Nexthink Data Processing Schedule
May 11, 2023
Processing by Nexthink (incl. Affiliates)
Subject matter of the Processing
Provision of the products and services relating to real-time analytics, instant remediation, automation, and employee feedback of customer IT systems.
Duration of the Processing
As set forth in the Agreement or order form(s), as applicable.
Nature/purpose of the Processing
Operation, support, and delivery of Nexthink products and services as described in the Agreement.
Categories of Personal Data processed according to Customer use of Services (at Customer direction)
Identifiers, login data, user privileges, login time, login duration, professional email, IP addresses, domain names.
For Customers that elect optional functionalities:
Job title, first name, last name, professional phone number, page load times, URLs accessed, number of visits to URLs, keyboard/mouse interaction within Customer defined web applications (excluding what is actually typed), duration of user actions (such actions defined by the Customer).
For Customers that request or provide data within support ticket(s):
Contents of requests in support tickets might also contain Personal Data from those types included within the Services.
Responses to ticket requests may involve collection or reporting of Personal Data from those types included within the Services, necessary to remediate issue notified by Customer.
Special categories of Personal Data
N/A
Categories of Data Subjects
Employees and other end users of the Customer.
References to “employees of the data controller” in attached schedules are deemed to include all end-users to which Customer makes the Services available, regardless of their employment status or relationship with the Customer.
Processing operations
Personal data will be subject to the following basic processing operations as applicable to the products and services provided under the Agreement and the instructions of the customer: collecting, recording, organizing, structuring, storing, altering, retrieving, using, disclosing, combining, erasing and destroying personal data.
Hosting providers
Scope managed by Customer.
Region managed by Customer.
Company | Address | Nature of processing | Type of personal data | Categories of data subjects | Data storage locations | Transfer mechanism / additional measures |
|---|---|---|---|---|---|---|
Amazon Web Services EMEA SARL (AWS) | 38 Avenue John F. Kennedy | Hosting of customer data and the Services | Identifiers, job title, login data, user privileges, login time, login duration. | Employees of the data controller. | European Economic Area, Switzerland, UK, USA or UAE | n/a |
Microsoft Corporation | One Microsoft Way | Hosting of customer data and the Services | Identifiers, job title, login data, user privileges, login time, login duration. | Employees of the data controller. | European Economic Area, UK or USA | n/a |
Auxiliary services
Non-core services provided at Customer request or in support services cases.
Scope managed by Customer.
Company | Address | Nature of processing | Type of personal data | Categories of data subjects | Data storage locations | Transfer mechanism / additional measures |
|---|---|---|---|---|---|---|
Zendesk, Inc. | 1019 Market Street San Francisco, CA 94103 USA | Support services | Full name, professional phone number and email. Support requests may additionally include IP addresses and domain names. Contents of requests in support tickets might also contain personal data. | -Employees of the data controller internally in charge of the Nexthink account. -Employees of the data controller making a support request | AWS locations in the European Economic Area, Japan, Australia, and the USA | Binding Corporate Rules, including additional measures against data access requests of authorities Additional technical safeguards, including data encryption in transit and at rest |
Okta, Inc. | 100 First Street San Francisco, CA 94105 USA | Delivery of authentication capabilities for access | First name, surname, professional email address | Employees of the data controller internally in charge of the Nexthink account. | European Economic Area | n/a |
SendSafely, Inc. | SendSafely Inc. 40 East Main Street, Suite 897 Newark, DE 19711 USA | Secure data transfer services | Encrypted personal data containing details of support requests | -Employees internally in charge of the Nexthink account. -Employees making a support request | AWS locations across Australia (NSW), Singapore, European Economic Area and the USA | Standard Contractual Clauses (2021) End-to-end data encryption |
Optional services
Non-core services provided at the request of Customer.
Scope managed by Customer.
Company | Address | Nature of processing | Type of personal data | Categories of data subjects | Data storage locations | Transfer mechanism / additional measures |
|---|---|---|---|---|---|---|
Atlassian | Level 6, 341 George Street | Support services for optional Managed Services using Jira software. | Full name, professional email address and phone number, IP addresses and domain names. | Employees internally in charge of the Nexthink account. Employees making a support request. | AWS locations across the European Economic Area, Australia and the USA | Standard Contractual Clauses (2021) Additional technical safeguards, including data encryption in transit and at rest |
idalko | Dianalaan 151 | Support services for optional Managed Services using Jira software | Full name, professional email address and phone number, IP addresses and domain names. | Employees of the data controller internally in charge of the Nexthink account. Employees of the data controller making a support request. | European Economic Area | n/a |