Entities involved in the processing of data
We share personal data with other legal entities within SD Worx group and with other legal entities for the purpose of delivering the agreed services, we thereby distinguish all processing activities by delivery method. Any public legal entities that we share data with are excluded in this overview but can be inferred from the overview under “data processed as part of legal obligations”, we are then either instructed by law to share data or we have expressly agreed the sharing of data with the customer such as there where the law instructs our customers to do so. Data may in this case be shared with foremost governmental agencies such as in the area of taxation, social healthcare, pensions, etc. but also private firms such as banks and insurers.
We are thus distinguishing four different groups of entities with whom we share data.
SD Worx group subsidiaries as sub-processors
Data Protection and Information Security are central functions within the SD Worx Group and all essential policies and controls are effectuated equally throughout all companies that form part of SD Worx Group. We therefore hold that data delivered for the purposes of our fulfilment of a contractual obligation to one of the subsidiaries of SD Worx Group is to be considered as data delivered to all subsidiaries of SD Worx Group. The data exchanged between subsidiaries may however be limited based on the delivery model chosen and the country of operations.
On premise (OP)
During a normal on-premise delivery, the customer has the database containing personal data in-house and we are therefore unable to access the data without permission from the customer. All requirements relating to GDPR compliance mentioned on https://www.sdworx.com/en-en/gdpr are applicable to all our products but as the market has shifted towards a cloud service based model we do have more of our newer products available for this model which may mean that functionalities are delivered through an onsite custom installation. Please contact our consulting team for more information.
Outside of onsite installations and maintenance of our products we may be able to access personal data in the normal course of business such as when providing support. In this case you as a customer will be taking initial contact and need to be aware of privacy best practice and operating standards.
Support Services. Any data delivered to us that may contain personal data is not identified as such there where it concerns the normal day-to-day business activities. E-mail and support tickets send to us are send over a trusted network but are left unencrypted. Such E-mails may contain personal data send to us and the sender should be aware that no large amounts of data are send in the text body of the E-mail. In this case think before you send applies and customers will be made aware and our staff will be trained to avoid unnecessary sharing of data.
Technical support services. Customer data for testing or for resolving errors in software or in the handling of software is only used upon consent from customer and preferably within customer environment. The data delivered to us in form of any attachment is removed within two years. We are sending files that may likely contain larger records of personal data such as CSV (excel) or XML files only encrypted and reduce where possible unique identifiers such as personal identification numbers. Of any files delivered to us that may likely contain sensitive data please ensure to:
- Send files encrypted;
- Filter personal data and alter by for example anonymizing where possible.
Cloud (CL)
The information under “support services” and “technical support services” applies also to our cloud customers. Otherwise our software as a service will not entail the transfer of large data files as we already are in possession of the database. It is therefore also that we have a special responsibility towards your data. Your data is handled by our centralized Cloud Team with offices in Espoo, Finland. Here delivery management, change management, information security management are working close together to ensure both availability and integrity of your data. Under technical and organisational security measures you will be able to find more information on how your data is safeguarded and respected.
Managed Payroll Services (MPS)
Managed Payroll Services is foremost done through the entities marked with “MPS” in the company name and data received in the execution of tasks is normally not shared outside the country of operations.
SD Worx Nordics entities |
|||||||
|---|---|---|---|---|---|---|---|
| Entity name | Country | Business ID | Address | Main processing activities | Applicable for Delivery Model | ||
| OP | CL | MPS | |||||
| SD Worx Finland Oy | Finland | 2644026-6 | PO Box 201, 02631 Espoo, Finland | Main processor for MPS and Cloud customers in Finland's private and public sector Provides software support, maintenance, and consultancy services to both private and public sector clients. Activities include cloud hosting, development, IT security, technical consultancy, and support for all Cloud and MPS customers of SD Worx in the Nordics. Additionally, Managed Payroll Services are offered in Finland, covering payroll, travel management, and super user services. |
X | X | X |
| SD Worx Estonia Oü | Estonia | 11180790 | Mäealuse 2/2 EE-12918 Tallinn, Estonia |
Managed Payroll Services from Estonia, if and as agreed with the customer in the master agreement | X | ||
| SD Worx Sweden AB | Sweden | 556935-7857 | Box 1102, 172 22 Sundbyberg, Sweden | Main processor for MPS and Cloud customers in Sweden's private and public sector. Provides Managed Payroll Services in Sweden, including payroll, travel management, and super user services. Also delivers cloud development, support and maintenance, IT security, technical consultancy, and software support, maintenance, and consultancy. | X | X | X |
| SD Worx Norway AS | Norway | 913143663 | Trelastgata 3, 0191 Oslo | Main processor for MPS and Cloud customers in Norway's private and public sector, delivering Managed Payroll Services such as payroll, travel management, and super user services. Provides software support, maintenance, and consultancy services. |
X | X | X |
External entities as sub-processors
As part of our service delivery we may use external parties, in the case where such external parties have access to personal data these are listed here. Based on the access to personal data these sub-processors have received a criticality status critical or major. There where the sub-processor is listed as critical the sub-processor is subject to an on-site audit according to our audit policy.
