Privacy Policy

Introduction 

During your use of the website https://acumen.me/ (hereafter referred to as the “Website”), we may require you to provide us with personal data about yourself, in order for you to be able to use our services.  

The purpose of this privacy statement is to tell you more about how we process your personal data. 

Who is the Data Controller? 

Acumen acts as a data controller when we are: 

  • Collecting information from you to set up and administer your Hootsuite account (for example, Account information such as your name and email address); 
  • Monitoring usage information on our website; 
  • Managing your contact and other related information to send marketing, Services, and other communications to you; 
  • Responding to a support or general inquiry; and 
  • Recruiting individuals for job opportunities. 

Legal Bases for Processing when Acumen is Controller 

The legal bases for processing information about you include: 

  • Your consent (for example, when you have provided your information to sign up for an account or for a webinar; or you have provided your employment history when applying for a job). Where we rely on your consent to process personal data, you have the right to withdraw your consent at any time. 
  • It is necessary to perform a contract (for example, we may need your information to fulfil our obligations of providing Services to you under the terms relevant to the Services you have acquired). 
  • Legitimate interest (for example, to provide, maintain and improve the Services for you, to maintain the security of the Services, and to attract new customers to maintain demand for the Services, all of which are described in the “Why do we process your personal data” section of this document). 
  • In some cases, we may have a legal obligation to process your personal data to comply with relevant laws (for example, processing payroll and tax information to comply with relevant employment and tax legislation); or processing is necessary to protect your vital interests or those of another person (for example, obtaining health-related information during a medical emergency). 

Acumen as a Data Processor 

Where you are using our Services and making decisions about the personal data that is being processed in the Services (including managing your alert queries, selecting the Social Network accounts and data sources you wish to connect to the Services, staging + scheduling content, or exporting collected mentions or reports for the purposes of further processing), you are acting as a data controller and Acumen is acting as a data processor. 

There are certain obligations under the GDPR that you have as a data controller, including being responsible for managing Content on the Services. As a data processor, Acumen will only access and process Content to provide you with the Services in accordance with your instructions (which you provide through the Services), the Terms of Service, the Social Networks’ terms, and applicable laws. As part of delivering the Services, we may process Content to further improve the Services, such as enhancing usability and developing new features. 

If you, as a data controller, require Acumen to agree to data protection requirements under Article 28, GDPR, or under UK data protection laws, Acumen makes available a data processing addendum that meets these requirements. Please email your customer details (organisation name and plan information) with your request to our data protection officer at [email protected] 

If you are using the Services as an authorised user of a Acumen client (whether that client is your employer, another organisation, or an individual), that client determines its own policies (if any) regarding storage, access, modification, deletion, sharing, and retention of personal data and Content, which may apply to your use of the Services. Please check with that client about the policies and settings it has in place. 

Your GDPR Rights when Acumen is a Data Controller 

Under GDPR, Acumen is obliged to provide you with the following rights: 

  • The right to be informed about how your personal data is collected and used 
  • You have an unconditional right to object to processing for the purposes of direct marketing. You also have the right to object to processing your personal data, however Acumen may continue to process your data on legitimate grounds or to defend our rights before the court. 
  • If you have supplied us with your personal data and the processing of your personal data is based on the performance of a contract with you or pre-contractual measures undertaken at your request, you have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format in order to be able to forward this to another service provider if this is technically possible and can be performed by automated means. 
  • At any time, you can submit a complaint to the supervisory authority if you feel that our processing is being performed in violation of the applicable data protection law. Please note that you are still cordially invited to contact us in such a case. 
  • You have the right to restrict the processing of your personal data in certain cases defined in Article 18 of the GDPR. 
  • You have the right to demand that your personal data be deleted and to prohibit any future collection 
  • Right of rectification: you have the right to rectify any of your personal data which is inaccurate, incomplete or outdated at any time. 
  • Under Article 15 of GDPR, you have the right to request a copy of your personal data which are processed by Acumen in the situation that it is acting as data controller, as well as any other relevant information, such as a list of controllers your data may have been transferred to when Acumen behaves as a data processor. 

CCPA Rights 

If you are a consumer as defined in the California Consumer Privacy Act (CCPA), the following provisions apply to you. Definitions of terms are set out in the CCPA. 

Under the CCPA, you may have the following specific rights: 

  • The right to know about the personal information collected about you, which we have set out in our Privacy Policy under “what personal data do we process.” 
  • The right to have your personal information erased 
  • The right not to be discriminated against for exercising consumer rights under the CCPA. 

You may exercise your rights by emailing us at [email protected]. If your organisation requires a CCPA addendum, please email us your customer details (organisation name and plan information) with your request. 

