Search Results

An important part of living up to our values is our commitment to data privacy and security throughout all aspects of our organization. Learn more about how we do this. Trust Center A culture based on security and privacy An important part of living up to our values is our commitment to data privacy and security throughout all aspects of our organization. We don't take a single step without ensuring we've taken all reasonable steps to protect your data and privacy. Protect customer and personal data at all times Comply with applicable privacy regulations Avoid processing or storing unneeded data Compliance Certifications and Standards ISO 27001 Certified SOC 2 Type II Compliant GDPR Compliant Atlassian Security Programs Certified Our Security Partners Resources SECURITY PRACTICES Learn more about our overall product security and operations measures. SECURITY ADVISORIES See how we handle vulnerabilities and read current and past advisories. SUPPLIERS & SUBPROCESSORS See our subprocessors. Learn which data they process and when. PRODUCT-SPECIFIC SECURITY Learn more about how we handle data security in specific products. FREQUENTLY ASKED QUESTIONS Have a question that's not answered here? Check out our FAQ! NEED MORE DETAILS? Our automated trust portal, hosted by Vanta, allows you to see real-time lists of our monitored technical and operational measures and to access selected internal policies. Want to see sensitive files like our SOC 2 Type II report? Click on the item to request access to start the NDA process. Download files at the Trust Center

Automated Forecast Always up-to-date Portfolio Forecaster is a powerful forecasting tool for Jira users that enables you to generate accurate, up-to-date forecasts and portfolios automatically. Using Monte Carlo simulations leverages your historical project data and risk tolerance to predict timelines and outcomes for any issue type, ensuring smarter, data-driven decisions for your team. Try it for free Overview Pricing Roadmap Product Roadmap Learn about what we’re working on, check out what's planned and under consideration, and give feedback. Don't see what you are looking for? Submit your idea!

55 Degrees is ISO 27001:2013 certified via Prescient Security Compliance Programs We are ISO 27001 certified! 55 Degrees is proud to be ISO 27001:2013 certified by the external auditing firm, Prescient Security . ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes. Complying with ISO 27001:2013 demonstrates implementation and maintenance for the highest security standards controls, assuring secure delivery of 55 Degrees software products and SaaS operations. Download our ISO 27001 Certificate and/or request access to our full audit report. We've achieved SOC 2 compliance 55 Degrees is proud to have SOC 2 compliance validated through the external auditing firm, Advantage Partners . SOC 2 is a framework governed by the American Institute of Certified Public Accountants (AICPA). Compliance exemplifies an organization’s commitment to their customer’s trust and is a major milestone towards improving their overall security posture. By undergoing a SOC 2 audit, our controls and processes were validated by a third party who attests to the functioning of the controls relevant to our application. Request access to our SOC 2 Type II audit report.

How we process your personal data in the case of a question, complaint or claim from you or your company. Legal Agreements Cloud Products On-Prem Subscription Products On-Premise Perpetual Products Privacy Cookie Policy for Apps Privacy Statement Privacy: Customer Employees Privacy: Marketing Privacy: Websites Privacy: Questions, Complaints... Privacy: Suppliers Terms of Use Website Terms Community Terms Archives Privacy Policy If you or your company have questions, complaints, or claims If your company has questions, complaints, or claims we at 55 Degrees AB (”55 Degrees ”, “we ”,”our ” and ”us ”) may process your personal data. In this privacy policy, you will find information about how we process your personal data and your rights regarding this data processing. Note that we are always happy to answer any questions you have and always try to avoid any claims or complaints. In case any question, complaint, or claim arises, we do, however, need to process the personal data we gather from you and your company. Our goal is to be as transparent as possible regarding our processing of your personal data – do not hesitate to contact us with any questions you have! To handle any questions, complaints, or claims What processing we perform Handle any questions, complaints, or claims Defend ourselves against claims and complaints Initiate any claims What personal data we process We will process the personal data that you provide to us or which we collect in order to handle the matter, i.e. Name Information about which organisation you represent Contact details Information concerning your company’s question, complaint, or claim Our legal basis for the processing: Legitimate interest The personal data is processed based on our legitimate interest to handle a question, complaint, and/or claim. By carrying out a balancing of interests assessment concerning our processing of your personal data, we have concluded that our legitimate interest in the processing outweighs your interests or rights, which require the protection of your personal data. Please do not hesitate to contact us if you want more information regarding this. Storage period: We will store your personal data from when the matter was initiated and through the duration of your support matter or for the duration of the potential dispute. Thereafter we store your personal data as long as we have a purpose for processing it. We aim to only keep personal data for up to one year after the matter is handled for service and product improvement. However, we aim to delete sensitive attachments, such as HAR files, within three months of the closure of the support request. After the customer relationship with your company ends, we store agreements and similar documentation where your personal data may be included. We will continue to store it for as long as a claim can be made in case a dispute arises, i.e., in accordance with applicable statutory limitation provisions. In Sweden, the storage period is ten years. Note that the ongoing matter may mean that we cannot delete all your personal data after your request . Here you can find all our privacy policies which describe how we process personal data in other situations, e.g. if you visit our website or otherwise are in contact with us. Your rights Below you will find a detailed description of your rights and how to exercise them. In summary, you have the following rights: the right to lodge a complaint with a supervisory authority, the right to access what personal data we process about you, the right to object to our processing, the right to erasure of the personal data we process, the right to rectification of any personal data that is inaccurate, and the right to restrict our processing. When we refer to “your company” in this privacy policy, we refer to your employer, the organization, or the public body you represent. Below you can read more about: You will be moved to the relevant paragraph by pressing the selected heading. Who is responsible, and how to contact us? Who can gain access to your personal data and why? Where is your personal data processed? What are your rights when we process your personal data? Detailed description Who is responsible, and how to contact us? We at 55 Degrees are generally processing personal data on the instructions of our customers, i.e., as processors. In some situations, we are, however, responsible for the processing of your personal data and acting as controllers. These situations are explained in the charts below. If you have any questions or if you wish to exercise any of your rights, we are available at: Full name of legal entity: 55 Degrees AB (organization number 559201-6843) E-mail address: privacy@55degrees.se Mailing address: Lilla Nygatan 7, 211 38 Malmö, Sweden Who can gain access to your personal data and why? We do not sell your personal data or share it with other parties unless necessary. This means that your personal data will be handled by our employees but only by those needing such access to conduct their work. We will store your personal data, anonymized when possible, within our IT systems to ensure good and secure IT operations. This means that we share your personal data with our IT suppliers . Which other recipients we share your personal data with depends on what the question, complaint, or claim is about. If it concerns our customer relations or financial matters, you can read more about recipients here . The above parties will process these on our behalf and follow our instructions. We need to work with third parties to conduct our business. We are responsible for any sharing of your personal data with such suppliers and to ensure that your personal data is safe when shared with third parties. For more detailed information on our suppliers and the information we store with them, please visit our supplier page located at https://support.55degrees.se/space/SECURE/2014216193 . Where is your personal data processed ? We use EU/EEA vendors that store data in the EU/EEA when possible. However, when we must use suppliers outside the EU/EEA, your personal data will be processed outside the EU/EEA. We transfer your data outside of the EU/EEA to make use of our IT suppliers, which will process your personal data stated in the table above . These suppliers store some or all information in the USA. Whether we transfer your personal data in other cases depends on what the question, complaint, or claim is about. If it concerns our customer relations or a financial matter, you can read more about recipients here . In the above situations, our suppliers and we rely on Standard Contractual Clauses for the transfer of personal data outside of the EU/EEA. The use of Standard Contractual Clauses is an effort to provide a safe transfer of your personal data. You find a more detailed description of the transfer of personal data at https://support.55degrees.se/space/SECURE/2014216193 . If you want to know more about whom we share your personal data with and how your personal data is transferred, please get in touch with us. Our contact information can be found at the beginning of this privacy policy. What are your rights when we process your personal data? Detailed description You have certain rights that you can exercise to affect how we process your personal data. You can read a more detailed description of what those rights are below. If you want to know more about your rights or if you want to exercise any of your rights, please contact us, and we will help you. Right to lodge a complaint with a supervisory authority (Article 77 GDPR) You have the right to lodge a complaint with a supervisory authority. The supervisory authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, the IMY). In detail: Your right to complain exists without prejudice to any other administrative or judicial remedy. You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place where the alleged infringement of applicable data protection laws has allegedly occurred. The supervisory authority has an obligation to inform you of the progress and the outcome of the complaint, including the possibility of a judicial remedy. Right to access (Article 15 GDPR) You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we process your personal data, you also have a right to obtain a copy of the personal data processed by us and information about our processing of your personal data. In detail. The information we provide includes the following: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing, the right to lodge a complaint with a supervisory authority, if the personal data are not collected from you, we provide you with available information about the source of the personal data; the existence of automated decision-making, including profiling, referred to in Articles 22.1 and 22.4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the predicted consequences of such processing; and where your personal data are transferred to a third country or to an international organization, you have the right to information regarding the appropriate safeguards, pursuant to Article 46 GDPR, put in place for the transfer. For any further copies of the personal data undergoing processing requested by you, we may charge a reasonable fee based on administrative costs. If you have made the request by electronic means, the information will be provided in a commonly used electronic form unless otherwise requested by you. Your right to obtain a copy referred to above shall not adversely affect the rights and freedoms of others. Right to object (Article 21 GDPR) You have the right to object to our processing of your personal data at any time. In detail: Your right to object applies as follows: You have the right to object, on grounds relating to your particular situation, at any time to the process ing of your personal data, which is based on our legitimate interest, i.e., Article 6.1 f GDPR. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications. Right to erasure (“the right to be forgotten”) (Article 17 GDPR) You have the right to ask us to erase your personal data. In detail. We are obligated to erase your personal data without undue delay if: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, you object to the processing pursuant to Article 21.1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21.2 GDPR, the personal data have been unlawfully processed, or the personal data must be erased to comply with a legal obligation in Union or Member State law that applies to us. Where we have made the personal data public and are obliged in accordance with the rights stated above to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. We will notify any erasure of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided to unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us . Please note that our obligation to erase and inform according to the above shall not apply to the extent processing is necessary: for exercising the right of freedom of expression and information, for compliance with a legal obligation that requires processing by Union or Member State law that applies to us, or for the establishment, exercise, or defense of legal claims. Right to rectification of processing (Article 16 GDPR) You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you. In detail: Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. We will communicate any rectification of personal data to each recipient to whom the personal data have been provided unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us. Right to restriction of processing (Article 18 GDPR) You have the right to obtain from us restrictions on the processing of your personal data. In detail: Your right applies if: the accuracy of the personal data is contested by you during a period enabling us to verify the accuracy of the personal data, you have objected to processing pursuant to Article 21.1 GDPR pending the verification of whether our legitimate grounds override yours, the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use, or you need the personal data for the establishment, exercise, or defense of legal claims even though we no longer need the personal data for the purposes of the processing. Where the processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will notify you before the restriction of the processing is lifted. We will also communicate any restriction of processing of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided to unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us This privacy policy was adopted on February 3, 2023. responsible access where rights rights-complaint rights-access rights-object rights-erasure rights-rectify rights-restrict

