If your company is a customer
Microsoft (Teams, OneDrive) DPA \| Privacy Statement	Video Meetings and Recording storage	Name and Email address of those registered for, and attending, a meeting Chat logs Video recordings (only upon consent of attendees)	When you register for or attend, a meeting hosted on the service.	EU	Technically, we don’t transfer your information. You either enter information directly into this subprocessor or another subprocessor (Google Workspace) transfers the data to Teams.
Planhat AB outgoing (HQ: Sweden) DPA \| Privacy Policy	Customer Success Platform	Name and Email address for crucial account contacts and power users A record of activities with and emails to/from users associated with an account Subscription information (application, term, date paid, cost, etc.)	When your information is provided to us as a key contact for a new or existing subscription or evaluation. When you communicate/interact with us regarding your organization’s subscription or evaluation.	EU	We transfer information. Relevant documents Privacy Policy: If your company is a customer
Startdeliver AB new (HQ: Sweden) Privacy Policy DPA upon request	Customer Success Platform	Name and Email address for crucial account contacts and power users A record of activities with and emails to/from users associated with an account Subscription information (application, term, date paid, cost, etc.)	When your information is provided to us as a key contact for a new or existing subscription or evaluation. When you communicate/interact with us regarding your organization’s subscription or evaluation.	EU	We transfer information. Relevant documents Privacy Policy: If your company is a customer
Stripe (HQ: USA) DPA \| Privacy Policy	Credit card payment processing	Email address(es) Full Name Organization Name & VAT number Billing Address Credit Card Information	Upon purchase or renewal of a paid subscription for ActionableAgile Analytics (https://analytics.actionableagile.com ) or ActionableAgile for Azure DevOps.	USA	Technically, we don’t transfer your information. Our Subscription Management subprocessor, Recurly, communicates directly with Stripe for credit card payment processing. Relevant documents Privacy Policy: If your company is a customer
Visma Spcs AB (HQ: Sweden) Privacy Statement	Quoting and Invoicing for customers paying by wire transfer	Email address(es) Full Name Organization Name & VAT number Billing Address	When you request a quote or an invoice for products or services sold directly from 55 Degrees.	EU	We transfer information. Relevant documents Privacy Policy: If your company is a customer
WIX (HQ: Israel) DPA \| Privacy Policy \| Cookie Policy \| ISO 27001 Compliance	Website Creation and Hosting Provider	WIX automatically collects information such as IP address, browser, OS, etc.	When you visit our website at https://55degrees.se	USA, EU, Japan, Israel (depending on what the information is and if WIX is using a subprocessor).	Relevant documents Privacy Policy: Marketing (to be linked)
Wordpress by Automattic (HQ: USA) DPA upon request	Website Creation and Hosting Provider. Services used: Wordpress.com Akismet Jetpack	Wordpress automatically collects information such as IP address, browser, OS, etc for their hosting logs.	When you visit our website at https://actionableagile.com	USA	Technically, we don’t transfer your information. Our site is run by Automattic on wordpress.com and they collect information directly to run and manage the service. Relevant documents Privacy Policy: Marketing (to be linked)
Zoom (HQ: USA) DPA \| Privacy Statement	Video Meetings and Recording storage Meeting Scheduling Service	Name and Email address of those registered for, and attending, a meeting Chat logs Video recordings (only upon consent of attendees)	When you register for or attend, a meeting hosted on the service.	USA (data at rest) EU (data in transit)	Technically, we don’t transfer your information. You either enter information directly into this subprocessor or another subprocessor (Google Workspace, Mighty Networks) transfers the data to Zoom.

