Data Processing Agreement
Last modified September 2, 2024
For a PDF version of this Data Processing Agreement click here.
TThis Data Processing Agreement outlines the agreement we have in place between us, the Data Processor, and you, the Data Controller. It's a Data Protection Legislation requirement and is an addition to our Managed Services Terms and our Campus Subscription Terms.
1. Definitions and Interpretation
2. Scope and Application of this DPA
5. Security
6. Data Subject Access, Complaints, and Breaches
This Data Processing Agreement ("DPA") is in addition to the Managed Services Terms of Service available at https://www.sprint-education.com/legal/managed-services-terms and the Campus Terms of Service available at https://www.sprint-education.com/legal/campus-terms between you and us (each an “Agreement”), and is incorporated by reference into the Agreement. You enter into this DPA on behalf of yourself and, to the extent required under Data Protection Legislation, in the name and on behalf of your Authorised Affiliates (defined below). By continuing to use our Services in which we act as a Data Processor you agree to the conditions in this DPA.
This DPA sets out the terms, requirements and conditions on which we will process Personal Data when providing services under the Managed Services Terms and/or the Campus Subscription Terms.
We may update this policy from time to time by publishing a new version on our website so you should check this page periodically to ensure you are happy with any changes to this policy. We may notify you of changes to this policy by email or, if you are a Campus user, via in-app notifications.
The parties agree as follows:
1. DEFINITIONS AND INTERPRETATION
1.1 In this DPA, unless the context otherwise requires, the following expressions have the following meanings:
Affiliate: an entity that directly or indirectly controls, is controlled by or is under common control with an entity.
Authorised Affiliate: any of the Customer Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Agreement.
Authorised Persons: the persons or categories of persons that you authorise to give us written personal data processing instructions as identified to us in writing by you and from whom we agree solely to accept such instructions.
Business Purpose: the Services described in the Agreement(s) or any other purpose specifically identified in Schedule 1.
California Personal Information: Personal Data that is protected under the CCPA.
Customer, you, or your: refers to you, the customer, as specified in the Order.
Customer Data: any data that we and/or our Affiliates process on behalf of you in the course of providing the Services.
Data Controller: an entity that determines the purposes and means of the processing of Personal Data. For the UK and EU member states, this term has the meaning as set out in Article 4(7) of the UK GDPR. For the US, it includes the terms “Controller” and “Business” as defined under Data Protection Legislation.
Data Processor: an entity that processes Personal Data on behalf of a Data Controller. For the UK and the EU this term has the meaning as set out in Article 4(8) of the UK GDPR. For the US it includes the terms “Processor” and “Service Provider” as defined in Data Protection Legislation.
Data Protection Legislation: all applicable worldwide legislation relating to the processing, protection, or privacy of Personal Data, including where applicable, the guidance and codes of practice issued by regulatory bodies in any relevant jurisdiction. This includes, but is not limited to, EU GDPR, UK GDPR, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), the Colorado Consumer Privacy Act, the Virginia Consumer Data Protection Act, and other applicable U.S. federal and state laws, governing data privacy and protection.
Data Subject: an individual whose Personal Data is processed by a Data Controller or a Data Processor, and includes the terms “individual” or “consumer” as defined under Data Protection Legislation.
EU GDPR: means the General Data Protection Regulation ((EU) 2016/679).
Order: your order for Services either (a) on the prescribed form provided by us; or (b) agreed between us in writing; or (c) agreed between us verbally and confirmed by our subsequent commencement of the provision of the ordered Services to you.
Personal Data: any information relating to an identified or identifiable living individual that is processed by us on behalf of you as a result of, or in connection with, the provision of the services under the Terms of Service; an identifiable living individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual. The term “Personal Data” also includes the terms “personal information,” “personally identifiable information,” or similar terms as defined under Data Protection Legislation.
Personal Data Breach: any breach of security that leads to the accidental, unauthorised or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Personal Data.
