Privacy Policy

Last updated: February 4, 2022

Introduction

Your privacy is critically important to us. At Alpaqa Studio, we have a few fundamental principles:

Below is our Privacy Policy, which incorporates and clarifies these principles.

We at APC Labs GmbH, the developer and operator of Alpaqa Studio, respect your privacy. All information you give us is held with the utmost care and security. Alpaqa Studio is committed to protecting your privacy. If you’re visiting our websites, using our products and services, working with any of our teams, meeting us at events or applying for a role with us, this privacy policy sets out what data we collect, and how we use it. It also describes your rights regarding our use of your data.

Please take time to review this privacy policy as it sets out our privacy practices and tells you how we will treat your personal information. We do not sell, rent or loan any identifiable information regarding our customers to any third party. Only in the circumstances described within this Privacy Policy would we share your information with any third party.

Our use of personal data is in accordance with the General Data Protection Regulations (GDPR).

1. Identity of the controller

APC Labs GmbH
c/o Kreuzkoelln Office
Friedelstr. 40
12047 Berlin
Germany

2. Data processing

2.1. Personal data

Pursuant to the General Data Protection Regulation (GDPR), personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2. General use of the website

Our webserver(s) register(s) all connections to the website automatically and collect the following technical information about your visit:

We store this data in log files in order to ensure the safety and integrity of our IT systems. Additionally, we use your IP address only to enable communication with our website. Both constitute our legitimate interests pursuant to Art. 6 par. 1 lit. f) GDPR. We store our log files for 8 weeks.

2.3. Signing up for early access

You can sign up for early access by providing us your personal data, namely: first name, last name, email address, area code (optional), and phone number (optional).

We use this data to get insights into who shows interest in our software and services and for what purpose our software and services might be used. Moreover we use this data to contact you to provide you with guidance, support and helpful tips & tricks for our software and services, and general information about our products and services. The legal basis is Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes also constitute our legitimate interests. If you agreed to receive helpful information, we store your data until you object. Otherwise, we delete your data after 2 years.

2.4. Buying our software and services

If you are a commercial user, you can buy our products directly from our website or via the Microsoft Azure Marketplace. For this purpose we collect your first name, last name, company, email address, telephone number, billing address, and additional payment information depending on the payment method you choose.

We use this information for the purposes of performance and conclusion of contract. The legal basis is Art. 6 par. 1 lit. b) GDPR. Additionally, we are legally obliged to store certain data, which is included in contracts and invoices as well as in business letters or other documents relevant for taxation or accounting. The legal basis is Art. 6 par. 1 lit. c) GDPR. If you purchase the software or the service for somebody else, we collect the customer’s name and the company name to embed it into the license key. We store the data that is relevant for taxation and accounting for 11 years from the end of the year the contract is concluded in. Any other data is stored for 3 years after the end of the year the contract is concluded in.

2.5. Feedback and support via our website, the software, or the service

We enable you to contact us and ask us for support on our website. For these purposes we collect your first name, last name, email address, and your message to us. Depending on the topic you request our help for, we may ask you for additional information to help us assist you. We may share this with our product development teams to enable them to reproduce and fix product issues. Alpaqa Studio also maintains a presence on Twitter, Facebook, YouTube, and LinkedIn. We manage your interactions with us using Hootsuite and Publer as well as using social media platforms directly. If you send us a message via social media, we may include this in our CRM systems.

The legal basis for these processing activities is Art. 6 par. 1 lit. f) GDPR. Our legitimate interest is to answer your questions and fulfill your requests. We store your data for 3 years.

Some of our products also include feedback mechanisms such as live chat. If you’re signed into the product, we’ll see your name and email address when you chat to us. Any information you send to us in the chat session will be shared with our product development and support teams. We store your data for 3 years.

