CAPIGMA PRIVACY POLICY

Last updated: 01/07/2025

1. INTRODUCTION

1.1 This Privacy Policy (“Policy”) governs the manner in which Admixer Advertising GmbH (“CAPIGMA”, “we”, “us” or “Processor”) collects, accesses, stores, uses, discloses and otherwise Processes Personal Data in connection with CAPIGMA — our cloud-based gateway that allows clients to transmit first-party event data directly to Meta Platforms’ Conversions API. Our service architecture is hosted exclusively in the European Union on Google Cloud Platform and has been engineered to satisfy the most demanding regulatory and technical requirements of modern privacy law.

1.2 This Policy is to ensure that both privacy professionals and business users can readily understand our obligations and your corresponding rights. It incorporates and implements the core principles and mandatory provisions of (i) Regulation (EU) 2016/679 (“GDPR”), (ii) the United Kingdom General Data Protection Regulation (“UK GDPR”), and (iii) the Austrian Data Protection Act 2018 (“DSG”).

1.3 Each client (“Client” or “Controller”) remains the entity that decides the purposes and essential means of the Processing and therefore carries the data-controller obligations imposed by Art. 24 GDPR.

1.4 Any capitalised term not expressly defined in the body of this Policy shall have the meaning assigned to it in section 2 (“Definitions”) or, where applicable, in the GDPR itself. Headings are inserted for convenience and do not affect the interpretation of the text.

2. DEFINITIONS

Client / Controller – The legal or natural person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of Processing Personal Data when using the Service.

Processor / CAPIGMA – Admixer Advertising GmbH, the entity that Processes Personal Data on behalf of, and under the sole instructions of, the Controller.

Personal Data – Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing / to Process – Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Sub-processor – Any third party appointed by or on behalf of the Processor to Process Personal Data on behalf of the Controller in connection with the Service.

Meta – Meta Platforms, Inc., a Delaware corporation headquartered in the United States, which receives event data via the Conversions API as configured by the Controller.

Event Data – Information generated by user interactions on a website or mobile application (e.g. page views, clicks, purchases) that is transmitted via CAPIGMA to Meta.

Hashed Identifiers – End-user contact identifiers (e-mail address, telephone number) that have been transformed using the SHA-256 cryptographic hashing algorithm and are therefore rendered unreadable in their original form.

3. ALLOCATION OF ROLES AND RESPONSIBILITIES

3.1 Under Art. 28 GDPR, CAPIGMA is contractually and operationally limited to the role of a data processor. We do not, at any juncture, decide the ultimate purpose for which end-user data will be employed; our service merely provides the technical conduit that enables the lawful transmission of data from the Controller to Meta.

3.2 Each Client acts as the data controller and therefore must, inter alia:

  • a) designate a suitable legal basis under Art. 6 GDPR (such as freely given, specific, informed and unambiguous consent) for every category of Processing that occurs through the Service;
  • b) provide clear, concise and intelligible privacy notices to affected Data Subjects, expressly disclosing the onward transfer of data to Meta in the United States and the corresponding safeguards in place (e.g. Standard Contractual Clauses);
  • c) supply CAPIGMA with lawful and sufficiently detailed Processing instructions and refrain from instructing the Processor to carry out any operation that would violate applicable Data-Protection Law.

3.3 CAPIGMA undertakes to implement the technical and organisational measures described herein, while the Controller undertakes to configure the Service in a privacy-respectful manner (e.g. disabling unnecessary parameters, respecting user opt-out signals, implementing server-side consent storage).