Process or processing: any operation or set of operations performed on Personal Data, including but not limited to the collection, recording, organization, storage, retrieval, use, or disclosure of Personal Data, whether done manually or by automated means.
Provider, we, us, our: Sprint Media Limited, a company incorporated in England and Wales (registration number 6177833) having its registered office at B1 The Courtyard, Tewkesbury Business Park, Tewkesbury, GL20 8GD.
Services: those services described in Schedule 1 which are provided by us to you and which you use for the purposes described in Schedule 1.
Sub-Processor: means any Processor engaged by us or our Affiliates to assist in fulfilling our obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or any of our Affiliates.
UK and European Personal Data: Personal Data that is subject to the protection of UK and European Data Protection Laws.
UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the DPA 2018.
1.2 Unless the context otherwise requires, each reference in this DPA to:
1.2.1 "writing", and any cognate expression, includes a reference to any communication effected by electronic transmission or similar means;
1.2.2 a statute or a provision of a statute is a reference to that statute or provision as amended or re-enacted at the relevant time;
1.2.3 "this DPA" is a reference to this DPA and each of the Schedules as amended or supplemented at the relevant time;
1.2.4 a Schedule is a schedule to this DPA;
1.2.5 a Clause or paragraph is a reference to a Clause of this DPA (other than the Schedules) or a paragraph of the relevant Schedule;
1.2.6 a "Party" or the "Parties" refer to the parties to this DPA.
1.3 The headings used in this DPA are for convenience only and shall have no effect upon the interpretation of this DPA.
1.4 Words imparting the singular number shall include the plural and vice versa.
1.5 References to any gender shall include all other genders.
1.6 References to persons shall include corporations.
2. SCOPE AND APPLICATION OF THIS DPA
2.1 The provisions of this DPA shall apply to where and only to the extent that we process Personal Data on behalf of you in the course of providing the Services whether such Personal Data is held at the date of this DPA or received afterwards and such Personal Data is subject to Data Protection Legislation.
2.2 Role of the Parties. As between us and you, you are the Controller of Personal Data and we shall process Personal Data only as a Processor on behalf of you. Nothing in the Agreement or this DPA shall prevent us from using or sharing any data that we would otherwise collect and process independently of your use of the Services.
2.3 The parties acknowledge that the Agreement (including this DPA), along with your use of the Services, represents your full set of instructions to us concerning the Processing of Personal Data. You may also issue further instructions, provided they align with the Agreement, the purpose, and the lawful operation of the Services.
2.4 Our Processing of Personal Data. As a Processor, we shall process Personal Data only for the following purposes:
2.4.1 processing to perform the Services in accordance with the Agreement (i.e., the limited and specific Business Purposes);
2.4.2 processing to perform any steps necessary for the performance of the Agreement; and
2.4.3 to comply with other reasonable instructions provided by you to the extent they are consistent with the terms of this DPA and only in accordance with your documented lawful instructions. The parties agree that this DPA and the Agreement set out your complete and final instructions to us in relation to the processing of Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between you and us.
2.4.4 We are not responsible for ensuring compliance with any Data Protection Laws specific to your industry or business that do not apply generally to us.
2.5 We handle Customer Data provided by you. Such Customer Data generally comprises business contact information, but may also contain other types of personal data, including sensitive personal data, depending on how the Services are used by you. The Customer Data may be subject to the following processing activities:
2.5.1 storage and other processing necessary to provide, maintain and improve the Services provided to you;
2.5.2 to provide customer and technical support to you; and
2.5.3 disclosures as required by law or otherwise set forth in the Agreement.
2.6 Duration of the Processing. We process the Personal Data for the length of the Agreement with you. Following termination of the Agreement or any other request to stop processing the Personal Data, we will follow the procedures identified in Clause 11 to delete and/or return the Personal Data.
2.7 Notwithstanding anything to the contrary in the Agreement (including this DPA), you acknowledge that we shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for our legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered personal data under Data Protection Legislation, we are the Controller of such data and accordingly shall process such data in compliance with Data Protection Legislation.
