List of pre-approved sub-Processors
in SuperOffice CRM Online
This list is valid from May 25th, 2018.
According to clause 3.7 in the Data Processing Agreement between Customer (Controller) and SuperOffice (Processor), SuperOffice shall maintain a list of pre-approved sub-processors (Sub-Contractors).
SuperOffice AS is the provider of the CRM Online service
| Company name | SuperOffice AS, Wergelandsveien 27, 0167 Oslo, Norway |
| SuperOffice Affiliates | Norway, Sweden, Denmark, The Netherlands, Germany, United Kingdom, Switzerland and Lithuania. Entities details are listed in the “CRM Online Terms of Service” available in SuperOffice Trust Center. |
| Description of Service | Cloud Service Provider. SuperOffice CRM Online offering functionality for basic CRM as well as specialized functionality for marketing, sales and service. |
| The Personal Data to be Processed concerns the following categories of Data Subjects (Persons): | As a Processor SuperOffice stores the complete CRM Online Database for the Controller. Data Subjects and categories of Personal Data registered in the Database is defined by the Controller. |
| Processing of data | Data entered by the Controller into the CRM Online service are processed by sub-processors listed in this document. |
| Sensitive personal Data (if relevant) | SuperOffice is not aware or notified if the Controller enters sensitive data into the CRM Online Database. Categories of Personal Data that requires special protection, must be protected by configurations and settings in the CRM Online Application by the Controller. |
Pre-approved sub-Processors
The following sub-processors are pre-approved by SuperOffice AS:
- Visma IT & Communications AS
- Mailgun Technologies Inc.
- InfoBridge B.V.
- Microsoft Corporation
In addition, the use of Third Party Services (Applications) must be observed.
1. Visma IT & Communications AS
| Entity Company Name | Visma IT & Communications AS, Karenslyst Allé 56, 0277 Oslo, Norway |
| Company website | www.visma.com |
| Entity Country | Norway |
| Processing Country | Norway |
| Entity Type and description of Service | Hosting Provider. Hosting and operations of all servers, and infrastructure for SuperOffice CRM Online. Visma also stores the complete CRM database for the Controller. |
| The Personal Data to be Processed concerns the following categories of Data Subjects (Persons): | Personal Data entered into Controllers CRM Database. |
| Categories of Personal Data | Personal Data entered into Controllers CRM Database. |
| Sensitive personal Data (if relevant) | Personal Data entered into Controllers CRM Database |
| The Personal Data will be subject to the following Processing activities. | None. |
| Additional information regarding Privacy and Security Governance. |
ISO Certificates for ISO9001 and ISO27001 and ISO27018. Security audit Report ISAE3402 is available on request. |
2. Mailgun Technologies Inc.
| Entity Company Name | Mailgun Technologies Inc. 535 Mission St. San Francisco, CA94105, US |
| Company website | www.mailgun.com |
| Entity Country | US |
| Processing Country | US |
| Entity Type and description of Service | Email service provider. Mailgun is 1) sending mass emails generated from SuperOffice CRM and 2) receiving and sending replies related to service-tickets in SuperOffice Service. Emails are stored by Mailgun for max. 72 hours for resending purposes. Individual emails sent from the customer’s own email service (i.e. exchange, gmail) is not sent to Mailgun. |
| The Personal Data to be Processed concerns the following categories of Data Subjects (Persons): | Email recipients in e-marketing campaigns and customer service tickets. |
| Categories of Personal Data | Email address and free-text content of emails. |
| Sensitive personal Data (if relevant) | None. |
| The Personal Data will be subject to the following Processing activities. | None. |
| Additional information regarding Privacy and Security Governance. | Certified under the EU-U.S. Privacy Shield Framework, and the U.S. – Swiss Safe Harbor Framework. |
3. InfoBridge B.V.
| Entity Company Name | InfoBridge B.V., Europalaan 24F, 5232 BC ‘s-Hertogenbosch, Netherlands |
| Company website | www.infobridge.com |
| Entity Country | The Netherlands |
| Processing Country | The Nederlands |
| Entity Type and description of Service | Calendar synchronization Service between SuperOffice CRM and various Calendaring Systems (Microsoft Office 365, Google G-Suite). |
| The Personal Data to be Processed concerns the following categories of Data Subjects (Persons): | Users of SuperOffice CRM Online. |
| Categories of Personal Data | Usernames, Calendar item data incl. basic company and person data fields. Unstructured text entered into the calendar item. |
| Sensitive personal Data (if relevant) | None. |
| The Personal Data will be subject to the following Processing activities. | None. |
| Additional information regarding Privacy and Security Governance. |
4. Microsoft Corporation
| Entity Company Name | Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, US |
| Company website | www.microsoft.com |
| Entity Country | US |
| Processing Country | The Netherlands and Ireland |
| Entity Type and description of Service | Document Storage Provider. All documents stored in SuperOffice CRM Online is stored in a Microsoft Azure service. Documents are stored as separate files. No Personal Data (or any other metadata) is stored in connection with the document. |
| The Personal Data to be Processed concerns the following categories of Data Subjects (Persons): | Potentially Personal Data contained in a document stored by the Controller. |
| Categories of Personal Data | Potentially Personal Data contained in documents. |
| Sensitive personal Data (if relevant) | Potentially Personal Data contained in documents. |
| The Personal Data will be subject to the following Processing activities. | None. |
| Additional information regarding Privacy and Security Governance. | https://www.microsoft.com/en-us/trustcenter/cloudservices/azure |
SuperOffice App Store Partners (Third Party Services)
The table below is a general description of Software Partners in the SuperOffice App Store. SuperOffice AS has signed sub-processor DPA’s with all Software Partners. In addition to this, a specific DPA has to be signed between Customer (Controller) and Software Partner (Processor).
| Entity Company Name | SuperOffice App Store partners |
| Company website | App Store partner website |
| Entity Country | App Store partner location |
| Processing Country | App Store partner processing localtion |
| Entity Type and description of Service | SuperOffice offers 3rd parties to integrate other solutions with the CRM Online service. Partners are using APIs available in the CRM Online Platform to build integrated standard Apps as well as customized solutions. These APIs provide access to customer data. SuperOffice certifies each individual App regarding security, privacy and proper technical and operational use of our API’s. Each partner sign a sub-processor Data Processing Agreement with SuperOffice. The integration is not activated until a formal Data Processing Agreement is signed between the Partner and the Customer and presented to SuperOffice. It is the Customer’s responsibility to sign a DPA directly with the Partner. |
| The Personal Data to be Processed concerns the following categories of Data Subjects (Persons): | Must be described in the DPA between Customer and Partner. |
| Categories of Personal Data | Must be described in the DPA between Customer and Partner. |
| Sensitive personal Data (if relevant) | Must be described in the DPA between Customer and Partner. |
| The Personal Data will be subject to the following Processing activities. | Must be described in the DPA between Customer and Partner. |
| Additional information regarding Privacy and Security Governance. | Must be described in the DPA between Customer and Partner. |