Skip navigation
In this section

Registry of processing activities

Details

Responsibility

[Description of the contract and customer]

Data processor

Ericsson AB

[In some cases Ericsson AB will be data controller as per defined in the contract].

Data protection officers

CUSTOMER [data controller]:

[Include name and registered contact details provided to the Supervisory Authority]

Ericsson [data processor]:

DPO / dataskyddsombud

ericsson.group.privacy@ericsson.com

Description of the processing activities and detail of the data processed

Description of the processing [Related to the different services for the execution of the contract]:

collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, pseudonymization, anonymization, segmentation, restriction, erasure or destruction;

 

Detail of data processed

A. Personal Data processed by Ericsson as a Data Controller for the purposes of managing the EOD tenants, fulfilling the contract, and managing the business relationship via Google Marketplace:

  1. Identity data:

  • Name (first and last) of the Customer's contact person(s).  

  • Business email address(es) of the Customer's contact person(s).

  • Business telephone number(s) of the Customer's contact person(s).

  • Company address and country.  

 

B. Personal Data processed by Ericsson as a Data Processor for the purpose of providing the EOD Trial Offering on behalf of the Customer:

  1. Identity data:

  • End-user identifiers provided by the Customer’s Identity Provider (IdP), such as username, email address, or other unique IDs.

  • End-user mobile number (MSISDN), and potentially other telco-specific identifiers like IMSI, if required for the functionality of the specific EOD service being trialed.

  • Authentication credentials provided by the Customer for its IdP (e.g., App ID, App Secret).  

  1. Telco, and Network Data:

  • IP addresses of end-users accessing the service.

  • MSISDN (as noted above).

  • Event logs related to service usage, if the specific EOD service processes communications or network events.  

  1. Service-Generated Data:

  • Metadata related to end-user activity within the platform (e.g., features used, timestamps, system logs).

  • Configuration data created by the Customer's administrator, such as the bindings between the Customer's user groups and EOD roles.  

 

C. Sensitive data

The EOD Trial Offering is not designed for, and is not intended to be used for, the processing of Special Categories of Personal Data or other data deemed "sensitive" under applicable law (e.g., health data, racial or ethnic origin, political opinions, trade union membership).

Data controller

[Customer name]

Categories of data processed

Employees, end users

  1. Customers´ End Users

  2. Customers

  3. Contact Persons

  4. Employees and Customers´ employees

Estimated volume of data:

  • SW: number of end-users e.g., active users and throughput Subcontractor: number of employees delivering the service

Transfers and assignments

Data, as described in the section DESCRIPTION OF THE PROCESSING ACTIVITIES AND DETAIL OF THE DATA PROCESSED  below, is transferred and processed by several Ericsson entities.

International data transfers

EAB: Ericsson Sweden

EMC: Ericsson Canada

EUS: Ericsson US

EPA: Ericsson Australia

Security measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  • (a) the pseudonymisation and encryption of personal data

  • (b) the ability to ensure  ongoing confidentiality, integrity, availability and resilience of processing systems and services

  • (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

  • (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

 

  1. In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.

Ericsson has implemented security measures hereinbelow in this Appendix.

Subcontracting

Google Cloud EMEA Limited (and Google affiliates engaged as “Google Group Subprocessors” as described at Google Cloud’s Subcontractors page).

Address: 70 Sir John Rogerson’s Quay, Dublin 2, Ireland

  • Marketplace Vendor Agreement by Google LLC The attached Marketplace Partner Information Protection Addendum (PIPA) treats Google and Ericsson/any ISV as independent controllers of the “Google-Provided Data”.

  • Customers’ data stored/processed in Ericsson On-Demand, the relevant subprocessor is Google Cloud EMEA Limited.

  • Google LLC under the Marketplace Vendor Agreement will provide, as an independent controller of:

    • billing and payment data,

    • Marketplace account data,

    • some customer identity and transaction data it shares with you (“Google-Provided Data”).