Order agreement, terms and conditions, and DPA for 55 Degrees cloud products. Legal Agreements Cloud Products On-Prem Subscription Products On-Premise Perpetual Products Privacy Cookie Policy for Apps Privacy Statement Privacy: Customer Employees Privacy: Marketing Privacy: Websites Privacy: Questions, Complaints... Privacy: Suppliers Terms of Use Website Terms Community Terms Archives Order Agreement for Cloud Products Effective starting: November 26, 2024. See the legal archives for previous versions of this document. This Order Agreement has been entered into between 55 Degrees AB, with Swedish company reg. no. 559201-6843, hereinafter referred to as the ”Supplier ”, and the company stated when starting the subscription, hereinafter referred to as the ”Customer ”. 1. Background and General Terms 1.1. The Supplier and the Customer hereby agree that the Supplier will provide the Service to the Customer. 1.2. Words starting with capital letters are defined in this Order Agreement and at the end of the Terms in the appendix “definitions”. 1.3. The Agreement consists of this Order Agreement and the following appendices: Appendix 1 – the Terms , and Appendix 2 – the DPA . 1.4. In the event of a conflict between this Order Agreement and the appendices, the terms set out in the Order Agreement shall apply, except for what is stated regarding the processing of personal data, where the DPA shall take precedence. 2. Pricing and Payment 2.1. The Customer shall pay the prices that are stated on the point-of-sale, for example on the Supplier’s website, when the parties enter into the Subscription Agreement. 2.2. The prices agreed on in this Order Agreement apply at the time when the Order Agreement is concluded. Any prices are stated excluding value-added tax. 3. Term and Termination This Order Agreement becomes effective when the Customer has signed up to use the Service at (i) a third-party platform such as Atlassian or (ii) at the Supplier’s website, and this has been confirmed by the Supplier. The Order Agreement remains valid until terminated by either party according to the Terms. APPENDIX 1 The Supplier's General Terms and Conditions - Cloud Subscription Products 1. Background 1.1. These general terms and conditions (the “Terms ”) describes the legal terms and conditions that apply when the Customer subscribes to the Supplier’s Service. 1.2. The Customer is a company or organization and the individual representing the Customer warrants that he or she has authority to enter into a Subscription Agreement with the Supplier. 1.3. When entering into the Subscription Agreement, the Customer confirms that it is not listed on any official terrorist list or associated with any country or organization sanctioned by Sweden, the European Union, or the United States 2. The Service 2.1. The Supplier provides the Service to the Customer in accordance with the Subscription Agreement. 2.2. If the Customer purchased the Service at a third-party platform such as Atlassian, separate, additional terms may apply to the Customer’s use of such third party’s platform. The Supplier takes no responsibility for the Customer’s use of such third-party’s platform or any fault, damage or unavailability of the Service which is due to such third-party platform, regardless of whether such third-party takes responsibility according to its third-party terms. The Terms in this document apply only to the Customer’s use of the Service. 2.3. When the Customer purchases the Service, the Customer agrees to these Terms and is given a right to use the Service for the number of End-Users that has been agreed on in the Order Agreement and for the period for which the Subscription Agreement applies. The Customer can add more End-Users by placing additional orders. The Customer’s right to use the Service is non-exclusive, time-limited, and non-transferable and applies to the Customer’s own business, unless otherwise agreed in the Order Agreement. The right applies provided that the Customer fulfills its payment obligations and other obligations under the Subscription Agreement. 2.4. The Supplier is always trying to improve the Service and may from time to time make developments, additions and changes to the Service. 3. The Supplier's Obligations 3.1. The Supplier shall make the Service available as a SaaS service 3.2. The Supplier provides the Service according to the security practices stated on the website of the Supplier. 3.3. The Service is provided “as is”. The Service does not include any integrations to other systems or applications that the Customer may want to use together with the Service unless the parties have explicitly agreed otherwise in the Order Agreement. When integrations are included, the Supplier does not take responsibility for the continued functionality of such integrations if a third-party provider changes its service. 3.4. The Service shall be considered to have been made available when the Supplier has made it accessible to the Customer through the internet, e.g., by making it accessible for implementation. 4. Availability and Support 4.1. The Supplier’s intention is that the Service shall be fully available. 4.2. The Supplier may provide the Customer with online support services related to the Service at its discretion and for the sole purpose of addressing technical issues relating to the use of the Service. Any support is governed by the Supplier’s policies and programs described in any user manual, online documentation, and/or other materials provided by the Supplier. 4.3. Insignificant inconveniences shall not result in the Service being considered unavailable. In particular, the Service shall not be deemed unavailable when: a) the Supplier performs scheduled upgrades that affect the availability of the Service, of which the Customer has been informed no less then forty-eight (48) hours in advance; or b) the Service is down due to circumstances beyond the Supplier’s control, including, but not limited to, loss of network or communication, or due to third-party platforms such as Atlassian’s fault, disturbance, or lack of availability. 4.4. The Supplier shall rectify unavailability as soon as possible after becoming aware of such unavailability. The Supplier’s obligation to remedy the unavailability does not apply if the remedy would cause inconvenience and costs to the Supplier that are unreasonably large in relation to the significance of the unavailability for the Customer. 4.5. In the event the Service is unavailable or has an error which the Supplier deems critical for the functionality of the Service, the Customer’s sole and exclusive remedy shall, at the choice of the Supplier, be (i) either a refund of the monthly fee for using the Service, or (ii) a discount towards the cost of future purchases. Such remedy shall be calculated based on the month in which the error manifested itself and shall be in proportion to the effect for the Customer. The maximum remedy for a month shall be 50% of the price the Customer should have paid for the relevant time period. 5. The Customer's Obligations 5.1. Unless otherwise agreed, the Customer is responsible for the following : a) act of its employees, consultants or other persons appointed by the Customer to use the Service, in particular, the Customer shall make sure that the Customer’s End-Users do not share account access to individuals without authority to use the Service and take actions to avoid End-Users from sharing login credentials; b) not using the Service for competitive analysis or similar purposes; c) only use the Service for the number of End-Users or similar limitations that have been set out and agreed on when concluding the Order Agreement; d) keeping all passwords and login credentials confidential; e) to maintain any equipment and software required to use the Service, maintain the security of its IT-environment and to always use the Service in accordance with the Supplier’s Documentation; f) to provide the Supplier with information about the Customer and its use of the Service reasonably required by the Supplier to be able to provide the Service and make improvements, additions and changes to the Service, the Customer can be required to provide information about connection details and information about authorized user; g) notify the Supplier immediately at the Supplier’s support portal if the Service is unavailable; and h) to use the Service in accordance with all applicable laws, regulations and guidelines issued by a competent authority. 5.2. The Customer shall not use, copy, modify or give access to the Service to a greater extent than has been agreed on or is considered within the intended use of the Service. 5.3. The Supplier is not responsible for changes in the Service that occur because of the Customer’s actions. 5.4. If the Customer does not comply with the terms of the Subscription Agreement and does not rectify within ten (10) days of the Supplier notifying the Customer of the non-compliance, the Supplier is entitled to suspend the Service until rectification is made. The Supplier has the right to suspend the Customer immediately if the Customer’s actions impact on how the Service works. The Customer shall indemnify the Supplier for any costs or claims by a third-party based on the Customer’s use of the Service in violation of the terms of the Subscription Agreement. 6. Prices and Payment 6.1. The Customer shall pay the prices that the parties specifically have agreed on in the Order Agreement. 6.2. Unless otherwise explicitly agreed, the Supplier has the right to adjust prices at any time, such adjustments will take effect on the coming Subscription Term, i.e., when the Subscription Agreement is renewed. In addition, the Supplier may at any time adjust prices due to changes in regulations, taxes, fees, or similar circumstances beyond the Supplier’s control. 6.3. All fixed fees for the use of the Service shall be paid in advance. The first notification of payment is received together with the conclusion of the Order Agreement, if the Customer uses a Trial Period, the first notification of payment is received when the Trial Period ends, and the first Subscription Term starts. 6.4. Payment shall be made within thirty (30) days from the notification of payment was issued, unless otherwise agreed in writing. 6.5. If payment is late or incomplete, the Supplier is entitled to interest on overdue payment in accordance with the Swedish applicable interest act and a late payment charge and/or a debt collection fee according to applicable laws. 6.6. If full payment is not received by the Supplier and the Customer has not on reasonable grounds disputed the claim of payment, the Supplier has the right to (i) immediately suspend the use of the Service, and/or (ii) terminate the Subscription Agreement in accordance with section 8.3. 7. Trial Period and Early Access 7.1. If the Customer registers to use the Service for a free Trial Period, these Terms shall apply, in applicable parts, during the Trial Period. Sections that by their nature are not applicable during the Trial Period shall be inapplicable during such period, including but not limited to sections 4.1, 6, 8, 13.3, 13.4, 13.5, and 13.7. 7.2. When the Supplier offers a Trial Period or Early Access, the Supplier’s obligation is limited to providing the Customer with access to use the Service. Thus, the Supplier has no responsibility for the Service functioning in a certain way, or responsibility for providing the Customer with support or remedying any unavailability. However, the Supplier will usually make sure that the Service works as intended. The Supplier is neither liable for any direct or indirect damages due to the Customer’s use of the Service. 7.3. The term of the Subscription Agreement for the Customer’s Trial Period is stated when the Customer starts to use the Trial Period. When the term of the Trial Period has expired, the Customer may choose to continue using the Service and then pay for it in accordance with what is stated in the Terms. When the Trial Period has ended, the Customer will no longer have access to the Customer Data in the Service. 7.4. The Customer does not have the right to use more than one free Trial Period unless explicitly allowed by the licensing platform or the Supplier. The Customer shall reimburse the Supplier for any unallowed continued use of the Service during an additional Trial Period. Such reimbursement shall be coherent with the Supplier’s highest prices for the Service at that point in time. 7.5. The parties may at any time choose to end the Trial Period and the Customer will in that case no longer have access to the Service. The parties may as well at any time choose to end the Early Access and the Customer shall in such case have access to the Service without the Early Access features. 8. Term and Termination 8.1. The Subscription Agreement is provided for the Subscription Term. 8.2. If the parties have not agreed otherwise, the Subscription Agreement shall enter into force when the Order Agreement has been concluded (for example when the Customer has signed up to using the Service at the Supplier’s website and this has been confirmed by the Supplier). The Subscription Agreement is automatically renewed for an additional Subscription Term, unless otherwise agreed upon. 8.3. Either party can terminate the Subscription Agreement at any time. Such termination shall take effect immediately if termination is made by the Customer and shall take effect thirty (30) days after the termination if the termination is made by the Supplier. 8.4. The Supplier has the right to terminate the Subscription Agreement with immediate effect if: a) the Customer has committed a material breach of the Subscription Agreement and does not take full correction of such breach within thirty (30) days of the other party giving written notice thereof; or b) the Customer is declared bankrupt, enters into liquidation, cancels its payments, or can otherwise reasonably be assumed to have become insolvent. 