Jump to top

Our Jira Cloud Applications

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes
Amazon AWS DPA \| Supplementary Addendum \| UK Addendum	Hosting Logs (S3 Global, CloudFront)	IP address	When you use our Cloud applications	Global (Data stored in region of user)	We transfer information. Relevant documents Privacy Policy: If your company is a customer
Amazon AWS DPA \| Supplementary Addendum \| UK Addendum	Storage for configurations required for operation of applications or features.	Jira User Account IDs (a pseudonymized string created by Atlassian)	Depending on configurations required for providing functionality. For example in ActionableAgile: We store Jira Account IDs for users who own and can access shared data sets.	EU (Stockholm) Options for those eligible for data residency: US (N. Virginia) Australia (Sydney)	We transfer information. Relevant documents DPA: Cloud Products Privacy Policy: If your company is a customer
MixPanel (HQ: USA) DPA \| Privacy Policy	Product Usage Analytics	Subscription ID Email domain of billing contact Events Triggered from the usage of the service (and Date/Time they occurred) Information about the computer, browser, and session length (but no information about which user triggered the event unless consent is explicitly provided) Referrer URL/Domain	When you use our Cloud applications (not relevant for Server or Data Center Customers)	EU	We transfer information. Relevant documents Privacy Policy: If your company is a customer
Product Fruits (HQ: Czech Republic) DPA \| Privacy Policy	In-App User Help and Messaging (General and Context-Specific) Measuring usefulness of in-app user help and messaging.	Unique user ID Analytics re interactions with the messages provided via the service. Key user actions (to display contextual user messaging)	When you use our Cloud applications	EU	We transfer information. Relevant documents Privacy Policy: If your company is a customer
Sentry (HQ: USA) DPA \| Privacy Policy	Error logging and handling	Organization’s subscription ID Information about the user’s computer, browser	When you experience a javascript error while using one of our Cloud applications	USA	We transfer information. Relevant documents Privacy Policy: If your company is a customer

Jump to top

Our Azure Cloud and Standalone SaaS Applications

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes
Amazon AWS DPA \| Supplementary Addendum \| UK Addendum	Hosting Logs (S3 Global, CloudFront)	IP address	When you use our Cloud applications	Global (Data stored in region local to the user)	We transfer information. Relevant documents Privacy Policy: If your company is a customer DPA: Cloud Products
	Authorization for OAuth connections to work management systems like Jira Cloud	OAuth Access Token (encrypted)	When you use an OAuth based wizard to connect to your work management system	EU (Frankfurt)
	Authorization for our embedded Azure app. (processing data currently stored in Firestore Database)	Azure authenticated User ID	When you access ActionableAgile within your Azure DevOps Services instance we look for your ID in our Azure subscription files to see if you are listed as a user in a valid subscription.	EU (Frankfurt)
	Storage for configurations required for operation of applications or features.	User Account IDs (a pseudonymized string)	Depending on configurations required for providing functionality.	EU (Stockholm)
Google Cloud (Firebase) DPA \| Privacy Policy	Firestore Database	Azure authenticated User ID This is anonymous for managed users in a subscription as we have no way to lookup the personal data associated with the Azure ID. For the subscriber it is psuedonymized. We can connect this information to a subscriber email in Recurly.	When you access ActionableAgile within your Azure DevOps Services instance.	EU	We transfer information. Relevant documents DPA: Cloud Products
Google Cloud (Firebase) DPA \| Privacy Policy	Firestore Database Authentication (Firebase Authentication) Authorisation (Firebase Functions)	Identifier (Email Address) Authentication Provider Used Created Date Last logged-in date Unique User ID	When you log into ActionableAgile Analytics (https://analytics.actionableagile.com)	EU	We transfer information. Relevant Documents DPA: Cloud Products
MixPanel (HQ: USA) DPA \| Privacy Policy	Product Usage Analytics	Subscription ID Email domain of billing contact Events Triggered from the usage of the service (and Date/Time they occurred) Information about the computer, browser, and session length (but no information about which user triggered the event unless consent is explicitly provided) Referrer URL/Domain	When you use ActionableAgile Standalone or ActionableAgile for Azure DevOps Services	EU	We transfer information. Relevant documents Privacy Policy: If your company is a customer
Product Fruits (HQ: Czech Republic) DPA \| Privacy Policy	In-App User Help and Messaging (General and Context-Specific) Measuring usefulness of in-app user help and messaging.	Unique user ID Analytics re interactions with the messages provided via the service. Key user actions (to display contextual user messaging)	When you use our Cloud applications	EU	We transfer information. Relevant documents Privacy Policy: If your company is a customer
Recurly (HQ: USA) DPA \| Privacy Policy	Subscription Management, including selected Transactional Emails	Email address(es) Full Name Organization Name & VAT number Billing Address Credit Card Information Coupons applied Account notes Audit log of account management actions Audit log of system-generated emails sent to the customer	When you start, update, or cancel an evaluation or paid subscription for ActionableAgile Analytics (https://analytics.actionableagile.com ) or ActionableAgile for Azure DevOps.	USA	Technically, we don’t transfer your information. We use hosted account management pages and forms used in our app are hosted forms. So, you’re entering information directly into our subprocessor and we don’t handle the transfer. Relevant Documents: Privacy Policy: If your company is a customer
Sentry (HQ: USA) DPA \| Privacy Policy	Error logging and handling	Organization’s subscription ID IP address	When you experience a javascript error while using one of our Cloud applications	USA	We transfer information. Relevant documents Privacy Policy: If your company is a customer

Jump to top

Our Support Portal

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes

Supplier

Purpose for the Processing or Storage

Which Data?