While we disclose personal information to service providers for the purpose of managing our relationship with you (e.g. distributing marketing communications) and providing the Services, we do not sell your personal information. 

How do we process personal data? 

In this section, you can learn more about the personal data we process and why, the manner in which it is collected, the processing activities involved, the persons with whom we share the data, including information concerning the transfer of personal data outside the EU/EEA and the length of time for which we store your data. 

2.1. What personal data do we process? 

Personal data is defined as any data which makes it possible to identify an individual. The types of personal data we process are the following: 

  • Your name and contact details, such as your email address, telephone number, location, job title and information about the company you represent and any agreements you have made with us, either in your own name or on behalf of your company; 
  • Your account details, including the username / user ID, the password in encrypted form, information about unique identifiers such as API tokens, the profile photo, the biography and information concerning other social media profiles (such as Facebook, Twitter, LinkedIn, Skype or Google accounts) which you have linked to your user account; 
  • Personal and professional preferences including interests, subscriptions and language settings; 
  • Information about the browser, for example the browser type and version, any website from which you have been referred, the time zone from which you are visiting us; the pages you have visited on our Website; your IP address and an approximate estimate of your location based on your IP address; information concerning your activity on the web or your interaction in the emails we send you; information about your use of our services. 
  • Transaction-related data (including bank details and data related to your bank card and invoices, etc.) 

2.2. Why do we process your personal data? 

In this subsection, we describe when and why we process your personal data. Your data is processed for one or several end purposes. Each end purpose is associated with a legal basis and its corresponding data retention period. Please see the list below. Under no circumstances will your personal data be used in any manner which is incompatible with the end purposes for which it was collected. 

End purpose  Legal basis  Data retention period 
The provision of our services available on our Website (access to our various functions and features, the creation and administration of your account, the processing of your contact details for the making or finalisation of any agreement with you or your company, the billing of professional assistance services and training services).  The implementation of the contract we have signed with you or your company.  Once you have created an account on our Website, your data will be stored for the lifetime of your account plus an additional period of 3 years from the date your account is deleted. Your data may nevertheless be archived for evidential purposes for a period of 5 years. Concerning your bankcard data, this is stored by our payment services provider for the lifetime of your account. Data concerning the card security code or CVV2, shown on your bank card is not stored. 
Compilation of invoices  Legal and accountancy-related obligations  Stored for a period of 10 years. 
Improvements to our services (generating statistics and analysing how you use our services, doing market research and customer satisfaction surveys, obtaining feedback from you)  Legitimate interest  Your data will be stored for 2 years following the deletion of your account. 
Facilitating the use of the Website (including by testing, carrying out breakdown repairs, correcting bugs and modifying the interface, to ensure that you can easily access the information you’re looking for or by highlighting popular functions and features)  Legitimate interest  The data is stored for 3 years from the date of your last active contact. 
Direct marketing (sending our customers general information and marketing messages about our services)  Legitimate interest  The data is stored for 3 years from the date of your last active contact. 
Sending demos to our B2B prospects  Pre-contractual actions undertaken at your request  The data is stored for 3 years from the date of your last active contact. 
Sending sales and business-related messages  Legitimate interest  The data is stored for 3 years from the date of your last active contact. 
Receiving your applications for our job vacancies  Legitimate interest  The data is stored for 2 years from the date of the last contact with the unsuccessful candidate. 
Creating a database of existing and prospective customers  Legitimate interest  If you’re a customer, the data is stored for the lifetime of the business relationship and is deleted upon expiry of a 3-year period following the end of the business relationship. For prospective customers, the data is stored for 3 years from the date of your last active contact. 
Responding to your requests for information  Legitimate interest  The data is stored for the time required to process your request for information and deleted once the request for information has been processed. 
Managing requests to exercise rights  Legitimate interest  If we request proof of identity from you: we only store it for the time needed to verify your identity. Once the verification is complete, the item of proof in question will be deleted. If you exercise your right of objection concerning the use of your data for prospection: we will store this information for 3 years. 

2.3 Who Has Access to Your Personal Information? 

Employees and Authorised Contractors 

Our employees and authorised contractors may need to access information about you when they require this information to perform their job. For example, a customer support representative would need access to your account to validate your identity and respond to your question or request; our email communications team would need access to your contact information to ensure this information is sent correctly and any unsubscribe requests are properly managed; and our security staff would need to review information to investigate attempted denial of service attacks, fraudulent account activity, or other attempts to compromise the Services. 

All our employees and contractors are required to agree to maintain the confidentiality and protect the privacy of your information, and their access is restricted to that which is necessary to perform their duties. Audits are conducted to ensure that employees who no longer require access to a given data set or tool are restricted from access as per our Security Policy. 