8.5. When the Subscription Agreement has been terminated, the Customer shall immediately cease to use the Service and both parties shall return or delete such information that is covered by confidentiality in accordance with section 11, including Documentation. Unless the Customer explicitly asks for the Customer Data to be deleted immediately, any Customer Data that exists is stored for up to thirty (30) days after the Subscription Agreement has been terminated in case the Customer wants to reactivate the Subscription Agreement. The Supplier’s responsibility to delete Customer Data is limited to the Customer Data which the Supplier continues to have access to. 8.6. The Customer can in some cases be able to download the Customer Data prior to ending the Subscription Agreement. The Customer must reimburse the Supplier for the reasonable costs the Supplier has for aiding with the return. 9. Amendments 9.1. The Supplier may at any time make changes to the Subscription Agreement or the Service that do not impair the Subscription Agreement or the Service by giving the Customer thirty (30) days prior written notice. 9.2. If provisions of the GDPR change or if a supervisory authority issues guidelines, decisions, or regulations regarding the application of the GDPR during the term of the DPA, with the result that the DPA does not meet the requirements for a data processing agreement, the parties shall change the DPA to meet the requirements. 9.3. The Supplier may at any time make changes to the Subscription Agreement, other than according to sections 9.1 and 9.2, by giving the Customer a three (3) month’s prior written notice. The Customer may terminate the Subscription Agreement if the Customer has a reasonable explanation for not accepting the new Subscription Agreement by giving notice at latest one (1) month before the new Subscription Agreement will come into force. In such case, the Supplier shall pay back the amounts corresponding to the period the Customer has not been able to use the Service. The Customer may not terminate the Subscription Agreement if the grounds for a significant change to the Subscription Agreement is due to changes in law, constitution, by authority decision, or changes in other circumstances outside of the Supplier’s control. The Customer has the right to terminate the Subscription Agreement with immediate effect if such change entails a significant inconvenience for the Customer. 10. Personal Data 10.1. Within the scope of fulfilling the obligations under the Subscription Agreement, the Supplier will process personal data on behalf of the Customer. Within the scope of such processing, the Customer is the controller for personal data and the Supplier is the processor. For this purpose, the parties have entered into a DPA (Appendix 2). 10.2. The Supplier may gather and in other ways process personal data as data controller in order to improve the Service, including to develop and improve AI functionality within the Service. 11. Confidentiality 11.1. Both parties hereby agree not to, without the other party’s prior written approval, publish or otherwise disclose to third parties any information relating to the other party’s business which is or can be reasonably presumed to be confidential, with the exemption for: a) information that is or becomes publicly known, except through a breach of this Subscription Agreement by the receiving party; b) information from third-party that is public to the receiving party without obligation of confidentiality; c) information that was known to the receiving party prior to receipt from the disclosing party, without obligation of confidentiality; or d) the disclosure or use of information is required by law, regulations or any other regulatory body. In the event of such disclosure, the disclosing party shall, if possible, notify the other party before such disclosure takes place. 11.2. Specifically, the Supplier shall keep any Customer Data secret and ensure that employees only have access to the Customer Data if it is necessary to perform the Services, e.g., support- and maintenance (“need to know basis”). 11.3. Information that a party has stated as confidential shall always be regarded as confidential information. 11.4. Each party is responsible for compliance with this confidentiality undertaking by its respective subcontractors, consultants, and employees. The confidentiality undertaking under this section applies during the term of the Subscription Agreement and for a period of three (3) years after the Subscription Agreement has expired. The confidentiality undertaking for Customer Data applies for an indefinite period of time. 12. Publicity and Marketing 12.1. Unless the Customer has objected according to section 12.2, the Supplier may publicly state that the Customer is a customer of the Supplier. The Customer grants the Supplier the right to include the Customer’s name, trademark, logo, or similar identifying material in a listing of customers on the Supplier’s website and/or promotional material in relation to the Service. 12.2. The Customer may, via the Supplier’s support portal, ask the Supplier not to include information about the Customer in any publicly available material. Such a request can be made at any time, even before the Supplier has published information according to section 12.1. After a request from the Customer, the Supplier shall stop including information about the Customer in any publicly available material within thirty (30) days and as far as possible delete any already publicized information about the Customer. 13. Intellectual Property Rights 13.1. The Supplier or its licensors hold all rights, including intellectual property rights, to the Service and the Documentation (including, without limitation to, such development or improvements specifically performed on behalf of the Customer) including software and source code. Nothing in the Subscription Agreement shall be construed as a transfer of such rights, or any part thereof, to the Customer. For the avoidance of doubt, the Customer has no right to use, copy or develop, in any way, the intellectual property rights of 55 Degrees or its licensors, in or related to the Service and the Documentation, such as but not limited to, reverse engineer or decompile software and source code should Customer gain access to such. 13.2. The Supplier makes no warranties that any AI generated content will not infringe upon any intellectual property rights or other rights of third parties. 13.3. If it comes to the Supplier’s knowledge or is finally settled that the Customer’s use of the Service in accordance with this Subscription Agreement, infringes a third-party’s intellectual property rights, the Supplier may choose to either: a) ensure the Customer a continued right to use the Service; b) change the Service so that infringement no longer exists; c) replace the Service, or any part thereof, with any other non-infringing equivalent service; or d) terminate or temporarily cease to provide the Service and, after deducting the Customer’s reasonable benefit, repay the Customer’s fee that has already been paid for the Service and which relates to time when the Customer is not able to use the Service, without interest. 13.4. Should the Customer be aware of any infringement claims directed towards the Customer related to the Customer’s use of the Service, the Customer shall immediately inform the Supplier. 13.5. The Supplier has the right to freely use the know-how, professional knowledge, experience, and skills that the Supplier acquires through or in connection with providing the Service. 13.6. The Supplier’s obligations under this section 13 are conditional upon the Customer’s use of the Service exclusively in accordance with the terms of the Subscription Agreement and the Customer fulfilling section 13.4. 13.7. This section 13 constitutes the Supplier’s total liability towards the Customer for any claims related to intellectual property rights. 13.8. The Customer has all rights, including intellectual property rights, to the Customer Data. During the term of the Subscription Agreement, the Supplier may use the Customer Data and data related to the Customer’s use of the Service (personal data excluded) in order to provide the Service to the Customers successfully. 14. Limitation of Liability 14.1. The Supplier’s responsibility for the provision of the Service is limited in accordance with what is stated in these Terms. 14.2. The Supplier is – with the limitations set out below – liable towards the Customer for damages caused due to the Supplier’s negligence. However, the Supplier is not liable for damages caused by third-party platforms as Atlassian, including any fault, disturbance or unavailability caused by such third-party platform, or any integrations to other systems or applications that the Customer may want to use the Service together with, or modifications or changes to the Service made according to the Customer’s instructions or performed by anyone other than the Supplier (including but not limited to the Customer and Customer’s suppliers). 14.3. The Service is provided on an “as-is” basis without any express or implicit promises or guarantees. The Supplier shall not be responsible for any decisions made by the Customer based on the use of any integrated AI-functionality in the Service, nor for any outcomes or results derived from the use of any AI-functionality in the Service, including any user-generated content. 14.4. Notwithstanding the above, the Supplier shall under no circumstance be liable for indirect damages (Sw. indirekt skada), including damages caused by loss of profit, revenue, anticipated savings or goodwill, loss of information or Customer Data, loss due to operational, business, power or network interruptions, loss due to modifications of the Service made in accordance with the Customer’s instructions or performed by anyone other than the Supplier, as well as any claims due to the Customer’s possible liability to third parties; without prejudice to section 13.3. The Supplier is neither liable for any claims deriving from the Customer’s relationship with any third-party platform such as Atlassian where the Service was purchased or integrated with. 14.5. The Supplier’s total and aggregate liability under the Subscription Agreement regardless of the number of incidents, is limited to the amount paid by the Customer according to the Subscription Agreement during the twelve (12) months prior to the time the damage occurred. 14.6. The Customer shall, in order not to lose its right, submit a claim for compensation in writing no later than ninety (90) days after the Customer noticed, or should have noticed, the actual damage or loss, however in no case later than six (6) months from when the loss arose. 14.7. In case of a claim from a third-party, the party responsible for such claim shall indemnify and hold the other party harmless. 15. Force Majeure 15.1. Each party shall be relieved from liability for damages for a failure to perform any obligation under the Subscription Agreement to the extent that the due performance is prevented by reason of any circumstance beyond the control of the party. Such as internet limitation or slow connection, power outages, network intrusion, lawsuits, pandemics, labor disputes, loss of communications, mobilization or large-scale military recruits, ordinances, rationing of fuel, goods or energy, and defects and delays in deliveries from subcontractors caused by any party outside the party’s control provided that the other party is notified immediately. 15.2. The parties have the right to terminate the Subscription Agreement immediately if force majeure continues or will obviously continue for more than sixty (60) days. 16. Miscellaneous 16.1. The Supplier is entitled to assign subcontractors to accomplish its obligations under the Subscription Agreement. The Supplier is liable for the work of the subcontractors as well as its own. 16.2. The primary means of communication between the parties concerning the Service shall be the support portal . 16.3. The content of the Subscription Agreement and its appendices shall supersede all previous written or oral commitments and undertakings. 16.4. The documents described in the definition of the Subscription Agreement shall have mutual priority in the following order: (i) the Order Agreement, (ii) the Terms and (iii) any annexes. Any annexes shall have priority over each other in accordance with the order set out in the Order Agreement. 16.5. The Subscription Agreement may not be transferred to a third-party without the other party’s prior written consent. However, the parties are allowed to transfer the Subscription Agreement to companies within the same corporate group and in a situation of transferring the Supplier’s operation or a part thereof, the Supplier is admissible to transfer the Subscription Agreement to a third-party. 16.6. The failure of a party to exercise any right under the Subscription Agreement or the failure to point out any particular condition attributable to the Subscription Agreement shall not constitute a waiver by a party of such right. 16.7. The following sections apply even after the termination of the Subscription Agreement: 8 (Term and termination), 11 (Confidentiality), 13 (Intellectual Property Rights), 14 (Limitation of Liability), and 17 (Governing Law and Disputes). 17. Governing Law and Disputes 17.1. The Subscription Agreement shall be governed by and construed in accordance with the laws of Sweden. 17.2. Any dispute arising out of or in connection with the Subscription Agreement shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC Institute”). 17.3. The Rules for Expedited Arbitrations shall apply, unless the SCC Institute, considering the complexity of the case, the amount in dispute and other circumstances, determines, in its discretion, that the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce shall apply. In the latter case, the SCC Institute shall also decide whether the arbitral tribunal shall be composed of one or three arbitrators. 