DOCUMENTATION

Ironstone's processors and subprocessors

 

Ironstone (“Ironstone”) uses selected sub-vendors in providing our services. These sub-vendors operate as Ironstone's sub-processor, where Ironstone acts as a processor on our customer's behalf. For processing activities where Ironstone operates as a Controller, the sub-vendor operates as a processor. 

Ironstone processes your personal information in strict accordance with the General Data Protection Regulation ("GDPR") and has signed Data Processor Agreements with all our sub-vendors. Ironstone will only process personal information to the extent necessary to provide our Services or for business support purposes.

Ironstone performs due diligence on the information security practices and data protection compliance of all processors and sub-processors and requires each to commit to written obligations (Data Processor Agreements) regarding their technical and organizational activities related to security controls and applicable regulations for the protection of our customer's personal data.

 

Processing of personal data where Ironstone operates a controller

As a controller, Ironstone process personal data for the purpose of operating our business support systems, i.e. for providing our clients with support services, storing contact information, issuing invoices, bookkeeping etc. These are personal data that we collect from our customers, and that we process for our own purposes, and which do not encompass our customers' data as stored on their tenants in the cloud.

Below is a list of all processors of personal data:

The following companies operate as third-party vendors, cf. Operational Service Agreement, and where their products and services are expressly licensed directory to customers, and where our customers have signed a Data Processor Agreement.

Sub-processor 

The purpose of the Processing

 Locations (transfer mechanism where outside of the EEA)
Cloud Hosting Location
 Security Measures Date added to this page
Microsoft Corporation

Microsoft 365 is used for communication, collaboration, security suits, and storage.

Microsoft Azure is used for hosting monitoring and alerting, automation, documentation, and analytics.

Support protected by DPF certification: Handled by Microsoft Global Support with staff located in the following regions:

  • North America: USA, Canada

  • Latin America: Brazil, Mexico, Costa Rica

  • Asia-Pacific: Australia, India, Japan, Malaysia, New Zealand, Singapore, South Korea, Taiwan, Philippines

  • Middle East and Africa: Egypt, Israel, Qatar, South Africa, Kenya, Nigeria, Morocco, United Arab Emirates, Tunisia, Ghana

 Europe

http://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=46 

 

 23.09.2019
Printix.net ApS Print management system Danmark Europe https://www.printix.net/dpa  23.09.2019

Zoho corporation pvt. Ltd

 Monitoring and Alerting, Patch management

Service Desk protected with SCC and TIA: India

Europe

https://www.zoho.com/gdpr.html

https://www.zoho.com/privacy.html

https://www.zoho.com/security-faq.html

 23.09.2019

GitHub, Inc.

 Code Management and Repository

United States
(standard contractual clauses)

 United States

 https://help.github.com/en/articles/github-privacy-statement 23.09.2019

HubSpot, Inc.

 Marketing services, Web page

United States
(standard contractual clauses)

Europe

https://www.hubspot.com/data-privacy/gdpr 

https://legal.hubspot.com/dpa

 

 23.09.2019

FortNox

 Accounting software

Sweden

Europe

 https://www.fortnox.se/om-fortnox/integritet-och-sakerhet/gdpr/ 23.09.2019

PowerOffice

 Accounting software

Norway

Europe

 https://poweroffice.no/personvernerklaering/ 23.09.2019

Visma.Net

 Accounting software & Digital signatures

Norway, Sweden

Europe

https://www.visma.com/trust-centre

https://cdn.prod.website-files.com/6305e59e1a8fa3e7f5f8e555/645251b34b200365c95f602e_visma-terms-of-service-2.0-norsk.pdf

 15.01.2020
Adobe Inc. Video, design, photography service

United States
(standard contractual clauses)

 United States

 https://www.adobe.com/privacy/policy.html

23.09.2019
AvePoint Inc

Microsoft 365 Backup

Service Desk protected with DPF: USA

Maintenance of infrastructure protected with SCC and TIA: Singapore, Malaysia, Vietnam

Europe

https://www.avepoint.com/company/our-commitment-to-gdpr

https://cdn.avepoint.com/pdfs/en/brochures/AvePoint-Data-Processing-Addendum.pdf

https://www.avepoint.com/agreements/dataprotection

 May 2023
CodeTwo

Email Signatures

Europe

Europe

https://www.codetwo.com/compliance/gdpr

 12.12.2019
Sinch Affiliate

SMS gateway

Service Desk protected with SCC and TIA: USA

Europe

https://www.sinch.com/data-protection-agreement/

https://sinch.com/security/

 21.01.2020
Atlassian Pty Ltd, Atlassian, Inc. 

Documentation and project management

Europe, United States
(standard contractual clauses)

Europe

https://www.atlassian.com/legal/privacy-policy

 26.05.2020
Telenor Norge AS

Phone system

European Economic Area

Europe

https://www.telenor.no/om/personvern/

 06.04.2021
OneTrust, LLC

Operationalize Privacy, Security & Data Governance

European Economic Area

Europe

https://www.onetrust.com/privacy/

 06.04.2021
Twilio

SMS gateway, Phone number routing

Europe, United States
(standard contractual clauses)

Europe

https://www.twilio.com/legal/privacy

 01.05.2022
Spektra Systems

Microsoft CSP billing

Service Desk protected with SCC and TIA: India

Europe

https://spektrasystems.com/privacy-policy/

 01.05.2022
TeamViewer Germany GmbH

 Remote control

Europe, United States
(standard contractual clauses)

Europe

https://www.teamviewer.com/en/trust-center/

 01.05.2022
Freshworks Inc.

 Customer contact center, chat & bot, service desk and assets management

Service Desk protected with DPF, SCC and TIA: USA and India

Europe

https://www.freshworks.com/privacy/

 01.05.2022
Memory AS

Time entry management 

Service Desk protected with SCC and TIA: India

Europe

https://timelyapp.com/privacy-policy

 01.05.2022
Keeper Security Inc

Store passwords safely

Service Desk protected with DPF: USA

Europe

Trust center
https://www.keepersecurity.com/GDPR.html

 May 2023
URIports

Email Compliance Service

Netherland

Europe

https://www.uriports.com/privacy

 Oct 2023
Pistachio

Security Awereness training

Europe

Europe

https://pistachioapp.com/data-processing-agreement

 May 2025
Hotjar

Behavior Analytics Tools

Service Desk protected with SCC and TIA: USA, India, Singapore

Europe

https://www.hotjar.com/legal/support/dpa/

 May 2025
Cookiebot

Cookie management

Vendor’s subprocessors: CDN via Akamai is used to display the correct cookie banner on the website. This is protected by SCC and TIA and is handled from the USA.

Denmark

https://www.cookiebot.com/wp-content/uploads/2022/10/DPA_01_2022.pdf

 May 2025

Please consult our Data Processor Agreement for information on the use and change of sub-processors.

 

Ironstone Affiliates

(Company name, business no.,  address, contact information, contact information to the data protection officer, where applicable.)

The purpose of the Processing

 Locations (transfer mechanism where outside of the EEA) Date added to this page
Ironstone AB In respect of Ironstone's Affiliates, groups of individuals located in different offices may have a need to access Customer data for service delivery purposes and/or business support purposes.   Sweden 23.09.2019
Ironstone AS In respect of Ironstone's Affiliates, groups of individuals located in different offices may have a need to access Customer data for service delivery purposes and/or business support purposes.   Norway 23.09.2019
Ironstone Holding AS In respect of Ironstone's Affiliates, groups of individuals located in different offices may have a need to access Customer data for service delivery purposes and/or business support purposes.   Norway 23.09.2019