Privacy Statement

Privacy Policy

Thank you for visiting our website and for your interest in our Services. For aklamio GmbH (hereinafter also referred to as “Aklamio”, “we”, “us”, “our”) the protection and confidentiality of your data is very important.

In this Data Privacy Declaration, we inform you about the type, scope, purpose, recipient and legal basis of the personal data processed by us in connection with our services (hereinafter collectively referred to as “Services”), which we offer at www.aklamio.com or other websites orr apps (hereinafter collectively referred to as the “Platforms”) which incorporate this Privacy Policy. Furthermore, we inform you about your rights.

Personal data are all information relating to an identified or identifiable natural person (Art. 4 No. 1 EU General Data Protection Regulation (hereinafter referred to as “GDPR”)). This includes information such as your name, e-mail address, postal address or telephone number. Information that is not directly associated with your identity, such as anonymous Internet traffic data (e.g. the number of visits to a website), is not included here.

1. Who is responsible for the processing of my data?

The person responsible within the meaning of the GDPR and other national data protection laws of the EU member states as well as other data protection regulations is:

aklamio GmbH
Hauptstraße 27-29
Haus 9 (Neubau) Aufgang N
10827 Berlin, Germany
Phone: +44 (0) 2080 689 760
E-mail: contact@aklamio.com

We offer our referral and cashback campaigns together with various customer companies (‘Customers’). The respective Customer is the provider of the promotion in which you participate. You can obtain more detailed information about how our Customers process personal data, directly from them, e.g. on their websites or apps. You can find more information about how we process your personal data together with our Customers, how we protect your data and about your data subject rights in this data Privacy Policy in Sections 3.3, 4.2 and 7.

2. Contact Details of our Data Protection Officer

You can reach our data protection officer at the following contact details:

PROLIANCE GmbH datenschutzexperte.de
Leopoldstr. 21
80802 München, Germany
E-mail: datenschutzbeauftragter@datenschutzexperte.de

3. General Information on Data Processing

3.1. Scope of the processing and its legal basis

Please note that use of our Platforms is not intended for or directed at persons under the age of 18. We do not knowingly collect personal information from anyone under the age of 18.

We collect and use personal data only to the extent necessary to provide our Platforms and Services and to ensure their functionality. If the processing of personal data is necessary and such processing is not permitted by a legal basis, we generally obtain the consent of the data subject.

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

Is the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3.2. Storage and Deletion of Data

We process and store personal data of the data subject only for the period necessary to achieve the purpose of storage or insofar as this has been provided for by the European Directive and Regulation Giver or another legislator in laws or regulations to which the controller is subject.

If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation bodies or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.

3.3 Recipients of the Data-Processors

In principle, we only process personal data within our company. If and to the extent that we make use of the Services of third parties to provide our Services, we will only transfer personal data to such third parties to the extent that the transfer is necessary for the corresponding service and to the extent that a legal basis exists for the transfer.

In the event that we outsource certain parts of data processing (so-called “data processing”), we contractually oblige contractors to process personal data only in accordance with the requirements of the GDPR and the applicable national data protection laws and to protect the rights of third parties.

Information on existing data processing relationships is summarized in Section 6 for the sake of clarity.

3.3.1. Joint Controllership with Our Customers (Art. 13 & 26 GDPR)

This section provides you with information required under Article 13 and Article 26 of the GDPR regarding this specific joint processing activity.

The purpose of this joint processing is strictly limited to the evaluation, verification, collection, processing, and fulfilment of the reward or cashback you are eligible for based on your interaction (e.g., recommendation, purchase etc…).

The legal basis for this joint processing is typically the necessity to perform the contract related to the reward or cashback program (Art. 6(1)(b) GDPR).

If you use our recommendation or cashback services, i.e., make recommendations for Aklamio or for offers of our Customers, or if you place orders yourself in order to receive rewards or cashback, we and our Customer automatically process personal data in this context that are required for the identification and verification of the reward.

Aklamio GmbH and each respective Customer are joint controllers for the processing of personal data required for the evaluation, collection, and processing of the reward or cashback. We have entered into joint controller agreements with all our Customers to delineate our respective responsibilities under GDPR.

The Customer is primarily responsible for the processing of your personal data on its own website, including the initial transfer to Aklamio related to the promotions offered. Aklamio is primarily responsible for data processing of your personal data when using the Aklamio portal, including any subsequent transfer of your personal data to Customers as described in Section 4.2.

We and our Customers have agreed that you can contact either us or our Customer if you have questions about the protection of your personal data, and we will cooperate in answering them. If you assert claims for correction, deletion, or restriction related to the processing of your data for rewards or cashbacks, we and our Customers will inform each other of this. We or our Partner may object to the deletion only for a justified reason, for example, if it has a legal obligation to retain data, and will otherwise carry out the correction, deletion, or restriction in each case. You will receive confirmation accordingly.

Notwithstanding the aforementioned, Customers and Aklamio are each separately responsible for any further prior processing of your data, in particular for the performance of the respective contracts that you conclude with our customers or with us.

4. Data Processing Activities in Detail

In the following we will inform you about the various ways in which personal data is processed, its purpose and legal basis, and how long it is stored.

4.1. Data Processing in Connection with General Use of our Services

4.1.1. General Access to Our Platforms

We routinely collect a range of general data and information each time we access our Platforms. This data is stored in the so-called log files of our system. We may record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our Platforms (so-called referrer), (4) the sub websites which are accessed via an accessing system on our website, (5) the date and time of access to the Website, (6) the Internet Protocol address (IP address) and the Internet service provider of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

For security purposes, in particular to trace the attack in the event of attacks on our Platforms, we store this data including the IP address for a period of seven days and then make the IP addresses anonymous or delete the data. The IP address is required to set up and during the connection to enable the contents of our Platforms to be delivered to you. The legal basis for the processing and subsequent storage of the IP address is a legitimate interest pursuant to Art. 6 para. 1 f GDPR. The legitimate interest with regard to the transmission of the IP address lies in the fact that this is necessary for the display of the contents of the respective Platform; a display of the website is not possible without the transmission of the IP address. The legitimate interest in limited storage is our security interest.

When using this general data and information we do not draw any conclusions about you as a person. Rather, this information is required to (1) correctly deliver the contents of our Platforms, (2) optimize the contents of our Platforms and the advertising for them, (3) ensure the permanent functionality of our information technology systems and the technology of our Platforms, and (4) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack. This anonymously collected data and information is therefore evaluated by Aklamio both statistically and with the aim of increasing data protection and data security in our company in order ultimately to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the log files are stored separately from all personal data provided by a person concerned. The data will not be passed on to third parties.