17.4. The place of arbitration shall be Malmö. The language of the proceedings shall be Swedish and Swedish law shall apply to the dispute. Regardless of what has just been said, the Supplier shall always have the right to apply for an injunction to payment or bring an action regarding non-payment in a general court. Definitions ”Customer” means the company specified in the Order Agreement as a customer or the person who otherwise agrees with the Supplier to use the Service. ”Customer Data” means any data that is provided to the Supplier by or on behalf of the Customer through the use of the Service. ”Documentation” any instruction or other documentation that the Supplier provides to the Customer at any time. “DPA” means the data processing agreement concluded between the parties. “End-Users” means the individual who uses the Service as part of the Customer’s Subscription Agreement. “Early Access” means a time limited period for which the parties have agreed that the Customer shall test new features or a beta version of the Service. The version of the Service used during Early Access is under ongoing development by the Supplier and therefore not complete or equivalent to the Service. “Order Agreement” means the contract between the Customer and the Supplier that includes Customer details and specific terms in relation to the Customer’s purchase of the Service or Subscription Agreement to use the Service. The Order Agreement may be constituted by a document signed by the Customer, an offer accepted by the Customer, an e-mail or a web form at the Supplier’s website where the Customer has provided its credentials and signed up to use the Service. “Service” means the products or services provided to the Customer according to the Subscription Agreement. “Subscription Term” means the term agreed upon in the Order Agreement. ”Subscription Agreement” means the contractual agreement between the parties no matter in what form, including the Order Agreement, these Terms, the DPA and any appendices mentioned in the Order Agreement, in the Terms or in the DPA. “Supplier” means the company providing the Service which the Customer has concluded the Subscription Agreement with. “Trial Period” means a time limited period for which the parties have agreed that the Customer is entitled to use the Service for the sole purpose of evaluation prior to purchase. Data Processing Agreement APPENDIX 2 Effective July 5, 2023 1. Background and Interpretation 1.1. The Supplier will upon performance of the Subscription Agreement when providing its Service process personal data on behalf of the Customer, in the capacity of the Customer’s processor. The Supplier will process personal data for which the Customer is the controller. 1.2. This Data Processing Agreement (the "DPA ") forms an integral part of the Subscription Agreement. The purpose of this DPA is to ensure a secure, correct and legal processing of personal data and to comply with applicable requirements for data processing agreements as well as to ensure adequate protection for the personal data processed within the scope of the Subscription Agreement. 1.3. Any terms used in this DPA, e.g. processing, personal data, data subjects, supervisory authority, etc., shall primarily have the meaning as stated in the European Parliament and the Council Regulation (EU) 2016/679 (the "GDPR ") and otherwise in accordance with the Subscription Agreement, unless otherwise clearly indicated by the circumstances. 1.4. In light of the above, the parties have agreed as follows: 2. Instructions and Responsibilities 2.1. The type of personal data and categories of data subjects processed by the Supplier under this DPA and the purpose, nature, duration, and objects of this processing, are described in the instructions on processing of personal data in Appendix 2A or the written instructions that the Customer provides from time to time. The Supplier shall not process additional categories of personal data or personal data in relation to other data subjects than those specified in Appendix 2A. 2.2. The Customer is responsible for complying with the GDPR. The Customer shall in particular: a) be a contact person towards data subjects and i.e. respond to their inquiries regarding the processing of personal data; b) ensure the lawfulness of the processing of personal data, provide information to data subjects pursuant to Articles 12-14 in the GDPR and maintain a record of processing activities under its responsibility; c) provide the Supplier with documented instructions for the Supplier’ processing of personal data, including instructions regarding the subject-matter, duration, nature and purpose of the processing as well as the type of personal data and categories of data subjects; d) immediately inform the Supplier of changes that affect the Supplier’s obligations under this DPA; e) immediately inform the Supplier if a third-party takes action or lodges a claim against the Customer as a result of the Supplier’s processing under this DPA; and f) immediately inform the Supplier if anyone else is a joint controller with the Customer of the relevant personal data. 2.3. When processing personal data, the Supplier shall: a) only process personal data in accordance with the Customer’s documented instructions, which at the time of the parties entering into this DPA are set out in Appendix 2A ; b) ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; c) maintain an adequate level of security for the personal data by implementing all technical and organizational measures set out in Article 32 of the GDPR in the manner set out in section 3 below; d) respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging a sub-processor; e) taking into account the nature of the processing, assist the Customer by appropriate technical and organizational measures, insofar as it is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR; f) assist the Customer in ensuring compliance with the obligations pursuant to Articles 32-36 of the GDPR, taking into account the nature of the processing and the information available to the Supplier; g) at the choice of the Customer, delete or return all the personal data to the Customer after the end of the Subscription Agreement, and delete existing copies, unless EU law or applicable national law of an EU Member State requires storage of the personal data; and h) make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 in the GDPR and this DPA and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor agreed upon by the parties. 2.4. The Supplier shall notify the Customer without undue delay, if, in the Supplier’s opinion, an instruction infringes the GDPR. In addition, the Supplier is to immediately inform the Customer of any changes affecting the Supplier’s obligations pursuant to this DPA. 3. Security 3.1. The Supplier shall implement technical and organisational security measures in order to protect the personal data against destruction, alteration, unauthorised disclosure and unauthorised access. The measures shall ensure a level of security that is appropriate considering the state of the art, the costs of implementation, the nature, scope, context and purpose of the processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. The Supplier may amend its technical and organisational measures. 3.2. The Supplier shall notify the Customer of accidental or unauthorised access to personal data or any other personal data breach without undue delay after becoming aware of such data breach and pursuant to Article 33 of the GDPR. Such notification shall not in any manner imply that the Supplier has committed any wrongful act or omission, or that the Supplier shall become liable for the personal data breach. 3.3. If the Customer during the term of this DPA requires that the Supplier takes additional security measures, the Supplier shall as far as possible meet such requirements provided that the Customer pays and takes responsibility for any and all costs associated with such additional measures. 4. Sub-processors and Transfers to Third Countries 4.1. The Customer hereby grants the Supplier with a general authorization to engage sub-processors. Sub-processors are listed in the list of sub-contractors in Appendix 2B . The Supplier shall enter into a data processing agreement with each sub-processor, according to which, the same data protection obligations as set out in this DPA, are imposed upon the sub-processor. 4.2. The Supplier shall inform the Customer of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Customer the opportunity to object to such changes. Such objection shall be made in writing and within thirty (30) calendar days after the Supplier has informed the Customer about the intended changes. If the Customer objects to the Supplier engaging a sub-processor and the parties cannot agree, within reasonable time, on the new sub-processor’s engagement in the processing of personal data, the Supplier can terminate the Subscription Agreement. 4.3. If the Supplier and/or sub-processors transfers personal data outside the EU/EEA, such transfer shall always comply with the applicable data protection requirements according to the GDPR and related data protection legislation. The Supplier shall keep the Customer informed about the legal grounds for the transfer. 4.4. The Customer is aware that, if they use the Service within a host product, the vendor of the host product (e.g. Atlassian or Microsoft) from time to time may update or change its data processing agreement, including but not limited to its list of used sub-processors or regarding transfers to third countries. The Customer acknowledges that the Supplier cannot control or impact any such update or change and that a change to such third party's data processing agreement, including any addition or change of a sub-processor, may be effective immediately. The Customer understands that it therefore will be practically impossible for the Customer to successfully object to such changes or updates and still continue to use the Service. 5. Compensation and Limitation of Liability 5.1. The Supplier is not entitled to any additional compensation for the processing of personal data in accordance with this DPA, instead the compensation provided pursuant to the Subscription Agreement also encompasses the measures in this DPA. 5.2. Each party shall be responsible for any damages and administrative fines imposed to it under articles 82 and/or 83 of the GDPR. 5.3. Notwithstanding any limitation of liability in the Subscription Agreement, each party’s liability under this DPA shall be limited to direct damages. In addition, the Supplier’s liability shall be limited to an amount corresponding to the fees paid by the Customer to the Supplier under the Subscription Agreement for a period of six (6) months before the damage occurred. 6. Term and Termination 6.1. This DPA becomes effective when the Subscription Agreement has been entered into. 6.2. Upon termination of the Subscription Agreement, the Supplier shall at the choice of the Customer, delete all the personal data or return it to the Customer, and ensure that each sub-processor does the same. 6.3. This DPA remains in force as long as the Supplier processes personal data on behalf of the Customer, including deletion or returning of personal data according to section 6.2 above. This DPA shall thereafter cease to apply. Sections 5 and 6.2 shall continue to apply even after this DPA has been terminated. APPENDIX 2A Instructions on Processing of Personal Data Purposes The Supplier processes personal data in order to fulfil the Subscription Agreement. This means that the Supplier processes personal data for the following purposes: Enabling subscription management, Provide the Service to End-Users, Provide products features of the Service to End-Users, Authenticate and authorize End-Users, and Handle customer support cases. Categories of personal data Categories of personal data that will be processed by the Supplier include: Name, E-mail address, Unique identifier of the device using the Service, and Information about how the Service is used, and Pseudonymized End-User data, such as ID. Categories of data subjects End-Users. Retention time Personal data gathered for the purposes of end user authentication and authorization or for providing the service and its features to End-Users will be kept for the duration of this Agreement and up to 90 days afterward to ensure smooth restoration of data if you return as a customer. Personal data gathered for the purpose of handling support cases is kept while the support matter is resolved and for up to 12 months thereafter. The retention of this data allows us to provide you with a history of reported issues from your account. Please note that we aim to delete sensitive attachments such as HAR files within three months of the closure of the support request. Requests from the Customer to delete specific End-User data early will be carried out whenever it is possible to do so without disrupting the ongoing provision of services to the Customer. Processing operations The Supplier process the personal data of End-Users in the following ways. All products: To provide information about End-User subscription utilization. To technically enable the Service to be used by End-Users. To enable product features, such as enabling sharing of protected content, including to develop and improve AI functionality in the Service. To provide customer support when the Customers open a support request via e-mail or via the Supplier’s support portal. ActionableAgile Analytics (SaaS): To authenticate and authorize users for the application. To identify active entitlement to support ActionableAgile for Azure DevOps: To authorize End-Users for the application. To identify active entitlement to support. Information Security Measures Security Practices Application-specific Data Security and Privacy Statements Security Advisories and related policy APPENDIX 2B Sub-Processors The tables below list sub-processors used by the Supplier for the specific purposes listed in this DPA. Specific information about what data is processed for these purposes and a full list of the Supplier’s sub-processors used for various purposes are described on the Supplier’s support portal. General sub-processors Name Purpose Location of processing Atlassian Corporation Plc (Jira Service Management) DPA | International Data Transfers The Customer and End-User support management service provider Europe.* * Customer Account data (name, email address) is stored across the Global AWS Regions. Read more RefinedWiki (Refined) DPA upon request Authentication and Request Management for our Customer support portal Europe Additional product-specific sub-processors ActionableAgile Analytics (analytics.actionableagile.com) Name Purpose Location of processing Amazon AWS DPA | Supplementary Addendum | UK Addendum Storage for configurations required for operation of applications or features; Handling data regarding subscription utilization by End-Users Europe (Stockholm) Google (Firebase) DPA Authentication and License authorization Europe ActionableAgile for Azure DevOps Name Purpose Location of Processing Amazon AWS DPA | Supplementary Addendum | UK Addendum License authorization; Storage for configurations required for operation of applications or features; Handling data regarding subscription utilization by End-Users Europe (Stockholm) Google (Firebase) DPA License authorization (data storage) Europe ActionableAgile for Jira Cloud Name Purpose Location of processing Amazon AWS DPA | Supplementary Addendum | UK Addendum Storage for configurations required for operation of applications or features Europe (Stockholm), Additional options for qualifying customers : - USA (Virginia) - Australia (Sydney) Klar for Jira Cloud Name Purpose Location of processing Atlassian Corporation Plc (Forge Platform) DPA | International Data Transfers Hosting Platform used for Customer Data Storage; Handling data regarding subscription utilization by End-Users USA Portfolio Forecaster for Jira Cloud Name Purpose Location of processing Amazon AWS DPA | Supplementary Addendum | UK Addendum Storage for configurations required for operation of applications or features; Handling data regarding subscription utilization by End-Users Europe (Stockholm) Terms Definitions Subprocessors DPA Instructions

