Privacy Policy

Privacy Policy

1. General Information regarding Data Processing

1.1 Acapela as Data Controller

Data controller is Acapela GmbH, Torstraße 92, 10119 Berlin/Germany, registered with the commercial register at local court of Charlottenburg under HRB 221267 B, represented by the managing directors Roland Grenke and Heiki Riesenkampf, email: hello@acape.la, VAT-ID DE335356134 ("we/us" or "Acapela").

You can contact our appointed data protection officer:

Heiki Riesenkampf, hello@acape.la


1.2 Scope of Data Processing

Personal data are any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).


1.3 Your Rights

In accordance with the statutory provisions, you as the data subject have the following rights:

the right to access,

the right to rectification or erasure,

the right to restriction of processing,

the right to data portability,

If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future,

You may object to the processing of your personal data, if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.

To exercise these rights named above you may contact us at any, for example via email to hello@acape.la.

You have also the right to lodge a complaint with a supervisory authority at your choice (for example: Berliner Beauftragte für Datenschutz und Informationsfreiheit https://www.datenschutz-berlin.de/kontakt.html).

An overview of the Data Protection Authorities may be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080


1.4 Storing and Deleting Data

The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.


1.5 Profiling and automated decision making

We do not use automated decision-making including profiling when processing data concerning our Website or Platform.


1.6 Data Security

For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures.


1.7 Data Processing by Third Parties / Data Processing outside the EU

We may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured. A list of the data processors processing data outside the EU and corresponding information is available by request via email to hello@acape.la.


2. Data processing on our website


2.1 Server Logs

Nature and purpose of data processing

We collect data on each visit to our website acapela.com ("Website") (so-called Server log files), which include:

Name of the Website visited, date and time of the visit, data amount transferred, information on a successful call, browser type as well as version, operating system of the user, referrer URL (the page visited before), IP address and the requesting provider as well as the following, if a mobile end device is being used:

country code, language, name of device, name and version of operating system.

We use these server log files only for statistical evaluations for the purpose of optimizing our services and in order to guarantee the stability and operational security of the Website.

Legal basis

When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

The log files and IP addresses of website visitors, which we process as described below, are deleted within 30 days.


2.2 Newsletter

Nature and purpose of data processing

When registering for the newsletter, you have to provide an email address and your name. In our newsletter we inform you about our services and products also described on our Website. In case of registration for the newsletter we also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration. We also analyze how users consume our newsletter. This includes tracking of newsletter openings and how the newsletter is consumed.

Legal basis

The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 (1) a GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will process your personal information until your consent is revoked.

Revocation of consent

If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data through such newsletters please use the "unsubscribe" link contained in each newsletter or send us an email to hello@acape.la.


2.3 Careers Section on our Website

Nature and purpose of data processing

We will process your data through the careers section of the Website, if you apply to an open position at Acapela.

In order to submit your application you need to provide your name, email address, as well as your resume and/or CV.

We may also ask for additional information to assist us with our recruitment process and in the event, you are offered a job. Such data may include date of birth, telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with us.

You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at Acapela or otherwise). In those circumstances, you will need to check with that person that they are happy for you to share their personal information with us, and for us to use it in accordance with this privacy policy.

In particular, we use your data:

To get in touch with you, communicate with you, update you and to facilitate your application;

To respond to your questions or concerns;

To carry out vetting of staff members by contacting references (where required);

To assist in any disputes, claims or investigations relating to your application, or

To comply with our legal, regulatory, and professional obligations.

If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with our recruiting processes or keep you informed about future opportunities.

Legal basis

We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 (1) b. GDPR) or -- as applicable -- for the purpose of the employment relationship with you (Section 26 BDSG).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will store your information for 6 months after notification that we could not retain your application for a position at Acapela.


2.4 Talent Pool

Nature and purpose of data processing

If we cannot offer you a position immediately based on your application, we might want to keep you informed about other opportunities in the future. In order to do so, we need to keep the information specified under 2.3.

Legal basis

We process your data based on your consent (based on Art. 6 (1) a. GDPR.

Recipients and transfer to third countries

(see 2.3)

Storage duration

With your explicit consent to contact you for further opportunities, we will process your information no longer than 2 years.

Revocation of consent

You may withdraw such consent with effect for the future at any time via email to join@acape.la.


2.5 Contacting Us

Nature and purpose of data processing

If you send us an e-mail or contact us via an online form, your contact data, name, email address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions.

Legal basis

These data are processed only on the basis of our legitimate interests to offer efficient communications channels to the public (Art. 6 (1) f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

With your explicit consent to contact you for further opportunities, we will process your information no longer than 2 years.


2.6 Website Analytics

Nature and purpose of data processing

This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the site that do not identify specific individuals. Analysis cookies transmit your IP address to a service provider for this purpose.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


2.7 Advertisement (conversion tracking and retargeting)

Nature and purpose of data processing

We use cookie-based technologies to help us deliver more effective and personalized ads.

This enables us to determine visitors to our online offer as a target group for the display of advertisements (so-called "targeted advertisement"). We can further track the effectiveness of our online advertisements by seeing whether users were redirected to our website after clicking on such advertisements (so-called "conversion tracking"). We may also use service providers to identify users that have visited our site as potential customers and recipients of advertisements (so-called “retargeting”).