2.8 The provisions of this DPA supersede any other arrangement, understanding, or agreement made between you and us at any time relating to the Personal Data.
2.9 This DPA shall continue in full force and effect for so long as we are processing Personal Data on behalf of you.
3. CUSTOMER RESPONSIBILITIES
3.1 All instructions given by you to us shall be made in writing and shall at all times comply with the Data Protection Legislation and other applicable laws. We shall act only on such written instructions from you unless we are required by law to do otherwise. We shall promptly notify you if, in our opinion, your instructions do not comply with the Data Protection Legislation.
3.2 You shall comply at all times with the Data Protection Legislation and other applicable laws and shall not perform your obligations under this DPA or any other agreement or arrangement between you and us in such way as to cause either you or us to breach any of your or our applicable obligations under the Data Protection Legislation.
3.3 You will have provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Legislation for us to process Personal Data and provide the Services pursuant to the Agreement and this DPA.
3.4 You shall, on reasonable prior notice, submit to audits and inspections and provide us with any information reasonably required in order to assess and verify compliance with the provisions of this DPA and your compliance with the requirements of the Data Protection Legislation. The requirement to give notice will not apply if we believe that you are in breach of any of your obligations under this DPA or under the law.
4. OUR OBLIGATIONSS
4.1 We shall promptly comply with any request from you requiring us to amend, transfer, delete, or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing, or to limit our processing of any sensitive Personal Data.
4.2 We shall transfer all Personal Data to you on your reasonable request in the formats, at the times, and in compliance with your written instructions.
4.3 We will maintain the confidentiality of the Personal Data and will not disclose the Personal Data to third parties unless you or this Agreement specifically authorises the disclosure, or as required by applicable law, court order, or regulator. If a law, court order, or regulatory authority requires us to process or disclose the Personal Data to a third-party, we will first inform you of such legal or regulatory requirement and give you an opportunity to object or challenge the requirement, unless applicable law prohibits the giving of such notice.
4.4 We shall comply at all times with the Data Protection Legislation and other applicable laws and shall not perform our obligations under this DPA or any other agreement or arrangement between you and us in such way as to cause either you or us to breach any of your or our applicable obligations under the Data Protection Legislation.
4.5 We will establish and uphold suitable technical and organizational safeguards to protect Personal Data from breaches, as detailed in clause 5 of this DPA ("Security Measures"). We reserve the right to alter or enhance these Security Measures at our discretion, as long as such changes do not significantly diminish the protection provided by the current Security Measures.
4.6 We agree to comply with any reasonable measures required by you to ensure your obligations under this DPA are satisfactorily performed in accordance with any and all applicable legislation from time to time in force.
4.7 We shall provide all reasonable assistance (at your cost) to you in complying with your obligations under the Data Protection Legislation with respect to the security of processing, the notification of personal data breaches, the conduct of data protection impact assessments, and in dealings with any governmental or regulatory authority.