The privacy policy relevant to those providing goods and services to 55 Degrees. Legal Agreements Cloud Products On-Prem Subscription Products On-Premise Perpetual Products Privacy Cookie Policy for Apps Privacy Statement Privacy: Customer Employees Privacy: Marketing Privacy: Websites Privacy: Questions, Complaints... Privacy: Suppliers Terms of Use Website Terms Community Terms Archives Privacy Policy If you represent a supplier If you represent a supplier to 55 Degrees AB (”55 Degrees ”, “we ”,” our ” and ”us ”) we at 55 Degrees will process your personal data if you are stated as the contact person for your company or if you in other ways are in contact with us as representative of one of our suppliers. In this privacy policy, you find information about when that is the case, how we process your personal data, and what rights you have when it comes to this data processing. Our goal is to be as transparent as possible regarding our processing of your personal data – do not hesitate to contact us with any questions you have! In short We process your personal data as necessary to: - enter into an agreement with your company and administrate our relationship, and - when relevant, comply with accounting legislation. Here you can find all our privacy policies which describe how we process personal data in other situations, e.g., if you visit our website or otherwise are in contact with us. Your rights Below you find a detailed description of your rights and how to exercise them. In summary, you have the following rights: the right to lodge a complaint with a supervisory authority, the right to access what personal data we process about you, the right to object to our processing, the right to erasure of the personal data we process, the right to rectification of any personal data that is inaccurate, and the right to restrict our processing. Below you can read more about: You will be moved to the relevant paragraph by pressing the selected heading. Who is responsible, and how to contact us? Detailed description of how we process your personal data To enter into an agreement with your company and administer our relationship To comply with accounting legislation Who can gain access to your personal data and why? Where is your personal data processed? What are your rights when we process your personal data? Detailed description When we refer to “your company” in this privacy policy, we refer to your employer or the organisation or public body that you represent. Who is responsible, and how to contact us? We at 55 Degrees are generally processing personal data on the instructions of our customers, i.e. as processors. In some situations, we are, however ourselves responsible for the processing of your personal data and acting as controllers. These situations are explained in the charts below. If you have any questions or if you wish to exercise any of your rights, we are available at: Full name of legal entity: 55 Degrees AB (organization number 559201-6843) E-mail address: privacy@55degrees.se Mailing address: Lilla Nygatan 7, 211 38 Malmö, Sweden A detailed description of how we process your personal data We collect your personal data directly from you. We may also collect your personal data from your company, if they state you as their representative. To enter into an agreement with your company and administer our relationship What processing do we perform? Enter into an agreement with your company, including any negotiation between the companies Administrate our relationship with your company (e.g. communicate with our supplier) What personal data do we process? Information you or your company provide to us, e.g. name, information about which organisation you represent, position in your company, telephone number, and e-mail address Our legal basis for the processing Legitimate interest Your personal data will be processed based on our legitimate interest to negotiate and enter into an agreement with your company and to administrate the agreement. By carrying out a balancing of interests assessment concerning our processing of your personal data, we have concluded that our legitimate interest in the processing outweighs your interests or rights, which require the protection of your personal data. If you want more information in relation to our balancing of interests assessments, please do not hesitate to contact us. Our contact details can be found at the beginning of this privacy policy. Storage period Your personal data will be deleted if we conclude that we will not enter into an agreement with your company. If your company becomes our supplier, we will store your personal data for this purpose as long as the company you represent is our supplier and until we have evaluated our previous partnership and potential future partnership and up to six months afterward. If we receive information that you no longer represent the company, we will delete your personal data unless your data is included in email communication, agreements, and similar documentation, which we cannot delete – in case of a dispute. To comply with accounting legislation What processing do we perform? Store information in accounting material when relevant What personal data do we process? Name, history regarding payments made, and other information that constitutes accounting records Our legal basis for the processing Legal obligation The processing is necessary to comply with legal obligations to which we are subject, i.e., accounting legislation. You need to provide us with this information. Otherwise, we will not be able to administrate our relationship with your company. Storage period We will store any document constituting accounting material and the personal data included therein according to the storage period stated in the accounting legislation. In Sweden, this means that we will store your personal data for seven to eight years, i.e., until and including the seventh year after the end of the calendar year for the fiscal year to which the personal data relates. Who can gain access to your personal data and why? We do not sell your personal data or share it with other parties unless it is necessary. This means that your personal data will be handled by our employees but only by the personnel needing such access to conduct their work. We will store your personal data, anonymised when possible, within our IT systems to ensure good and secure IT operations. This means that we share your personal data with our IT suppliers . We will store your personal data within our accounting systems to ensure good and secure financial operations relating to our suppliers. This means that we share your personal data with our accounting suppliers . The above parties will process these on our behalf and following our instructions. We need to work with third parties to conduct our business. We are responsible for any sharing of your personal data to such suppliers and to ensure that your personal data is safe when shared with third parties. For more detailed information on our suppliers and the information we store with them, please visit our supplier page located at https://support.55degrees.se/space/SECURE/2014216193 . Where is your personal data processed ? We use EU/EEA vendors that store data in the EU/EEA when possible. However, when we must use suppliers outside of the EU/EEA, your personal data will, in most cases, be processed outside the EU/EEA. These are the cases in which we transfer your data outside of the EU/EEA: When you book a meeting with us, we gather your personal data as a meeting attendee, e.g., your e-mail address. This information about you is entered by you or the company you represent into Calendly, a service that stores data in the USA. When you attend a virtual meeting with us, we store your personal data as a meeting attendee, e.g., your name and e-mail address. This information is stored in Zoom or Microsoft Teams, which store data in the USA. In the above situations, our suppliers and we rely on Standard Contractual Clauses for the transfer of personal data outside of the EU/EEA. The use of Standard Contractual Clauses is an effort to provide a safe transfer of your personal data. You find a more detailed description of the transfer of personal data at https://support.55degrees.se/space/SECURE/2014216193 . If you want to know more about whom we share your personal data with and how your personal data is transferred, please contact us. Our contact information can be found at the beginning of this privacy policy. What are your rights when we process your personal data? Detailed description You have certain rights that you can exercise to affect how we process your personal data. You can read a more detailed description of what those rights are below. If you want to know more about your rights or if you want to exercise any of your rights, please contact us, and we will help you. Right to lodge a complaint with a supervisory authority (Article 77 GDPR) You have the right to lodge a complaint with a supervisory authority. The supervisory authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, the IMY). In detail: Your right to complain exists without prejudice to any other administrative or judicial remedy. You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place where the alleged infringement of applicable data protection laws has allegedly occurred. The supervisory authority has an obligation of informing you of the progress and the outcome of the complaint, including the possibility of a judicial remedy. Right to access (Article 15 GDPR) You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we process your personal data, you also have a right to obtain a copy of the personal data processed by us and information about our processing of your personal data. In detail. The information we provide includes the following: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing, the right to lodge a complaint with a supervisory authority, if the personal data are not collected from you, we provide you with available information about the source of the personal data; the existence of automated decision-making, including profiling, referred to in Articles 22.1 and 22.4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the predicted consequences of such processing; and where your personal data are transferred to a third country or to an international organization, you have the right to information regarding the appropriate safeguards, pursuant to Article 46 GDPR, put in place for the transfer. For any further copies of the personal data undergoing processing requested by you, we may charge a reasonable fee based on administrative costs. If you have made the request by electronic means, the information will be provided in a commonly used electronic form unless otherwise requested by you. Your right to obtain a copy referred to above shall not adversely affect the rights and freedoms of others. Right to object (Article 21 GDPR) You have the right to object to our processing of your personal data at any time. In detail: Your right to object applies as follows: You have the right to object, on grounds relating to your particular situation, at any time to the process ing of your personal data, which is based on our legitimate interest, i.e., Article 6.1 f GDPR. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications. Right to erasure (“the right to be forgotten”) (Article 17 GDPR) You have the right to ask us to erase your personal data. In detail. We are obligated to erase your personal data without undue delay if: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, you object to the processing pursuant to Article 21.1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21.2 GDPR, the personal data have been unlawfully processed, or the personal data must be erased to comply with a legal obligation in Union or Member State law that applies to us. Where we have made the personal data public and are obliged in accordance with the rights stated above to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. We will notify any erasure of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided to unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us . Please note that our obligation to erase and inform according to the above shall not apply to the extent processing is necessary: for exercising the right of freedom of expression and information, for compliance with a legal obligation that requires processing by Union or Member State law that applies to us, or for the establishment, exercise, or defense of legal claims. Right to rectification of processing (Article 16 GDPR) You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you. In detail: Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. We will communicate any rectification of personal data to each recipient to whom the personal data have been provided unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us. Right to restriction of processing (Article 18 GDPR) You have the right to obtain from us restrictions on the processing of your personal data. In detail: Your right applies if: the accuracy of the personal data is contested by you, during a period enabling us to verify the accuracy of the personal data, you have objected to processing pursuant to Article 21.1 GDPR pending the verification of whether our legitimate grounds override yours, the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use, or you need the personal data for the establishment, exercise, or defense of legal claims even though we no longer need the personal data for the purposes of the processing. Where the processing has been restricted according to the above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will notify you before the restriction of the processing is lifted. We will also communicate any restriction of processing of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided to, unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us responsible description access where rights rights-complaint rights-access rights-object rights-erasure rights-rectify rights-restrict enter-agreement comply This privacy policy was adopted on January 16, 2023.