On-Premises (OP)
Technical Support Services, customer data only used upon consent from customer and preferably within customer environment. There are limited entities that may be involved in sub processing and this is only due access to support incidents or through additional products purchased.
Cloud
For cloud service management we have strategical partners for the provision of hosting services and back-ups management. Please find more information below.
Managed Payroll Services (MPS)
As part of the Managed Payroll Services delivery model we have partnerships with companies foremost for the provision of ancillary services such as printing and postage of payslips, such ancillary services are always agreed on in the master agreement. Please find more information below.
List of Subprocessors Relevant to SD Worx Entities in the Nordics |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Entity name | Country of processing | Business ID | Address | Main processing activities | Delivery Model | Country Scope |
Customer Scope | Processor since | ||
| OP | CLOUD | MPS | ||||||||
| Microsoft AB | Netherlands /EU | 502052-1307 | Microsoft Ireland Operations Limited One Microsoft Place, South County Industrial Park, Leopardstown, Dublin 18, D18 P521 | Access to information from SD Worx support incidents for internal applications that may contain personal data. | X | X | X | NORDIC | ALL | May-18 |
| Elisa Oyj* | Finland | 0116510-6 | Ratavartijankatu 5 00520 Helsinki | Hosting of all SD Worx cloud delivered applications | X | X | NORDIC | ALL | May-18 | |
| NetNordic (Formerly known as Fiarone Oy) | Finland | 2342645-0 | Nereis Business Garden Postikatu 2 20250 Turku |
Security Event Monitoring and Storage | X | X | NORDIC | ALL | Apr-20 | |
| ProACT Finland Oy | Finland | 1084241-2 | Elimäenkatu 17-19 00510 Helsinki | Proact Oy is Maintenance and hardware operations partner and service provider to SD Worx Cloud and Internal ICT operations | X | X | NORDIC | ALL | May-18 | |
| DNA Oyj | Finland | 0592509-6 | Läkkisepäntie 21, 00620 Helsinki | DNA / Telenor Finland is Service provider in area of Datacenter services and Datacenter infrastructure without access to any of SD Worx systems located in DNA Premises | X | X | NORDIC | ALL | Aug-20 | |
| Sønderup I/S | Denmark | 31824559 | Jyllandsgade 9, 4100 Ringsted | Partner for MPS Delivery in Denmark | X | DK | ALL | May-18 | ||
| Microsoft Azure | Netherlands /EU | 502052-1307 | Microsoft Ireland Operations Limited One Microsoft Place, South County Industrial Park, Leopardstown, Dublin 18, D18 P521 | Hosting platform for SD Worx Analytics | X | X | ALL | BASED ON PURCHASED PRODUCT | May-18 | |
| Rely Sweden AB | Sweden | 556744-5589 | Gånstavägen 4, 749 43 Enköping | Partner for HR (Personec HR) and TEIS and XAIS support | X | X | X | SE | BASED ON PURCHASED PRODUCT | May-18 |
| Posti Group Oyj | Finland | 1531864-4 | Postintaival 7, 00230 Helsinki | Printing services, delivery services, transferring services to home addresses of pay slip or employment related information | X | FI | BASED ON AGREEMENT | May-18 | ||
| Ropo Messaging AS | Norway | 966565772 | Framnesveien 3A, NO-3222 Sandefjord | Printing services, delivery services, transferring services to home addresses of pay slip or employment related information | X | NO | BASED ON AGREEMENT | May-18 | ||
| Taavi Tarkvara OÜ | Estonia | 10265337 | Harju maakond, Tallinn, Nõmme linnaosa, Turu plats 5-17, 11611 | Payroll and HR software provider in Estonia. | X | EE | BASED ON AGREEMENT | May-18 | ||
