...
Sub Processor | Used in services (See Appendix C for more information) | Country where data is processed |
Sentinel One | easy:epp SentinelOne | EU/EEA |
Microsoft | easy:mail, Office 365 | EU/EEA |
Cisco | easy:epp Cisco Umbrella | EU/EEA |
GSG Handyman | easy:handyman | Norway |
Zirius | easy:zirius | Norway |
Wazuh | easy:epp, easy:SIEM, easy:desktop, easy:mail, easy:hosting | EU/EEA |
Appendix C
Services delivered, the information processed and why
...
Service | Sub Processor | What personally identifiable information ("PII") is processed, why does this service process PII data |
|---|---|---|
User authentication ("UA") | Required to access the majority of services provided by Processor. E.g. an Active Directory account usually identifies a user by name, number and e-mail. | |
easy:epp SentinelOne easy:monitoring easy:epp Antivirus Predictive NextGen | SentinelOne | SentinelOne is a behaviour based protection system continuously monitoring all processes and actions on a system. This is to enable it to react to suspicious behaviour and truly stop Zero Day threats. Per July 1st. 2018 it is the only software in the world capable of stopping the newest threats. Contact the Processor for more information. The SentinelOne Endpoint Protection Platform (EPP) protects Windows, OS X, and Linux-based endpoint devices against advanced malware, exploits and live/insider attacks. It monitors all activity on the endpoint via an autonomous lightweight agent, leverages dynamic behavior-based threat detection, offers fully integrated, automated mitigation and remediation capabilities, and generates real-time forensics. The service has a function enabled by default named "Deep Visibility" enabling it to monitor and map file, DNS, internet, IP and website activity to provide an image of the machines behaviour and warn of suspect data flow, data leak, theft of files etc. Most of the information that SentinelOne collects through the Solutions is not Personal Information and relates to the computing processes and the devices guarded against malware infection by the SentinelOne Services. Such information includes device or network usage, endpoint login data, types and versions of operating systems and browsers, computer name, file execution information, and information about installed software applications. The data is processed on the Sub Processor systems and is considered a cloud security service with local offsite capability. Sub Processor can only see anonymized data. The Processor can see all data. |
easy:epp Cisco Umbrella | Cisco Umbrella | Cisco Umbrella monitors and maps websites and IP addresses the client machine connects to, including but not limited to through a website or through an application. Cisco Umbrella purpose is to block malicious destinations before a connection is ever established and is designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The data is processed on the Sub Processor systems and is considered a cloud security service. Sub Processor can only see anonymized data. The Processor can see all data. |
easy:SIEM | Wazuh | SIEM purpose is to monitor all activity on all devices from all users. The Processor has access to view all data, but the Controller will only receive sufficiently anonymized and relevant data to their inquiry. |
Office 365 | Microsoft | The Processor only manages the service for the Controller. The Controller must themselves have a separate DPA with the service provider. |
easy:utm easy:vpn easy:wifi easy:switch | UTM - Unified Threat Manager system whose purpose is to protect all services in the Processors datacenter and / or the Controllers physical locations. VPN purpose is to connect physical locations for communication. WiFi and switch purpose is to provide internet connectivity to devices. The service / system gives the Processor the ability to monitor all network traffic between devices. Logging is usually enabled on all devices to provide tracking in case of security breaches. Wifi and switch is usually exempt from this except if the Controller requests such features to be enabled. | |
easy:desktop easy:hosting easy:server easy:OMS | easy:desktop and hosting creates a personal profile disk related to the UA to provide a personal remote desktop and saving of application data. The service uses a UA to authenticate. The service uses easy:epp sentinelone. The service uses easy:epp cisco umbrella. The service uses easy:utm. | |
easy:mail | Microsoft | easy:mail stores all e-mail sent and received to the users personal account. When an item or account is deleted it is retained for 30 days to provide the possibility to recover deleted items. All e-mail is transferred through the Sub Processors systems for security measures; antispam, antivirus, authentication. The service uses a UA to authenticate. |
easy:storage | easy:storage is private access to a folder on a server to store data. The service uses a UA to authenticate. The service uses easy:epp sentinelone. | |
easy:filecloud easy:cloud | easy:filecloud provides access to easy:storage to synchronize files between multiple devices. The service logs all actions performed to provide tracking of actions performed by the user and others on files and folders; Open, Save, Delete, Share, Upload, Download, Change. The service uses a UA to authenticate. The service uses easy:storage. The service uses easy:epp sentinelone. The service uses easy:utm. The service uses easy:SQL. | |
easy:SQL | easy:SQL provides database functionality for various services. All data the Controller stores about customers and employees in various applications usually end up in a database hosted using this service. The Processor has full access to all data, the Controller has access to the data relevant for them. | |
easy:app easy:server e.g. Access to an application on easy:desktop | easy:app provides access to applications hosted on servers in the Processors datacenters; If the Controller requests it, the Processor will provide access to the vendor of the application. The Controller must sign their own DPA with the application vendor. The service uses easy:storage. The service uses easy:desktop. The service uses easy:epp sentinelone. The service uses easy:epp cisco umbrella. The service uses easy:utm. The service uses easy:mail. The service usually uses easy:SQL. The service uses a UA to authenticate. | |
easy:handyman | GSG Handyman | Handyman stores the data the Controller saves about customers and employees. The Sub Processor has full access to all data related to the application and any data produced by the application to provide seamless and quick support. The service uses easy:storage. The service uses easy:desktop. The service uses easy:epp sentinelone. The service uses easy:epp cisco umbrella. The service uses easy:utm. The service uses easy:mail. The service uses easy:SQL. The service uses a UA to authenticate. |
easy:zirius | Zirius | Zirius stores the data the Controller saves about customers and employees. The Sub Processor has full access to all data related to the application and any data produced by the application to provide seamless and quick support. The service uses easy:storage. The service uses easy:desktop. The service uses easy:epp sentinelone. The service uses easy:epp cisco umbrella. The service uses easy:utm. The service uses easy:mail. The service uses easy:SQL. The service uses a UA to authenticate. |
easy:mdm | Mobile Device Management stores data about all devices, who uses them and their activity with the purpose of securing the usage of the devices and delivering a tailored and secure user experience. The service uses easy:utm. The service uses easy:SQL. The service uses easy:epp sentinelone. The service uses a UA to authenticate. |
...