For the above mentioned we process an unique online identifier, your IP-address as well as information regarding buttons clicked, the names of these buttons, and all pages visited based on the button clicks.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Retention Period

The data will be deleted after one year.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


2.8 User Surveys

Nature and purpose of data processing

We sometimes perform online surveys related to our products in order to gain insights and improve our services. When completing a survey on our Website, we process your email address and your entered answers.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Retention Period

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time via email to hello@acape.la.


3. Data processing in connection with our App (Desktop, Web, and Mobile)


3.1 Registration and Sign-in

Nature and purpose of data processing

When you register for an account or sign-in to an existing account, Acapela needs to process certain personal data such as Profile data (user name, email) IP address Company Data.

Legal basis

The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.2 Payment Processing

Nature and purpose of data processing

When processing and monitoring payments for paid services, you need to provide us with certain information that may contain personal information, such as Profile Data, Company Name, VAT Company Address.

Legal basis

The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will process your personal information only as long as we need to. However, given applicable tax laws, usually we will keep records of payments for 10 years.

3.3 Product Improvement

Nature and purpose of data processing

Acapela uses in-app tracking tools to see how users use Acapela to improve the Acapela experience. We will process the following information: usage data (logfiles, user ID, device data), device type.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


3.4 Error Tracking

Nature and purpose of data processing

We use services to track errors in Acapela and monitor the availability of the service. In order to do this, we need to process the following information: profile data and usage data (logfiles, device data).

Legal basis

When personal data are processed the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and app security.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.5 Basic Customer Support

Nature and purpose of data processing

You can send in requests to customer support for troubleshooting or bugs they may find when using the service. In order to answer basic customer support requests, which do not include access to your files, we use profile data, and usage Data (logfiles, device data), as well as company data to answer your query.

Legal basis

When personal data are processed the legal basis for this is Art. 6 (1) b. GDPR and it is based on the fulfillment of our service contract.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.6 Customer Support with File Access

Nature and purpose of data processing

You can send in requests to customer support for troubleshooting or bugs they may find when using the service. In order to answer specific customer support requests, we may need access to your files and any information stored therein, as well as use profile data, and usage Data (logfiles, device data), as well as company data to answer your query.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

If personal data like the content of a chat is shared with us, we delete it as soon as the issue is resolved.

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time via email to hello@acape.la.


3.7 Fonts

Nature and purpose of data processing

In order to correctly display our application, certain fonts need to be downloaded from web servers. In order to perform this action, the IP address of the user is processed.

Legal basis

When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and functionality of our app.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.8 Product News

Nature and purpose of data processing

Based on feature use and user activity, we may offer news and updates about features of our app in order to improve user experience.

The legal basis for sending news based on users’ actions is Article 6 (1) a. GDPR.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time by clicking unsubscribe on the product news email.


3.9 Feature Requests / Feedback

Nature and purpose of data processing

We collect feedback and suggestions for new features of our product. If you want to give us feedback or suggest a new feature, you need to create an Canny account and we will process your name, email, as well as a generated user ID.

The legal basis for collecting feedback and feature requests is either the performance of an agreement with you (Art. 6 (1) b GDPR) or our legitimate interests in improving our product.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

The data is stored for as long as your account is active. In order to delete data, you need to delete your account.


4. Third-Party Integrations


4.1 Google Calendar

Should you use the Google Calendar integration in Acapela, we will have the ability to view the public details of the events you have in your Google Calendar, the public information of your Google account, and your Google email address. Both Acapela and Google will remain responsible for the respective personal data within each company's systems.

File authorization is granted on a per-user basis and can be revoked when the user deauthorizes Acapela in their Google Account Settings. We only use this data to import Google Calendar in Acapela (legal basis: Art. 6 (1) a GDPR). You can find further information about the processing of your data by Google under the following link: https://developers.google.com/terms/api-services-user-data-policy.


4.2 Slack

Should you use the Slack integration in Acapela, we will have the ability to view the Slack conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Slack will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.3 Asana

Should you use the Asana integration in Acapela, we will have the ability to view the Asana conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Asan will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.4 Figma

Should you use the Figma integration in Acapela, we will have the ability to view the Figma conversations and comments you receive. We encrypt your API Credentials, before storing them in our database. Both Acapela and Figma will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.5 Linear

Should you use the Linear integration in Acapela, we will have the ability to view the Linear conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Linear will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.6 Notion

Should you use the Notion integration in Acapela, we will have the ability to view your Notion files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and Notion will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.7 Atlassian

Should you use the Atlassian integration in Acapela, we will have the ability to view your Atassian files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and Atlassian will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.8 ClickUp

Should you use the ClickUp integration in Acapela, we will have the ability to view your Clickup files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and ClickUp will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


5. Cookies

Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective, and safer. Cookies are small text files which are stored on your device and in your browser.

Most of the cookies we use are so-called session cookies. After the end of the session these cookies will be deleted automatically. The session cookies are used in order to associate successive page requests with the individual users, who at the same time access our Website. Other cookies will be stored on your device until you delete them. These cookies enable us to recognize your browser during your next visit.

