Build and transform technology landscapes to support evolving business strategies and operationalize innovation.
Learn moreMaximize market potential through a partner program offering LeanIX solutions tailored to your business model.
Learn moreTake your capabilities to the next level and arm yourself with the knowledge you need
See all resourcesLeanIX may rely on different entities to process Customer Data. With “Customer Data” we refer to any data uploaded to the LeanIX subscription services by Customer. Below you will find a list of such entities, as well as information on the purpose of such processing, the place of processing and what LeanIX customers are interested by this subprocessor.
Note that it is a priority for LeanIX to ensure that all transfers of Customer Data to the above entities are fully compliant with all applicable regulations. In particular, LeanIX relies on Standard Contract Clauses - or on equivalent appropriate safeguards under art. 45 and 46 of the General Data Protection Regulation (Regulation (EU) 2016/679) – to ensure a valid legal basis for the transfer.
For additional information, please check your Order Form with LeanIX or reach out to your LeanIX Account Executive. If you are interested in receiving notifications of any changes to this list, please subscribe here.
| Legal entity | Purpose of subprocessing | Place of data processing | Personal Data processed | Active for | Safeguards |
|
LeanIX GmbH |
Mother company of LeanIX group, providing user support, maintenance and development. |
Germany |
All the Personal Data included in the Customer Data
|
Customers of LeanIX Inc. |
Data Processing Exhibit in accordance with Article 28 GDPR LeanIX Privacy Standards Data Security Exhibit Encryption at rest and in transit of all data |
|
LeanIX Inc |
100% owned entity of the LeanIX group, providing user support, maintenance and development. |
USA |
All the Personal Data included in the Customer Data |
Customers of LeanIX GmbH |
Data Processing Exhibit in accordance with Article 28 GDPR LeanIX Privacy Standards Transfer Impact Assessment Encryption at rest and in transit of all data |
|
LeanIX B.V. |
100% owned entity of the LeanIX Group providing User Support, maintenance and development. |
Netherlands |
All the Personal Data included in the Customer Data |
All Customers |
Data Processing Exhibit in accordance with Article 28 GDPR LeanIX Intragroup EU SCC Module 3 Encryption at rest and in transit of all data |
|
LeanIX France SARL |
100% owned entity of the LeanIX Group providing User Support, maintenance and development. |
France |
All the Personal Data included in the Customer Data |
All Customers |
Data Processing Exhibit in accordance with Article 28 GDPR LeanIX Intragroup EU SCC Module 3 Encryption at rest and in transit of all data |
|
LeanIX UK Limited |
100% owned entity of the LeanIX Group providing User Support, maintenance and development. |
UK |
All the Personal Data included in the Customer Data |
All Customers |
Data Processing Exhibit in accordance with Article 28 GDPR LeanIX Intragroup EU SCC Module 3 Encryption at rest and in transit of all data |
|
LeanIX Sl d.o.o. |
100% owned entity of the LeanIX Group providing User Support, maintenance and development. |
Slovenia |
All the Personal Data included in the Customer Data |
All Customers |
Data Processing Exhibit in accordance with Article 28 GDPR LeanIX Intragroup EU SCC Module 3 Encryption at rest and in transit of all data |
|
SAP Australia Pty Ltd. |
Subprocessor is providing user support, maintenance and development. |
Australia |
Personal Data included in the |
All Customers |
Intragroup Data Processing Agreement + New Standard Contractual Clauses by European Commission, reference 2021/914 or Adequacy decision + Data Security Exhibit, detailing Technical and Organisational measures: https://www.leanix.net/en/legal/commercial ISO 27001, SOC 2 Type 2 |
|
SAP ASIA Pte Ltd. |
Subprocessor is providing user support, maintenance and development. |
Singapore |
Personal Data included in the |
All Customers |