4.1.2. Data Processing in Connection with Support Services

Help buttons are provided in our Platforms, which can be used by our users for electronic contact for information and support purposes. By clicking the “Send” button you consent to the transmission of the data entered in the input mask to us. In addition, we save the date and time of your contact. Alternatively, you can contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail and our response will be stored.

The personal data voluntarily transmitted to us in this context serve us for the processing of your inquiry and the establishment of contact with you. The legal basis for the transmission of data is Art. 6 para. 1 lit. a GDPR. We store the data for this purpose until the conversation with you is finished. The conversation is terminated when the circumstances indicate that the facts in question have been finally clarified and that there will be no further questions, especially in the future.

4.1.3. Cookies

We use so-called cookies and similar technologies on our Platforms. For the sake of clarity, the relevant information is summarized in Section 5.

4.2. Data Processing in Connection with the Use of our Services

Aklamio offers you various Services with the aim of sharing the added value for our customers created by your recommendations and purchases. If you wish to use our Services, you must register with Aklamio and create an Aklamio account under which we process personal data. In this section we inform you about the purposes, the respective legal basis, and the storage period of these processes.

4.2.1. Aklamio Account

By registering with Aklamio for the purpose of using our Services, we offer you the option of concluding a contract for the use of our Services on the basis of our Terms of Use. We collect your e-mail address . The e-mail address and your password act as login data for access to your account. Further details about the Aklamio account can be found in our terms of use. In connection with the registration of an Aklamio account and the setting of the various functions, we also store your respective IP address and the date and time at the time of registration or the setting of the respective functions.

Data processing within the scope of this contract is carried out for the following purposes

You can make use of our Services, in particular make recommendations and have cash back processed via our Platforms.
You can get a detailed overview of the status of your bonuses and your account balance;
You can arrange for rewards to be paid out;
You can create a profile with further input options
You can manage the email newsletter function and other notification options.

In connection with every use of the Aklamio account, we automatically process the log-in data in order to prevent misuse or fraudulent use of our Services, to defend against attacks on our system and to ensure and verify the proper performance of the contractual Services at any time.

The legal basis for the storage and use of your personal data in connection with your Aklamio account is the fulfilment of your contract with us, art. 6 par. 1 lit. b GDPR. If you provide certain profile details voluntarily, such as the posting of a profile photo, your consent is the legal basis, Art. 6 para. 1 lit. a GDPR.

We store your personal data for as long as this is necessary to provide the contractually agreed service. The personal data stored by you in your Aklamio account and your profile are available to you for the duration of the contract and are stored by us for this duration. The personal data will be deleted if you do so in relation to individual data or the Aklamio account as a whole, request us to do so accordingly or if the contract ends, i.e. if you or we terminate the contract. Please refer to our Terms of Use for more details.

4.2.2. Registration or Log-In via Facebook, Google

Alternatively, you can register with Aklamio using one of your existing accounts with the following third parties and, if you are already registered, log in at a later time:

Facebook account (“Facebook Connect”). Facebook Connect is an offering of the social network “Facebook”, which is operated by Facebook, Inc. based in 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”). Use of Facebook Connect is subject to Facebook’s Privacy Policy and Terms of Use. When you use Facebook Connect, we gain access to the email that is stored on Facebook and other information that is available in your Facebook profile as public and publicly accessible.
Google Account (“Google Sign-In”). When you register with Aklamio using the Google Sign-In button, we will have access to your Google email address, the name you provided when you created your Google account if applicable.

The data transmitted to us by the respective provider will be processed by us in order to create or update an Aklamio account for you and to make it available to you in accordance with Section 4.2.1.

Since we use the data to create an Aklamio account, the legal basis for processing is the contract for an Aklamio account pursuant to Art. 6 para. 1 lit. b GDPR, as described under 4.2.1. Your personal data will be stored with us for the purposes and duration described in Section 4.2.1.

4.2.3. Newsletters and Similar Messages

You can register to receive newsletters by confirming your account or by clicking on “E-Mail Settings” in your account. In this case we will use your e-mail address to send you our regular newsletter in which we will inform you about interesting topics. The legal basis is your consent according to art. 6 par. 1 lit. a GDPR.

In connection with your newsletter registration, we also store your IP address and the date and time of registration so that we can trace and prove the registration at a later point in time. The legal basis for this storage is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, whereby the legitimate interest is the possibility of proof of registration. We store your email address to send you newsletters until you unsubscribe from the newsletter service or until we stop sending you the newsletter.

We also send you information by email about our Services and campaigns that are similar to those you have already used. The legal basis is a legitimate interest within the meaning of Art. 6 Para. 1 S. 1 f GDPR, namely the pursuit of our business interests.

You can stop receiving newsletters or other messages from us at any time by using the appropriate settings in the notification options in your Aklamio account or by using the corresponding opt-out link contained in each email from us.

4.2.4. Objection against Receiving Commercials

You can object to receiving advertising at any time. If we receive an objection from you to the use of your data for advertising purposes, we can include your personal contact data (name, e-mail address, address, telephone number, fax number if applicable) in a blacklist, with the help of which we ensure that we no longer send you unwanted advertising.

The legal basis is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. This is to make sure that we can fulfill our obligations from your advertising contradiction. The data will be stored for this purpose until you expressly revoke the advertising objection in writing.

4.2.5. Use of our Referral and Cashback Services

If you make use of our referral or cashback Services, i.e. use our Platforms to make recommendations for Aklamio or for products or online shops of our customers or to place orders yourself there in order to receive rewards or cashback, we and our customer automatically process various data that is required to collect and process the rewards.

If you would like to make a recommendation, we will provide you with a personal recommendation link for this purpose, which contains a unique, pseudonymized user ID. The pseudonymous user ID is transferred to us as soon as a friend or other recipient of the recommendation (hereinafter also referred to as “Referred Friend”) follows your recommendation link and enables us to assign the activity of the Referred Friend, e.g. the execution of an order in the recommended shop, to your recommendation.

This is necessary to be able to credit your account with any bonus or cashback you may have earned and to show you the history of your referrals in your Aklamio account. To personalize the recommendation, the user of the link will be shown your user name and, if applicable, your profile picture. If you do not wish to do so, you can opt out of posting your name and a photo when you create your profile or remove this information at a later date.

If the person you refer makes the purchase via a telephone hotline or the shop of one of our customer companies, he can be asked for your e-mail address in this connection. This will be sent to us for the purpose of associating the bonus with your referral and crediting your Aklamio account as described above.

The reward payout by aklamio requires that the Customer has confirmed a successful conclusion of a contract. For this purpose, we may match personal data, such as e-mail addresses, online identifiers and information on your contract transactions with our customers.

The legal basis for the processing described above is in all cases art. 6 par. 1 lit. b and lit. f of the GDPR, as the data processing is necessary to fulfil the services requested by you. The data is stored for the duration described in Section 4.2.1.