When?

Where?

Important Notes

Jira Service Management (Atlassian Corporation Plc)

(HQ: Australia)

DPA | Data Transfer Impact Assessment | Privacy Policy

Customer Support Request Management

Name and Email address of person reporting issue (aka customer)
Organization name
Email address for issue participants
Content added to support requests

You create a support request through our support portal or via email to support@55degrees.se or support@actionableagile.com.

When we create a support request on your behalf because you contacted us through other channels.

EU/EEA (primary)

USA (subset of core data)

Technically, we don’t transfer your information. Refined, our Support Portal platform communicates directly with the JSM platform to authenticate users and manage support requests.

Relevant Documents:

Refined

(HQ: Sweden)

DPA upon request | Privacy Policy

Customer Support Request Management

User ids of logged-in users
IP address of site visitors (logged for 2 weeks)

The following data is processed, but not stored

Personally identifiable information.
Login credentials - authentication through Atlassian.
Atlassian Content - fetched on demand for the user requesting the data, never cached.

When you log into our support portal at https://support.55degrees.se and when you create or manage support requests via our support portal.

Refined provides a nice front-end to our Jira Service Management projects and is a proxy for Jira Service Management content.

EU

Technically, we don’t transfer your information. You interact directly with this subprocessor when using our support site. This subprocessor communicates with Atlassian’s Jira Service management platform for authentication and to manage support requests

Relevant Documents:

Jump to top

Our Community Site

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes

Supplier

Purpose for the Processing or Storage

Which Data?

When?

Where?

Important Notes

Mighty Networks

(HQ: USA)

DPA | Remove your data | Privacy Policy | EU/EEA/UK Privacy Notice | Cookie Policy

Community Platform Provider (SaaS)

Membership and Profile Information
Your Content
Communication
Automatically Collected Information about your visits to the Mighty Network are logged (date, time, browser, device type, operating system, and originating IP address).

When you visit or log into our community site at community.55degrees.se

USA

Technically, we don’t transfer your information. You interact directly with this subprocessor when using our community site.

55 Degrees has limited access to some of the automatically collected information in the form of analytics known as Mighty Insights.

Mighty Networks will display a cookie banner for their own purposes and links directly to their cookie policy.

Stripe

(HQ: USA)

DPA | Privacy Policy

Credit card payment processing

Email address(es)
Full Name
Organization Name & VAT number
Billing Address
Credit Card Information

Upon purchase or renewal of a paid course or plan for the Community Site.

USA

Technically, we don’t transfer your information. Our community site platform subprocessor, Mighty Networks, communicates directly with Stripe to handle billing.

Relevant documents

Privacy Policy: If your company is a customer

Quaderno

(HQ: Spain)

DPA | Privacy Policy | Security Policy

SaaS VAT/Tax Compliance Service

Personal identification data: full name, address, phone number, and email address.
Financial data: tax ID, VAT number, bank account number, invoices, and credit notes.
Device-specific data: IP address (to comply with EU VAT rules for e-services).

When you purchase a paid course or other plans within the community

EU (Amsterdam)

via Digital Ocean’s data center

Technically, we don’t transfer your information. Our Credit Card payment processing platform subprocessor communicates directly with Quaderno to handle tax calculations.

