March 25, 2022

Processing by Nexthink (incl. Affiliates)

Subject matter of the Processing

Provision of the products and services relating to real-time analytics, instant remediation, automation, and employee feedback of customer IT systems.

Duration of the Processing

As set forth in the Agreement or order form(s), as applicable.

Nature/purpose of the Processing

Operation, support, and delivery of Nexthink products and services as described in the Agreement.

Types of Personal Data processed according to Customer use of Services (at Customer direction)

For Customers with optional settings set to include Personal Data collection by the Collector (software agent):

Identifiers, job title, login data, user privileges, login time, login duration, first name, last name, professional phone number, professional email, IP addresses, domain names. 

For Customers that elect optional Application Experience functionality:

Page load times, URLs accessed, number of visits to URLs, keyboard/mouse interaction within Customer defined web applications (excluding what is actually typed), duration of user actions (such actions defined by the Customer). 

Contents of requests in support tickets might also contain Personal Data from those types included within the Services.

Responses to ticket requests may involve collection or reporting of Personal Data from those types included within the Services, necessary to remediate issue notified by Customer

Categories of Data Subjects

Employees and other end users of the Customer.

References to “employees of the data controller” in attached schedules are deemed to include all end-users to which Customer makes the Services available, regardless of their employment status or relationship with the Customer.

Processing operations

Personal data will be subject to the following basic processing operations as applicable to the products and services provided under the Agreement and the instructions of the customer: collecting, recording, organizing, structuring, storing, altering, retrieving, using, disclosing, combining, erasing and destroying personal data.

Hosting providers

Scope managed by Customer.
Region managed by Customer.

Company

Address

Nature of processing

Type of personal data

Categories of data subjects

Data storage locations

Transfer mechanism / additional measures

Microsoft Corporation

One Microsoft Way
Redmond, WA 98052
USA

Hosting of data

Identifiers, job title, login data, user privileges, login time, login duration.

Employees of the data controller.

European Economic Area, UK or USA

None

Amazon Web Services EMEA SARL (AWS)

38 Avenue John F. Kennedy
L-1855 Luxembourg

Hosting of data

Identifiers, job title, login data, user privileges, login time, login duration.

Employees of the data controller.

European Economic Area, UK or USA

None

Auxiliary services

Non-core services provided at Customer request or in support services cases.
Scope managed by Customer.

Company

Address

Nature of processing

Type of personal data

Categories of data subjects

Data storage locations

Transfer mechanism / additional measures

Zendesk, Inc.

1019 Market Street
San Francisco, CA 94103
USA

Support services

Full name, professional phone number and email. Support requests may additionally include IP addresses and domain names. Contents of requests in support tickets might also contain personal data.

Employees of the data controller internally in charge of the Nexthink account.

Employees of the data controller making a support request.

AWS locations in the European Economic Area, Japan, Australia, and the USA

Binding Corporate Rules, including additional measures against data access requests of authorities.

Additional technical safeguards, including data encryption in transit and at rest.

Okta, Inc.

100 First Street
San Francisco, CA 94105
USA

Delivery of authentication capabilities for access

First name, surname, professional email address

Employees of the data controller internally in charge of the Nexthink account.

European Economic Area

None

SendSafely, Inc.

40 East Main Street, Suite 897
Newark, DE 19711
USA

Secure data transfer services

Encrypted personal data containing details of support requests

Employees internally in charge of the Nexthink account.

Employees making a support request

AWS locations across Australia (NSW), Singapore Europe and the USA

Standard Contractual Clauses

End-to-end data encryption

Optional services

Non-core services provided at the request of Customer.
Scope managed by Customer.

Company

Address

Nature of processing

Type of personal data

Categories of data subjects

Data storage locations

Transfer mechanism / additional measures

Amazon Web Services (AWS)

410 Terry Ave N
Seattle, WA 98109
USA

Optional Application Experience functionality

Page load times, URLs accessed, number of visits to URLs, keyboard/mouse interaction (excluding what is actually typed), duration of user actions, focus time (time spent using the business application), all defined by Customer

Employees of the data controller using the products and services

Selected by Customer from available options

None

Atlassian

Level 6, 341 George Street
Sydney, NSW 2000
Australia

Support services for optional Managed Services using Jira software.

Full name, professional email address and phone number, IP addresses and domain names.

Employees internally in charge of the Nexthink account.

Employees making a support request.

AWS locations across Australia (NSW), the European Economic Area and the USA

None

idalko

Dianalaan 151
2600 Berchem
Belgium

Support services for optional Managed Services using Jira software

Full name, professional email address and phone number, IP addresses and domain names.

Employees of the data controller internally in charge of the Nexthink account.

Employees of the data controller making a support request.

European Economic Area

None