4. CATEGORIES OF PERSONAL DATA AND RETENTION

  • Event Data – Time-stamped records of user interactions such as page_view, add_to_cart and purchase. These data are retained in raw form for a maximum of ninety (90) days solely to facilitate deduplication, event quality analytics and troubleshooting before being aggregated or irreversibly anonymised.
  • Hashed Identifiers – E-mail addresses and telephone numbers converted using SHA-256 hashing in accordance with Meta Advanced Matching requirements. These identifiers are stored for the same 90-day period as Event Data and are never maintained in plain-text form.
  • Technical Logs – IP addresses, user-agent strings and server error traces generated by Google Cloud infrastructure. Such logs are indispensable for security forensics and performance monitoring and are therefore retained for twelve (12) months.
  • Meta Access Tokens – Short-lived OAuth access credentials used to authenticate API calls to Meta. Each token carries an internal time-to-live (TTL) of thirty (30) days, after which it is purged or replaced automatically.
  • Account Data – Controller-side administrative data (login credentials, service settings, billing profile). Account Data is retained for the duration of the subscription and for an additional one (1) year post-termination to accommodate potential audits, chargebacks or dispute resolution.
Retention:
  • Event Payloads: not stored; transmitted in transit only.
  • Technical Logs: retained indefinitely (or for a shorter period if required by the Controller or law).
  • Meta Access Tokens: stored for up to thirty (30) days after dataset-quality functionality is activated; not stored before that.
  • Account Data: term of the Agreement + one (1) year.

5. PURPOSES OF PROCESSING AND LEGAL BASES

5.1 CAPIGMA Processes the foregoing categories of Personal Data exclusively for the following, tightly-defined purposes:

  • a) to receive, deduplicate, hash and securely forward Event Data to Meta on the Controller’s behalf, thereby enabling accurate advertising attribution and campaign optimisation;
  • b) to furnish the Controller with intuitive dashboards, aggregated reports and CSV exports that facilitate campaign analysis, conversion tracking and compliance monitoring;
  • c) to maintain, secure, patch and enhance the Service architecture, including performing root-cause analysis on system anomalies and implementing performance improvements;
  • d) to manage contractual, billing and customer-support relationships with the Controller, including incident ticketing and invoice issuance.

5.2 The Processing carried out by CAPIGMA rests on Art. 6 (1)(b) GDPR (Processing necessary for the performance of a contract) in combination with Art. 28 GDPR (processor mandate). CAPIGMA undertakes not to engage in any independent enrichment, profiling or marketing exploitation of the Personal Data entrusted to it.

6. PROCESSING INSTRUCTIONS AND LEGAL COMPLIANCE

6.1 CAPIGMA adheres to a “strict instruction” regime. Binding instructions may be conveyed only through (i) the Service’s configuration interface, which records all changes in an immutable audit log, or (ii) duly executed written agreements (e.g. the Master Subscription Agreement, Terms & Conditions, or a tailored Data Processing Addendum).

6.2 Where CAPIGMA becomes aware that a Client instruction is manifestly unlawful or would lead to non-compliance with EU, UK or Austrian Data-Protection Law, we will (i) promptly inform the Controller of the illegality, and (ii) suspend the relevant Processing operation until the instruction is amended or confirmed lawful in writing.

7. INTERNATIONAL DATA TRANSFERS

7.1 All primary hosting is confined to the European Union (multi-regional Google Cloud data centres). Physical or logical replication outside this zone is technically disabled.

7.2 By the very nature of the Conversions API, Event Data is transmitted to Meta Platforms, Inc. located in the United States. Accordingly, the Controller is obliged to execute the latest version of the Standard Contractual Clauses adopted by the European Commission (and, where the UK GDPR applies, the UK International Data Transfer Addendum) with Meta, and to list this transfer decisively in its own privacy notice.

7.3 Where CAPIGMA engages Sub-processors that operate or store data outside the EEA or UK, CAPIGMA itself will execute SCCs or the UK Addendum as the exporting party and will furnish evidence of such safeguards upon reasonable request.

8. DATA RETENTION, DELETION AND EXPORT

8.1 Upon reaching the end of the retention intervals listed in section 4, Personal Data is automatically and irreversibly anonymised or deleted using cryptographic erasure and secure overwrite protocols certified by Google Cloud.

8.2 Within thirty (30) days of account termination, the Controller may request a final structured data export (CSV format). CAPIGMA will honour such a request once per account free of charge; subsequent or ad-hoc exports may be subject to a reasonable service fee.