Service Providers, Authorised Resellers, and Partners 

If you use services supplied by our partners where those services are incorporated into our own services, our partners will have access to your personal data. Similarly, following your free trial, your personal data may be forwarded to our resellers so that you may be referred to the appropriate contacts according to your location. Our list of resellers may be viewed here. Personal data collected by our partners and resellers is covered by their own personal data processing conditions and policies. 

Successor and Affiliated Entities 

Your personal data may be transferred or divulged to a buyer or potential buyer in the event of the sale or transfer of all or part of our activities or assets, in as far as this is allowed and in compliance with the applicable data protection laws. 

Social Networks and Third-Party Services 

We use third-party service providers to manage certain aspects of our business operations. We share personal data with these third parties concerning the IT infrastructure, the operation and hosting services, market research and communications, financial and payment services, customer services and IT services such as IT support, maintenance and development. 

Network Personnel and the General Public 

If you choose to publish your personal data when using our services, for example when sending content, replying to tweets or messages or entering messages in other people’s comment boxes, you are making this information visible to the general public. If your email address is used to send newsletters or to publish on social media accounts, it will become visible to the recipients of those newsletters. 

Professional Advisors and Security Auditors 

For security purposes, we can share your personal data when this is required by law, to protect you or our clients or to ensure the security of our services. 

We also use professional advisors, including lawyers and accountants, and may be required to disclose information about you when engaging them for their services and as necessary for audits, financial and other regulatory reviews. 

2.4. Transferring your personal data outside the EU/EEA
 

Under the General Data Protection Regulation (GDPR) and other data protection laws, information about you may only be transferred from your region to other regions if certain requirements are met. For instance, under the GDPR, information about you may be transferred from the European Economic Area (EEA) to outside the EEA if adequate data protections are in place. Your data is stored on the servers located at OVH, Scaleway and AWS (EU) for the whole duration of the processing. 

Depending on the region personal data may be transferred to, we employ the following controls + restrictions to ensure the safeguard of data transfers. 

 

Transfers to Regions outside the EU designated as not offering a suitable level of protection: 

  • We have concluded a contract with the data recipient that the data is transferred to that includes the standard contractual clauses, which bind the company to ensure an adequate level of protection 
  • We require the data recipient to sign a supplementary measures clause via contract that ensures they have put in place other appropriate guarantees under the terms of the personal data protection regulations 

3.Security measures 

We have taken a number of security measures to guarantee the security of the personal data we store. For example, access to areas in which personal data is stored is limited to only those of our employees and service providers who need it in the performance of their duties, and who are informed of the importance of ensuring the security and privacy of the personal data we store. We maintain appropriate guarantees and security standards to protect your personal data against any access, disclosure or unauthorised or ill-intentioned use. We also monitor our systems to detect any vulnerabilities, to protect your personal data. We invite you to consult our security policy for further information. 

  1. Your rights

4.1 Rights of access and rectification 

  • Right of access: you have the right to access all of your personal data at any time. 
  • Right of rectification: you have the right to rectify any of your personal data which is inaccurate, incomplete or outdated at any time. 

4.2. Right to deletion 

You have the right to demand that your personal data be deleted and to prohibit any future collection 

4.3. Right to restriction of processing 

You have the right to restrict the processing of your personal data in certain cases defined in Article 18 of the GDPR. 

4.4. Right of objection 

You have the right to object to the processing of your personal data. Please note however that we may continue processing the said data despite this objection on legitimate grounds or to defend our rights before the courts. 

Your personal data will not be processed for purposes related to direct marketing if you object to such processing. 

4.5 Right to personal data portability 

If you have supplied us with your personal data and the processing of your personal data is based on the performance of a contract with you or pre-contractual measures undertaken at your request, you have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format in order to be able to forward this to another service provider if this is technically possible and can be performed by automated means. 

4.6. Right to submit a complaint to a relevant supervisory authority 

At any time, you can submit a complaint to the supervisory authority if you feel that our processing is being performed in violation of the applicable data protection law. Please note that you are still cordially invited to contact us in such a case. 

4.7. Point of contact for personal data matters
 

You can exercise your rights by writing to us at the addresses shown below. When you do so, we may ask you to provide us with additional information or documents to prove your identity. 

Contact email address: [email protected] 

Contact postal address: 3905 Platinum Tower, Cluster I, JLT, Dubai, UAE 

  1. Modifications

We can modify this policy at any time, including in order to ensure that we comply with any changes in regulations or case law, or editorial or technical changes. These modifications will apply on the date on which the modified version becomes effective. You are therefore invited to regularly consult the latest version of this policy.