This policy informs you about how we process your personal data when you receive our surveys, newsletters, or other marketing and what rights you have regarding this data processing. Legal Agreements Cloud Products On-Prem Subscription Products On-Premise Perpetual Products Privacy Cookie Policy for Apps Privacy Statement Privacy: Customer Employees Privacy: Marketing Privacy: Websites Privacy: Questions, Complaints... Privacy: Suppliers Terms of Use Website Terms Community Terms Archives Privacy Policy If you receive our surveys, newsletters, or other marketing We at 55 Degrees AB (" 55 Degrees ", "we "," our ", and" us ") care about your privacy and want you to feel safe when we process your personal data. In this privacy policy, we want to inform you about how we process your personal data when you receive our surveys, newsletters, or other marketing and what rights you have regarding this data processing. Our goal is to be as transparent as possible regarding our processing of your personal data – do not hesitate to contact us with any questions you have! In short When you subscribe to our newsletters, we process your personal data as necessary to: - send surveys, newsletters, and other marketing to existing customers/attendees , - send newsletters to you, - send newsletters and other marketing to potential customers , and - analyze how you use our newsletters (e.g., what you click on) to improve and develop the newsletters we send. If you unsubscribe from receiving our newsletters, we keep track of your wish in an “unsubscribe list ” to avoid sending you any marketing material. Below you will find information about the processing and storage time of your personal data that we at 55 Degrees are responsible for when you subscribe to our newsletters. Here you can find all our privacy policies which describe how we process personal data in other situations, e.g., if you work for a company that is a customer of 55 Degrees, if you visit our website, or if you are otherwise in contact with us. Your rights Below you will find a detailed description of your rights and how to exercise them. In summary, you have the following rights: the right to lodge a complaint with a supervisory authority, the right to withdraw your consent to our processing , the right to access what personal data we process about you, the right to object to our processing, the right to erasure of the personal data we process, the right to rectification of any personal data that is inaccurate, the right to restrict our processing, and the right to data portability . If you have any questions about your rights or want to exercise any of your rights, you are more than welcome to contact us. Below you can read more about: By pressing the selected heading, you will be moved to the relevant paragraph. Who is responsible and how to contact us? A detailed description of how we process your personal data Who can gain access to your personal data and why? What are your rights when we process your personal data? Detailed description Balancing of interests assessments when processing personal data based on the legal basis of “legitimate interests” When we refer to "your company" in this privacy policy, we refer to your employer or the organization or public body that you represent. Who is responsible, and how to contact us? We at 55 Degrees are generally processing personal data on the instructions of our customers, i.e., as processors. When you receive our surveys, newsletters, or other marketing, it is 55 Degrees AB that is responsible for the processing of your personal data. If you have any questions or if you wish to exercise any of your rights, we are available at: Full name of legal entity: 55 Degrees AB (organization number 559201-6843) E-mail address: privacy@55degrees.se Mailing address: Lilla Nygatan 7, 211 38 Malmö, Sweden A detailed description of how we process your personal data Below you will find a detailed description of how we process your personal data. We gather your personal data directly from you and provide some personal data ourselves by analyzing how you use our newsletters. To send surveys, newsletters and other marketing to existing customers/attendees What processing we perform Send information about news and marketing so you can keep up with updates on services and workshops ("newsletters"). Send follow-up e-mails and evaluation requests regarding our services/workshop ("surveys"). Administer survey answers. In our privacy policy for customers , you will find more information about how we process your personal data when your company uses our services and when you attend a workshop. What personal data we process Your name E-mail address Our legal basis for the processing: Legitimate interest (Article 6.1.f GDPR) Your personal data will be processed based on our legitimate interest to contact and send newsletters and surveys to representatives of customers Storage period: If you have attended a workshop, we may contact you for up to 12 months after the completion of the workshop. Otherwise, you continue to receive e-mails for as long as you are a customer. If you unsubscribe or object from receiving our e-mails, we keep track of this in our “unsubscribe-list” to avoid sending you any further marketing material. If you answer a survey, we will store the result for 12 months after you answer it. We will delete your personal data if you ask us to and stop sending you evaluations if you object to receiving them. To send newsletters to subscribers What processing we perform Send information about news and marketing for you to keep up with updates on produ cts, services, and community events (“newsletters”). We send newsletters to those who have chosen to subscribe to our newsletters. What personal data we process Your name if you have chosen to provide it to us E-mail address The list of subscriptions you have chosen Our legal basis for the processing: Consent (Article 6.1.a GDPR) We collect your consent to send newsletters to you. You can withdraw your consent and object to our marketing at any time. Storage period: You continue to receive e-mails until you choose to unsubscribe. If you unsubscribe or object from receiving our e-mails, we keep track of this in our “unsubscribe-list” to avoid sending you any further marketing material. To send newsletters to potential customers What processing we perform Contact and send marketing about our services and workshops to you who are working at a company which is a potential customer to us. What personal data we process Your name E-mail address Position and information about the company that you work for Information about you e.g. from the website of your company Information from you, e.g. via e-mail Our legal basis for the processing: Legitimate interest (Article 6.1.f GDPR) Your personal data will be processed based on our legitimate interest to contact and send marketing to representatives of potential customers Storage period: If you are a potential customer with no previous contact with us, we process your personal data for 6 months from when we collected the personal data if we do not have any continued contact with you. If you unsubscribe or object from receiving our e-mails, we keep track of this in our “unsubscribe-list” to avoid sending you any further marketing material. To improve and develop the e-mails we send What processing we perform Improve and develop the newsletters we send by analyzing how you open them and what you click on in the newsletter. We do this with the help of our service provider Sendinblue. Do you want to know more about this type of analysis? Please contact us. What personal data we process Information about how you open our newsletters and what you click on Information about your device IP-address Information about when and where you started subscribing to our newsletters Our legal basis for the processing: Legitimate interest (Article 6.1.f GDPR) Your personal data will be processed based on our legitimate interest to improve and develop our newsletters and marketing Storage period: We continue to improve and develop our newsletters for as long as you receive them. Thereafter we anonymize the information we have gathered If you object to receiving marketing from us We will store information about you if you choose to object to receiving marketing from us. We have received the information from you. To comply with marketing legislation What processing we perform If you have stated that you do not wish to receive marketing from us, we will store such information in an “unsubscribe list” to make sure we do not send any marketing to you. What personal data we process Name E-mail address Our legal basis for the processing: Legal obligation (Article 6.1.c GDPR) The processing is necessary to comply with legal obligations which we are subject to, i.e., marketing law, which requires us not to send marketing material to individuals who have objected to receiving such marketing. We cannot make sure you will not receive marketing from us without processing your personal data for this purpose, and you are therefore required to provide your personal data to us. Storage period: You will be listed in our “unsubscribe list” until further notice. Who can gain access to your personal data and why? We do not sell your personal data or share it with other parties unless necessary. This means that your personal data will be handled by our employees but only by the personnel needing such access to conduct their work. We need to work with third parties to conduct our business. To be able to send surveys, newsletters, and other marketing in an efficient way, we use the newsletter provider Sendinblue which will process your personal data on our behalf and follow our instructions. This means that we are responsible for any sharing of your personal data with such suppliers and to ensure that your personal data is safe when shared with third parties. We do not transfer your personal data outside of the EU/EEA. What are your rights when we process your personal data? Detailed description You have certain rights that you can exercise to affect how we process your personal data. You can read a more detailed description of what those rights are below. If you want to know more about your rights or if you want to exercise any of your rights, please contact us, and we will help you. Right to lodge a complaint with a supervisory authority (Article 77 GDPR) You have the right to lodge a complaint with a supervisory authority. The supervisory authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, the IMY). In detail: Your right to complain exists without prejudice to any other administrative or judicial remedy. You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place where the alleged infringement of applicable data protection laws has allegedly occurred. The supervisory authority has an obligation of informing you of the progress and the outcome of the complaint, including the possibility of a judicial remedy. Right to withdraw consent (Article 7.3 GDPR) You have the right to withdraw your consent at any time by contacting us. In detail: The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Right to access (Article 15 GDPR) You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we do process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about our processing of your personal data. In detail. The information we provide includes the following: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing, the right to lodge a complaint with a supervisory authority, if the personal data are not collected from you, we provide you with available information about the source of the personal data; the existence of automated decision-making, including profiling, referred to in Articles 22.1 and 22.4 GDPR and, in those cases, meaningful information about the logic involved, as well as the significance and the predicted consequences of such processing; and where your personal data are transferred to a third country or to an international organization, you have the right to information regarding the appropriate safeguards, pursuant to Article 46 GDPR, put in place for the transfer. For any further copies of the personal data undergoing processing requested by you, we may charge a reasonable fee based on administrative costs. If you have made the request by electronic means the information will be provided to you in a commonly used electronic form, unless otherwise requested by you. Your right to obtain a copy referred to above shall not adversely affect the rights and freedoms of others. Right to object (Article 21 GDPR) You have the right to object to our processing of your personal data at any time. In detail: Your right to object applies as follows: Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, you have an unconditional right to have the processing of your personal data for such purposes ceased. In the context of the use of information society services, and regardless of Directive 2002/58/EC (ePrivacy Directive, or ePD), you may exercise your right to object by automated means using technical specifications Right to erasure (“the right to be forgotten”) (Article 17 GDPR) You have the right to ask us to erase your personal data. In detail. We are obligated to erase your personal data without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, you withdraw your consent on which the processing is based, and there is no other legal ground for the processing, the personal data have been unlawfully processed, or the personal data have to be erased for compliance with a legal obligation in Union or Member State law that applies to us. We will notify any erasure of personal data carried out in accordance with your rights stated above to each recipient to whom the personal data have been provided to unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us. Please note that our obligation to erase and inform according to the above shall not apply to the extent processing is necessary: for exercising the right of freedom of expression and information, for compliance with a legal obligation that requires processing by Union or Member State law that applies to us, or for the establishment, exercise, or defence of legal claims. Right to rectification of processing (Article 16 GDPR) You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you. In detail: Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. We will communicate any rectification of personal data to each recipient to whom the personal data have been provided unless this proves impossible or involves disproportionate effort. If you want information about those recipients, you are more than welcome to contact us. Right to restriction of processing (Article 18 GDPR) You have the right to obtain from us restrictions on the processing of your personal data. In detail: Your right applies if: the accuracy of the personal data is contested by you, during a period enabling us to verify the accuracy of the personal data, the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use, or you need the personal data for the establishment, exercise, or defence of legal claims even though we no longer need the personal data for the purposes of processing. Where the processing has been restricted according to above, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will notify each recipient to whom the personal data has been provided about any restriction of processing according to above, if this do not occur to be impossible or entails a disproportionate effort. If you want more information about these recipients, you are welcome to contact us Right to data portability (Article 20 GDPR) You have the right to receive your personal data (that you have provided to us) from us in a structured, commonly used and machine-readable format and, where technically feasible, have your personal data transferred to another data controller (“data portability”). In detail: The right applies if: the processing is based on the lawful basis consent, and the processing is carried out by automated means. The exercise of the right to data portability shall be without prejudice to the right to erasure, i.e. Article 17. Your right to data portability shall not adversely affect the rights and freedoms of others. Balancing of interests assessments when processing personal data based on the legal basis of “legitimate interests” As we state above, for some purposes, we process your personal data based on our “legitimate interest.” By carrying out a balancing of interests assessment concerning our processing of your personal data, we have concluded that our legitimate interest in the processing outweighs your interests or rights, which require the protection of your personal data. If you want more information in relation to our balancing of interests assessments, please do not hesitate to contact us. Our contact information can be found at the beginning of this privacy policy. This privacy policy was adopted on February 16, 2023. responsible description access where rights rights-complaint rights-access rights-object rights-erasure rights-rectify rights-restrict rights-withdraw portability send-subscribers improve-emails comply interests send-potential-customers send-existing-customers

