Nexthink Data Processing Schedule
Processing by Nexthink (incl. Affiliates)
Subject matter of the Processing
Provision of the products and services relating to real-time analytics, instant remediation, automation, and employee feedback of customer IT systems.
Duration of the Processing
As set forth in the Agreement or order form(s), as applicable.
Nature/purpose of the Processing
Operation, support, and delivery of Nexthink products and services as described in the Agreement.
Categories of Personal Data processed according to Customer use of Services (at Customer direction)
Identifiers, login data, user privileges, login time, login duration, professional email, IP addresses, domain names.
For Customers that elect optional functionalities:
Job title, first name, last name, professional phone number, page load times, URLs accessed, number of visits to URLs, keyboard/mouse interaction within Customer defined web applications (excluding what is actually typed), duration of user actions (such actions defined by the Customer).
For Customers that request or provide data within support ticket(s):
Contents of requests in support tickets might also contain Personal Data from those types included within the Services.
Responses to ticket requests may involve collection or reporting of Personal Data from those types included within the Services, necessary to remediate issue notified by Customer.
Special categories of Personal Data
N/A
Categories of Data Subjects
Employees and other end users of the Customer.
References to “employees of the data controller” in attached schedules are deemed to include all end-users to which Customer makes the Services available, regardless of their employment status or relationship with the Customer.
Processing operations
Personal data will be subject to the following basic processing operations as applicable to the products and services provided under the Agreement and the instructions of the customer: collecting, recording, organizing, structuring, storing, altering, retrieving, using, disclosing, combining, erasing and destroying personal data.
Hosting providers
Scope managed by Customer. Region managed by Customer.
Amazon Web Services EMEA SARL (AWS)
38 Avenue John F. Kennedy L-1855 Luxembourg
Hosting of customer data and the Services
Identifiers, job title, login data, user privileges, login time, login duration.
Employees of the data controller.
European Economic Area, Switzerland, UK, USA, Australia or UAE
n/a
Auxiliary services
Non-core services provided at Customer request or in support services cases. Scope managed by Customer.
Zendesk, Inc.
1019 Market Street
San Francisco, CA 94103
USA
Support services
Full name, professional phone number and email. Support requests may additionally include IP addresses and domain names. Contents of requests in support tickets might also contain personal data.
-Employees of the data controller internally in charge of the Nexthink account.
-Employees of the data controller making a support request
AWS locations in the European Economic Area, Japan, Australia, and the USA
Binding Corporate Rules, including additional measures against data access requests of authorities
Additional technical safeguards, including data encryption in transit and at rest
Okta, Inc.
100 First StreetSan Francisco, CA 94105 USA
Delivery of authentication capabilities for access
First name, surname, professional email address
Employees of the data controller internally in charge of the Nexthink account.
European Economic Area
Standard Contractual Clauses (2021)
SendSafely, Inc.
SendSafely Inc. 40 East Main Street, Suite 897 Newark, DE 19711 USA
Secure data transfer services
Encrypted personal data containing details of support requests
-Employees internally in charge of the Nexthink account.
-Employees making a support request
AWS locations across Australia (NSW), Singapore, European Economic Area and the USA
Standard Contractual Clauses (2021)
End-to-end data encryption
Atlassian Pty Ltd
Level 6, 341 George Street Sydney, NSW 2000 Australia
Support management through Jira and Confluence
Full name, professional email address, IP addresses, domain names, device IDs, geolocation, user-names in Nexthink system
- Employees of the data controller
- Employees making a support request
AWS data center in Frankfurt am Main, Germany
Standard Contractual Clauses (2021)
DPF certified
Additional technical safeguards, including data encryption in transit and at rest
Datadog, Inc.
620 8th Ave 45th Floor New York, NY 10018 USA
Application and infrastructure observability
Professional email address, IP addresses, domain names, device IDs, geolocation, user privileges
Employees of the data controller
AWS data center in Frankfurt am Main, Germany
Standard Contractual Clauses (2021)
DPF certified
Additional technical safeguards, including data encryption in transit and at rest
MongoDB Limited, Dublin, Ireland
Building 2 Number One Ballsbridge, Shelbourne Rd, Ballsbridge, Dublin 4, D04 Y3X9, Ireland
Database Management
Identifiers, activity events, device IDs, geolocation
Employees of the Data Controller
European union, United Kingdom, United States of America, United Arab Emirates, Switzerland, Australia, Canada
n/a
OpenAI Ireland Ltd
1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland
Conversion of natural language into user commands for Nexthink Assist
Commands might contain personal data
Employees of the data controller
USA
Standard Contractual Clauses - 2021
Optional services
Non-core services provided at the request of Customer. Scope managed by Customer.
Microsoft Corporation
One Microsoft Way Redmond, WA 98052 USA
Hosting of data
Identifiers, job title, login data, user privileges, login time, login duration.
Employees of the data controller.
EA, UK or USA
n/a
Last updated
Was this helpful?