By clicking "Agree" in the cookie banner appearing on your screen when visiting acapela.com for the first time you agree that all or specific cookies set out in this clause will be set. This applies to essential cookies, performance, and marketing cookies; essential cookies are such cookies which are necessary to correctly display the Website and/or carry out its basic functionalities. If you, however, choose to not agree with our usage of non-essential cookies (performance and marketing) – either by ignoring the banner or by clicking more options and deselecting marketing and performance cookies– only essential cookies will be set. Your decision will be stored in one cookie which is used to recognize your browser during your next visit, so you will not be asked again until you decide to delete this cookie. Instructions from opting out of performance and/or marketing cookies after you first visit on the website are found on §2.9.

You can adjust your browser to notify you, before you receive a cookie or to decide to accept cookies on a case-by-case basis, to completely or partly exclude all incoming cookies and to activate the deletion of cookies automatically when the browser is closed. You may manage many online advertisement cookies provided by companies via the American web page http://www.aboutads.info/choices/ or the web page of the European Union http://www.youronlinechoices.com/uk/your-ad-choices/. We would like to inform you that the usage and especially the convenience of usage without using any cookies may be limited.

In the event personal data are processed such processing is based on Art. 6 (1) a. GDPR.

Furthermore, it is possible to prevent the acquisition and processing of data generated by the "cookies" in relation to the use of this website, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

Opt-out: https://adssettings.google.com/authenticated


6. Data Processing on our Social Media Pages

We operate pages on the following social media channels:

Facebook: facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: https://www.facebook.com/policy.php,

Instagram: instagram.com or mobile app by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: http://instagram.com/about/legal/privacy/;

Twitter: twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please also refer to privacy policy: https://twitter.com/en/privacy,

LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department -- Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please also refer to: https://www.linkedin.com/legal/privacy-policy

When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.

The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such provider has direct access to the relevant information on the social media page and the processing of your data. However, you are also welcome to contact us if this should become necessary and we will then forward the request to them.

When using Facebook, Instagram, Twitter, or LinkedIn data may also be processed outside the EU.


6.1 Data Processing and Legal Basis

With our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to answer or communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 (1) f GDPR).


6.2 Facebook

Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at https://www.facebook.com/business/a/page/page-insights.

Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.

Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/

As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.


6.3 Instagram

When using Instagram and you have an account there, Instagram can assign your activities to your profiles there. Instagram and we use the Instagram Insights function to process statistical data from users of our Instagram pages (see also for Facebook which is connected to the provider of Instagram the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'Instagram Insights' which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content.

Evaluations and statistics are generated in the form of Instagram Insights from the usage data of the Instagram pages, which support us in improving our marketing activities and our external presence. Instagram Insights lets us learn more about our users and the performance of our content with you as audience. For this purpose, Instagram provides us with statistics on specific posts and stories created to find out how users interacted with them. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Instagram on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Instagram also uses cookies and similar technologies. For more information please refer to: http://instagram.com/about/legal/privacy/

As an Instagram user, you can at any time influence how your user behavior is recorded when you visit Instagram pages. To do this, you can manage the settings for advertising preferences in your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/. Instagram also provides opportunities to contact or exercise rights at https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.


7. Questions?

For further information you may contact us any time, for example via email to hello@acape.la.



Last Updated: June 7, 2022 (Version 1.1)

1. General Information regarding Data Processing

1.1 Acapela as Data Controller

Data controller is Acapela GmbH, Torstraße 92, 10119 Berlin/Germany, registered with the commercial register at local court of Charlottenburg under HRB 221267 B, represented by the managing directors Roland Grenke and Heiki Riesenkampf, email: hello@acape.la, VAT-ID DE335356134 ("we/us" or "Acapela").

You can contact our appointed data protection officer:

Heiki Riesenkampf, hello@acape.la


1.2 Scope of Data Processing

Personal data are any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).


1.3 Your Rights

In accordance with the statutory provisions, you as the data subject have the following rights:

the right to access,

the right to rectification or erasure,

the right to restriction of processing,

the right to data portability,

If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future,

You may object to the processing of your personal data, if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.

To exercise these rights named above you may contact us at any, for example via email to hello@acape.la.

You have also the right to lodge a complaint with a supervisory authority at your choice (for example: Berliner Beauftragte für Datenschutz und Informationsfreiheit https://www.datenschutz-berlin.de/kontakt.html).

An overview of the Data Protection Authorities may be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080


1.4 Storing and Deleting Data

The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.


1.5 Profiling and automated decision making

We do not use automated decision-making including profiling when processing data concerning our Website or Platform.


1.6 Data Security

For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures.


1.7 Data Processing by Third Parties / Data Processing outside the EU

We may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured. A list of the data processors processing data outside the EU and corresponding information is available by request via email to hello@acape.la.


2. Data processing on our website


2.1 Server Logs

Nature and purpose of data processing

We collect data on each visit to our website acapela.com ("Website") (so-called Server log files), which include:

Name of the Website visited, date and time of the visit, data amount transferred, information on a successful call, browser type as well as version, operating system of the user, referrer URL (the page visited before), IP address and the requesting provider as well as the following, if a mobile end device is being used:

country code, language, name of device, name and version of operating system.

We use these server log files only for statistical evaluations for the purpose of optimizing our services and in order to guarantee the stability and operational security of the Website.

Legal basis

When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

The log files and IP addresses of website visitors, which we process as described below, are deleted within 30 days.


