Akeero Technologies Ltd. (“Akeero”, “us”, “we”, or “our”) operates the akeero.com website (“Site”) and the Akeero web application (“Service”), collectively known as “Services”.
To support delivery of our Services, Akeero may engage and use data processors with access to certain Customer Data (individually, a “Subprocessor”).
This page provides important information about the identity, location and role of each Subprocessor. Terms used on this page but not defined have the meaning set out in the Terms of Service and Data Processing Addendum.
Akeero currently uses third-party Subprocessors to provide infrastructure and security services and to help us provide customer support and email notifications. Prior to engaging any third-party Subprocessor, Akeero performs due diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.
Akeero may use the following Subprocessors to host Customer Data or provide other infrastructure and security functions that help with delivery of our Services:
Akeero may use the following Subprocessors to perform other Service functions:
As our business grows and evolves, the Subprocessors we engage may also change. Please check here regularly for updates.
The data exporter and the data importer, as defined under the Akeero Data Processing Addendum, or any other agreement or addendum effectively governing the processing of personal data by the data importer on behalf of the data exporter, including all annexes, exhibits and appendices thereto (“DPA”), each a “party“; together the “parties“, have agreed on the following Contractual Clauses (“Clauses“) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) ‘the data exporter’ means the controller who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law‘ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely Ireland.
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
(i) established in a jurisdiction recognised by the European Commission (or, if the data exporter is established in the UK, then recognized by the relevant authorities in the UK) as providing an adequate level of protection for personal data, the terms of the DPA concerning transfers of personal data to other countries shall apply, such that these Clauses will apply solely on onward transfer of the imported data to monday.com Ltd.’s sub-processors that are located in a jurisdiction not recognised by the European Commission as providing an adequate level of protection for personal data; or
(ii) established in a jurisdiction not recognised by the European Commission as providing an adequate level of protection for personal data, monday.com Ltd. shall be the data importer for the purposes of these Clauses.
transfer of personal data immediately. The data exporter shall not be required to provide such notice in instances where it considers there is a material risk of harm to data subjects or their personal data. Notwithstanding any other terms in this Section F, in the event these Clauses cease to be an appropriate safeguard for the transfer of the personal data in accordance with the applicable data protection law by virtue of a binding decision by a competent supervisory authority, the terms of the DPA concerning modifications necessary pursuant to legislative and regulatory changes shall apply.
The data exporter is the entity identified as “Customer” or “Controller” in the DPA.
The data importer is Akeero Technologies Limited, a provider of web services, and/or its subprocessors (as such term is used in the DPA), as determined by Akeero Technologies Limited in accordance with the terms of the DPA concerning cross-border data transfers.
The personal data transferred concern the categories of data subjects as described in the DPA.
The personal data transferred concern the categories of data as described in the DPA.
The personal data transferred will be subject to the basic processing activities defined in Annex 1 of the DPA.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The technical and organisational security measures implemented by the data importer are as referenced in the DPA and described in the Akeero Trust Centre.
This data processing addendum (DPA) generally is a part of the Terms of Service (ToS) between Customer and Processor (Terms of Service). In the absence of an executed Terms of Service this DPA shall act as a standalone data processing agreement. In such a case any reference to Terms of Service in this DPA shall be construed as reference to the existing contractual arrangement that applies between Parties pursuant to which the Service Provider has agreed to process Personal Data on behalf of Customer.
This DPA is effective as of the date last signed.
(1) Customer; and
(2) Akeero Technologies Limited, a company incorporated in Ireland with company number 678048 whose registered office is at Suite J, 2100 Avenue 2000, Cork Airport Business Park, Co. Cork, Ireland (hereinafter referred to as Akeero, Processor or Service Provider),
individually referred to as a Party and together as Parties.
NOW THEREFORE THE PARTIES AGREE AS FOLLOWS:
1.1 In the event of conflict or inconsistency between this DPA and any of the terms and conditions of the Terms of Service, including any in respect of the protection of personal data, this DPA will be given precedence, unless otherwise set out herein.