4.2.6. Payout of Rewards

If you want us to pay out any rewards you have earned, you can use the corresponding function in your account. Please refer to our Terms of Use for details. In this context, depending on your desired payment method, we will collect your bank account details or – in the case of payment via other payment service providers such as PayPal – the corresponding details of your account (e.g. your e-mail address used for PayPal) (hereinafter collectively also referred to as “Payment Details”). We transmit this data together with information on the rewards purchased to our bank or the respective payment service provider for payment processing. In these cases, the purpose is to enable the reward or cashback to be paid out to you. The legal basis is the fulfilment of your contract with us according to art. 6 par. 1 lit. b GDPR. The data is stored for the duration described in Section 4.2.1.

Within the framework of our statutory accounting obligations, we may also transmit payment data to our accounting offices and tax advisors. We also store the booking documents on which the payments are based, including the payment data contained therein, for a period of ten years in order to fulfil our statutory retention obligations pursuant to § 257 (1) No. 2 HGB and § 147 AO, whereby the period begins at the end of the calendar year in which the booking document arose. The legal basis for such processing is Art. 6 para. 1 lit. c GDPR, the fulfilment of our legal obligations.

4.2.7. Booking Requests

It is possible that our system does not record rewards or does not record them correctly for technical reasons or due to incorrect use. In this case you can make a booking request via your Aklamio account. For processing we need certain personal data about you, such as your name, address and, if applicable, an identification document, in order to be able to identify you and to prevent any improper or fraudulent use of our Services. Furthermore, in order to process the booking request, we require personal data on the purchase or order for which you are claiming a reward in order to be able to check whether and by whom this transaction was actually carried out, i.e. whether it has not been cancelled and whether you fulfil the other reward conditions. To this end, we may also share the information you provide about the transaction with the customer company where the purchase was made. You can find out more about the reward conditions in our terms of use and in the additional conditions that are included in the respective reward offer.

The legal basis for this processing is the fulfilment of your contract with us in accordance with Art. 6 para. 1 letter b GDPR. We store this data until the booking request is completed. This is the case if we can assume under the circumstances that there will be no further inquiries in a certain booking process and that claims will no longer be derived from this.

4.2.8. Data Processing of Referred Friends and New Users Claiming Cashback

This section details how we process personal data of individuals who interact with our Services as a recipient of a recommendation (hereinafter "Referred Friend") or who make a purchase from one of our Customers and subsequently register for cashback.

A. Processing When a Referred Friend Follows a Recommendation Link:

Data Collected and Purpose: If you, as a Referred Friend, click on a personal recommendation link shared via our Services, we and the respective Customer (as defined in Section 1 and whose details are available on their website/offer) may collect data about your interaction. This is primarily to attribute a potential successful transaction back to the referrer and enable the crediting of a bonus or reward.
- Cookies and Similar Technologies: We, and potentially the Customer or affiliate networks (as detailed in Section 5), may use cookies and similar technologies to track the referral. The data collected can include a pseudonymous user ID from the link, information that you visited the Customer's shop via the link, shop and order IDs if a purchase is made, and the price of the purchased product. For details on cookies, their management, and specific technologies used, please see Section 5.
- IP Address: Your IP address is processed as described in Section 4.1.1 for security and functionality of the platform.
Controller Roles:
- For the initial processing of data related to tracking the click on the recommendation link and attributing a potential sale on the Customer's website, aklamio and the Customer may act as Joint Controllers (as per Art. 26 GDPR) for the specific purpose of referral tracking and reward attribution. The essence of this arrangement is to ensure the referral mechanism functions correctly.
- The Customer is the independent controller for any further processing of your data on their own website (e.g., managing your purchase).
- Aklamio is the independent controller for the operation of its referral platform.
Legal Basis:
- The processing of data (including the use of strictly necessary cookies for referral tracking) to attribute the recommendation is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) and that of our Customer and the referrer, to operate and participate in the referral program. This interest lies in enabling the core functionality of the referral service, which benefits all parties. You have the right to object to this processing as outlined in Section 7.6.
- For any non-essential cookies or similar tracking technologies used on the Customer's website or by affiliate networks, the legal basis will be your consent (Art. 6 para. 1 lit. a GDPR), typically obtained by the Customer or the relevant network on their platform. Please refer to their respective privacy and cookie policies for more information.
Transparency: When you land on a Customer's page via a referral link, information about data processing for referral purposes should be made available, often through the Customer's own privacy and cookie notices, which may reference Aklamio's role.

B. Processing When a Referred Friend's Email is Provided for Reward Sharing:
Data Collected and Purpose: If a referrer wishes to share a reward with you (the Referred Friend) after your successful transaction with a Customer, or if you are asked for your e-mail address by the Customer (e.g., during a purchase via a telephone hotline or in a retail store) to facilitate this reward sharing, your e-mail address will be transmitted to us by the Customer or collected by us. We process this e-mail address to:
- Credit the reward to an existing Aklamio account if you have one.
- If you do not have an Aklamio account, to invite you to create one (as described in Section 4.2.1) so the reward can be credited.
Controller Roles: Aklamio acts as the controller for processing your email to manage the reward and facilitate account creation.
Legal Basis:
- If you are invited to create an account to receive a shared reward, the processing of your email for this purpose is based on steps taken at your request prior to entering into a contract (our Terms of Use for an Aklamio account) or for the performance of such a contract (Art. 6 para. 1 lit. b GDPR).
Transparency: You will be informed about the processing of your email address when you are invited to create an account or claim your reward.

C. Processing When a New User Claims Cashback and an Aklamio Account is Created:
Data Collected and Purpose: If you are not yet registered with Aklamio as a user and make a qualifying purchase in an online shop of one of our Customers offering cashback, your e-mail address, along with transaction data (e.g., order ID, purchase value), may be transmitted to us by the Customer. We process this data to:

Create an Aklamio account for you (as detailed in Section 4.2.1), allowing you to manage and receive your cashback.
Credit the earned cashback to your new Aklamio account.

Controller Roles: Aklamio acts as the controller for processing your data to create the account and manage the cashback.
Legal Basis: The processing of your personal data to create an Aklamio account and credit your cashback is necessary for the performance of a contract with you (our Terms of Use) (Art. 6 para. 1 lit. b GDPR), which you enter into by opting to receive cashback and for whom an account is created.
Transparency: You will be informed about the creation of your Aklamio account and the processing of your data when you are notified about your cashback and invited to access your account.