2.2 Newsletter

Nature and purpose of data processing

When registering for the newsletter, you have to provide an email address and your name. In our newsletter we inform you about our services and products also described on our Website. In case of registration for the newsletter we also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration. We also analyze how users consume our newsletter. This includes tracking of newsletter openings and how the newsletter is consumed.

Legal basis

The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 (1) a GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will process your personal information until your consent is revoked.

Revocation of consent

If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data through such newsletters please use the "unsubscribe" link contained in each newsletter or send us an email to hello@acape.la.


2.3 Careers Section on our Website

Nature and purpose of data processing

We will process your data through the careers section of the Website, if you apply to an open position at Acapela.

In order to submit your application you need to provide your name, email address, as well as your resume and/or CV.

We may also ask for additional information to assist us with our recruitment process and in the event, you are offered a job. Such data may include date of birth, telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with us.

You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at Acapela or otherwise). In those circumstances, you will need to check with that person that they are happy for you to share their personal information with us, and for us to use it in accordance with this privacy policy.

In particular, we use your data:

To get in touch with you, communicate with you, update you and to facilitate your application;

To respond to your questions or concerns;

To carry out vetting of staff members by contacting references (where required);

To assist in any disputes, claims or investigations relating to your application, or

To comply with our legal, regulatory, and professional obligations.

If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with our recruiting processes or keep you informed about future opportunities.

Legal basis

We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 (1) b. GDPR) or -- as applicable -- for the purpose of the employment relationship with you (Section 26 BDSG).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will store your information for 6 months after notification that we could not retain your application for a position at Acapela.


2.4 Talent Pool

Nature and purpose of data processing

If we cannot offer you a position immediately based on your application, we might want to keep you informed about other opportunities in the future. In order to do so, we need to keep the information specified under 2.3.

Legal basis

We process your data based on your consent (based on Art. 6 (1) a. GDPR.

Recipients and transfer to third countries

(see 2.3)

Storage duration

With your explicit consent to contact you for further opportunities, we will process your information no longer than 2 years.

Revocation of consent

You may withdraw such consent with effect for the future at any time via email to join@acape.la.


2.5 Contacting Us

Nature and purpose of data processing

If you send us an e-mail or contact us via an online form, your contact data, name, email address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions.

Legal basis

These data are processed only on the basis of our legitimate interests to offer efficient communications channels to the public (Art. 6 (1) f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

With your explicit consent to contact you for further opportunities, we will process your information no longer than 2 years.


2.6 Website Analytics

Nature and purpose of data processing

This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the site that do not identify specific individuals. Analysis cookies transmit your IP address to a service provider for this purpose.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


2.7 Advertisement (conversion tracking and retargeting)

Nature and purpose of data processing

We use cookie-based technologies to help us deliver more effective and personalized ads.

This enables us to determine visitors to our online offer as a target group for the display of advertisements (so-called "targeted advertisement"). We can further track the effectiveness of our online advertisements by seeing whether users were redirected to our website after clicking on such advertisements (so-called "conversion tracking"). We may also use service providers to identify users that have visited our site as potential customers and recipients of advertisements (so-called “retargeting”).

For the above mentioned we process an unique online identifier, your IP-address as well as information regarding buttons clicked, the names of these buttons, and all pages visited based on the button clicks.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Retention Period

The data will be deleted after one year.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


2.8 User Surveys

Nature and purpose of data processing

We sometimes perform online surveys related to our products in order to gain insights and improve our services. When completing a survey on our Website, we process your email address and your entered answers.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Retention Period

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time via email to hello@acape.la.


3. Data processing in connection with our App (Desktop, Web, and Mobile)


3.1 Registration and Sign-in

Nature and purpose of data processing

When you register for an account or sign-in to an existing account, Acapela needs to process certain personal data such as Profile data (user name, email) IP address Company Data.

Legal basis

The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.2 Payment Processing

Nature and purpose of data processing

When processing and monitoring payments for paid services, you need to provide us with certain information that may contain personal information, such as Profile Data, Company Name, VAT Company Address.

Legal basis

The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will process your personal information only as long as we need to. However, given applicable tax laws, usually we will keep records of payments for 10 years.

3.3 Product Improvement

Nature and purpose of data processing

Acapela uses in-app tracking tools to see how users use Acapela to improve the Acapela experience. We will process the following information: usage data (logfiles, user ID, device data), device type.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


3.4 Error Tracking

Nature and purpose of data processing

We use services to track errors in Acapela and monitor the availability of the service. In order to do this, we need to process the following information: profile data and usage data (logfiles, device data).

Legal basis

When personal data are processed the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and app security.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.5 Basic Customer Support

Nature and purpose of data processing

You can send in requests to customer support for troubleshooting or bugs they may find when using the service. In order to answer basic customer support requests, which do not include access to your files, we use profile data, and usage Data (logfiles, device data), as well as company data to answer your query.

Legal basis

When personal data are processed the legal basis for this is Art. 6 (1) b. GDPR and it is based on the fulfillment of our service contract.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.6 Customer Support with File Access

Nature and purpose of data processing

You can send in requests to customer support for troubleshooting or bugs they may find when using the service. In order to answer specific customer support requests, we may need access to your files and any information stored therein, as well as use profile data, and usage Data (logfiles, device data), as well as company data to answer your query.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

If personal data like the content of a chat is shared with us, we delete it as soon as the issue is resolved.