2.6. Newsletters and drip campaigns

We send newsletters, onboarding, and educational emails using HubSpot, MailChimp and SendGrid on the legal basis of Art. 6 par. 1 lit. a) GDPR. We store the data necessary for sending the newsletters until you withdraw your consent. We gather statistics around email opening and interaction using industry-standard technologies, including tracking pixels, to analyze the performance of email campaigns. We use data about your interactions with our emails as an indicator of your interest in our products. We may also use your interaction with our previous newsletters to send you more appropriate information in the future. The legal basis for this processing is Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute our legitimate interests. We store your data for 3 years.

You can opt out of receiving these newsletters and drip campaigns at any time by clicking the unsubscribe link in these emails, or sending an email to privacy@alpaqastudio.com.

2.7. Information sent to us when you use our products

Our products send usage and fault reporting information to us. We use this to measure how many people are using the different versions of our products and the different features within them, understand the environments in which our products are used, measure the success of our sales and marketing operations, guide product development decisions and improve our products, and assist you in your evaluation, purchasing, and renewal of our products.

We use your basic environment and high-level usage data in conjunction with your records in our marketing and CRM systems. Your use of individual features is submitted anonymously and is not linked to your identity. Some of our products allow you to submit error reports if something goes wrong. These contain logs and other diagnostic data, and you can choose to include your contact details and any additional information you think may be useful. Our support and development teams use this data to improve our products. If you choose not to include diagnostic data with an error report, an anonymous record of the type of error which occurred will be sent. This allows us to measure how many of our customers experience errors and prioritize our focus for product development. The legal basis for this processing is Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute our legitimate interests. We store your data for 3 years.

2.8. Applying for a role with us

If you apply for a role at Alpaqa Studio, we will use all the information you provide to assess your application. In most cases this will be at least your name, address, birth date and your CV. If you are unsuccessful in your application, we will remove your data after 6 months. The legal basis is Art. 6 par. 1 lit. f) GDPR. We may ask your permission to keep your details on file in our talent pool on the legal basis of Art. 6 par. 1 lit. a) GDPR. We store this data until you withdraw your consent.

2.9. Cookies

Your web browser allows you to control whether cookies can be stored by our websites. However, disabling cookies will prevent certain parts of our websites from working correctly. Your web browser’s documentation has more information on controlling cookie behavior.

We use cookies on our websites to maintain your active session, store your preferences, track the success of our marketing and advertising campaigns, analyze the way people use our websites, and gather data on how our websites are performing. Our use of cookies is based on Art. 6 par. 1 lit. f) GDPR. The mentioned purposes also constitute our legitimate interest. For detailed information on the analytics, tracking and advertising tools and the respective possibilities to opt-out, please refer to Section 10.

2.10. Using our service

When you start using and use the Alpaqa Studio service you might submit more data depending on the way of use of our services according to our terms of service. Alpaqa Studio will collect your first and last name associated with your Azure account used to sign up, your email address associated with your Azure account used to sign up, and Cosmos DB account details for accounts added to Alpaqa Studio.

We use the information and data collected in the service, including your personal data, in order to fulfill our contractual obligations for you or our customers based on the legal basis of Art. 6 (1) b. GDPR or TMG and as further set forth in this privacy policy or our terms of service. This also includes sending you emails and notifications necessary for the service.

In the event we process personal data controlled by the customer as a data processor we will offer and enter into a respective separate data processing agreement with such customer whereas such data processing agreement may be requested via email privacy@alpaqastudio.com.

We do not store or receive any kind of payment or credit card data but use external payment providers as set forth on the website.

We may also analyze your personal data when using the Alpaqa Studio service for the purpose of improving our service. We may also store your data to assure fair use of our service. The legal basis for analyzing and storing such data is Art. 6 (1) f. GDPR with our legitimate interest in marketing, quality assurance and fraud prevention.

We also process your data if this is necessary to comply with our legal obligations (legal basis: Art. 6 (1) c. GDPR), for example legal retention periods. For the above mentioned purposes your data may also be shared with our shareholders or affiliated companies.

