Legal
Privacy Policy

If you work for a company that uses 55 Degrees' services

If your company is a customer to 55 Degrees AB (”55 Degrees”, “we”,”our” and ”us”) we at 55 Degrees may process your personal data. In this privacy policy you find information about when that is the case, how we process your personal data and what rights you have when it comes to this data processing.

Our goal is to be as transparent as possible regarding our processing of your personal data – do not hesitate to contact us with any questions you have!

In short

We process your personal data as necessary to:

When your personal data is used within our services we will see, store and process your personal data. It is however the company you represent that mainly is responsible (controller) for processing of such personal data and will give you information about that separately. Below you find information about the processing of your personal data that we at 55 Degrees are responsible for.

Here you can find all our privacy policies which describe how we process personal data in other situations, e.g. if you visit our website or otherwise are in contact with us.

Your rights

 

Below you find a detailed description of your rights and how to exercise them. In summary, you have the following rights:

When we refer to “your company” in this privacy policy, we refer to your employer or the organisation or public body that you represent. When we refer to “services” in this privacy policy, we refer to our software products, training workshops, or any other service that we offer.

Below you can read more about:

By pressing the selected heading, you will be moved to the relevant paragraph.

Who is responsible and how to contact us?

We at 55 Degrees are generally processing personal data on the instructions of our customers, i.e. as processors. In some situations, we are however responsible for the processing of your personal data and acting as controllers. These situations are explained in the sections below.

If you have any questions or if you wish to exercise any of your rights, we are available at:

  • Full name of legal entity: 55 Degrees AB (organization number 559201-6843)

  • E-mail address: privacy@55degrees.se

  • Mailing address: Nordenskiöldsgatan 24, 211 19 Malmö, Sweden

A detailed description of how we process your personal data

 

We gather personal data from you and from your company.

To enter into an agreement with your company and administer our relationship

 

What processing do we perform?

  • Enter into an agreement with your company, including any negotiation between the companies

  • Administer our relationship with your company.

What personal data do we process?

Information you or your company provide to us, e.g. name, information about which organisation you represent, position in your company, telephone number, and e-mail address

Our legal basis for the processing

Legitimate interest.  Your personal data will be processed based on our legitimate interest to negotiate and enter into an agreement with your company and to administer the agreement.

Storage period

We will store your personal data for as long as your company is our customer and for up to six months afterward unless your data is included in email communication, agreements, and similar documentation which we cannot delete – in case of a dispute.

To improve the service

 

What processing do we perform?

Evaluate customer and user behavior in order to provide you with a better service and user experience

What personal data do we process?

  • Subscription ID

  • Technical information about the User.

  • Information about how you use the product.

Our legal basis for the processing

Legitimate interest.  Your personal data will be processed based on our legitimate interest to negotiate and enter into an agreement with your company and to administer the agreement.

Storage period

Your personal data will be stored for a period of up to one year.

To handle your support matters

 

What processing do we perform?

Handle your request for support

What personal data do we process?

  • Information about which company you work for

  • Contact information

  • Other information you provide to us in connection with the support matter

Our legal basis for the processing

Legitimate interest.  Your personal data will be processed based on our legitimate interest to negotiate and enter into an agreement with your company and to administer the agreement.

Storage period

Your personal data will be stored from when the matter was initiated, through the duration of your support matter. Thereafter we store your personal data as long as we have a purpose for processing it. We aim to only keep the personal data for up to one year afterward for purposes of service and product improvement. However, we aim to delete sensitive attachments such as HAR files within three months of the closure of the support request.

To comply with accounting legislation

 

What processing do we perform?

Store information in accounting material

What personal data do we process?

​Name, history regarding payments that have been made, and other information that constitutes accounting records

Our legal basis for the processing

Legal obligation.  The processing is necessary to comply with legal obligations to which we are subject, i.e. accounting legislation. You need to provide us with this information or we will not be able to administer our relationship with your company.

Storage period

We will store any document constituting accounting material and the personal data included therein according to the storage period stated in the accounting legislation.

In Sweden, this means that we will store your personal data for seven to eight years, i.e. until and including the seventh year after the end of the calendar year for the fiscal year to which the personal data relates.

Who can gain access to your personal data and why?

 

We do not sell your personal data or share it with other parties unless it is necessary. This means that your personal data will be handled by our employees, but only by the personnel in need of such access to conduct their work.

  • We will store your personal data, anonymised when possible, within our IT systems to ensure good and secure IT operations. This means that we share your personal data with our IT suppliers.

  • We will store your personal data within our customer support and success systems to ensure good and secure customer support and relationship management operations. This means that we share your personal data with our Customer Support and Success suppliers

  • We will store your anonymised personal data regarding how you use our products within our Business Intelligence systems in order to understand how our products are used and to improve them. This means we share your anonymised personal data with our Business Intelligence suppliers.

  • We will store your personal data within our accounting systems to ensure good and secure financial operations and subscription management relating to the purchases of our products and services. This means that we share your personal data with our Accounting suppliers.

The above parties will process these on our behalf and follow our instructions. We need to work with third parties to conduct our business. We are responsible for any sharing of your personal data with such suppliers and to ensure that your personal data is safe when shared with third parties. For more detailed information on our suppliers and the information we store with them, please visit our supplier page.

Where is your personal data processed?

 

We use EU/EEA vendors that store data in the EU/EEA when possible. However, when we must use suppliers outside of the EU/EEA, your personal data will, in most cases, be processed outside of the EU/EEA. These are the cases in which we transfer your data outside of the EU/EEA:

  • When you use any of our Cloud products we maintain network logs using AWS and track javascript errors using Sentry. Both suppliers store data in the USA.