Relevant documents

Privacy Policy: If your company is a customer

Jump to top

Our Training and Workshops

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes

Supplier	Purpose for the Processing or Storage	Which Data?	When?	Where?	Important Notes
Automation Consultants (UK) Privacy Policy \| Why trust us?	Share information about you and your participation in a workshop when they perform a workshop for us so they can: Administrate your attendance in a workshop Communicate with you as a participant before or during the workshop	Name E-mail address Information about which company you represent Position in your company Former workshops you have participated in	Following registration for a workshop.	UK	We send this information to the sub-processor via email. Relevant documents:
Google Ireland (Google Workspace, including Email) DPA \| Privacy Policy	Customer Email Communication	Email subjects, Email bodies, Email attachments, Email senders, Email message recipients	When you email us.	All data is stored at rest in Europe. https://support.google.com/a/answer/9223653?amp;rd=1&product_name=UnuFlow&visit_id=638048137949688124-3524331817&rd=2&src=supportwidget0	Technically, we don’t transfer your information. Your emails go directly to this sub-processor. Relevant documents Privacy Policy: If your company is a customer
Microsoft (Teams, OneDrive) DPA \| Privacy Statement	Video Meetings and Recording storage	Name and Email address of those registered for, and attending, a meeting Chat logs Video recordings (only upon consent of attendees)	When you register for or attend, a meeting hosted on the service.	EU	Technically, we don’t transfer your information. You either enter information directly into this subprocessor or another subprocessor (Google Workspace) transfers the data to Teams. Relevant documents Privacy Policy: If your company is a customer
Mighty Networks (HQ: USA) DPA \| Remove your data \| Privacy Policy \| EU/EEA/UK Privacy Notice \| Cookie Policy	Community Platform Provider (SaaS)	Membership and Profile Information Your Content Communication Automatically Collected Information about your visits to the Mighty Network are logged (date, time, browser, device type, operating system, and originating IP address).	When you use our community platform to interact with others in a space dedicated to the training or workshop you’re enrolled in.	USA	Technically, we don’t transfer your information. You interact directly with this subprocessor when using our community site. 55 Degrees has limited access to some of the automatically collected information in the form of analytics known as Mighty Insights. Mighty Networks will display a cookie banner for their own purposes and links directly to their cookie policy.
Mural (HQ: USA) DPA \| Privacy Policy	Collaboration / Digital Whiteboarding Platform (SaaS)	Contact information (including name, email) optional Profile information (including employer, job title, location, team, role) optional Device identifiers (including IP address) User Generated Content	When you join a mural you can join anonymously or as a guest. If you join as a guest, which gives you additional privileges then you need to provide contact information. When you use Mural, the subprocessor collects information noted in their privacy policy. When you interact in a Mural, you control the content that you add to the workspace.	US	Technically, we don’t transfer your information. You enter information directly into this subprocessor. Relevant documents Privacy Policy: If your company is a customer
ProKanban.org	Training curriculum provider and certification body	Name Email Course taken Date(s) of course taken	When we send a list of candidates that are available for a free certification exam.	USA	We transfer information. Relevant documents Privacy Policy: If your company is a customer
Quaderno (HQ: Spain) DPA \| Privacy Policy \| Security Policy	SaaS VAT/Tax Compliance Service	Personal identification data: full name, address, phone number, and email address. Financial data: tax ID, VAT number, bank account number, invoices, and credit notes. Device-specific data: IP address (to comply with EU VAT rules for e-services).	When you use a credit card to pay for training or workshop and are subject to VAT.	EU (Amsterdam) via Digital Ocean’s data center	Technically, we don’t transfer your information. Our Credit Card payment processing platform subprocessor communicates directly with Quaderno to handle tax calculations. Relevant documents Privacy Policy: If your company is a customer
Stripe (HQ: USA) DPA \| Privacy Policy	Credit card payment processing	Email address(es) Full Name Organization Name & VAT number Billing Address Credit Card Information	When you pay by credit card for any training or workshop, whether live or on-demand in the community.	USA	Do we technically transfer your data? If purchased through community site: No. Mighty Networks handles this. If you receive an invoice from us (not self-service): Yes. Relevant documents Privacy Policy: If your company is a customer
Zoom (HQ: USA) DPA \| Privacy Statement	Video Meetings and Recording storage	Name and Email address of those registered for, and attending, a meeting Chat logs Video recordings (only upon consent of attendees)	When you register for or attend, a meeting hosted on the service.	USA (data at rest) EU (data in transit)	Technically, we don’t transfer your information. You either enter information directly into this subprocessor or another subprocessor (Google Workspace, Mighty Networks) transfers the data to Zoom. Relevant documents Privacy Policy: If your company is a customer

Jump to top

October 23, 2024: Adding information about AWS Data Residency for Jira Cloud, Adding information about storage for features in Azure.

October 14, 2024: Adding Automation Consultants as a training partner who will deliver some of our customer workshops.

September 2, 2024: Adding startdeliver CSM tool which will replace planhat over the next few months. Removed all references to Google Firebase Functions in the US for Azure users.

July 19, 2024: Removed Scrum.org as a sub-processor, added additional data to Product Fruits sub-processor (marked NEW), noted the planned replacement of Google firebase functions in US with AWS in EU for Azure users starting September 1, removed references to standalone labs as that has been decommissioned..

April 15, 2024: Removed Calendly as a sub-processor, Added Product Fruits for our Cloud products.