D. Data Matching for Reward Confirmation:
As mentioned in Section 3.3.1, the payout of any reward or cashback by Aklamio requires that the Customer has confirmed a successful and valid transaction. For this verification purpose, we may exchange and match necessary data with our Customers, which can include e-mail addresses, online identifiers (like order IDs or cookie IDs related to the referral), and information on your contract transactions with those Customers.
Controller Roles: This matching process is part of the joint controllership between Aklamio and the Customer, specifically for the purpose of reward/cashback validation and processing, as detailed in Section 3.3.1.
Legal Basis: The legal basis for this matching is the performance of a contract (Art. 6(1)(b) GDPR) with the users claiming rewards/cashback and our legitimate interest (Art. 6(1)(f) GDPR) in preventing fraud and ensuring the correct attribution and payout of rewards, which is a fundamental part of the service offered.

E. Data Storage:
IP addresses collected in connection with accessing our Platforms are stored by us for the purposes and duration described in Section 4.1.1 and then typically made anonymous or deleted.
E-mail addresses processed for the creation and maintenance of an Aklamio account are stored by us for the purposes and duration described in Section 4.2.1.

We are committed to ensuring that Referred Friends and new users are appropriately informed about how their data is processed and what their rights are.

4.3. Processing of Data of Business Customers or their Employees

Our Services are also aimed at companies by making the potential of personal recommendations available to them and thereby generating corresponding added value. In connection with addressing new or existing customers and preparing and executing a contractual relationship, we therefore also process personal data of companies (in this respect, personal data only if the entrepreneur himself is a natural person) (hereinafter also referred to as “Customers”) or of employees of companies (hereinafter also referred to as “Customer Employees”).

In the following we inform you about the purposes and the respective legal basis of the processing of data of Customers or Customer employees, the duration of the storage of the data as well as the data categories, as far as we do not collect the personal data directly from you as the person concerned. The data will be deleted as soon as they are no longer necessary to achieve the respective purpose. This is the case if there is no longer a contract with you and we no longer intend to enter into a contract with you, if there is no longer a legitimate interest and if we are also no longer obliged to keep documents which may contain personal data.

4.3.1. Data Processing for Contract Preparation and Execution Purposes

We process personal data for the purpose of contract initiation, contract administration and execution as well as support in the context of ongoing business relationships, so that we can provide our customers with the contractual Services and can always guarantee an efficient and profitable use of our Services. If the contractual customer is a natural person, the legal basis is that the processing is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR. If we process personal data of employees of the contractual customer, the legal basis is a legitimate interest pursuant to Art. 6 para. 1 sentence 1 f GDPR, namely the facilitation of our business activities and the promotion of the business activities of the Customer. There is no conflicting interest on the part of the respective data subject because processing by us within the framework of the existing employment relationship with the data subject is already necessary from the point of view of our Customer (New German Feder Data Protection Law (“BDSG-neu”)). For this purpose, we store personal data for the duration of the contract.

We store booking documents resulting from the business relationship for a period of ten years and business letters, i.e., any message relating to the preparation, execution or cancellation of a transaction, for a period of six years, the period beginning at the end of the calendar year in which the business letter was received or sent or the booking document was created. We thus fulfil our legal obligations to store data in accordance with § 257 Paragraph 1 No. 2 HGB and § 147 AO. The legal basis in this respect is Art. 6 para. 1 lit. c GDPR.

4.3.2. Aklamio Customer Interface

We set up a web interface (hereinafter referred to as “Customer Interface”) for our customers, so that they can optimally use and manage the contractual Services. For this purpose, the Customer or the Customer Employees acting as contact persons will be set up a personal access, which they can use by log-in using an e-mail address provided by the persons concerned and a freely chosen password. In connection with the use of the Customer Interface, we automatically process the log-in data of the customer or the authorized Customer Employees in order to prevent misuse and to ensure and check the proper performance of the contractual Services at any time. Furthermore, we process data in the Customer Interface with regard to the respective contractually agreed or offered Services as well as the data concerning the consumption of these Services and their remuneration.

If the Customer is a natural person, the legal basis for the processing is the fulfilment of a contract, Art. 6 para. 1 lit. b GDPR. Insofar as the processing concerns personal data of Customer Employees, the legal basis is a legitimate interest pursuant to Art. 6 para. 1 sentence 1 f GDPR, namely the conduct of our business activity and that of the customer. There is no conflicting interest on the part of the respective data subject because processing by us within the framework of the existing employment relationship with the data subject is already necessary from the point of view of our customer (§ 26 BDSG-neu). For this purpose, we store the data for the duration of our business relationship with the customer.

4.3.3. Data Processing for Commercial Purposes

There is a contact form on our website which can be used by interested parties for the purpose of making electronic contact. By clicking the “Send” button you agree to the transmission of the data entered in the input mask to us. In addition, we store the date and time of your contact. Alternatively, you can contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail and our response will be stored. The personal data voluntarily transmitted to us in this context serves us to process your inquiry and to contact you. The legal basis for the transmission of data is Art. 6 para. 1 lit. a GDPR. We use the data for this purpose until the conversation with you is finished. We assume that the conversation will be terminated if the circumstances indicate that the request in question has been finally clarified.

We process personal data of our customers as well as other entrepreneurs and companies not in a business relationship with us and, in this context, also of the employees there as contact persons for the purpose of direct advertising, if legally permissible. If we have not collected the contact data used for this purpose directly from the person concerned, we also take this data from public sources, such as the website of the respective company or profiles of the respective company or employees posted on social networks. The legal basis is a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 f GDPR. The legitimate interest lies in the processing for the purpose of direct advertising itself (see recital 47 GDPR). We store the data for this purpose for the duration of our interest in concluding a contract with the company concerned or until an objection has been declared.

You can object to the processing of personal data concerning you for advertising purposes at any time. You can address your objection at any time to the contact data specified in Section 1. If the advertisement is contained in an e-mail, you can also use the opt-out link contained in it.

4.3.4. Data Processing for Advisory Purposes

We process the personal data of the customer or prospective customer or his employees received in connection with a business relationship or an inquiry of an interested party even after the end of the business relationship or if such a relationship does not come about for the purpose of being able to recommend suitable Services on the basis of the previous inquiries or business relationships to our customers or interested parties in the event of a renewed interest in our Services. The legal basis is a legitimate interest pursuant to Art. 6 para. 1 sentence 1 f GDPR, the performance of our business activities. In this respect, we store personal data for the duration in which we can expect that the respective customer would like to conclude a further or first contract with us in the future.

This is not possible if the customer in question indicates that he will under no circumstances ever enter into a business relationship with us.

4.4. Data Processing for Statistical and Analytical Purposes

We also use the data collected from our registered users when using our Platforms for statistical analyses in order to make our Platforms more user-friendly and in particular to improve our Services. For this purpose, we use a pseudonymized user ID as well as non-personal, anonymous data that cannot be related to a person by itself or in combination with one another, e.g. in relation to the usage behavior on our Platforms or in relation to websites from which the person concerned has accessed our Platforms. For these purposes we also process the IP addresses of users in pseudonymized form. With this data alone, a reference to the person concerned can no longer be established.