  • When you use ActionableAgile for Azure DevOps we store your Azure user ID and information about the subscription you belong to so we can verify you have access to a valid subscription and log you into the app. This information is stored in Google Cloud’s Firebase Firestore which stores data in the USA.

  • When you purchase a subscription through 55 Degrees via credit card we store needed personal data to manage and communicate with you regarding your subscription to our Products. The information we store is personal data about you, for example, your e-mail address and payment information. This information is sent to Recurly and Stripe, both suppliers storing data in the USA.

  • When you interact with us via our support channels we process your personal data, e.g. name and e-mail address, entered into our service desk so that we can assist you. This information is entered into Jira Service Management via our support portal vendor, Refined. Both suppliers store some or all information in the USA.

  • When you book a meeting with us we gather your personal data as a meeting attendee, e.g. your e-mail address. This information about you is entered by you or the company you represent into Calendly, a service that stores data in the USA.

  • When you attend a virtual meeting with us we store your personal data as a meeting attendee, e.g. your name and e-mail address, and, with consent, store recordings for up to 30 days. This information is stored in Zoom or Microsoft Teams, both of which store data in the USA.

 

In the above situations, we and our suppliers rely on Standard Contractual Clauses for the transfer of personal data outside of the EU/EEA. The use of Standard Contractual Clauses is an effort to provide a safe transfer of your personal data. You find a more detailed description of the transfer of personal data on our supplier page.

 

If you want to know more about whom we share your personal data with and how your personal data is transferred, please feel free to contact us. Our contact information can be found at the beginning of this privacy policy.

What are your rights when we process your personal data? Detailed description

 

You have certain rights that you can exercise to affect how we process your personal data. You can read a more detailed description of what those rights are below.

If you want to know more about your rights or if you want to exercise any of your rights, please contact us and we will help you.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority. The supervisory authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, the IMY).

In detail: Your right to complain exists without prejudice to any other administrative or judicial remedy. You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place where the alleged infringement of applicable data protection laws has allegedly occurred.

The supervisory authority has an obligation of informing you of the progress and the outcome of the complaint, including the possibility of a judicial remedy.

Right to access (Article 15 GDPR)

You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we do process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about our processing of your personal data.

In detail. The information we provide includes the following:

  • the purposes of the processing,

  • the categories of personal data concerned,

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,

  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,

  • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing,

  • the right to lodge a complaint with a supervisory authority,

  • if the personal data are not collected from you, we provide you with available information about the source of the personal data;

  • the existence of automated decision-making, including profiling, referred to in Articles 22.1 and 22.4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the predicted consequences of such processing; and

  • where your personal data are transferred to a third country or to an international organization, you have the right to information regarding the appropriate safeguards, pursuant to Article 46 GDPR, put in place for the transfer.

For any further copies of the personal data undergoing processing requested by you, we may charge a reasonable fee based on administrative costs. If you have made the request by electronic means the information will be provided to you in a commonly used electronic form, unless otherwise requested by you.

Your right to obtain a copy referred to above shall not adversely affect the rights and freedoms of others.

Right to object (Article 21 GDPR)

You have the right to object to our processing of your personal data at any time.

In detail: Your right to object applies as follows:

  • You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on our legitimate interest, i.e. Article 6.1 f GDPR. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.

  • In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications.

 

Right to erasure (“the right to be forgotten”) (Article 17 GDPR)

You have the right to ask us to erase your personal data.

 

In detail. We are obligated to erase your personal data without undue delay if:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

  • you object to the processing pursuant to Article 21.1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21.2 GDPR,

  • the personal data have been unlawfully processed, or

  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law that applies to us.

 

Where we have made the personal data public and are obliged in accordance with the rights stated above to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

 

We will notify any erasure of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided to unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us.

 

Please note that our obligation to erase and inform according to the above shall not apply to the extent processing is necessary:

  • for exercising the right of freedom of expression and information,

  • for compliance with a legal obligation that requires processing by Union or Member State law that applies to us, or

  • for the establishment, exercise, or defence of legal claims.

 

Right to rectification of processing (Article 16 GDPR)

You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you. 

In detail: Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

We will communicate any rectification of personal data to each recipient to whom the personal data have been provided unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us.

 

Right to restriction of processing (Article 18 GDPR)

You have the right to obtain from us restrictions on the processing of your personal data.

In detail: Your right applies if:

  • the accuracy of the personal data is contested by you, during a period enabling us to verify the accuracy of the personal data,

  • you have objected to processing pursuant to Article 21.1 GDPR pending the verification of whether our legitimate grounds override yours,

  • the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use, and

  • you need the personal data for the establishment, exercise, or defence of legal claims even though we no longer need the personal data for the purposes of processing.

Where the processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

We will notify you before the restriction of processing is lifted. We will also communicate any restriction of processing of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us.

Balancing of interests assessments when processing personal data based on the legal basis of “legitimate interests”

 

As we state above, for some purposes, we process your personal data based on our “legitimate interest”. By carrying out a balancing of interests assessment concerning our processing of your personal data, we have concluded that our legitimate interest in the processing outweighs your interests or rights which require the protection of your personal data.

If you want more information in relation to our balancing of interests assessments, please do not hesitate to contact us. Our contact details can be found at the beginning of this privacy policy.

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

This privacy policy was adopted on October 14, 2022.