| Lessor A/S | Denmark | 2420010 | Engholm Parkvej 8 3450 Allerød | SaaS delivery of Lessor payroll solution in Denmark | X | X | DK | BASED ON AGREEMENT | Jun-20 | |
| Evry Norge AS | Norway | 933012867 | Postboks 4, 1330 Fornebu | Hosting of Payroll solution dedicated for customer | X | NO | ONE CUSTOMER | May-18 | ||
| Talentech AB | Sweden | 556675-7810 | Rosenlunds gatan 52, 118 63 Stockholm | Recruitment software Reachmee and/or Webcruiter as SaaS service (storage, system admin, support ) | X | X | NORDIC | RESELLER, BASED ON PURCHASED PRODUCT | May-18 | |
| Iver Sverige AB | Sweden | 556575-3042 | Sveavägen 143, 113 46 Stockholm | Provision of hosting services for above mentioned Reachmee and/or Webcruiter recruitment software. | X | X | NORDIC | RESELLER, BASED ON PURCHASED PRODUCT | May-18 | |
| Scrive AB | Sweden | 556816-6804 | Grev Turegatan 11A, 114 46 Stockholm | Partner to SD Worx to provide SaaS service and mobile apps for e-signing of documents | X | X | NORDIC | RESELLER, BASED ON PURCHASED PRODUCT | Dec-18 | |
| Cilron Oy | Finland | 3267131-9 | Sahakuja 4, 05800 Hyvinkää | Support services for SD Worx solutions, cloud hosting and support services relating to Cilron Ontime | X | X | FI | RESELLER, BASED ON PURCHASED SERVICE/ PRODUCT | May-18 | |
| PostNord Strålfors AB | Sweden | 556102-9843 | Terminalvägen 24 171 73 Solna | Printing services, delivery services, transferring services to home addresses of pay slip or employment related information | X | X | SE | BASED ON AGREEMENT | May-18 | |
| ServiceNow Nederland BV | Netherlands /EU (**) | 531963170 | Hoekenrode 3, 1102 BR Amsterdam | Customer support platform as a SaaS Service; storage and back-up of user account data, ticket data, log data | X | X | X | NORDIC | ALL | May-20 |
| Salesforce | United Kingdom | 05094083 | Salesforce Tower, 110 Bishopsgate, London, EC2N 4AY, United Kingdom | Customer service software solution international customers | X | X | X | NORDIC | BASED ON AGREEMENT | Oct-22 |
| Sofigate Services Oy | Finland | 2181137-1 | Teknikantie 12, FIN-02150 Espoo | 2nd Line Support to SD Worx for ServiceNow | X | X | X | NORDIC | ALL | May-20 |
| Nomentia Oy | Finland | 2855557-7 | Linnoitustie 6 B, 02600 Espoo, Finland | Transferring payment data from our payroll solution to customers employees bank accounts | X | FI | ALL | May-20 | ||
| Protime NV/SA, a SD Worx company | Belgium | 0454.218.138 | Bautersemstraat 68 /a 2800 Mechelen, Belgium | Known as SD Worx Workforce Management Hosting, implementation and support of the myProtime and Protime Premium software solutions |
x | x | x | NORDIC | RESELLER, BASED ON PURCHASED SERVICE/ PRODUCT | Jan-23 |
| Teal Partners | Belgium | 0642.824.542 | Damplein 23, 2060 Antwerp, Belgium | BuddyHR Implementation and support for HR software applications (Buddy HR) |
X | X | FI | BASED ON AGREEMENT | Apr-24 | |
| Fujitsu Technology Solutions NV | Belgium | 0430.262.405 | Culliganlaan 5, 1831 Machelen, Belgium | Datacentre housing and infrastructure as a service for SD Worx Buddy HR software application | X | X | FI | BASED ON AGREEMENT | Apr-24 | |
| NorskTid | Norway | 863 228 522 | Grenseveien 107, 0663, Oslo, Norway | Time registration software for public sector in Norway | X | NO | BASED ON AGREEMENT | Aug-25 | ||
*Elisa Appelsiini Oy (1539836-5) was merged with its parent company Elisa Oyj 0116510-6, as per 31 December 2018.
** www.sdworx.com/en-en/gdpr-servicenow. Security log data (such as IP addresses and logon/logoff information) may, in limited cases, be accessed by ServiceNow employees located outside the EU/EEA.
Last update: August 2025