Intragroup Data Processing Agreement + New Standard Contractual Clauses by European Commission, reference 2021/914 or Adequacy decision + Data Security Exhibit, detailing Technical and Organisational measures: https://www.leanix.net/en/legal/commercial ISO 27001, SOC 2 Type 2 |
|
SAP México S.A. de C.V. |
Subprocessor is providing user support, maintenance and development. |
Mexico |
Personal Data included in the |
All Customers |
Intragroup Data Processing Agreement + New Standard Contractual Clauses by European Commission, reference 2021/914 or Adequacy decision + Data Security Exhibit, detailing Technical and Organisational measures: https://www.leanix.net/en/legal/commercial ISO 27001, SOC 2 Type 2 |
|
SAP Brasil Ltda. |
Subprocessor is providing user support, maintenance and development. |
Brazil |
Personal Data included in the |
All Customers |
Intragroup Data Processing Agreement + New Standard Contractual Clauses by European Commission, reference 2021/914 or Adequacy decision + Data Security Exhibit, detailing Technical and Organisational measures: https://www.leanix.net/en/legal/commercial ISO 27001, SOC 2 Type 2 |
| Legal entity | Purpose of subprocessing | Place of data processing | Personal Data processed | Active for | Safeguards |
|
Microsoft Ireland Operations, Ltd. |
Hosting of LeanIX application and database (including backup) |
(different geographical regions available, depending on Customer choice; Please make reference to the Agreement) |
All the Personal Data on the workspace |
All Customers |
Data Processing Exhibit in accordance with Article 28 GDPR ISO 27001, 27002, 27018 SOC 2 Type 2 Encryption at rest and in transit of all data |
|
Mailjet SAS |
SMTP Relay Service, sending of e-mails (outbound only), e.g. in invitation process |
France
|
Email Address |
All Customers |
Data Processing Exhibit in accordance with Article 28 GDPR ISO 27001, 27701 SOC 2 Type 2 Encryption at rest and in transit of all data |
|
Zendesk, Inc. |
Input channel and administration of support requests, e.g. via email or support button in LeanIX. |
Ireland and Germany |
Email address + text in ticket |
All Customers |
Data Processing Exhibit in accordance with Article 28 GDPR Binding Corporate Rules (BCR) ISO 27001, 27018 SOC 2 Type 2 Encryption at rest and in transit of all data |
|
The Rocket Science Group, LLC/ Mailchimp |
Sending of e-mail newsletters, e.g. regarding new features of LeanIX. |
USA |
Email address |
All Customers |
Data Processing Exhibit in accordance with Article 28 GDPR EU/US Data Privacy Framework ISO 27001 SOC 2 Type 2 Encryption at rest and in transit of all data |
|
Twilio/Sendgrid |
SMTP Relay Service, sending of e-mails (outbound only) |
USA |
Email Address |
Customers hosted in the US / Canada having subscribed SMP product or VSM product |
Data Processing Exhibit in accordance with Article 28 GDPR EU/US Data Privacy Framework ISO 27001, 27017 and 27018 SOC 2 Type 2 Encryption at rest and in transit of all data |
|
ServiceNow Nederland BV (Effective as of 26 April 2024) |
Subprocessor is providing ticketing system for user support. |
Netherlands |
Personal Data included in tickets submitted by Users |
All Customers |
Data Processing Agreement + New Standard Contractual Clauses by European Commission, reference 2021/914 ISO 27001, SOC 2 Type 2 |
|
Gainsight Inc (Effective as of 26 April 2024) |
Subprocessor is providing ticketing system and support in customer success management. |
USA |
User names, Contact details, Customer success requests |
All Customers |
Data Processing Agreement + New Standard Contractual Clauses by European Commission, reference 2021/914 ISO 27001, SOC 2 Type 2 |
|
Tech Mahindra Ltd. (Effective as of 26 April 2024) |
Subprocessor is providing first level user support. |
India |
Personal Data included in tickets submitted by Users |
All Customers |
Data Processing Agreement + New Standard Contractual Clauses by European Commission, reference 2021/914 ISO 27001, SOC 2 Type 2 |
|
Snowflake Inc. (Effective as of 26 April 2024) |
Subprocessor is providing data warehouse services. |
USA |
Personal Data included in the Customer Data |
All Customers |
Data Processing Agreement + New Standard Contractual Clauses by European Commission, reference 2021/914 ISO 27001, SOC 2 Type 2 |