4.8 When processing the Personal Data on behalf of you, we shall:
4.8.1 not transfer any of the Personal Data to any third party without your written consent and, in the event of such consent, the Personal Data shall be transferred strictly subject to the terms of a suitable agreement;
4.8.2 process the Personal Data only to the extent, and in such manner, as is necessary in order to comply with our obligations to you or as may be required by law (in which case, we shall inform you of the legal requirement in question before processing the Personal Data for that purpose unless prohibited from doing so by law);
4.8.3 refrain from processing the Personal Data for any purposes other than the limited and specific Business Purposes identified in the Agreement and this DPA or as otherwise permitted by Data Protection Legislation;
4.8.4 refrain from selling or sharing any Personal Data we collect or obtain from you under the Agreement or this DPA;
4.8.5 refrain from processing any Personal Data outside our direct business relationship with you;
4.8.6 refrain from combining or updating Personal Data received under the Agreement and this DPA with any personal data obtained through other sources, unless permitted by Data Protection Legislation;
4.8.7 implement appropriate technical and organisational measures, and take all reasonable measures to protect the Personal Data against unauthorised or unlawful processing, accidental loss, destruction, damage, alteration, or disclosure;
4.8.8 if so requested by you, supply further details of the technical and organisational systems in place to safeguard the security of the Personal Data held and to prevent unauthorised access;
4.8.9 make available to you any and all such information as is reasonably required and necessary to demonstrate our compliance with the applicable Data Protection Legislation;
4.8.10 on reasonable prior notice, submit to audits and inspections and provide you with any information reasonably required in order to assess and verify compliance with the provisions of this DPA and our compliance with the requirements of the Data Protection Legislation; and
4.8.11 promptly notify you if we are asked to do anything that infringes the Data Protection Legislation or if we cannot meet our obligations under the Data Protection Legislation; and
4.8.12 if necessary, halt all Processing (except for storing and securing the affected Personal Data) until you provide new instructions that we can follow. In such a case, we will not be held liable for any failure to deliver the relevant Services under the Agreement until you provide new lawful instructions for the Processing.
5. SECURITY
5.1 We shall ensure that, in respect of all Personal Data we receive from you or processes on behalf of you, we maintain security measures to a standard appropriate to:
5.1.1 the harm that might result from unlawful or unauthorised processing or accidental loss, damage, or destruction of the Personal Data; and
5.1.2 the nature of the Personal Data.
5.2 In particular, we shall
5.2.1 have in place, and comply with, a security policy which:
(a) defines security needs based on a risk assessment;
(b) allocates responsibility for implementing the policy to a specific individual or personnel;
(i) is disseminated to all relevant staff; and
(ii) provides a mechanism for feedback and review.
(c) ensure that appropriate security safeguards and virus protection are in place to protect the hardware and software which is used in processing the Personal Data in accordance with best industry practice;
(d) prevent unauthorised access to the Personal Data;
(e) protect the Personal Data using pseudonymisation, where it is practical to do so;
(f) ensure that our storage of Personal Data conforms with best industry practice such that the media on which Personal Data is recorded (including paper records and records stored electronically) is stored in secure locations and access by personnel to Personal Data is strictly monitored and controlled;
(g) have secure methods in place for the transfer of Personal Data whether in physical form (for example, by using couriers rather than regular mail) or electronic form (for example, by using encryption);
(h) password protect all computers and other devices on which Personal Data is stored, ensuring that all passwords are secure, and that passwords are not shared under any circumstances;
(i) take reasonable steps to ensure the reliability of personnel who have access to the Personal Data;
(j) have in place methods for detecting and dealing with breaches of security (including loss, damage, or destruction of Personal Data) including:
(i) the ability to identify which individuals have worked with specific Personal Data; and
(ii) having a proper procedure in place for investigating and remedying breaches of the Data Protection Legislation.
(iii) have a secure procedure for backing up all electronic Personal Data and storing back-ups separately from originals; and
5.2.2 have a secure method of disposal of unwanted Personal Data including for back-ups, disks, print-outs, and redundant equipment.
6. DATA SUBJECT ACCESS, COMPLAINTS, AND BREACHES
6.1 We shall, at your cost, reasonably assist you in complying with your obligations under the Data Protection Legislation. In particular, the following shall apply to data subject access requests, complaints, and data breaches.
6.2 We shall notify you within 7 days if we receive:
6.2.1 a subject access request from a data subject; or
6.2.2 any other complaint or request relating to the processing of the Personal Data.
6.3 We shall, at your cost, cooperate fully with you and assist as required in relation to any subject access request, complaint, or other request, including by:
6.3.1 providing you with full details of the complaint or request;
6.3.2 providing the necessary information and assistance in order to comply with a subject access request;
6.3.3 providing you with any Personal Data we hold in relation to a data subject (within the reasonable timescales required by you); and
6.3.4 providing you with any other information reasonably requested by you.
6.4 We shall notify you within 72 hours if we become aware of any form of Personal Data Breach, including any unauthorised or unlawful processing, loss of, damage to, or destruction of any of the Personal Data.
