← Back to acqelo.com
This Data Processing Agreement (DPA) forms part of the Terms of Service between you (the trader, acting as Data Controller) and Acqelo Ltd (acting as Data Processor). It is required under UK GDPR Article 28 and sets out how we process your customers' personal data on your behalf.
1. The Parties
Data Controller: You — the subscribed trader operating a business in the UK trades sector.
Data Processor: Acqelo Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Company number 17135545.
By subscribing to Acqelo you enter into this Data Processing Agreement. This agreement takes effect on the date you subscribe and remains in force for the duration of your subscription.
2. Nature and Purpose of Processing
Acqelo Ltd processes personal data on your behalf for the following purposes:
- Responding to missed calls and inbound customer enquiries via WhatsApp on your behalf
- Qualifying customer leads through AI-assisted conversation
- Storing customer contact details and enquiry records in your business database
- Generating weekly summary reports for your review
- Facilitating invoicing, payment chasing, and customer re-engagement (Core tier and above)
3. Types of Personal Data Processed
- Customer names
- Customer mobile telephone numbers
- Customer location data (postcode and area)
- Job descriptions and service requirements
- WhatsApp conversation transcripts
- Payment records (Core tier and above, processed via Stripe)
4. Categories of Data Subjects
The data subjects are the customers and prospective customers of your trades business who contact your business number or WhatsApp account.
5. Duration of Processing
Processing continues for the duration of your subscription. On termination of your subscription, personal data will be retained for a maximum of 30 days during which you may request an export, then deleted. Anonymised statistical data may be retained indefinitely.
6. Obligations of Acqelo Ltd as Data Processor
Acqelo Ltd agrees to:
- Process personal data only on your documented instructions and for the purposes set out in this agreement
- Ensure that all personnel with access to personal data are bound by appropriate confidentiality obligations
- Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk
- Not engage sub-processors without informing you first and providing you with the opportunity to object
- Assist you in responding to data subject rights requests within the timeframes required by UK GDPR
- Delete or return all personal data at the end of the service relationship at your choice
- Provide all information necessary to demonstrate compliance with UK GDPR Article 28
- Notify you without undue delay on becoming aware of a personal data breach affecting your customers' data
7. Your Obligations as Data Controller
You agree to:
- Ensure you have a lawful basis for processing your customers' personal data through Acqelo
- Ensure your customers receive appropriate notice that their enquiries may be handled by an AI assistant
- Respond to any data subject rights requests from your customers in accordance with UK GDPR
- Keep your Acqelo account information accurate and up to date
- Not instruct Acqelo Ltd to process data in a manner that would violate applicable data protection law
8. Sub-Processors
You authorise Acqelo Ltd to engage the following sub-processors for the purposes described:
- Anthropic (Claude API) — AI conversation processing. Data processed: anonymised conversation content.
- Meta / 360dialog (WhatsApp Business API) — Message delivery. Data processed: message content, phone numbers.
- GoHighLevel — CRM and contact management. Data processed: contact records, conversation transcripts.
- Twilio — Call forwarding and SMS. Data processed: phone numbers, call metadata.
- Stripe — Payment processing (Core tier and above). Data processed: payment information only.
- Make.com — Workflow automation. Data processed: workflow triggers, no sensitive personal data.
Acqelo Ltd will notify you of any intended changes to this list and provide you with the opportunity to object within 14 days.
9. Security Measures
Acqelo Ltd implements the following security measures:
- TLS encryption for all data in transit
- Access controls limiting data access to authorised personnel
- Regular security reviews of third-party service providers
- Data minimisation — processing only the data necessary for the service
- Incident response procedures including customer notification within 72 hours of discovering a breach
10. Data Transfers
Some sub-processors may process data outside the UK. Where this occurs Acqelo Ltd ensures appropriate safeguards are in place including UK International Data Transfer Agreements (IDTAs) or equivalent protections.
11. Governing Law
This Data Processing Agreement is governed by the laws of England and Wales and is subject to the jurisdiction of the courts of England and Wales.
12. Contact
For any queries relating to this agreement: hello@acqelo.com — subject line "Data Processing Agreement".