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time via email to hello@acape.la.


3.7 Fonts

Nature and purpose of data processing

In order to correctly display our application, certain fonts need to be downloaded from web servers. In order to perform this action, the IP address of the user is processed.

Legal basis

When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and functionality of our app.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.8 Product News

Nature and purpose of data processing

Based on feature use and user activity, we may offer news and updates about features of our app in order to improve user experience.

The legal basis for sending news based on users’ actions is Article 6 (1) a. GDPR.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time by clicking unsubscribe on the product news email.


3.9 Feature Requests / Feedback

Nature and purpose of data processing

We collect feedback and suggestions for new features of our product. If you want to give us feedback or suggest a new feature, you need to create an Canny account and we will process your name, email, as well as a generated user ID.

The legal basis for collecting feedback and feature requests is either the performance of an agreement with you (Art. 6 (1) b GDPR) or our legitimate interests in improving our product.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

The data is stored for as long as your account is active. In order to delete data, you need to delete your account.


4. Third-Party Integrations


4.1 Google Calendar

Should you use the Google Calendar integration in Acapela, we will have the ability to view the public details of the events you have in your Google Calendar, the public information of your Google account, and your Google email address. Both Acapela and Google will remain responsible for the respective personal data within each company's systems.

File authorization is granted on a per-user basis and can be revoked when the user deauthorizes Acapela in their Google Account Settings. We only use this data to import Google Calendar in Acapela (legal basis: Art. 6 (1) a GDPR). You can find further information about the processing of your data by Google under the following link: https://developers.google.com/terms/api-services-user-data-policy.


4.2 Slack

Should you use the Slack integration in Acapela, we will have the ability to view the Slack conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Slack will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.3 Asana

Should you use the Asana integration in Acapela, we will have the ability to view the Asana conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Asan will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.4 Figma

Should you use the Figma integration in Acapela, we will have the ability to view the Figma conversations and comments you receive. We encrypt your API Credentials, before storing them in our database. Both Acapela and Figma will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.5 Linear

Should you use the Linear integration in Acapela, we will have the ability to view the Linear conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Linear will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.6 Notion

Should you use the Notion integration in Acapela, we will have the ability to view your Notion files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and Notion will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.7 Atlassian

Should you use the Atlassian integration in Acapela, we will have the ability to view your Atassian files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and Atlassian will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.8 ClickUp

Should you use the ClickUp integration in Acapela, we will have the ability to view your Clickup files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and ClickUp will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


5. Cookies

Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective, and safer. Cookies are small text files which are stored on your device and in your browser.

Most of the cookies we use are so-called session cookies. After the end of the session these cookies will be deleted automatically. The session cookies are used in order to associate successive page requests with the individual users, who at the same time access our Website. Other cookies will be stored on your device until you delete them. These cookies enable us to recognize your browser during your next visit.

By clicking "Agree" in the cookie banner appearing on your screen when visiting acapela.com for the first time you agree that all or specific cookies set out in this clause will be set. This applies to essential cookies, performance, and marketing cookies; essential cookies are such cookies which are necessary to correctly display the Website and/or carry out its basic functionalities. If you, however, choose to not agree with our usage of non-essential cookies (performance and marketing) – either by ignoring the banner or by clicking more options and deselecting marketing and performance cookies– only essential cookies will be set. Your decision will be stored in one cookie which is used to recognize your browser during your next visit, so you will not be asked again until you decide to delete this cookie. Instructions from opting out of performance and/or marketing cookies after you first visit on the website are found on §2.9.

You can adjust your browser to notify you, before you receive a cookie or to decide to accept cookies on a case-by-case basis, to completely or partly exclude all incoming cookies and to activate the deletion of cookies automatically when the browser is closed. You may manage many online advertisement cookies provided by companies via the American web page http://www.aboutads.info/choices/ or the web page of the European Union http://www.youronlinechoices.com/uk/your-ad-choices/. We would like to inform you that the usage and especially the convenience of usage without using any cookies may be limited.

In the event personal data are processed such processing is based on Art. 6 (1) a. GDPR.

Furthermore, it is possible to prevent the acquisition and processing of data generated by the "cookies" in relation to the use of this website, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

Opt-out: https://adssettings.google.com/authenticated


6. Data Processing on our Social Media Pages

We operate pages on the following social media channels:

Facebook: facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: https://www.facebook.com/policy.php,

Instagram: instagram.com or mobile app by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: http://instagram.com/about/legal/privacy/;

Twitter: twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please also refer to privacy policy: https://twitter.com/en/privacy,

LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department -- Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please also refer to: https://www.linkedin.com/legal/privacy-policy

When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.

The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such provider has direct access to the relevant information on the social media page and the processing of your data. However, you are also welcome to contact us if this should become necessary and we will then forward the request to them.

When using Facebook, Instagram, Twitter, or LinkedIn data may also be processed outside the EU.


6.1 Data Processing and Legal Basis

With our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to answer or communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 (1) f GDPR).


6.2 Facebook

Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at https://www.facebook.com/business/a/page/page-insights.

Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.

Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/

As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.