3. Recipients of personal data

Internally, we process your personal data in the relevant department. Externally, we use selected third parties to help us process data, which helps us deliver our products and services to you. Specifically, we use service providers to run our online shop, to send you emails, to provide you with the website’s “Feedback & Support” tool and generally, to give you access to our website. If you ask for assistance, support or other services, your data may be processed by affiliated companies, which will provide the services directly to you. We do not sell any data regarding your use of our products or services except as part of a reorganization or a sale of the assets of Alpaqa Studio. In such cases, we will ensure that your privacy continues to be protected.

4. Transfer of data to third parties

We will transfer your personal data to a third party only (i) within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, (ii) if applicable, legal provisions authorize the transfer, e.g. if the transfer is required to pursue our legitimate interests or to fulfil a contract, for example in case of mergers and acquisitions, (iii) or if you give your explicit consent.

5. Transferring your information outside of the European Economic Area

Some of our service providers, especially Microsoft Azure where Alpaqa Studio is hosted, reside outside of the EU, especially in the USA. These service providers are either EU-US-Privacy Shield certified or we concluded standard contractual clauses approved by the EU Commission with such providers. You can obtain a copy of the standard contractual clauses texts on the website of the Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en).

Your data may also be processed outside the EU when visiting our social media pages.

6. Your rights

If the respective requirements are met, the GDPR grants you certain rights as a data subject.

Art. 15 GDPR – Right of access: You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information.

Art. 16 GDPR – Right to rectification: You shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Art. 17 GDPR – Right to erasure: You shall have the right to obtain from us the erasure of personal data concerning you without undue delay.

Art. 18 GDPR – Right to restriction of processing: You shall have the right to obtain from us the restriction of processing.

Art. 20 GDPR – Right to data portability: You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you shall have the right to transmit those data to another controller without hindrance from us. You shall also have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

Art. 21 GDPR – Right to object: You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on legitimate interests or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In such a case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, then you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

Where the processing is based on your informed consent, you shall have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Therefore, you may send us a message to privacy@alpaqastudio.com.

7. Your obligation to provide us with personal data

You have no statutory or contractual obligation to provide us with any personal data. However, we may not be able to provide you with our services if you decide not to do so.

8. Existence of automated decision-making, including profiling

We do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, such profiling or automated decision making may happen by third party providers through the website or service. We will inform you about such a fact if possible.

9. Questions about data privacy

If you have any questions regarding this policy, or wish to make a complaint about the way we’ve handled your personal information, contact privacy@alpaqastudio.com.

10. Tools used on our website for analytics, marketing and other purposes

10.1. Google Analytics

We use Google Analytics, operated by Google LLC, to collect information about how users use our site. The information generated by the cookie about your use of the site will be transmitted to and stored by Google on servers in the United States. As IP-anonymization is activated, your IP address will be anonymized as soon as technically feasible at the earliest possible stage of the collection network. Only in exceptional cases, the full IP address will be transferred to a Google server in the United States, and then shortened so it is only partially used there.

Google will use this information on our behalf for the purpose of analyzing your use of the site, compiling reports on website activity and providing other services relating to activity on the site and internet usage. The IP address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; please note, however, that if you do this you may not be able to use our service comprehensively. You can also opt-out from being tracked by Google Analytics in the future by downloading and installing “Google Analytics Opt-out Browser Add-on” for your current web browser. Our processing is based on Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes also constitute the legitimate interests we pursue with it. The collected data is stored for 50 months.

10.2. Google Ads

We use Google Ads, an online advertising program from Google LLC. As part of Google Ads, we use conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page. The information obtained using the conversion cookie is used to create conversion statistics for the Ads advertisers who have opted for conversion tracking. However, advertisers do not obtain any information that can be used to personally identify users. You can configure your browser to control cookies or opt out of tracking; disabling cookies may limit the functionality of this website. Our processing is based on Art. 6 par. 1 lit. f) GDPR.