7. INTELLECTUAL PROPERTY RIGHTS
All copyright, database rights, and other intellectual property rights subsisting in the Personal Data (including but not limited to any updates, amendments, or adaptations to the Personal Data made by either us or you) shall belong to you or to any other applicable third party from whom you have obtained the Personal Data under licence (including, but not limited to, data subjects, where applicable). We are licensed to use such Personal Data under such rights only for the purposes of the Services, and in accordance with this DPA.
8. CONFIDENTIALITY
8.1 We shall maintain the Personal Data in confidence, and in particular, unless you have given written consent for us to do so, we shall not disclose any Personal Data supplied to us, for, or on behalf of you to any third party (aside from the limitations set forth in Section 4 above). We shall not process or make any use of any Personal Data supplied to us by you otherwise than in connection with the provision of the Services to the you.
8.2 We shall ensure that all personnel who are to access and/or process any of the Personal Data are contractually obliged to keep the Personal Data confidential.
8.3 The obligations set out in in this Clause 8 shall continue for a period of 1 month after the cessation of the provision of Services by us to you.
8.4 Nothing in this DPA shall prevent either Party from complying with any requirement to disclose Personal Data where such disclosure is required by law. In such cases, the Party required to disclose shall notify the other Party of the disclosure requirements prior to disclosure, unless such notification is prohibited by law.
9. DATA TRANSFERS
You agree that we may access and process Personal Data globally as required to deliver the Services. This means that Personal Data may be transferred to and processed by us in the United Kingdom, United States and in other locations where our Affiliates and Sub-Processors operate. Whenever Personal Data is transferred outside its country of origin, both parties will ensure that these transfers comply with applicable Data Protection Laws.
10. APPOINTMEHT OF SUB-PROCESSORS
10.1 You agree that we may engage Sub-Processors to process Personal Data on your behalf if:
10.1.1 you are provided with an opportunity to object to the appointment of each Sub-Processor within 7 working days after we supply you with full details in writing regarding such Sub-Processor;
10.1.2 we enter into a written contract with the Sub-Processor that contains terms substantially the same as those set out in this DPA, in particular, in relation to requiring appropriate technical and organisational data security measures, and, upon your written request, provide you with copies of the relevant excerpts from such contracts;
10.1.3 we maintain control over all of the Personal Data we entrust to the Sub-Processor; and
10.1.4 the Sub-Processor's contract solely with respect to processing the Personal Data terminates automatically on termination of this DPA for any reason.
10.2 Those Sub-Processors approved as at the commencement of this DPA are as set out in Schedule 2. We list all approved Sub-Processors in Schedule 2 and include any Sub-Processors’ names and locations.
10.3 Where the Sub-Processor fails to fulfil its obligations under the written DPA with us which contains terms substantially the same as those set out in this DPA, we remain fully liable to the Customer for the Sub-Processor's performance of its obligations.
11. DELETION AND/OR DISPOSAL OF PERSONAL DATA
11.1 At your request, we will give you, or a third-party nominated in writing by you, a copy of or access to all or part of the Personal Data in our possession or control in the format and on the media reasonably specified by you.
11.2 We shall, at the written request of you, securely delete (or otherwise dispose of) the Personal Data or return it to you in the format(s) reasonably requested by you within a reasonable time after the earlier of the following:
11.2.1 the end of the provision of the Services; or
11.2.2 the processing of that Personal Data by us is no longer required for the performance of our obligations under this DPA.
11.3 Following the deletion, disposal, or return of the Personal Data under Clause 11.1 and/or Clause 11.2, we shall delete (or otherwise dispose of) all further copies of the Personal Data that we hold, unless retention of such copies is required by law, in which case we shall inform you of such requirement(s) in writing.