6.3 Instagram

When using Instagram and you have an account there, Instagram can assign your activities to your profiles there. Instagram and we use the Instagram Insights function to process statistical data from users of our Instagram pages (see also for Facebook which is connected to the provider of Instagram the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'Instagram Insights' which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content.

Evaluations and statistics are generated in the form of Instagram Insights from the usage data of the Instagram pages, which support us in improving our marketing activities and our external presence. Instagram Insights lets us learn more about our users and the performance of our content with you as audience. For this purpose, Instagram provides us with statistics on specific posts and stories created to find out how users interacted with them. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Instagram on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Instagram also uses cookies and similar technologies. For more information please refer to: http://instagram.com/about/legal/privacy/

As an Instagram user, you can at any time influence how your user behavior is recorded when you visit Instagram pages. To do this, you can manage the settings for advertising preferences in your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/. Instagram also provides opportunities to contact or exercise rights at https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.


7. Questions?

For further information you may contact us any time, for example via email to hello@acape.la.



Last Updated: June 7, 2022 (Version 1.1)

1. General Information regarding Data Processing

1.1 Acapela as Data Controller

Data controller is Acapela GmbH, Torstraße 92, 10119 Berlin/Germany, registered with the commercial register at local court of Charlottenburg under HRB 221267 B, represented by the managing directors Roland Grenke and Heiki Riesenkampf, email: hello@acape.la, VAT-ID DE335356134 ("we/us" or "Acapela").

You can contact our appointed data protection officer:

Heiki Riesenkampf, hello@acape.la


1.2 Scope of Data Processing

Personal data are any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).


1.3 Your Rights

In accordance with the statutory provisions, you as the data subject have the following rights:

the right to access,

the right to rectification or erasure,

the right to restriction of processing,

the right to data portability,

If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future,

You may object to the processing of your personal data, if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.

To exercise these rights named above you may contact us at any, for example via email to hello@acape.la.

You have also the right to lodge a complaint with a supervisory authority at your choice (for example: Berliner Beauftragte für Datenschutz und Informationsfreiheit https://www.datenschutz-berlin.de/kontakt.html).

An overview of the Data Protection Authorities may be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080


1.4 Storing and Deleting Data

The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.


1.5 Profiling and automated decision making

We do not use automated decision-making including profiling when processing data concerning our Website or Platform.


1.6 Data Security

For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures.


1.7 Data Processing by Third Parties / Data Processing outside the EU

We may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured. A list of the data processors processing data outside the EU and corresponding information is available by request via email to hello@acape.la.


2. Data processing on our website


2.1 Server Logs

Nature and purpose of data processing

We collect data on each visit to our website acapela.com ("Website") (so-called Server log files), which include:

Name of the Website visited, date and time of the visit, data amount transferred, information on a successful call, browser type as well as version, operating system of the user, referrer URL (the page visited before), IP address and the requesting provider as well as the following, if a mobile end device is being used:

country code, language, name of device, name and version of operating system.

We use these server log files only for statistical evaluations for the purpose of optimizing our services and in order to guarantee the stability and operational security of the Website.

Legal basis

When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

The log files and IP addresses of website visitors, which we process as described below, are deleted within 30 days.


2.2 Newsletter

Nature and purpose of data processing

When registering for the newsletter, you have to provide an email address and your name. In our newsletter we inform you about our services and products also described on our Website. In case of registration for the newsletter we also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration. We also analyze how users consume our newsletter. This includes tracking of newsletter openings and how the newsletter is consumed.

Legal basis

The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 (1) a GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will process your personal information until your consent is revoked.

Revocation of consent

If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data through such newsletters please use the "unsubscribe" link contained in each newsletter or send us an email to hello@acape.la.


2.3 Careers Section on our Website

Nature and purpose of data processing

We will process your data through the careers section of the Website, if you apply to an open position at Acapela.

In order to submit your application you need to provide your name, email address, as well as your resume and/or CV.

We may also ask for additional information to assist us with our recruitment process and in the event, you are offered a job. Such data may include date of birth, telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with us.

You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at Acapela or otherwise). In those circumstances, you will need to check with that person that they are happy for you to share their personal information with us, and for us to use it in accordance with this privacy policy.

In particular, we use your data:

To get in touch with you, communicate with you, update you and to facilitate your application;

To respond to your questions or concerns;

To carry out vetting of staff members by contacting references (where required);

To assist in any disputes, claims or investigations relating to your application, or

To comply with our legal, regulatory, and professional obligations.

If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with our recruiting processes or keep you informed about future opportunities.

Legal basis

We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 (1) b. GDPR) or -- as applicable -- for the purpose of the employment relationship with you (Section 26 BDSG).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will store your information for 6 months after notification that we could not retain your application for a position at Acapela.


2.4 Talent Pool

Nature and purpose of data processing

If we cannot offer you a position immediately based on your application, we might want to keep you informed about other opportunities in the future. In order to do so, we need to keep the information specified under 2.3.

Legal basis

We process your data based on your consent (based on Art. 6 (1) a. GDPR.

Recipients and transfer to third countries

(see 2.3)

Storage duration

With your explicit consent to contact you for further opportunities, we will process your information no longer than 2 years.

Revocation of consent

You may withdraw such consent with effect for the future at any time via email to join@acape.la.


