Legal & Transparency

Explore our general terms of service, legal agreements and policies for using our cloud service - SuperOffice CRM Online.

Relationships – personal or in business – are built on trust. And transparency is in the core of trust. That is why SuperOffice takes this so seriously. We know that when you trust us with your CRM data and software to support your most significant business processes in marketing, sales and customer service, we must continuously work to earn and keep your trust.

In this section you will find an overview and introduction to our goals, culture and specific measures in the area of trust and transparency.

Agreements & Policies

Below you can access important documents and explore the content of our Terms of Service, legal agreements and policies.

SuperOffice CRM Online Subscription Agreement (MSA)

Data Processing Agreement (DPA)

List of pre-approved sub-Processors

SuperOffice CRM Onsite Subscription Agreement

Privacy Statement

SuperOffice App Store (Terms of Use)

Public Facing Services Policy

Data Mirroring Service

Expander Services

DPA/NDA for Support & Consulting Services

List of sub-Processors Services

GDPR compliance

Our products have undergone external reviews to confirm that we and our products are GDPR compliant.

DLA Piper review of SuperOffice AS and SuperOffice CRM

Territories

The SuperOffice CRM Online cloud service is designed mainly to be used in Europe. This is specifically related to the location of the main data centers in Norway, as well as the scheduled maintenance windows which are optimized for customers and users in the European time zones.

In addition, the SuperOffice CRM Online cloud service is compliant with and managed under the EU General Data Protection Regulation, in terms of storage and management of personal data.

Transparency

The server infrastructure is built on secure public cloud solutions. We use data centers facilitated by Visma IT & Communications. Data processing takes place in accordance with the data center transparency list below and follows local European regulations and requirements with regards to protection of data privacy. In order to comply with national legal requirements, separate data storage is additionally provided in Norway.

  • Locked and alarmed with 24/7 surveillance.
  • External and internal video monitoring and traceability of access to the premises.
  • Redundant climate control with environmental monitoring of gas, moisture, heat and water.
  • Fire alarm with automatic fire-fighting equipment.
  • Uninterruptible power supply regularly tested against fictional power outages.

For public cloud solutions, we use the vendor's data centers for storage of information. The centers run around the clock and ensure uninterrupted operations, by protecting against power outage, physical intrusion and network outage. These data centers conform to recognized industry standards of physical security and reliability.

Data Center Transparency List

SuperOffice stores and processes Cloud CRM data at the following data centers.

Entitiy company name Entity city, country Processing country Entitiy type & description of service Privacy & security governance
SuperOffice AS Oslo, NO Oslo, NO Cloud Service Provider. SuperOffice CRM Online offering functionality for basic CRM as well as specialized functionality for marketing, sales and service.

GDPR audits performed by PWC. Legal Agreements certified by Lawyer Foyen Torkildsen. Part of Visma ITC ISO27001 certificate.

Visma ITC Oslo, NO  Oslo, NO Hosting Provider. Hosting and operations of all servers and infrastructure for SuperOffice CRM Online. ISO Certificates for ISO9001 and ISO27001. ISO27018 during 2018. ISAE3402 audit report available on request (fee).
Mailgun Inc.  US US Email service provider. Mailgun is storing mass emails (campaigns) generated from SuperOffice CRM in 24 hours (for resending purposes). Certified under the EU-U.S. Privacy Shield Framework, and the U.S. – Swiss Safe Harbor Framework.
Microsoft Inc.  US

Primary data center in Netherlands. Secondary data center in Ireland.

Document Storage Provider. All documents stored in SuperOffice CRM Online are stored in a Microsoft Azure service.

https://www.microsoft.com/en-us/trustcenter/cloudservices/azure
Microsoft Inc.  US Western Europe Office365 used for document management in SuperOffice CRM Online https://www.microsoft.com/en-us/trustcenter/cloudservices/azure
Google Inc.  US Western Europe G Suite (Google) used for document management in SuperOffice CRM Online https://www.google.com/cloud/security/
InfoBridge Software BV S´Hertogenbosch, NL Western Europe Provider of calendar synchronization between SuperOffice CRM Online and various calendaring systems

 

Hosted on the Microsoft Azure platform.

https://www.microsoft.com/en-us/trustcenter/cloudservices/azure

App Store Partner App Store partner country App Store partner country Providers of 3rd party apps and integrations – based on the SuperOffice CMR Online APIs Described in the Terms of Service and DPA between Customer and Partner.

 

Service Availability

SuperOffice has the goal of keeping its services up and running on a “24x7x365” basis. However, system maintenance might lead to short periods of unavailability. System maintenance is performed on a regular basis to provide our customers with the best performance, security and stability. Our maintenance schedule aims at minimizing disruption to normal business hours’ operation.

Currently, SuperOffice uses the following maintenance schedule (all times are CET +1):

  • System maintenance: Operating system patching, updates, reconfiguration of software to backend systems. This is scheduled for every second week on Fridays between 00:00 and 06:00.
  • Application maintenance: Upgrades of the SuperOffice application software are scheduled for every third week on Tuesdays at 22:00 (10% of customers) and the rest of the customers the following Friday at 22:00.
  • Server re-cycle: Every night at 02:00 servers are re-cycled causing a temporary drop in connection to the system (1-3 seconds). Users are normally automatically logged in again.
  • Microsoft patching: Microsoft releases security patches once a month. These updates are scheduled on a second Friday of every month between 00:00 and 06:00.
  • Infrastructure upgrade: Data center, hardware, electricity, network upgrades are scheduled between Saturday 20:00 and Sunday 06:00 if needed.
  • Emergency patching: Occasional serious security updates and similar are normally installed after normal working hours, at approximately 18:00.

Downtime for the individual customer will vary depending on the type of change/update. Normally, a user will experience a short loss of connection (a few seconds), followed by an automatic login. Downtime will rarely exceed 30 minutes.

All scheduled maintenance is clearly posted at the login screen of each user at least 24 hours in advance.

Critical fixes may be posted at the login screen of each user with minimum 24 hours’ notice if required to maintain service stability.

The above described maintenance schedules are designed to support customers and users of our services in Europe in the best possible way. Any usage of the service outside Europe, are subject to the same maintenance schedules, meaning that maintenance can take place during normal working hours in Asia, as well as in North and South America.

Status Page

All scheduled outage is notified at least 24 hours in advance. System status and any scheduled downtime are presented at the login screen of each user and on the status page: status.superoffice.com.

Governance

Find out how SuperOffice governance model, risk management policies and compliance procedures ensure data protection.

Cloud Security

Learn what security measures and safety protocols are in place to safeguard all data stored in SuperOffice CRM Online.

App Store & APIs

Partners and apps are part of the SuperOffice ecosystem. All apps in our App Store are tested and qualified for security and compliance.