1.2 In this DPA, unless otherwise defined, all capitalised words and expressions shall have the following meaning:
Customer Personal Data means any Personal Data Processed by Processor on behalf of Customer pursuant to or in connection with the Terms of Service and this DPA.
The terms Controller, Processor, Data Subject, Personal Data, Processing, Supervisory Authority shall have the meaning given to them in the GDPR.
If the Processor is unable to communicate all information relating to the Personal Data Breach simultaneously, the Processor shall provide the information as soon as the information becomes available.
The Processor shall not do any notification, statement, communication, press release or other public announcement relating to a Personal Data Breach without prior consultation and written consent of Customer.
Subject to any Section of the DPA and/or the Terms of Service dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Processor will Process Personal Data pursuant to the DPA and Terms of Service for the duration of the Agreement, unless otherwise agreed upon in writing.
Customer may submit Personal Data to the Service, the extent of which is determined and controlled by Customer in its sole discretion.
Customer may submit Personal Data to the Service which may include, but is not limited to, Personal Data relating to the following categories of Data Subjects:
Akeero uses certain monitoring and tracking technologies, such as cookies, beacons, pixels, tags, and scripts (collectively, “Cookies”). These technologies are used in order to provide, maintain, and improve our website and platform (the “Services”), to optimise our offerings and marketing activities, and to provide our visitors, customers and users (“you”) with a better experience (for example, in order to track users’ preferences, to better secure our Services, to identify technical issues, and to monitor and improve the overall performance of our Services).
For more information about our general privacy practices, please visit our Privacy Notice.
Cookies are small text files that are stored through the browser on your computer or mobile device (for example, Google Chrome or Safari). They allow websites to store information like user preferences. You can think of Cookies as providing a so-called memory for the website, so that it can recognise you when you come back, and respond appropriately. Cookies are typically classified as either “session cookies” which are automatically deleted when you close your browser or “persistent cookies” which will usually remain on your device until you delete them or they expire.
Akeero uses several different types of Cookies on our website and platform:
This type of Cookie helps us to secure and better manage the performance of our Services, and remembers your preferences for features found on the Services, so you don’t have to re-set them each time you visit.
Every time you visit our Services, the analytics tools and services we use generate Cookies which can tell us (so long as they are allowed and not deleted) whether or not you have visited our Services in the past, and provide additional information regarding how visitors and users use our Services (such as how many visitors we have on a certain landing page, how often they visit, or where users tend to click on our Services). Your browser will tell us if you have these Cookies and, if you don’t but do allow new Cookies to be placed, we will typically generate and place new ones.
When you register and sign into our Services, we generate Cookies that let us know whether you are signed in or not, and maintain your login session.
Our systems use these Cookies to work out which account on our Services you are signed into and if you are allowed access to a particular area or feature on such account.
While you are signed into our Services, we combine information from your Registration Cookies with Analytics Cookies, which we could use to learn, for example, which pages you have visited.
These Cookies allow us to know whether or not you’ve seen an ad or a type of ad online, how you interacted with such an ad, and how long it has been since you’ve seen it.
We also set Cookies on certain other sites that we advertise on. If you receive one of those Cookies, we may use it to identify you as having visited that site and viewing our ad there, if you later visit our Services. We can then target our advertisements based on this information.
On some pages of our Services, other organisations may also set their own Cookies. They do this to enable and improve the performance and interoperability of their applications, features or tools that are integrated with our Services, to track their performance, or to customise their services for you.
All modern web browsers allow you to change your Cookie settings. You can usually find these settings in the ‘Options’ or ‘Preferences’ menu of your browser. In order to understand these settings, the following links to ‘cookies’ help pages may be helpful or you can use the ‘Help’ option in your browser for more details.
In addition, on your mobile device (e.g., iPhone, iPad or Android phone), you can change your device settings to control whether you see online interest-based ads.
To find out more about Cookies and their use on the Internet, you may find the following websites useful:
Some web browsers may transmit “Do Not Track” signals to websites with which the browser communicates, telling the website not to follow its online movements. Because of differences in how web browsers interpret this feature and send those signals, and lack of standardisation, it is not always clear whether visitors and users intend for these signals to be transmitted or whether they are even aware of them. Therefore, as many other reputable websites and online platforms, we currently do not respond to such “Do Not Track” signals.