2.5 Contacting Us

Nature and purpose of data processing

If you send us an e-mail or contact us via an online form, your contact data, name, email address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions.

Legal basis

These data are processed only on the basis of our legitimate interests to offer efficient communications channels to the public (Art. 6 (1) f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

With your explicit consent to contact you for further opportunities, we will process your information no longer than 2 years.


2.6 Website Analytics

Nature and purpose of data processing

This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the site that do not identify specific individuals. Analysis cookies transmit your IP address to a service provider for this purpose.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


2.7 Advertisement (conversion tracking and retargeting)

Nature and purpose of data processing

We use cookie-based technologies to help us deliver more effective and personalized ads.

This enables us to determine visitors to our online offer as a target group for the display of advertisements (so-called "targeted advertisement"). We can further track the effectiveness of our online advertisements by seeing whether users were redirected to our website after clicking on such advertisements (so-called "conversion tracking"). We may also use service providers to identify users that have visited our site as potential customers and recipients of advertisements (so-called “retargeting”).

For the above mentioned we process an unique online identifier, your IP-address as well as information regarding buttons clicked, the names of these buttons, and all pages visited based on the button clicks.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Retention Period

The data will be deleted after one year.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


2.8 User Surveys

Nature and purpose of data processing

We sometimes perform online surveys related to our products in order to gain insights and improve our services. When completing a survey on our Website, we process your email address and your entered answers.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Retention Period

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time via email to hello@acape.la.


3. Data processing in connection with our App (Desktop, Web, and Mobile)


3.1 Registration and Sign-in

Nature and purpose of data processing

When you register for an account or sign-in to an existing account, Acapela needs to process certain personal data such as Profile data (user name, email) IP address Company Data.

Legal basis

The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.2 Payment Processing

Nature and purpose of data processing

When processing and monitoring payments for paid services, you need to provide us with certain information that may contain personal information, such as Profile Data, Company Name, VAT Company Address.

Legal basis

The data processing for creating or accessing your account as described above is based on and necessary for fulfilling a contract (Art. 6 (1) b GDPR).

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

We will process your personal information only as long as we need to. However, given applicable tax laws, usually we will keep records of payments for 10 years.

3.3 Product Improvement

Nature and purpose of data processing

Acapela uses in-app tracking tools to see how users use Acapela to improve the Acapela experience. We will process the following information: usage data (logfiles, user ID, device data), device type.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.

Transfer to third countries

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Withdrawal of Consent

You can withdraw your consent at any time by clicking "Manage cookie settings" below. An opt-out cookie will be installed on your device. This will prevent collection in the future as long as the cookie remains installed in your browser.


3.4 Error Tracking

Nature and purpose of data processing

We use services to track errors in Acapela and monitor the availability of the service. In order to do this, we need to process the following information: profile data and usage data (logfiles, device data).

Legal basis

When personal data are processed the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and app security.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.5 Basic Customer Support

Nature and purpose of data processing

You can send in requests to customer support for troubleshooting or bugs they may find when using the service. In order to answer basic customer support requests, which do not include access to your files, we use profile data, and usage Data (logfiles, device data), as well as company data to answer your query.

Legal basis

When personal data are processed the legal basis for this is Art. 6 (1) b. GDPR and it is based on the fulfillment of our service contract.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.6 Customer Support with File Access

Nature and purpose of data processing

You can send in requests to customer support for troubleshooting or bugs they may find when using the service. In order to answer specific customer support requests, we may need access to your files and any information stored therein, as well as use profile data, and usage Data (logfiles, device data), as well as company data to answer your query.

Legal basis

The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

If personal data like the content of a chat is shared with us, we delete it as soon as the issue is resolved.

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time via email to hello@acape.la.


3.7 Fonts

Nature and purpose of data processing

In order to correctly display our application, certain fonts need to be downloaded from web servers. In order to perform this action, the IP address of the user is processed.

Legal basis

When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and functionality of our app.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.


3.8 Product News

Nature and purpose of data processing

Based on feature use and user activity, we may offer news and updates about features of our app in order to improve user experience.

The legal basis for sending news based on users’ actions is Article 6 (1) a. GDPR.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Withdrawal of Consent

You may withdraw such consent with effect for the future at any time by clicking unsubscribe on the product news email.


3.9 Feature Requests / Feedback

Nature and purpose of data processing

We collect feedback and suggestions for new features of our product. If you want to give us feedback or suggest a new feature, you need to create an Canny account and we will process your name, email, as well as a generated user ID.

The legal basis for collecting feedback and feature requests is either the performance of an agreement with you (Art. 6 (1) b GDPR) or our legitimate interests in improving our product.

Recipients

Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer

The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration

The data is stored for as long as your account is active. In order to delete data, you need to delete your account.


4. Third-Party Integrations


4.1 Google Calendar

Should you use the Google Calendar integration in Acapela, we will have the ability to view the public details of the events you have in your Google Calendar, the public information of your Google account, and your Google email address. Both Acapela and Google will remain responsible for the respective personal data within each company's systems.

File authorization is granted on a per-user basis and can be revoked when the user deauthorizes Acapela in their Google Account Settings. We only use this data to import Google Calendar in Acapela (legal basis: Art. 6 (1) a GDPR). You can find further information about the processing of your data by Google under the following link: https://developers.google.com/terms/api-services-user-data-policy.