10.3. Google Analytics and Google Ads Remarketing

We use the features of Google Analytics Remarketing combined with the capabilities of Google Ads Remarketing, provided by Google LLC. Such features make it possible to advertise to website visitors and users based on their previous behavior and usage, through image and text ads placed on various websites online. You can opt-out of Google Marketing Platform’s use of cookies by visiting the Google Marketing Platform opt-out page. Our processing is based on Art. 6 par. 1 lit. f) GDPR.

10.4. Google Fonts

Our website uses the Google Fonts service of Google to integrate and display text on the website. For this purpose Google may process your data (including the IP address) on servers in the USA. When the IP address is processed this is based on our legitimate interests of technical functionality of the website based on Art. 6 (1) f. GDPR or TMG.

10.5. Bing Ads

We use Bing Ads Universal Event Tracking, a conversion tracking service of the Microsoft Corporation. The service enables us to track your activities if you accessed our site by clicking on a Bing advertisement. For this purpose, Microsoft stores a cookie on your device. By using this cookie, Microsoft and we can see the total number of users that clicked on the ad. This data is stored by Microsoft for 180 days. We have no access to any personal information about you. If you do not want to be tracked, you can opt-out under the following link: https://go.microsoft.com/fwlink/?LinkID=286759. Our processing is based on Art. 6 par. 1 lit. f) GDPR.

10.6. Quora Ads

We use Quora Ads, a service of Quora, Inc. This function enables Quora to show you our advertising within the Quora network. For this purpose, Quora will establish a direct connection between you and its servers and collect data about your use of our website. Quora may relate this data to your user account. We have neither knowledge of nor a possibility to influence the data processing by Quora. You can find more information on how Quora processes your data in its privacy policy. If you want to opt-out, please change the respective settings in your user profile on Quora.

10.7. HubSpot

We use the services of HubSpot (HubSpot Ireland Ltd.) as an integrated software solution for email marketing, contact management, customer support, reporting, and contact forms. HubSpot tracks visitors using browser cookies. Every time a visitor lands on our website, HubSpot will check for an existing tracking cookie. If one does not exist, a cookie will be associated with that visitor and will log every page that person visits moving forward. Visitors will be tracked anonymously until they fill out a form. We use this data to analyze and improve our website and services in order to make them more appealing to you. HubSpot transfers personal data to HubSpot Inc. in the United States; HubSpot Inc. is certified under the EU-US Privacy Shield. Our processing of your personal data is based on Art. 6 par. 1 lit. f) GDPR.

10.8. Facebook

We use the Facebook Customer Audience and Facebook Pixel services on our websites to optimize our advertising offers, provided that you have granted appropriate consent. If you use a Facebook user account, the Facebook Pixel on our web pages can recognize this by the Facebook cookie which is used to transmit the usage data it has collected to Facebook for analysis and marketing purposes. Playing advertising on Facebook pages using the Customer Audience service does not concern users who are not members of Facebook. Our processing is based on Art. 6 par. 1 lit. f) GDPR. If you wish to object to the use of Facebook Pixel, you can set an opt-out cookie on Facebook or disable JavaScript in your browser.

10.9. LinkedIn

Our site uses functions from the LinkedIn network. We use their conversion tracking technology and the retargeting feature on our website. This technology allows visitors to this website to view personalized ads on LinkedIn and create anonymous reports on ad performance and website interaction information. Our processing is based on Art. 6 par. 1 lit. f) GDPR. If you are logged in to LinkedIn, you can deactivate the data collection at any time in your LinkedIn settings.

11. Miscellaneous

We encourage the responsible disclosure of security issues, and will act quickly on any vulnerabilities reported. We will not take legal action against you if you:

12. Changes to this privacy policy

We regularly review our privacy policy. This policy was last updated on 9th July 2021.