The anonymous or pseudonymized data will not be combined with personal data about the bearer of the pseudonym without separate express consent and will not be used to personally identify the user of our Platforms.

With deletion of the Aklamio account of the affected user, the data processed for the aforementioned purposes will be made completely anonymous, since the pseudonymous user identification then no longer allows any reference to the affected person.

The legal basis for these processing purposes is a legitimate interest pursuant to Art. 6 para. 1 sentence 1 f GDPR, namely the pursuit of our business purposes, the improvement of our offer and the optimization of our service quality. No conflicting interest can be identified, as the data is already required for contractual performance and identification is no longer possible after the end of the contract.

4.5. Processing of Applicant Data

If you have contacted our company to apply for a job, our special Privacy Policy for applicants applies to the personal data processed in this context.

4.6. Facebook Pages

We run a Facebook page at https://www.facebook.com/aklamio, https://www.facebook.com/aklamiospain, https://www.facebook.com/aklamiouk and https://www.facebook.com/aklamioitalia. Facebook provides us with anonymous statistical data for these fan pages (so-called “Insights Data”), through which we can obtain information about how visitors to our Facebook pages interact with them. Insights data may be based on personally identifiable information collected in connection with a visit to or interaction of individuals with our Facebook pages and their content. We are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”) for this processing of Insights data within the meaning of Art. 26 GDPR and have entered into an agreement with Facebook Ireland to this effect. You can find them at https://www.facebook.com/legal/terms/page_controller_addendum.

The legal basis for the operation of the Facebook pages and the use of the Insights data is a legitimate interest within the meaning of Art. 6 para. 1 f GDPR, namely the interest in an up-to-date and supportive information and interaction opportunity for and with our users and visitors as well as a better understanding of the interests of the visitors of our Facebook pages in order to be able to better address such interests.

5. Cookies and Similar Technologies

We use cookies to make the visit to our Platforms as attractive as possible and to enable the use of certain functions. Cookies are small text files that are stored on a computer system via an Internet browser. Most of these cookies are only created for one session and are deleted from your hard drive at the end of the browser session. However, other permanently created cookies remain on your computer and enable us to recognize you the next time you visit the website. Unless otherwise indicated below, you can determine the exact storage time of a cookie from the respective cookie by displaying the cookie in your browser.

Furthermore, we use so-called “tags” or “web beacons” in our Platforms. These are small graphics (usually only 1 x 1 pixel), which are not visibly integrated into the website and with which certain actions of the page visitors can be measured.

In addition, we use JavaScript-based codes that are integrated into our Platforms to collect certain usage data.

You have the option of generally preventing the storage of cookies by making the appropriate settings in your browser. You can prevent the processing of data using JavaScript-based codes by deactivating the execution of JavaScript in your browser. Although these measures continue to make it possible to visit our Platforms, the use of our Services and the functionality of our Platforms may be restricted.

In the following, we provide specific information about the cookies and similar technologies we use.

5.1. Technical Cookies

On the one hand, we use technical cookies. These are those that are necessary exclusively to collect some information on our Platforms in order to provide a service requested or desired by you as a user.

The legal basis for these cookies is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, namely the pursuit of our business purposes. As far as you as a user are affected by these technologies, the legal basis is also the fulfilment of your contract with us, art. 6 para. 1 lit. b GDPR.

5.1.1. Custom Cookies

We use so-called session cookies, which enable a smooth navigation and use of our respective Platform (and for example allow access to the Aklamio account) as well as persistent cookies, which enable you to navigate according to some selected criteria (e.g. selection of the national language in which the contents of our Platforms are displayed) in order to improve your user experience.

Session cookies are deleted after the end of the browser session, i.e. when you close your browser. Other cookies remain on your device for a specified period of time and enable us to recognize your browser the next time you visit. This way, you do not have to make entries and settings that have already been made again.

We also use cookies, JavaScript-based codes and web beacons for analysis purposes in order to collect information about the number of visitors and their user behavior, to increase the security of our systems and to prevent misuse of our Platforms.

We also use cookies for the purpose of tracking whether you follow one of our recommendation links and then place an order with the recommended shop of one of our customer companies, or whether you, as a user of aklamio, place an order there to receive cashback. These cookies expire after 60 days at the latest.

5.1.2. Affiliate Networks

As part of our recommendation and cashback Services, we also use the conversion tracking technologies of affiliate networks. Affiliate networks are advertising networks that mediate the placement of online advertising for the websites of online shop operators through sales customers (so-called affiliates) and measure the success of advertising. The affiliate networks provide the necessary technical infrastructure for this.

If you as the recipient of a recommendation follow the recommendation link or – as a User – the cash back link to one of our customer online shops that is connected to an affiliate network, you will be directed to the relevant shop via the servers of the respective affiliate network. If you subsequently purchase a product or service, the order is recorded by a previously set cookie and a tag of the affiliate network. Only anonymous information about the visit of the respective shop and your order is collected, which is transferred to the servers of the respective affiliate network and stored there. Your IP address will also be made anonymous or deleted immediately. The information will not be used to create profiles and will not be merged with other existing personal data about you. They are transmitted to us for the purpose of being able to assign your order in the shop to the recommendation.

5.2. Other Third-Party Cookies and Technologies

In the following we will inform you about the use of other cookies and similar technologies as well as the respective providers. We will also inform you how you can object to the use of these cookies.

We use the cookies and other technologies listed below and used by us on the basis of Art. 6 Para. 1 lit. f GDPR. With the technologies we use, we want to ensure that our Platforms are designed to meet the needs of our customers and are continually optimized. On the other hand, we use the technologies for advertising purposes in order to statistically record the use of our website and for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

You can disable the use of cookies by third parties altogether in your browser settings.

5.2.1. Google Analytics

For the purpose of the demand-oriented design and continuous optimization of our Platforms we use Google Analytics, a web analysis service of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter also referred to as “Google”). In this context, cookies and tags are used to create pseudonymous user profiles. The cookie collects data about your use of the Platforms such as the browser type/version, the operating system used, the referrer URL (the previously visited page), the IP address of the accessing computer and the time of the server request and transfers it to a Google server in the USA and stores it there.

The data is used to evaluate the use of our Platforms, to compile reports on the Platform activities and to provide further Services for the purpose of tailoring our offering to meet requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company.