Akeero Technologies Ltd. (“Akeero”, “us”, “we”, or “our”) operates the akeero.com website (“Site”) and the Akeero web application (“Service”), collectively known as “Services”.
This page informs you (“You”, “Visitor” or “User”) of our policies regarding the collection and use of personal data when you use our Services and the choices you have associated with that data.
We use your data to provide and improve the Services. By using the Services you agree to the collection and use of information in accordance with this notice. Unless otherwise defined in this Privacy Notice, terms used in this Privacy Notice have the same meanings as in our Terms of Service (ToS) and Data Processing Addendum (DPA).
While using our Services, we may ask you or your data controller to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personal Data may include, but is not limited to:
We may also collect information that your browser sends whenever you use our Services (“Usage Data”).
This Usage Data may include information such as your computer’s Internet Protocol address (i.e. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Services by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, however, most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or to block or remove cookies altogether.
The legal basis for the processing of the above information is consent. Akeero uses the collected data for various purposes:
Akeero does not claim ownership of the Customer Data or personally identifiable data provided during the operation of the Services. Akeero may, however, utilise anonymous usage statistics and performance metrics to improve and administer the Services, for Akeero’s internal use and other lawful purposes. Such data may include, without limitation, the number of records held in the Services, the number and types of transactions, configurations, reports processed in the Services and the performance results for the Services. Nothing herein shall be interpreted as prohibiting Akeero from utilising the aggregated statistics for the purposes of operating Akeero’s business, provided that Akeero’s use of aggregated statistics will not reveal the identity, whether directly or indirectly, of Customer, any individual or any specific data entered by Customer or any individual into the Services.
We engage in service and promotional communications through e-mail, phone, SMS and notifications.
We may contact you with important information regarding our Service. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Service, billing issues, service changes, log-in attempts or password reset notices, etc. Please note that you will not be able to opt-out of receiving certain service communications which are integral to your use (like password resets or billing notices).
We may also notify you about new features, additional offerings, events and special opportunities or any other information we think our Users will find valuable. We may provide such notices through any of the contact means available to us (e.g. phone, mobile or e-mail), through the Service, or through our marketing campaigns on any other sites or platforms. If you do not wish to receive such promotional communications, you may notify Akeero the time by following the “unsubscribe”, “stop”, “opt-out” or “change e-mail preferences” instructions contained in the promotional communications you receive.
Security is at the heart of Akeero. We have applied organisational and technical security measures to safeguard and prevent unauthorised access to your data, and take all steps reasonably necessary to protect your data in accordance with the GDPR, other applicable laws, and security best practice. You can read more about this on our Trust Centre.
Akeero may disclose your personal data to the following categories of third party recipients:
When we transfer personal data from the EEA to other countries, we rely on the lawful transfer mechanisms in the GDPR, such as the “adequacy decisions” made by the European Commission (e.g. the decisions deeming the UK and Israel as providing an adequate level of protection to personal data originating from the EEA), and the EC Standard Contractual Clauses.
We store your data in multiple locations around the world, for as long as necessary in accordance with our reasonable business needs (as necessary for the performance of our Services or for supporting and exercising our legitimate interests); and in accordance with our legal obligations.
We and our authorised Service Providers (defined below) maintain, store and process Personal Data in Ireland and the United States, and other locations as reasonably necessary for the proper performance and delivery of our Services, or as may be required by law.
Notwithstanding the foregoing, Personal Data may only be processed in such locations as permitted in our Data Processing Addendum and any other commercial agreements with a Customer.
We will retain your Personal Data for as long as it is reasonably necessary in order to maintain and expand our relationship and provide you with our Service and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy.
Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your Personal Data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you. If you have any questions about our data retention policy, please contact us by email at privacy (at) akeero.com.
We share your data (and your feedback) with our Service Providers; within our group; in accordance with legal compliance and amongst Users on your projects.
In exceptional circumstances, we may disclose or allow government and law enforcement officials access to your Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect the security or integrity of our products and services.