This document outlines the data processing agreement for purchasers of 55 Degrees On-Premise products sold with a perpetual license. Legal Customer Agreements Cloud Subscriptions On-Prem Subscriptions On-Prem Perpetual Privacy Statement & Policies Community Terms of Use Website Terms of Use Archives Download Available Click the icon to download a PDF of this page. Appendix 1 Data Processing Agreement for On-Premise Perpetual Products Effective November 21, 2022 1. Background and Interpretation 1.1. The Supplier will, upon performance of the Agreement when providing its Product, process personal data on behalf of the Customer, in the capacity of the Customer’s processor. The Supplier will process personal data for which the Customer is the controller. 1.2. This Data Processing Agreement (the “DPA ”) forms an integral part of the Agreement. The purpose of this DPA is to ensure a secure, correct, and legal processing of personal data and to comply with applicable requirements for data processing agreements as well as to ensure adequate protection for the personal data processed within the scope of the Agreement. 1.3. Any terms used in this DPA, e.g. processing, personal data, data subjects, supervisory authority, etc., shall primarily have the meaning as stated in the European Parliament and the Council Regulation (EU) 2016/679 (the “GDPR “) and otherwise in accordance with the Agreement, unless otherwise clearly indicated by the circumstances. 1.4. In light of the above, the Parties have agreed as follows: 2. Instructions and Responsibilities 2.1. The type of personal data and categories of data subjects processed by the Supplier under this DPA and the purpose, nature, duration, and objects of this processing, are described in the instructions on the processing of personal data in Appendix 1A or the written instructions that Customer provides from time to time. The Supplier shall not process additional categories of personal data or personal data in relation to other data subjects than those specified in Appendix 1A . 2.2. Customer is responsible for complying with the GDPR. Customer shall in particular: a) be the point of contact towards data subjects and i.e. respond to their inquiries regarding the processing of personal data; b) ensure the lawfulness of the processing of personal data, provide information to data subjects pursuant to Articles 12-14 in the GDPR, and maintain a record of processing activities under its responsibility; c) provide the Supplier with documented instructions for the Supplier’s processing of personal data, including instructions regarding the subject matter, duration, nature, and purpose of the processing as well as the type of personal data and categories of data subjects; d) immediately inform the Supplier of changes that affect the Supplier’s obligations under this DPA; e) immediately inform the Supplier if a third party takes action or lodges a claim against the Customer as a result of the Supplier’s processing under this DPA; and f) immediately inform the Supplier if anyone else is a joint controller with the Customer of the relevant personal data. 2.3. When processing personal data, the Supplier shall: a) only process personal data in accordance with Customer’s documented instructions, which at the time of the Parties entering into this DPA are set out in Appendix 1A; b) ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; c) maintain an adequate level of security for personal data by implementing all technical and organizational measures set out in Article 32 of the GDPR in the manner set out in section 3 below; d) respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging a sub-processor; e) taking into account the nature of the processing, assist Customer by appropriate technical and organizational measures, insofar as it is possible, for the fulfillment of Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR; f) assist Customer in ensuring compliance with the obligations pursuant to Articles 32-36 of the GDPR, taking into account the nature of the processing and the information available to the Supplier; g) at the choice of Customer, delete or return all the personal data to Customer after the end of the Agreement, and delete existing copies, unless EU law or applicable national law of an EU Member State requires the storage of the personal data; and h) make available to Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 in the GDPR and this DPA and allow for and contribute to audits, including inspections, conducted by Customer or another auditor agreed upon by the Parties. 2.4. The Supplier shall notify the Customer without undue delay, if, in the Supplier’s opinion, an instruction infringes the GDPR. In addition, the Supplier is to immediately inform the Customer of any changes affecting the Supplier’s obligations pursuant to this DPA. 3. Security 3.1. The Supplier shall implement technical and organisational security measures in order to protect personal data against destruction, alteration, unauthorised disclosure, and unauthorised access. The measures shall ensure a level of security that is appropriate considering the state of the art, the costs of implementation, the nature, scope, context, and purpose of the processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. The Supplier may amend its technical and organisational measures. 3.2. The Supplier shall notify Customer of accidental or unauthorised access to personal data or any other personal data breach without undue delay after becoming aware of such data breach and pursuant to Article 33 of the GDPR. Such notification shall not in any manner imply that the Supplier has committed any wrongful act or omission, or that the Supplier shall become liable for the personal data breach. 3.3. If the Customer, during the term of this DPA, requires that the Supplier take additional security measures, the Supplier shall as far as possible meet such requirements provided that the Customer pays and takes responsibility for any and all costs associated with such additional measures. 4. Sub-processors and Transform to Third Countries 4.1. Customer hereby grants the Supplier with a general authorisation to engage sub-processors. Sub-processors are listed in the list of sub-contractors in Appendix 1B . The Supplier shall enter into a data processing agreement with each sub-processor, according to which, the same data protection obligations as set out in this DPA, are imposed upon the sub-processor. 4.2. The Supplier shall inform Customer of any intended changes concerning the addition or replacement of sub-processors, thereby giving Customer the opportunity to object to such changes. Such objection shall be made in writing and within thirty (30) calendar days after the Supplier has informed Customer about the intended changes. If Customer objects to the Supplier engaging a sub-processor and the Parties cannot agree, within a reasonable time, on the new sub-processor’s engagement in the processing of personal data, the Supplier can terminate the Agreement. 4.3. If the Supplier and/or sub-processors transfers personal data outside the EU/EEA, such transfer shall always comply with the applicable data protection requirements according to the GDPR and related data protection legislation. The Supplier shall keep Customer informed about the legal grounds for the transfer. 5. Compensation and Limitation of Liability 5.1. The Supplier is not entitled to any additional compensation for the processing of personal data in accordance with this DPA, instead the compensation provided pursuant to the Agreement also encompasses the measures in this DPA. 5.2. Each Party shall be responsible for any damages and administrative fines imposed to it under articles 82 and/or 83 of the GDPR. 5.3. Notwithstanding any limitation of liability in the Agreement, each Party’s liability under this DPA shall be limited to direct damages. In addition, the Supplier's liability shall be limited to an amount corresponding to the fees paid by the Customer to the Supplier under the Agreement for a period of six (6) months before the damage occurred. 6. Term and Termination 6.1. This DPA becomes effective when the Agreement has been entered into. 6.2. Upon termination of the Agreement, the Supplier shall at the choice of Customer, delete all the personal data or return it to Customer, and ensure that each sub-processor does the same. 6.3. This DPA remains in force as long as the Supplier processes personal data on behalf of Customer, including deletion or returning of personal data according to section 6.2 above. This DPA shall thereafter cease to apply. Sections 5 and 6.2 shall continue to apply even after this DPA has been terminated. 7. Changes 7.1. If provisions of the GDPR change or if a supervisory authority issues guidelines, decisions or regulations regarding the application of the GDPR during the term of this DPA, with the result that this DPA does not meet the requirements for a data processing agreement, the Parties shall change this DPA to meet the requirements. 7.2. Any other changes to this DPA than following from section 7.1 above or changes in Customer’s documented instructions, shall be made in writing and signed by the Parties’ authorized representatives, to be binding. 8. Miscellaneous 8.1. In the event of deviating provisions between the Agreement and this DPA, the provisions of this DPA shall prevail with regard to processing of personal data and nothing in the Agreement shall be deemed to restrict or modify obligations set out in this DPA, notwithstanding anything to the contrary in the Agreement. 8.2 . This DPA supersedes and replaces all data processing agreements between the Parties potentially existing prior to this DPA. APPENDIX 1A Instructions on Processing of Personal Data Purposes The Supplier processes personal data in order to fulfil the Agreement. This means that the Supplier processes personal data for the following purposes: To handle customer support cases, To work with key End-Users designated by the Customer for purposes of the customer success program. This program is available to opt-in to for certain customer accounts Categories of personal data Categories of personal data that will be processed by the Supplier include: Name, E-mail address, Role in organisation, and Information about how the Product is used provided by the Customer for the purposes of support and customer success. Categories of data subjects End-Users. Retention time The personal data will be processed for as long as the End-User continues to actively use the Service and for twelve (12) months thereafter if the End-User has provided information about which Customer they are associated with. Processing operations The Supplier process the personal data of End-Users in the following ways. The End-User’s name and e-mail address, as well as contextual information provided by the End-User, is collected in order to provide customer support when customers open a support request via e-mail or via the Supplier’s support portal. The name and e-mail address regarding key End-Users designated by the Customer may be stored in the Supplier’ CRM system by Customer Success Specialists to support activities related to the customer success program.. Information Security Measures The Supplier Security Practices Application-specific Data Security and Privacy Statements Security Advisories and related policy APPENDIX 1B Sub-Processors No sub-processors are involved in your regular usage of our On-Premise applications. However, we do rely on sub-processors to support your end-users' ability to get value out of your purchase via our Customer Support and Customer Success functions. In the table below you can see exactly which purposes we utilize sub-processors for end-users of any of our On-Premise applications. Please see our sub-processors page to find links to related documents such as DPAs for the sub-processors above as well as a full list of the subprocessors that process personal data, even those that aren't relevant to this DPA. Appendix2B Appendix2A

Legal Agreements Cloud Products On-Prem Subscription Products On-Premise Perpetual Products Privacy Cookie Policy for Apps Privacy Statement Privacy: Customer Employees Privacy: Marketing Privacy: Websites Privacy: Questions, Complaints... Privacy: Suppliers Terms of Use Website Terms Community Terms Archives Website Terms of Use Welcome to this 55 Degrees Web site (the "Site"), one of the Web sites provided by 55 Degrees AB ("55 Degrees AB") or ActionableAgile Software AB (“ActionableAgile”), a child company of 55 Degrees. Collectively these companies are referred to in this user agreement (the "Agreement") as (“55 Degrees,” "we," or "us"). Portions of the Site may be hosted by our affiliated companies or by other companies with which we have service agreements. This Agreement is a legal contract. By using this Site, you agree to be bound by all of the terms of this Agreement. Please read this Agreement carefully before using this service. This Agreement applies to all usage of any part of the Site. We may restrict, suspend, or revoke your registration or ability to access or use the Site, or any affiliated site, with or without prior notice, if you violate this Agreement. General We reserve the right to change the terms of this Agreement or to modify any features of this Site at any time, so we encourage you to review the Agreement periodically before using the Site. The most current version of the Agreement can be viewed by clicking on the "Terms of Use" link at the bottom of any page in the Site. By continuing to use this Site after the posting of any changes, you agree to be bound by such changes. You are also required to comply with all applicable laws in connection with your access to and use of the Site and such further limitations as may be set forth in any subsequent notice from 55 Degrees. As a condition of your access and use of the Site, you warrant that you will not use the Site for any purpose that is unlawful or prohibited by the Agreement. The Site is intended for the use of adults 18 years or older. You agree to provide accurate, current, and complete information about yourself as requested or directed on the Site, and to promptly update this information to maintain its accuracy. Trademarks and Copyrights All rights in the product names, company names, trade names, logos, product packaging, and designs of all 55 Degrees, or third-party products or services, whether or not appearing in large print or with the trademark symbol, belong exclusively to us or to their respective owners, and are protected from reproduction, imitation, dilution, or confusing or misleading uses under national and international trademark and copyright laws. The use or misuse of these trademarks or any materials, except as permitted herein, is expressly prohibited, and nothing stated or implied on the Site confers on you any license or right under any patent or trademark of 55 Degrees, or any third party. Unauthorized use or distribution of any material from this site may be subject to civil as well as criminal sanctions under the applicable laws. 55 Degrees will enforce its Intellectual Property Rights to the fullest extent. If you wish to use any content for any other reason, you must request and obtain written permission in advance through emailing 55 Degrees at support@55degrees.se . Notice of Copyright Infringement Just as we require users to respect our copyrights and those of our affiliates and partners, we respect the copyrights of others. If you believe in good faith that your copyrighted work has been reproduced on or linked from our site without authorization in a way that constitutes copyright infringement, please provide our designated copyright agent with the following information: Identification of the copyrighted work claimed to have been infringed Identification of the allegedly infringing material on the Site that is requested to be removed Your name, address, and daytime telephone number, and an e-mail address if available, so that we may contact you if necessary A statement that you have a good-faith belief that the use of the copyrighted work is not authorized by the copyright owner, its agent, or the law A statement that the information in the notification is accurate, and under penalty of perjury, that the signatory is authorized to act on behalf of the owner of an exclusive copyright right that is allegedly infringed An electronic or physical signature of the copyright owner or someone authorized on the owner's behalf to assert infringement of copyright and to submit the statement Our copyright agent for notice of claims of infringement on the Site: 55 Degrees AB ℅ Copyrights Lilla Nygatan 7 211 38 Malmö Sweden Email: support@55degrees.se Upon receipt of such a notice of claimed infringement, we will act expeditiously to remove or disable access to any content that is claimed to be infringing upon the copyright of any person under the laws of the Sweden or the European Union, and will terminate the Site privileges of those who repeatedly infringe on the copyright of others. Privacy Your use of the Site is governed by our Privacy Policy . By using the Site, you indicate that you understand and agree to the practices described. Prohibited Conduct By using the Site, you agree not to do the following: Delete or revise any material or other information