12. PROVISIONS SPECIFIC TO UK AND EUROPEAN PERSONAL INFORMATION
12.1 When processing Personal Data on your behalf, we shall ensure that any Sub-Processor does not transfer or otherwise process Personal Data outside the UK or the European Economic Area (“EEA”) without obtaining your prior written consent. Where such consent is granted, or in the case of the Sub-Processors listed in Schedule 2, we may only process, or permit the processing, of Personal Data outside the EEA under the following conditions:
12.1.1 we are processing the Personal Data in a territory which is subject to adequacy regulations under the Data Protection Legislation that the territory provides adequate protection for the privacy rights of individuals. We identify in Schedule 2 the territory that is subject to such adequacy regulations; or
12.1.2 we participate in a valid cross-border transfer mechanism under the Data Protection Legislation, so that we (and, where appropriate, you) can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Article 46 of the UK GDPR and EU GDPR. We identify in Schedule 2 the transfer mechanism that enables the parties to comply with these cross-border data transfer provisions and we will immediately inform you of any change to that status; or
12.1.3 the transfer otherwise complies with the Data Protection Legislation for the reasons set out in Schedule 2.
12.2 We shall keep records of all processing activities carried out on the Personal Data in accordance with the requirements of Article 30(2) of the UK GDPR and EU GDPR;
12. PROVISIONS SPECIFIC TO CALIFORNIA PERSONAL INFORMATION
13.1 This section applies exclusively to the handling of California Personal Information under the DPA.
13.2 When processing California Personal Information as per your instructions, both parties agree that you act as a Business, and we serve as a Service Provider according to the CCPA.
13.3 We will:
13.3.1 process California Personal Information solely as a Service Provider, strictly for the purposes outlined in the Business Purposes, or as allowed under the CCPA;
13.3.2 comply with our responsibilities as a Service Provider under the CCPA;
13.3.3 safeguard California Personal Information with privacy protections in line with CCPA requirements; and
13.3.4 inform you if we determine that we can no longer meet our Service Provider obligations under the CCPA.
13.4 We will not:
13.4.1 sell or share California Personal Information we are processing for you;
13.4.2 process California Personal Information beyond the scope of our direct business relationship, unless legally required;
13.4.3 merge California Personal Information from Customer Data with data collected or received from other sources, except when fulfilling our obligations as a Service Provider under the Agreement.
13.5 You have the right to take reasonable and appropriate actions to ensure that our use of California Personal Information aligns with your obligations under the CCPA. Upon notification, you may take steps in accordance with the Agreement to stop and rectify any unauthorized use of California Personal Information.
14. NOTICE
Any notice or other communication given to a party under or in connection with this Agreement must be in writing and delivered in accordance with the provisions set out in the Campus Subscription Terms and/or the Managed Services Terms.
SCHEDULE 1 - THE SERVICES SPRINT MEDIA PROVIDES TO THE CUSTOMER
The following services that we provide, in respect of which we act as a Data Processor are:
1. Campus
If you are a Campus user we process your CRM, education data, and user data by storing it, enabling you to access, sort, search, embellish, suppress, and send marketing to it.
2. Managed Email and Postal Campaigns
In some instances, we may hold and process a list of your suppressions if they were provided by you. The processing we do surrounding these is to suppress this data against our own send lists to ensure those contacts are not emailed or mailed to.
3. Website Build and Hosting
Where we have built or host your website, we may process user data and contact enquiry data that may have been submitted through a form on the website by storing it, enabling you to access, sort, and search it in the CMS part of your website.
SCHEDULE 2 - LIST OF SUB-PROCESSORS
We use our Affiliates and a range of third-party Sub-Processors to assist us in providing the Services (as described in the Agreement). These Sub-Processors set out below provide server hosting and storage services.
