1. Information on the Processor
Name and Contact Details:
- Processor: Deskhero AB
- Address: KIVRA: 559415-4170, 106 31, Stockholm, Sweden
- Representative: Jimmie Antonsson
- Email: support@deskhero.com
- Phone: +46 70 32 789 55
2. Data Protection Officer (DPO)
Name and Contact Details:
- Name: Klas Karlsson
- Email: dpo@deskhero.com
- Phone: +46 70 601 13 22
3. Information on the Controller (Clients)
Deskhero AB provides a Software-as-a-Service (SaaS) platform to Clients (businesses) who use the Service to manage customer support activities. As the Processor, we process Personal Data on behalf of our Clients (Controllers) in accordance with our Data Processing Agreement.
4. Categories of Processing Activities
4.1 Subject Matter of Processing
- Processing of Personal Data necessary to provide the Service to Clients, including storage, retrieval, communication, and other operations required for the functioning of the Service.
4.2 Nature and Purpose of Processing
- Purpose: To facilitate customer support interactions between Clients and their Customers through our helpdesk ticketing system.
- Nature: Collection, storage, organization, retrieval, consultation, use, disclosure by transmission, and deletion of Personal Data.
4.3 Types of Personal Data Processed
-
Client and User Data:
- Identification data: names, email addresses, phone numbers, job titles.
- Authentication data: usernames, passwords.
- Contact information.
- Billing information: payment details, transaction records.
-
Client’s Customer Data:
- Contact details: names, email addresses, phone numbers.
- Communication content: messages, attachments, support tickets.
- Any other Personal Data provided through the Service.
4.4 Categories of Data Subjects
- Users: Employees or agents of the Client authorized to use the Service.
- Client’s Customers: Individuals who interact with the Client through the Service.
4.5 Duration of Processing
- Personal Data is processed for the duration of the Agreement with the Client and retained as specified in our Data Retention Policy (see Section 6).
5. Transfers to Third Countries or International Organizations
Personal Data may be transferred to countries outside the European Union (EU) or European Economic Area (EEA) as necessary for the provision of the Service. Such transfers are conducted in compliance with Data Protection Laws, utilizing appropriate safeguards:
- Standard Contractual Clauses (SCCs): Implemented with Sub-Processors located outside the EU/EEA. See DPA for details
- Adequacy Decisions: Transferring to countries recognized by the European Commission as providing an adequate level of data protection.
6. Data Retention and Deletion
We retain Personal Data only as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements.
- Active Data: Retained for the duration of the Agreement.
- Backups: Retained for up to one (1) year and deleted as part of our regular backup maintenance process.
- Deletion Upon Termination: Upon termination of the Agreement, Personal Data will be deleted or anonymized in accordance with our Data Processing Agreement (DPA) and data retention policies.
7. Technical and Organisational Measures (TOM)
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as detailed in our Technical and Organisational Measures document
Key measures include:
- Access Control: Restricted access based on the principle of least privilege.
- Data Encryption: Encryption of Personal Data in transit and at rest.
- Network Security: Use of firewalls, intrusion detection systems.
- Incident Response: Procedures for detecting and responding to security incidents.
- Employee Training: Regular training on data protection and security practices.
8. Sub-Processors
We engage the following Sub-Processors to assist in the provision of the Service:
| Sub-Processor | Location | Services Provided | Data Processed |
| Amazon Web Services | Ireland | Hosting and infrastructure services | Personal Data stored and processed within the Service |
| Found by Elastic | Ireland | Search and analytics services | Personal Data processed for search functionality |
| OpenAI API | United States | AI-based task automation | Temporary processing of data input into AI features |
| DeepL | Germany | Translation services | Temporary processing of text during translation |
| GroupDocs.Cloud | United States | Document text extraction | Temporary processing of uploaded documents |
| Pinecone.io | Belgium | Vector database for AI content search | Storage of content vectors (no readable content) |
| AttachmentScanner.com | United States | Virus and malware scanning | Temporary processing of uploaded files |
| Zyte.com | United States | Web scraping for AI knowledge | Temporary processing of scraped web data |
| TaxJar.com | United States | Tax compliance and VAT validation | Processing of tax-related data |
| Elmah.io | Denmark | Error logging and debugging | Storage of application error logs |
| IPinfo.io | United States | IP address geolocation | Temporary processing of IP data |
| Twilio | United States | Communication services | Processing of phone numbers and communication metadata |
| Google Tag Manager | United States | Tag management services | Processing of tracking data |
| Stripe | United States | Payment processing | Processing of payment information |
| Google Analytics 4 | United States | Web analytics | Processing of anonymized usage data |
9. Documentation and Compliance
We maintain records of processing activities as required by Article 30 of the GDPR, including:
- Purposes of Processing
- Categories of Data Subjects and Personal Data
- Categories of Recipients
- International Transfers
- Technical and Organisational Measures
These records are available to supervisory authorities upon request.
1
0. Updates to This Document
This Record of Processing Activities may be updated from time to time to reflect changes in our processing operations. We will notify Clients of significant changes as outlined in our Data Processing Agreement.
11. Contact Information
For any questions or concerns regarding our processing activities, please contact our Data Protection Officer (DPO):
- Name: Klas Karlsson
- Email: dpo@deskhero.com
- Phone: +46 70 601 13 22
By using the Service and accepting the Terms and Conditions, you acknowledge that you have reviewed and understood this Record of Processing Activities.