Under no circumstances will your IP address be merged with other data from Google. We only use Google Analytics with IP anonymization enabled. This means that the IP address of Google users within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area will be reduced. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

You can prevent the collection of data collected by the cookie and related to your use of the Platforms and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). Further information on Google’s use of data for advertising purposes, options for settings and objections can be found on Google’s websites: “Google’s use of data when using our customers’ websites or apps”, “Google’s use of data for advertising purposes”, “Manage information that Google uses to show you advertising” and “Determine which advertising Google shows you”.

If and to the extent data is transferred to Google in the USA and thus to a country outside the EU or the EEA, this transfer is permissible according to Art. 46 GDPR, since Google and Aklamio have agreed to standard contractual clauses within the meaning of Art. 46 GDPR (available from us upon your request).

5.2.2. Google Re-Captcha

We use the Google service reCAPTCHA for the purpose of distinguishing between input on our web pages by a human being and misuse by automated, machine processing. Via reCAPTCHA, the IP address and any other data required for the service are processed. For this purpose, your input can be transmitted to Google and analyzed. Further information about reCAPTCHA can be found under the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html .

5.2.3. Remarketing and Conversion Tracking

5.2.3.1. General Information

On our Platforms, we use advertising technologies based on the use of previously visited pages of our Platforms or other websites. This enables us to target visitors to our Platforms with personalized, interest-based advertising. The sites on which we advertise include the Google Display Network, Facebook, LinkedIn and Xing social networks. To perform the analysis of website usage, which forms the basis for displaying interest-based advertising, we use tags that are integrated into the website. These tags are used to store or read a cookie from the advertising network on the user’s device. If you subsequently visit another website of the aforementioned networks, you will see advertisements that are most likely related to previously accessed areas of our Platforms.

These cookies record which websites you have visited, and which offers you have clicked, technical information about the browser and operating system, referring websites as well as the visit time. With the exception of the IP address, which is immediately anonymized, no data will be processed by which you can be personally identified. The data is processed pseudonymously within the framework of this technology, i.e. the relevant data is recorded cookie-related within pseudonymous user profiles; from the perspective of the respective provider, the data is not processed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is.

The information collected by the cookies about the visit of the websites is transferred to the servers of the providers of the respective advertising network and stored there. The information will not be merged with other existing personal data about you. We receive no knowledge of the content of the transmitted data and their use by the advertising networks. We can only select which segments of users (e.g. by age, interests) our advertising should be displayed.

The legal basis for such processing is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, namely the pursuit of our business purposes, which also includes the targeted advertising of our Services.

We also use the cookies and tags described above to statistically record the use of our Platforms and newsletters and to evaluate them for the purpose of optimizing our Services for you. We collect certain activities, such as accessing or filling out the contact form on our website or opening our newsletter to determine whether an advertisement was successful (conversion tracking).

Here, too, the legal basis for such processing is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, namely the pursuit of our business purposes

Some of the following providers are located in the USA. Insofar as data are therefore transmitted there, this transmission is permitted under Art. 46 GDPR, as Aklamio, which each of these providers, have entered into standard contractual clauses within the meaning of Art. 46 GDPR (available from us upon your request).

You can prevent the use of the cookies described here by using the contradiction possibilities of the providers shown below. After the objection, an opt-out cookie is usually stored on your terminal. If you delete your cookies, you must set the opt-out cookie again. Further information on the processing and use of the data by the providers as well as the relevant rights and setting options for the protection of your privacy can be found in the respective data protection information of the providers.

5.2.3.2. Providers and Means of Objection

Facebook Website Custom Audiences
Provider: Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA
Privacy policy: https://www.facebook.com/privacy/explanation
Possibility of objection: https://www.facebook.com/ads/website_custom_audiences/

Google AdWords and DoubleClick
Provider: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy: http://www.google.de/intl/de/policies/privacy/
Possibility to object: Deactivation via Google ad settings

LinkedIn Matched Audiences/Insight
Provider: LinkedIn Inc, 2029 Stierlin Ct, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy?_l=en_EN
Possibility of objection: https://www.linkedin.com/psettings/advertising/websites-visited

XING Sponsored Content
Provider: XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany
Data protection information: https://privacy.xing.com/de/datenschutzerklaerung
Possibility of objection: https://www.xing.com/settings/privacy/data/tracking

5.2.3.3. Newsletter Tracking

For statistical evaluation of our newsletter campaigns, our newsletter can contain tags with which we can recognize whether and when you have opened an e-mail. Furthermore, we can trace which links were called up in the e-mail. Your IP address will also be recorded. However, this is not stored. No other personal data is also recorded. The legal basis for this processing is a legitimate interest within the meaning of Art. 6 Para. 1 letter f GDPR, whereby the legitimate interest is the evaluation and optimization of our newsletter. You can opt out of receiving all types of newsletters at any time by using the settings provided in the notification options in your Aklamio account or the opt-out link in the respective emails.

6. Recipients and Use of Data Processors

We use the Services of the contractors listed in this section to provide our Services. The legal basis for the use of these contract processors is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest is in the pursuit of our business purposes, in particular the provision of the Services described in this data privacy declaration. Insofar as we also implement measures to protect the security of personal data stored by us with the involvement of data processors, such as Amazon WebServices Inc, there is an additional legitimate interest in ensuring our technical and organizational measures in this regard. No conflicting interest is apparent, in particular because we have concluded a contract with the respective contractors in accordance with Art. 28 GDPR.

The data is stored by these service providers for the duration for which otherwise storage is legal for purposes according to this data privacy declaration, i.e. in particular for the execution of existing contracts, for analysis purposes, for communication or for advertising communication.

6.1. Hosting & Infrastructure

We host and back up personal data on our Platforms using the following processors under Art. 28 GDPR:

6.1.1 Amazon Web Services, Inc. (“AWS”)

Processor Name & Address: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA
Legal Basis & Safeguards: We have executed the AWS Data Processing Addendum (which incorporates the EU Commission Standard Contractual Clauses under Art. 46 GDPR), ensuring that any transfer of personal data to the USA is subject to appropriate safeguards.
Data Types & Purposes: User account information, activity logs, and system backups are processed solely to provide hosting, storage, backup, and operational monitoring.
Sub-processors: AWS may engage sub-processors; the current list is published at [https://aws.amazon.com/compliance/sub-processors](https://aws.amazon.com/compliance/sub-processors).

6.1.2. Hetzner Online GmbH (“Hetzner”)

Processor Name & Address: Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany
Legal Basis & Safeguards: We have signed Hetzner’s Data Processing Agreement, which meets all Art. 28 GDPR requirements.
Data Types & Purposes: User account information and backups are stored and processed for hosting, storage redundancy, and performance monitoring within the EU.
Sub-processors: Hetzner’s sub-processor list is available in their DPA or upon request.

Data Locations:

Primary storage and processing occur in AWS data centers in the EU and, where required for redundancy, in the USA under SCCs.
EU-only storage and processing occur in Hetzner’s German data centers.