You consent to sub-processing by the following organisations:
Help Scout PBC
https://www.helpscout.com
| Company Registration Number | 001361259 |
| Address | 100 City Hall Plaza 4th Floor Boston, MA 02108 United States |
| Description of Processing | Email inbox provider |
| Transfer Outside EU/EEA | Yes |
| If Transfer Which Country | United States |
| If Transfer Which Mechanism | See: https://www.helpscout.com/company/legal/dpa (Clause 7) |
Northway Communications Services (UK) Ltd
https://www.northway.net
| Company Registration Number | 05738059 |
| Address | Unit B1 The Courtyard Tewkesbury Business Park Tewkesbury GL20 8GD United Kingdom |
| Description of Processing | Server hosting |
| Transfer Outside EU/EEA | No |
| If Transfer Which Country | N/A |
| If Transfer Which Mechanism | N/A |
DigitalOcean, LLC
https://www.digitalocean.com
| Company Registration Number | 5411585 |
| Address | 101 6th Ave New York, NY 10013 United States |
| Description of Processing | Server hosting |
| Transfer Outside EU/EEA | No |
| If Transfer Which Country | N/A |
| If Transfer Which Mechanism | N/A |
Atlassian B.V.
https://www.atlassian.com
| Company Registration Number | N/A |
| Address | Singel 236 1016 AB Amsterdam Netherlands |
| Description of Processing | Team and project management software |
| Transfer Outside EU/EEA | No |
| If Transfer Which Country | N/A |
| If Transfer Which Mechanism | N/A |
New Relic, Inc.
https://newrelic.com
| Company Registration Number | 4478831 |
| Address | 188 Spear Street Suite 1200 San Francisco, CA 94105 United States |
| Description of Processing | Full stack data analysis platform |
| Transfer Outside EU/EEA | No |
| If Transfer Which Country | N/A |
| If Transfer Which Mechanism | N/A |
HubSpot, Inc.
https://www.hubspot.com
| Company Registration Number | 001262696 |
| Address | 2 Canal Park Cambridge, MA 02141 United States |
| Description of Processing | CRM, marketing, and sales platform |
| Transfer Outside EU/EEA | Yes |
| If Transfer Which Country | United States |
| If Transfer Which Mechanism | See: https://legal.hubspot.com/dpa (Clause 8.(2)) |
Mailgun Technologies, Inc.
https://www.mailgun.com
| Company Registration Number | 603585335 |
| Address | 112 E Pecan St #1135 San Antonio, TX, 78205 United States |
| Description of Processing | Transactional email API service |
| Transfer Outside EU/EEA | Yes |
| If Transfer Which Country | United States |
| If Transfer Which Mechanism | See: https://www.mailgun.com/legal/dpa (Clause 12) |
Google LLC (Specifically Workspace)
https://www.google.com
| Company Registration Number | 3582691 |
| Address | 1600 Amphitheatre Parkway Mountain View, CA 94043 United States |
| Description of Processing | Company email and standard workspace tools |
| Transfer Outside EU/EEA | Yes |
| If Transfer Which Country | Multiple locations |
| If Transfer Which Mechanism | See: https://cloud.google.com/terms/data-processing-addendum (Clause 10) |
CyberPanda, s.r.o.
https://emaillistverify.com
| Company Registration Number | 44550804 |
| Address | Obchodná 2 811 06 Bratislava Slovakia, European Union |
| Description of Processing | Email sanitisation |
| Transfer Outside EU/EEA | No |
| If Transfer Which Country | N/A |
| If Transfer Which Mechanism | N/A |
Formagrid Inc.
https://www.airtable.com
| Company Registration Number | 5659593 |
| Address | 799 Market Street, 8th Floor San Francisco, CA 94103 United States |
| Description of Processing | Spreadsheet and relational database service |
| Transfer Outside EU/EEA | Yes |
| If Transfer Which Country | United States |
| If Transfer Which Mechanism | See: https://www.airtable.com/company/dpa (Clause 9) |
Dropbox, Inc.
https://www.dropbox.com
| Company Registration Number | 4621015 |
| Address | 1800 Owens Street San Francisco, CA 94158 United States |
| Description of Processing | Storage |
| Transfer Outside EU/EEA | Yes |
| If Transfer Which Country | United States |
| If Transfer Which Mechanism | See: https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf (Clause 9) |