of any other user, 55 Degrees, or any third party Harvest or otherwise collect information about others, including e-mail addresses, without their consent Take any action that imposes an unreasonable or disproportionately large load on the Site's infrastructure Use any device, software, or routine to interfere or attempt to interfere with the proper working of the Site or any activity conducted on the Site Use or attempt to use any engine, software, tool, agent or other device or mechanism (including, without limitation, browsers, spiders, robots, avatars or intelligent agents) to navigate or search the Site other than the search engine and search agents available on the Site and other than generally available third-party Web browsers Attempt to decipher, decompile, disassemble, or reverse-engineer any of the software comprising or in any way making up a part of the Site Engage in any conduct that restricts or inhibits any other person from using or enjoying the Site, or which, in our judgment, exposes us or any of our users, customers, or suppliers to any liability or detriment of any type Take any action that could endanger or cause damage to us, other users of the Site, or other third parties Accessing data not intended for you or logging into a server or account that you are not authorized to access; Attempting to probe, scan, or test the vulnerability of a system or network or to breach security or authentication measures without proper authorization; Attempting to interfere with service to any user, host, or network, including, without limitation, by way of submitting a virus to, or overloading, "flooding", "spamming", "mailbombing" or "crashing", the Site; Sending unsolicited e-mail, including promotions and/or advertising of products or services, to or through the Site or with reference to us or the Site; or Forging any TCP/IP packet header or any part of the header information in any e-mail or posting. You further agree not to violate or attempt to violate the security of the Site, including, without limitation: Violations of system or network security may result in civil or criminal liability. In accordance with this Agreement, we may investigate and work with law enforcement authorities to prosecute users who are involved in such violations. Links We may, as a convenience to users, provide links to third-party content and other Web sites on or through the Site. We do not endorse, sponsor, or accept any responsibility for such material. We are not responsible for the content or privacy practices of any linked sites. Indemnification You agree to indemnify and hold harmless 55 Degrees AB, subsidiaries, and affiliates, and their directors, officers, managers, employees, shareholders, agents, and licensors, from and against all losses, expenses, damages, and costs, including reasonable attorneys' fees, resulting from, arising out of, or in connection with any violation or alleged violation of this Agreement or its components (including but not limited to the Privacy Policy ), or the failure to fulfill any obligations relating to your account incurred by you or any other person using your account. We reserve the right to assume the exclusive defense of any claim for which we are entitled to indemnification under this section. In such event, you shall provide us with such cooperation as is reasonably requested by us. Disclaimer of Warranties This Site is available "as is." We do not warrant that this Site will be uninterrupted or error-free. There may be delays, omissions, interruptions, and inaccuracies in the news, information, or other materials available through this Site. We are not responsible for the availability or content of other goods and/or services that may be linked to this Site. We do not make any warranties, express or implied, including without limitation, those of merchantability and fitness for a particular purpose, with respect to this Site or any information or goods that are available or advertised or sold through this Site. We do not make any representations, nor do we endorse the accuracy, completeness, timeliness or reliability of any advice, opinion, statement or other material or database displayed, uploaded or distributed in this Site or available through links in this Site. We reserve the right to correct any errors or omissions in this Site. Although we intend to take reasonable steps to prevent the introduction of viruses, worms, "Trojan horses" or other destructive materials to this Site, we do not guarantee or warrant that this Site or materials that may be downloaded from this Site do not contain such destructive features. We are not liable for any damages or harm attributable to such features. If you rely on this Site and any materials available through this Site, you do so solely at your own risk. Limitation of Liability You acknowledge that your use of the Site, and any resource linked to therein, is exclusively at your own risk, and you agree that 55 Degrees, and its managers, employees, agents, and licensors will not be liable for incidental, indirect, consequential, special, punitive, or exemplary damages of any kind, including lost revenues or profits, loss of business, or loss of data, in any way related to this Site or for any claim, loss, or injury based on errors, omissions, interruptions, or other inaccuracies in this Site (including without limitation as a result of breach of any warranty or other term of this Agreement). Any claim against us shall be limited to the amount you paid, if any, for use of this Site. Severability and Integration Unless otherwise specified herein, this Agreement constitutes the entire agreement between you and 55 Degrees and governs your use of this Site, superseding any prior or contemporaneous communications and proposals (whether oral, written, or electronic) between you and us. If any portion of this Agreement is held invalid or unenforceable, that portion shall be construed in a manner consistent with applicable law to reflect, as nearly as possible, the original intention of the parties, and the remaining portions shall remain in full force and effect. No Waiver Our failure to enforce any provision(s) of the Agreement or respond to a breach by any party shall in no way waive its right to subsequently enforce any terms or conditions of the Agreement or respond to any breaches. Termination We may terminate this Agreement and/or suspend or terminate your access to the Site for any reason at any time by providing notice to you. If you wish to discontinue your access to the Site and cancel your account, you may make such a request by contacting us below. Otherwise, applicable sections of the Agreement shall survive any termination of your account or this Agreement. Choice of Law and Forum These terms and conditions are governed by Swedish law, without consideration to its choice of law provisions. The Ystad District Court has exclusive jurisdiction in the first instance on any dispute arising from these terms and conditions. No Professional Advice Any information supplied by any employee or agent of 55 Degrees, whether by telephone, e-mail, letter, facsimile, or another form of communication, is intended solely as general guidance on the use of the Site, and does not constitute professional advice without a separate agreement between you and an agent of 55 Degrees. Even then, only information relayed in performing contracted duties, and relayed during the timeframe of the binding agreement, will be considered professional advice. Accordingly, you agree not to treat any information you receive on or through the Site as professional advice or to rely on it as professional advice. Individual situations and state laws vary and users are encouraged to obtain appropriate advice from qualified professionals in the applicable jurisdictions. Miscellaneous You agree that no joint venture, partnership, employment, or agency relationship exists between you and 55 Degrees as a result of this Agreement or your access to and use of the Site. A printed version of the Agreement and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to this Agreement to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form. Nothing contained in this Agreement is in derogation of our right to comply with governmental, court, and law enforcement requests or requirements relating to your use of the Site or information provided to or gathered by us with respect to such use. Acceptance of Terms Use of this Site is offered to you on your acceptance of these Terms of Use, our Privacy Policy , and any additional terms and conditions set forth on this Site. If you do not agree to be bound by and comply with all of the foregoing, you may not access or use the information or services in this Site. Use of this Site represents your acceptance of the Agreement. Questions If you have any questions or comments about this Agreement, please contact us via support@55degrees.se and indicate that your inquiry concerns our user agreement.

No events at the moment

Legal Product Service Terms Agreement IMPORTANT - Please read carefully This Product Service Terms Agreement ("Agreement") is a binding legal document between 55 Degrees AB and You, which you accept by purchasing a Service. If you do not agree to this agreement, then do not pay for or use the Service. "Service" is the work performed by 55 Degrees under a service punchcard offered on https://55degrees.se . "You" means you, the organization or individual that purchased the Service. "55 Degrees" means 55 Degrees AB of Nordenskiöldsgatan 24, Office 312, 211 19 Malmö, Sweden. By remitting payment or purchase order for any portion of the fees for the Service, or by installing or using any of the Service, You agree to be bound by this Agreement. If You do not agree to this Agreement, then do not pay for or use the Service. The "Agreement" also includes any 55 Degrees policies or documents referenced in this document, including 55 Degrees' Privacy Policy at https://www.55degrees.se/privacy-policy . From time to time, 55 Degrees may modify this Agreement, including any referenced policies and other documents. Any modified version will be effective at the time it is posted, and will apply to any Service paid for after the time of posting. Scope of Service 55 Degrees will provide the purchased Service as described on https://www.55degrees.se/product-service-punchcards . Scheduling, Rescheduling and Canceling Sessions All sessions will be scheduled using Calendly. The specific URL for the scheduling site will be provided via the Customer Portal upon its creation. Please note that our current business hours are between 8am - 5pm CET. 55 Degrees will offer a limited number of after-hours sessions a week and we make no guarantee of their availability to any one organization. All meetings are subject to availability of the 55 Degrees employees and their partners. It is recommended that you attempt to schedule sessions with as much notice as possible. Each meeting must include a goal for the meeting in the requisite field in the meeting request form. A 55 Degrees employee will acknowledge and accept or decline each requested session once the request has been received. You agree to provide 24 hours notice for rescheduling of a scheduled coaching session. One hour will be deducted from your punchcard balance upon on the 3rd cancellation or reschedule occurring within 24 hours of a scheduled session. Once a session has been verified and accepted, 55 Degrees will take every effort to avoid canceling or rescheduling. Cost and Payment Service prices are stated on the pages where the services are offered. Payment must be received in advance of Service. Acceptable forms of payment include: credit card payment online and wire transfer via invoice. Refunds will be granted up to 30 days from purchase, provided Service has not commenced. Travel No travel is included. Service will be performed remotely by employees of 55 Degrees or its partners using Zoom or other video meeting technology. Term and Expiration Each Service Punchcard is valid for 90 days from date of purchase, with new punchcard purchases resetting the 90-day period for any unexpired previously purchased Punchcard. Unused Punchcard time cannot be refunded after 90 days from purchase. This Agreement will terminate one year after completion of the last Service. Copyrights Any alterations resulting in 55 Degrees' products as a result of Service become part of the product, owned by 55 Degrees. Any training materials or other media created during Service belong to 55 Degrees unless otherwise agreed in writing. Use of 55 Degrees products and Atlassian products are governed solely by the terms of their respective End-User License Agreements. No Warranty 55 Degrees neither guarantees, warrants, nor makes any representations as to the correctness or completeness of the Service or its suitability to any particular purpose, and no liability, contingent or otherwise is accepted by 55 Degrees for errors or omissions. Limitation of Liability Without limitation, 55 Degrees will not be liable for any loss, damage, cost, expense, or other claim (including consequential damages and loss of profits) in relation to the Service. Nondisclosure If You have entered a separate Nondisclosure Agreement with 55 Degrees, that agreement governs nondisclosure obligations in lieu of this section. "Confidential Information" means any information, technical data, or know-how relating to research, products, services, customers, markets, software, developments, inventions, processes, designs, drawings, engineering, marketing, finances, or other area which is designated in writing to be confidential or proprietary, or if given orally, is confirmed within seven (7) days in writing as having been disclosed as confidential or proprietary. 55 Degrees and You agree not to use Confidential Information received by the other party for any purpose except to provide the Services. Neither party will disclose the Confidential Information of the other party to third parties, or to its employees unless required to provide the Service. Each party agrees that it will take all reasonable steps to protect the secrecy of, and avoid disclosure or use of, Confidential Information of the other party in order to prevent it from falling into the public domain or the possession of unauthorized persons. Each party agrees to notify the other party in writing of any misuse or misappropriation of the other party's Confidential Information which may come to its attention. Each party agrees that, in addition to any other remedies that may be available, the other party shall be entitled to obtain injunctive relief against the threatened breach of this section or the continuation of any such breach, without the necessity of proving actual damages. Any Confidential Information, including copies, which have been disclosed by the other party will be returned or destroyed within thirty (30) days after the completion of the Service, or at the written request of the disclosing party. Choice of Law and Forum Applicable Law These terms and conditions are governed by Swedish law, without consideration to its choice of law provisions. The Ystad District Court has exclusive jurisdiction in the first instance on any dispute arising from these terms and conditions. No Waiver Our failure to enforce any provision(s) of the Agreement or respond to a breach by any party shall in no way waive its right to subsequently enforce any terms or conditions of the Agreement or respond to any breaches. Entire Agreement and Severability This Agreement is the entire agreement between You and 55 Degrees relating to the Service and they supersede all prior or contemporaneous oral or written communications, proposals and representations with respect to the Service or any other subject matter covered by this Agreement. If any provision of this Agreement is held to be void, invalid, unenforceable or illegal, the remaining provisions shall continue in full force and effect.

Resources Try our virtual course at Sign Up LEAN SOFTWARE DEVELOPMENT Blog posts and other useful content The 55 Degrees Official Blog EverydayKanban.com - the personal blog of co-founder Julia Wester LeanKit Blog - read posts by Julia Wester LinkedIn Learning Course: Lean Software Development - by Julia Wester Slide decks from Julia Wester's conference talks Publications, Posters, and Downloadable Exercises Transformational Leadership A white-paper from our co-founder, Julia, and others on how to get started with transformational leadership. Copyright: CC BY SA 4.0 . DevOps 'Secret Sauce' (e-book) Julia joins others experts to share insights on succeeding with DevOps. Copyright: DevOps Institute EverydayKanban.com Blog A blog about lean, agile, kanban, management and otherwise doing more with less stress by Julia Wester Copyright: EverydayKanban.com Spectrum Thinking Worksheet A guide to making complex decisions based on spectrum thinking and cycles of experimentation to find your "just right". Copyright: CC BY NC SA 4.0 . Visualizing your work in Kanban This visual guide walks you through the simple steps to get your Kanban board up and running. Copyright: CC BY SA 4.0 . Go with the Flow: A Kanban Sim A kanban simulation that highlights the impacts of context switching. Copyright: CC BY SA 4.0 .