8.3 Residual copies that remain in system backups are automatically purged in accordance with Google Cloud lifecycle policies and are inaccessible to operational personnel during the interim.

9. TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

CAPIGMA maintains an industry-leading security framework that blends robust technical safeguards with disciplined organisational controls:

  • 9.1. All inbound and outbound data flows are protected by TLS 1.3 with Perfect Forward Secrecy, while data at rest is encrypted with AES-256 using keys managed in Google Cloud KMS.
  • 9.2. Identifiers are hashed using SHA-256 prior to any persistent storage or external transmission, ensuring that CAPIGMA can never reconstruct clear-text contact data.
  • 9.3. Workloads run inside private VPCs with firewall rules enforcing least-privilege egress; administrative access requires multi-factor authentication and is logged to a tamper-evident SIEM.
  • 9.4. Automated pipelines track upstream CVE disclosures and deploy patches or mitigation within commercially reasonable time frames.
  • 9.5. All employees with production access sign strict confidentiality agreements and undergo annual GDPR and information-security training. Periodic penetration tests and ISO 27001- aligned audits underpin our control environment.
  • 9.6. An incident-response playbook ensures detection, containment and remediation within defined SLAs, with the Controller receiving written notification of any Personal-Data Breach within 72 hours of discovery.

10. SUB-PROCESSORS

CAPIGMA employs a limited and transparent sub-processor chain:

Sub-processor Purpose Primary Location Transfer Safeguard
Google Cloud Platform Infrastructure hosting,
storage, backups 		EU Controller-to-Processor SCC,
ISO 27001
Gmail SMTP
(Google Workspace)		 Transactional and system e-mail delivery EU / EEA Controller-to-Processor SCC
Stripe Payments
Europe Ltd		 Automated subscription
billing (future)		 EU & USA Controller-to-Processor SCC
+ UK Addendum

You give CAPIGMA written permission to use the listed sub-processors under Article 28(2) GDPR. CAPIGMA will give at least thirty (30) days’ prior notice of any intended addition or replacement, thereby giving the Controller an opportunity to raise reasoned objections.

11. DATA-SUBJECT RIGHTS AND COOPERATION

11.1 Where CAPIGMA receives a request directly from a Data Subject (e.g. access, deletion, rectification), CAPIGMA shall not act on that request except to (i) acknowledge receipt and (ii) forward the request to the relevant Controller without undue delay.

11.2 CAPIGMA will assist the Controller in fulfilling Data-Subject requests by providing diligent cooperation, including the execution of data-export queries or targeted erasure commands, provided such assistance is technologically feasible and not disproportionate.

11.3 All assistance is rendered free of charge unless a request is manifestly unfounded or excessive, in which case the Controller may be invoiced a reasonable administrative fee.

12. DATA-PROTECTION OFFICER (DPO)

An internal assessment confirms that CAPIGMA’s core activities do not consist of large-scale, systematic monitoring or processing of special-category data. Consequently, the appointment of a formal Data-Protection Officer under Art. 37 GDPR is not obligatory. Nevertheless, privacy enquiries are welcomed at privacy@capigma.com, where they will be handled by our dedicated Legal & Compliance Team.

13. POLICY AMENDMENTS

CAPIGMA reserves the right to amend this Policy to reflect evolving legal requirements, technical innovations or Service enhancements. Any material amendment will be communicated to the Controller via e-mail and/or in-app notification at least thirty (30) days prior to its entry into force. Continued use of the Service after such notice period constitutes acceptance of the revised Policy.

14. GOVERNING LAW AND JURISDICTION

This Policy, and any non-contractual obligations arising out of or in connection with it, shall be governed by and construed in accordance with the laws of the Republic of Austria, without regard to its conflict-of-law principles. All disputes, controversies or claims arising under, out of or relating to this Policy shall be submitted to the exclusive jurisdiction of the Handelsgericht Wien (Commercial Court of Vienna).