We may engage selected third party companies or individuals to perform services complementary to our own. Such service providers may include providers of Third Party Solutions (as defined in the Terms of Service) such as hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session or activity recording services, remote access services, performance measurement, data optimisation and marketing services, social and advertising networks, content providers, e-mail, voicemails, support and customer relation management systems, resellers, distributors and providers of professional services related to our Service, and our legal, compliance and financial advisors (collectively, “Service Providers“).
Our Service Providers shall be deemed as ‘Data Processors’ in circumstances where Akeero assumes the role of ‘Data Controller’; and where Akeero acts as the Data Processor for our Customer, the Service Provider shall be deemed our ‘Sub-Processor’ (as further described below). A list of Akeero’s Sub-Processors is available here.
We may share your Personal Data with the Customer owning the Account to which you are subscribed as a User (including data and communications concerning your User Profile). In such cases, sharing such data means that the Account’s Admin(s) may access it on behalf of the Customer, and will be able to monitor, process and analyse your Personal Data. This includes instances where you may contact us for help in resolving an issue specific to a team of which you are a member (and which is managed by the same Customer).
Any other Customer Data or other content submitted by you to Projects may still be accessed, copied and processed by the Customer’s Admin(s). Your User Profile and User Data will also be made available to all the authorised Users who can view the same Project(s) as you. Please note that Akeero is not responsible for and does not control any further disclosure, use or monitoring by or on behalf of the Customer, that the Customer itself acts as the “Data Controller” of such data.
If you register or access the Service using an e-mail address at a domain that is owned by your employer or organisation (our Customer), and another team within such Customer’s organisation wishes to establish an account on the Service, certain information about you including your name, profile picture (if supplied), contact info and general use of your account may become accessible to the Customer’s Admins and Users.
If you submit a public review or feedback, note that we may (at our discretion) store and present your review to other users of our Sites and Service (including other Customers). If you wish to remove your public review, please contact us or contact your Customer Success representative.
Our Sites include public blogs or forums, such as Akeero Community. Any information you submit on these forums, blogs and communities – including profile information associated with the Account you use to post the information – may be read, collected, and used by others who access these Sites. Due to the nature of such public forums, your posts and certain profile information may remain visible to all even after you terminate your Account. To request removal of your information from publicly accessible Sites operated by us, please contact us or contact your CUstomer Success representative. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.
We may share your Personal Data with others if we believe in good faith that this will help protect the rights, property or personal safety of Akeero, any of our Users or Customers, or any members of the general public.
For the avoidance of doubt, Akeero may share your Personal Data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. We may transfer, share or otherwise use non-personal data at our sole discretion and without the need for further approval.
Individuals have rights concerning their Personal Data. You may exercise your rights by contacting us or your Customer Success representative.
You may exercise any of the rights described in this section by emailing privacy(at)akeero.com or your Customer Success representative. We endeavour to respond to all requests as quickly as possible, however, it may take up to 30 calendar days from your initial communication for our team to process your request completely.
You have a right to get access to the personal data that we process about you and receive more information about the processing of your data. This also enables you to receive a copy of the personal data we hold about you.
Where processing is based on consent please note that you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You have a right to rectification of inaccurate personal data and to update incomplete information.
You have a right to request us to restrict the processing of your personal data.
You have the right, under certain circumstances, to request the deletion or removal of your information from our systems
You have a right to data portability. You can request to transfer the personal data to a third party you have chosen in a structured, commonly used, machine-readable format. This right only applies to automated information for which you initially provided consent.
You also have the right to object to certain types of processing, for example when the legal ground for the processing of your personal data is our legitimate interest.
We do not knowingly collect Personal Data from children and do not wish to do so. If we learn that a person under the age of 16 is using the Services, we will attempt to prohibit and block such use and will make our best efforts to promptly delete any Personal Data stored with us with regard to such child. If you believe that we might have any such data, please contact us by email at privacy (at) akeero.com.
Although we hope you will give us the chance to listen and address your concerns before you approach a data protection authority, if you are a GDPR-protected individual, you have the right to make a complaint regarding Akeero’s processing of your personal data to the Irish Data Protection Commissioner, or your local Data Protection Authority.