4.2 Slack

Should you use the Slack integration in Acapela, we will have the ability to view the Slack conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Slack will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.3 Asana

Should you use the Asana integration in Acapela, we will have the ability to view the Asana conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Asan will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.4 Figma

Should you use the Figma integration in Acapela, we will have the ability to view the Figma conversations and comments you receive. We encrypt your API Credentials, before storing them in our database. Both Acapela and Figma will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.5 Linear

Should you use the Linear integration in Acapela, we will have the ability to view the Linear conversations you have through Acapela. We encrypt your API Credentials, before storing them in our database. Both Acapela and Linear will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.6 Notion

Should you use the Notion integration in Acapela, we will have the ability to view your Notion files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and Notion will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.7 Atlassian

Should you use the Atlassian integration in Acapela, we will have the ability to view your Atassian files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and Atlassian will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


4.8 ClickUp

Should you use the ClickUp integration in Acapela, we will have the ability to view your Clickup files and conversations. We encrypt your API Credentials, before storing them in our database. Both Acapela and ClickUp will remain responsible for the respective personal data within each company's systems.

Access authorization is granted on a per-user basis and can be revoked when the user selects ''Disconnect'' in Acapela’s user interface. We only use this data to offer you the Acapela serivce (legal basis: Art. 6 (1) a GDPR).


5. Cookies

Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective, and safer. Cookies are small text files which are stored on your device and in your browser.

Most of the cookies we use are so-called session cookies. After the end of the session these cookies will be deleted automatically. The session cookies are used in order to associate successive page requests with the individual users, who at the same time access our Website. Other cookies will be stored on your device until you delete them. These cookies enable us to recognize your browser during your next visit.

By clicking "Agree" in the cookie banner appearing on your screen when visiting acapela.com for the first time you agree that all or specific cookies set out in this clause will be set. This applies to essential cookies, performance, and marketing cookies; essential cookies are such cookies which are necessary to correctly display the Website and/or carry out its basic functionalities. If you, however, choose to not agree with our usage of non-essential cookies (performance and marketing) – either by ignoring the banner or by clicking more options and deselecting marketing and performance cookies– only essential cookies will be set. Your decision will be stored in one cookie which is used to recognize your browser during your next visit, so you will not be asked again until you decide to delete this cookie. Instructions from opting out of performance and/or marketing cookies after you first visit on the website are found on §2.9.

You can adjust your browser to notify you, before you receive a cookie or to decide to accept cookies on a case-by-case basis, to completely or partly exclude all incoming cookies and to activate the deletion of cookies automatically when the browser is closed. You may manage many online advertisement cookies provided by companies via the American web page http://www.aboutads.info/choices/ or the web page of the European Union http://www.youronlinechoices.com/uk/your-ad-choices/. We would like to inform you that the usage and especially the convenience of usage without using any cookies may be limited.

In the event personal data are processed such processing is based on Art. 6 (1) a. GDPR.

Furthermore, it is possible to prevent the acquisition and processing of data generated by the "cookies" in relation to the use of this website, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

Opt-out: https://adssettings.google.com/authenticated


6. Data Processing on our Social Media Pages

We operate pages on the following social media channels:

Facebook: facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: https://www.facebook.com/policy.php,

Instagram: instagram.com or mobile app by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: http://instagram.com/about/legal/privacy/;

Twitter: twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please also refer to privacy policy: https://twitter.com/en/privacy,

LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department -- Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please also refer to: https://www.linkedin.com/legal/privacy-policy

When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.

The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such provider has direct access to the relevant information on the social media page and the processing of your data. However, you are also welcome to contact us if this should become necessary and we will then forward the request to them.

When using Facebook, Instagram, Twitter, or LinkedIn data may also be processed outside the EU.


6.1 Data Processing and Legal Basis

With our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to answer or communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 (1) f GDPR).


6.2 Facebook

Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at https://www.facebook.com/business/a/page/page-insights.

Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.

Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/

As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.


6.3 Instagram

When using Instagram and you have an account there, Instagram can assign your activities to your profiles there. Instagram and we use the Instagram Insights function to process statistical data from users of our Instagram pages (see also for Facebook which is connected to the provider of Instagram the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'Instagram Insights' which are described in more detail at https://help.instagram.com/788388387972460?helpref=faq_content.

Evaluations and statistics are generated in the form of Instagram Insights from the usage data of the Instagram pages, which support us in improving our marketing activities and our external presence. Instagram Insights lets us learn more about our users and the performance of our content with you as audience. For this purpose, Instagram provides us with statistics on specific posts and stories created to find out how users interacted with them. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Instagram on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Instagram also uses cookies and similar technologies. For more information please refer to: http://instagram.com/about/legal/privacy/

As an Instagram user, you can at any time influence how your user behavior is recorded when you visit Instagram pages. To do this, you can manage the settings for advertising preferences in your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/. Instagram also provides opportunities to contact or exercise rights at https://help.instagram.com/contact/1845713985721890 or http://instagram.com/about/legal/privacy/.


7. Questions?

For further information you may contact us any time, for example via email to hello@acape.la.



Last Updated: June 7, 2022 (Version 1.1)

© 2022, Acapela GmbH. All rights reserved.