Access to Agreements & SCCs: You may request a copy of our DPA with AWS or Hetzner—or the underlying SCCs—at any time by contacting our Data Protection Officer.

6.2. Support

For support Services, we use the Services of Zendesk, Inc, 181 Fremont St, 17th Floor, San Francisco, Cand aklamio Spain Services S.L., calle Orense, nº 6 10-A Madrid, 28020, Spain, on the basis of data processing relationships. These companies can receive personal data from us within the framework of the data processing relationship. The data is transmitted to Zendesk Inc. in the USA and thus to a country outside the EU or the EEA. This transmission is permitted under Art. 46 GDPR, as Zendesk Inc and Aklamio have entered into standard contractual clauses within the meaning of Art. 46 GDPR (available from us upon your request).

6.3. E-Mail Service Providers

We use the services of the following service providers for sending e-mails on the basis of data processing relationships:

Emarsys North America Inc, 10 W Market St., Suite 1350, Indianapolis, IN 46204,United States
Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA

The above-mentioned service providers can receive and process your personal data within the scope of the existing data processing with us. The data is transmitted to Google and Emarsys in the USA and thus to a country outside the EU or the EEA. This transmission is permitted under Art. 46 GDPR, as Google and Aklamio have entered into standard contractual clauses within the meaning of Art. 46 GDPR (available from us upon your request).

6.4. Proxy Caching

We use the services of Amazon Web Services, Inc. for the purpose of proxy caching through data processing. “Proxy Caching” means a technology used in the interest of user-friendliness in which the content of websites, but not personal data, is cached by the proxy caching provider for approximately one hour so that this content can be delivered to visitors more quickly. Amazon Web Services, Inc. does not store any personal data in the context of proxy caching. However, some of the data flows are routed through Amazon Web Services servers, so that visitors are not connected directly to our servers, but first to those of Amazon WebServices; Amazon Web Services will then make a request to our servers and finally deliver the content to visitors. These data flows can therefore also include personal data.

The data is transmitted to Amazon Web Services, Inc. in the USA and thus to a country outside the EU or the EEA. This transmission is permitted under Art. 46 GDPR, as Amazon Web Services, Inc. and Aklamio and Aklamio have entered into standard contractual clauses within the meaning of Art. 46 GDPR (available from us upon your request).

6.5. Administration and Communication

For internal administration and communication purposes, we use the following contract processors, who can receive personal data within the scope of existing data processing with us:

Slack Technologies Limited, 4th Floor, One Park Place, Hatch Street Upper, Dublin 2, Ireland

The data is transmitted to Trello Inc. in the USA and thus to a country outside the EU or the EEA. This transmission is permitted under Art. 46 GDPR, as Trello Inc and Aklamio have entered into standard contractual clauses within the meaning of Art. 46 GDPR (available from us upon your request).

6.6. Customer Management

We use the Services of Salesforce.com EMEA Limited, Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London, UK (hereinafter also referred to as “Salesforce”) and of Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403 (hereinafter also referred to as “Freshsales”) on the basis of an data processing relationship for customer service and to improve the quality of service for our corporate customers. Salesforce and Freshsales may receive and process personal customer information under our existing data processing agreement. Salesforce provides several tools to analyze indexed content and draw conclusions.

6.7. Payroll & Accounting

For payroll and accounting services, we use the services of Datev eG, Werner-Eckert-Straße 4, 90402 Nürnberg, Germany, on the basis of a Data Processing Agreement pursuant to Art. 28 GDPR. Datev eG may receive the following categories of personal data from us:

Employee master data (e.g. name, address, date of birth, tax ID)
Payroll data (e.g. salary, bonuses, deductions, bank account details)
Accounts receivable/payable data for customer companies (e.g. invoicing, payment transactions, tax information)
Reward‐payment data for end‐users (e.g. payout amounts, bank details)

All processing by Datev eG takes place on servers located within Germany (EU/EEA); no routine transfers to third countries occur. Should Datev eG ever engage subprocessors outside the EU/EEA or transfer personal data to a third country, such transfers would only take place under appropriate safeguards (e.g. Standard Contractual Clauses as per Art. 46 GDPR).

6.8. Product Research

For our Product Research interviews, we use the services of Dovetail Pty Ltd, Level 8, 717 Bourke St, Docklands VIC 3008, Australia, on the basis of a Data Processing Agreement pursuant to Art. 28 GDPR. Dovetail may receive the following categories of personal data from us:

Interview recordings (audio & video)
Transcripts and research notes
Participant identifiers (e.g. name, job title, company)
Metadata (e.g. date/time of interview, duration)

We conduct each interview only after obtaining explicit consent from participants (Art. 6(1)(a) GDPR), and they may withdraw consent at any time.

Dovetail processes and stores all data on servers located in Australia, which is a third country outside the EU/EEA. Any such international transfer is safeguarded by Standard Contractual Clauses in accordance with Art. 46 GDPR (a copy of which is available upon request).

6.9. Data Warehousing

For our centralized data storage and analytics, we use the services of Snowflake Inc., 450 Concar Drive, San Mateo, CA 94402, USA, on the basis of a Data Processing Agreement pursuant to Art. 28 GDPR. Snowflake may receive the following categories of personal data from us:

End-user and customer-company data (e.g. identifiers, usage records)
Prospect and marketing data (e.g. lead scoring)
Support & transaction data (e.g. Zendesk ticket exports)
System logs and analytics (e.g. IP addresses, session durations, query logs)

We have provisioned our Snowflake account in the EU region (Frankfurt, Germany), so all storage and processing occurs within the EU/EEA by default. Should we ever engage additional Snowflake regions outside the EU/EEA, any transfer of personal data to those regions will be protected by Standard Contractual Clauses in accordance with Art. 46 GDPR (a copy of which is available upon request).

6.10. Customer Reviews & Reputation Management

For the collection, hosting and display of customer reviews, we use the services of Trustpilot A/S, Mandøe Torv 1, 6000 Kolding, Denmark, on the basis of a Data Processing Agreement pursuant to Art. 28 GDPR. Trustpilot A/S may receive the following categories of personal data from us:

Review content and ratings (text, star scores, images/videos)
Reviewer identifiers (e.g. name, e-mail address, order reference)
Usage and metadata (e.g. IP address, device/browser information, timestamps)

All processing by Trustpilot A/S takes place on servers located within the EU/EEA by default. In cases where Trustpilot utilizes subprocessors or infrastructure in countries outside the EU/EEA, transfers are safeguarded under Standard Contractual Clauses in accordance with Art. 46 GDPR (a copy of which is available upon request). Reviewers may request access, correction or deletion of their reviews directly via Trustpilot’s privacy tools or by contacting us.

