Acapulco Privacy Policy

Rhenso GmbH

Version Acapulco. Release Date 21.04.2022

1 Information about the processing of personal data


We inform you about the processing of personal data when using our Software.

Personal data are all data that can be related to you personally, e.g. name, address, telephone number or e-mail addresses. For this privacy policy the act of processing means any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller according to the EU General Data Protection Regulation (GDPR) is Rhenso GmbH, Wilhelm-Leuschner-Str. 41, 60329 Frankfurt am Main, You can contact our data protection officer at or Rhenso GmbH, Data Protection Officer, Wilhelm-Leuschner-Str. 41, 60329 Frankfurt am Main, Germany.

2 Your rights


You have the following rights under the GDPR regarding your personal data:

  • Right of access, Art. 15 GDPR
    You may request information about the processing of your personal data and a copy of the personal data undergoing processing insofar as such copy does not adversely affect the rights and freedoms of others.

  • Right to rectification, Art. 16 GDPR
    You may request correction of your personal data that is inaccurate and/or completion of such data which is incomplete.
    Right to erasure, Art. 17 GDPR
    You may request deletion of your personal data, in particular where (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you objected to the processing and there are no overriding legitimate interests for the processing, (iii) your personal data has been unlawfully processed or (iv) your personal data has to be erased for compliance with a legal obligation to which we are subject. The right to erasure, however, does not apply in particular where the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

  • Right to restriction of processing, Art. 18 GDPR
    You may request restriction of processing (i) for the period in which we verify the accuracy of your personal data if you contested the accuracy of the personal data, (ii) where the processing is unlawful and you request restriction of processing instead of deletion of the data, (iii) where we no longer need the personal data, but you require the data for the establishment, exercise or defense of legal claims or (iv) if you objected to processing until it has been verified whether our legitimate grounds override your interests, rights and freedoms.

  • Right to data portability, Art. 20 GDPR
    You may request to receive your personal data, which you have provided to us, in a structured, commonly used machine-readable format and transmit those data to another controller without hindrance from us, where the processing is based on consent or a contract and the processing is carried out by automated means; in these cases you may also request to have the personal data transmitted directly to another controller where this is technically feasible.

  • Right to object, Art. 21 GDPR
    You have the right to object, for reasons resulting from your particular situation, at any time, to the processing of your personal data which is based on legitimate interests (Art. 6 (1) (f) GDPR); this also applies to profiling under the provisions of the GDPR. If you file an objection, your personal data will no longer be processed for the purpose you objected to unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.

You can exercise these rights by notifying us using the channels above. Within the scope of the right of access (Art. 15 GDPR) and the right to erasure (Art. 17 GDPR), the restrictions in accordance with Clauses 34, 35 of the German Federal Data Protection Act (BDSG) apply.
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes this regulation, Art. 77 GDPR.

3 Processing activities


Your personal data is processed in states of the European Union or the European Economic Area.


When you use our software, we process the data described below by which you could be identified in order to enable the convenient use of its functions. We process the following data to ensure stability and security of our software. Also is the processed data technically necessary to provide you with updates and to enable all functions. The data is only used for the mentioned purpose and will not be used differently without prior notice. The legal basis is Art. 6 (1) (b) and (f) GDPR:

  • Installation-ID

  • IP-address

  • Area and language settings

  • System information, including hardware, software usage, configuration and defects of the software


For the purpose of statistics, we only process data by which you could be identified on the basis of consent, Art. 6 (1) (a) GDPR. The reason for the statistics is that they enable us to record the use of the software in the best possible way and to develop it further on the basis of this. For the purpose of the statistics, we collect the following personal data:

  • Installation-ID

  • IP-address

  • Area and language settings

  • System information including hardware, software usage, configuration and defects of the software

Your consent with the processing for the purpose of statistics can be revoked at any time by sending a message to us, Art. 7 (3) GDPR.


When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. The legal basis is Art. 6 (1) (b) GDPR.

4 Obligation for providing and possible consequences for not providing data

You are not obligated to provide your personal data to us. However, within the scope of the use of our services and software, you may be required to make the personal data available that is necessary for the fulfilment of the respective purpose or that we are legally obliged to collect. Without this data, we may not be able to conclude or execute a contract with you and/or provide you with our software and services.

5 Processors


It may happen that commissioned service providers are used for individual functions of our software. As with any larger company, we also use external domestic and foreign service providers to process our business transactions (e.g. for the areas of IT, logistics, telecommunications, sales and marketing). These service providers only act on our instructions and are contractually obliged to comply with the provisions of data protection law in accordance with Art. 28 GDPR. We will always carefully select and monitor these service providers and inform you in about the respective processes. The legal basis for the transfer of your personal data in this case is performance of a contract, Art. 6 (1) (b) GDPR.


The following categories of recipients may receive access to your personal data: Service providers for the operation of our software and its functions as well as the processing of data stored or transmitted by the systems and cloud services for user data (e.g. for data center services, payment processing, IT security).

6 Data storage period


We delete your personal data as soon as it is no longer required for the purposes for which we collected or processed it. As a rule, we store your personal data for the duration of your usage of our software.


However, your personal data may be stored beyond this period in the event of a (threatened) legal dispute with you or other legal proceedings.


Third parties engaged by us will store your personal data on their systems for as long as it is necessary to provide their service to us.


As a rule, your personal data will be deleted after three years. Legal requirements for the storage and deletion of personal data remain unaffected by the above.

7 Data security


We use appropriate technical and organizational security measures to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, the costs of implementation and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments. We try to keep the risk for you as low as possible through regular anonymization.


We will be happy to provide you with more detailed information on request. Please contact our data protection officer for this purpose.

8 Existence of automatic decision-making, including profiling

Fundamentally, we do not use fully automated decision-making or profiling to start or carry out a business relationship in accordance with Art. 22 GDPR. If we should implement this process in individual cases, we will inform you accordingly in as far as this is required by law.

9 Changes to data protection notices

We continuously develop and optimize the software and services we offer. It can therefore occur that we add new functionalities. If this affects the way in which we process your personal data, we will inform you accordingly in due time.