6.11. Sales & Lead Generation

For our sales and prospecting processes, we use a combination of the following tools on the basis of a Data Processing Agreement pursuant to Art. 28 GDPR. All of these tools process only business-contact data (i.e. professional e-mail addresses, company names, job titles) and do not receive any personal data directly from us beyond what is publicly available or voluntarily provided by the prospect.

Kaspr (Kaspr SAS, 44 rue de la Chaussée d’Antin, 75009 Paris, France)
- Purpose: Acquisition of publicly listed business e-mails and phone numbers for cold outreach.
- Data received: Prospect name, corporate e-mail, business phone, LinkedIn profile URL.
- Legal basis: Legitimate interest (direct B2B marketing).
LinkedIn Sales Navigator (Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland)
- Purpose: Advanced prospect search, list building, and in-platform messaging.
- Data received: Public LinkedIn profile data (name, role, company, industry, location).
- Legal basis: Legitimate interest (targeted B2B outreach).
MailSuite (Mailsuite S.L., calle Córcega, número 301, ático 2ª, 08008 – Barcelona (España).)
- Purpose: Tracking e-mail deliverability and open/click rates for our sales campaigns.
- Data received: Sender/recipient e-mail addresses, timestamps of opens and clicks, device/browser metadata.
- Legal basis: Legitimate interest (measuring campaign effectiveness).
TLDX (tldx Solutions GmbH, Kaiser-Friedrich-Allee 51, 52074 Aachen Germany)
- Purpose: Recording and transcription of sales calls (audio/video) with explicit participant consent.
- Data received: Call recordings (audio and optional video), call metadata (date, duration, participants), transcripts.
- Legal basis: Consent (Art. 6(1)(a) GDPR) — we obtain and log each participant’s consent before recording.
ZenLeads Apollo (Apollo.io, 2 Embarcadero Center, 8th Floor, San Francisco, CA 94111, USA)
- Purpose: Enrichment of prospect lists with firmographic and technographic data.
- Data received: Business e-mail, phone, company size, industry, technology stack (publicly sourced).
- Legal basis: Legitimate interest (improving outreach relevance).

All of the above services operate on servers within the EU/EEA by default where available. For any processing or storage that takes place outside the EU/EEA, we rely on Standard Contractual Clauses in accordance with Art. 46 GDPR (copies available upon request). Prospects may object to or opt out of any direct-marketing communications at any time, and can exercise all data-subject rights via our contact details provided in Section 9 (Data-Subject Rights).

7. What are my Rights?

If personal data is processed by you, you are “concerned” within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the person responsible:

7.1. Right to Information

You can ask us to confirm whether personal data concerning you is being processed by us.

If such processing is available, you can request the following information from us:

(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to correction or deletion of personal data concerning you, a right to limitation of the processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.

This right to information may be limited to the extent that it is likely to make it impossible or seriously impair the realization of statistical purposes and the limitation is necessary for the fulfilment of statistical purposes.

7.2. Right to Correction

You have a right of rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The person responsible shall make the correction without delay.

Your right to correction may be limited to the extent that it is likely to render the statistical purposes impossible or seriously prejudicial and the limitation is necessary for the fulfilment of the statistical purposes.

7.3. Right to Limitation of Processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

(1) if you dispute the accuracy of the personal data concerning you for a period of time that enables us to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead demand the restriction of the use of the personal data;
(3) we no longer need the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims, or
(4) if you have filed an objection against the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether our justified reasons outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction of the processing has been restricted according to the above-mentioned conditions, you will be informed by us before the restriction is lifted.

Your right to restrict processing may be limited to the extent that it is likely to make it impossible or seriously prejudicial to the fulfilment of statistical purposes and the restriction is necessary for the fulfilment of statistical purposes.

7.4. Right to cancellation

7.4.1. Duty to Delete

You may request that the personal data concerning you be deleted immediately and we are obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
(3) You file an objection against the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to Art. 21 para. 2 GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
(6) The personal data concerning you have been collected in relation to information society Services offered pursuant to Art. 8 para. 1 GDPR.

7.4.2. Information to Third Parties

If we have made the personal data concerning, you public and we are obliged to delete it pursuant to Art. 17 para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data, that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

7.4.3. Exceptions

The right to cancellation does not exist insofar as the processing is necessary
(1) to exercise freedom of expression and information;
(2) for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5) to assert, exercise or defend legal claims.

7.5. Right to Data Transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without obstruction by us, provided that
(1) processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) processing is carried out by means of automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by a responsible person to another responsible person, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on us.

7.6. Right of Objection

You have the right to object at any time, for reasons arising from your particular situation to the processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

We will then no longer process the personal data concerning you, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct advertising purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right of objection in connection with the use of Information Society Services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

You also have the right to object to the processing of personal data concerning you for statistical purposes pursuant to Art. 89 para. 1 GDPR for reasons arising from your particular situation.

Your right of objection may be limited to the extent that it is likely to make the realization of the statistical purposes impossible or seriously impaired and the limitation is necessary for the fulfillment of statistical purposes.

7.7. Right to Revoke Consent

You have the right to revoke your consent to data processing activities at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

7.8. Automated Decision in Individual Cases including Profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly affects you in a similar manner. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) the legislation of the Union or of the Member States to which the person responsible is subject is admissible and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies, and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), we will take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his own position and to challenge the decision.

7.9. Right of Appeal to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

7.10. Is there an Obligation to Provide Personal Data?

If you create an Aklamio account (see point 4.2.1. above), you must provide certain data within the scope of the contract to be concluded with us. If you wish to withdraw any bonuses credited to your account, you must provide the required withdrawal details. If you make a booking request to our support team, you must provide the information necessary to track your order. Furthermore, the provision of personal data is neither required by law nor by contract, nor are you obliged to provide personal data. However, the provision of personal data for the use of our Services may also be necessary in individual cases. If you do not provide us with the data we consider necessary, we may not be able to provide our Services to you in full.

If you as a corporate customer wish to use our Services (cf. above under Section 4.3.1), you must provide certain data within the framework of the user agreement to be concluded with us. We will then point these out in each case. Furthermore, the provision of personal data is neither required by law nor by contract, nor are you obliged to provide personal data. However, the provision of personal data for the use of our Services may also be necessary in individual cases. If you do not provide us with the information, we deem necessary, we may not be able to provide the Services to you in full.

7.11. Amendment of the Data Privacy Declaration; Change of Purpose

We reserve the right to change this data privacy declaration in compliance with data privacy regulations. The current version can be found here or at any other easily accessible location on our website or Platform. If we intend to process data for purposes other than those for which it was collected, we will inform you in advance in compliance with the statutory provisions

LOG IN