Impact Hub’s Websites Privacy Policy

v.1.1 (25th May 2018)

Impact Hub Company is deeply committed to the protection of your personal data and your privacy. The following privacy policy shall provide you with an extensive and transparent insight into how we – in the course of your interaction with our websites – collect data and how we manage and process this personal data. This privacy policy shall also provide you with extensive and efficient opportunities to influence our processing. In essence, we want you to be in absolute control of your own data disclosure.

 

I. Terms

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘Sensitive personal data’ means personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

‘Data subject’ means the natural person whose personal data is processed by a controller or processor.

‘Data controller’ means the natural or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

‘Data processor’ means a natural or legal person, public authority, agency or other bodies which processes personal data on behalf of the controller.

‘Maker’means an employee or founder of a local Impact Hub or a person that stands in a contractual relationship to a local Impact Hub that is comparable to an employee.

‘Member’means a member of a local Impact Hub.

II. Who we are

Impact Hub Company, an entity located in Vienna, Austria (Impact Hub GmbH, FN 358967v, Lindengasse 56/18-19, 1070 Vienna, Austria).

III. Which personal data we process

Depending on your use of our website, we process different information.

1) As far as actively provided by you or your employer, we may process contact data (“contact data“). Contact data may include your name, mailing address, phone number, email address and other information that enables us to contact you.

Purpose. We may process your contact data to enable the implementation of and participation in services, programs and events and to fulfill contractual obligations towards you (partnerships & programs); to contact you (communication); to contact you via email-newsletters to inform you about our services, programs and events (marketing).

The legal bases for the processing are:

  • Partnerships & Programs: The performance of a contract OR legitimate interest OR consent.
  • Communication: Consent Or performance of a contract.
  • Marketing: Legitimate interest, namely where requirements of the GDPR and the E-privacy directive are met OR consent;

2) As far as actively provided by you or your employer, we may process data that relates to your work (“work-related data“). Work-related data may include your company, company details and place of work.

Purpose. We process your work-related data to enable participation in programs and events and to fulfill contractual obligations towards you (partnerships & programs).

The legal bases for the processing is the performance of a contract.

3) We may process data that relates to your use of the websites (“usage data“). Usage data may include information about the website from which you have come (referrer), information about which sub-pages were visited, or how often, information about the duration a sub-page was viewed and other information that shows the activities on our websites. Usage data is provided by Google Analytics.

Purpose. We process your contact data to optimize our websites.

The legal bases for the processing is a legitimate interest.

IV. Third parties that collect personal data on our websites

We have integrated Google Analytics on our websites. Google Analytics is a web analytics service which provides us with usage data (see section III, 3). Via the use of the application “_gat. _anonymizeIp” we have configured Google Analytics in the way that it provides the IP address of visitors in an abridged and therefore anonymized form (when accessing the websites from an EEC country).

Google Analytics also places a cookie on your device. A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but you can set your browsers to decline them and can delete them whenever you like.
The cookie enables Google to analyze the use of our websites. Whenever you call-up one of the individual pages of our websites, your browser will automatically submit data for the purpose of online advertising and the settlement of commissions to Google. The submitted data includes personal information, such as the online identifiers including cookie identifiers, internet protocol addresses and device identifiers. This information is used by Google to extract further personal information such as the access time, the location from which the access was made, and the frequency of visits to our websites. This information gets stored by Google in the United States of America. Google may pass this personal data to third parties.

You can prevent the setting or the use of cookies through the following means.

  • Whenever you visit our websites, at the bottom of the pages you’ll see a button that – for the time of your visit – allows you to deactivate the use of website cookies.
  • Your browser allows you to delete cookies already on your system and allows you to configure your browser so that it prevents the setting and use of cookies.
  • You can prevent the transmission of information to Google Analytics through the installation of a Browser Add-on (https://tools.google.com/dlpage/gaoptout)

The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

Further information as well as the data protection provisions of Google:
https://www.google.com/intl/en/policies/privacy/

http://www.google.com/analytics/terms/us.html

https://www.google.com/analytics/

Our website is built with WordPress. In order to collect sign-ups to our newsletter as well as requests via our membership page, we are using a WordPress plugin called Gravity Forms. These forms collect the data you provide and store it on WordPress to make it accessible for our Communications Team to access and feed into our mailing list or pass on to our local Impact Hub for membership information respectively. You can find more information as well as WordPress’ privacy policy here: https://wordpress.org/about/privacy/

V. How we use your personal data

We will only use your personal data within the limits provided by the described purposes. If we decide to introduce new uses of your personal data that are not covered by the mentioned purposes, we will first upgrade and adjust this privacy policy and will notify you about the changes.

VI. Access to your data

We use the following third-party processors:

1) Website hosting:

a) DigitalOcean provides servers – you can find out more about DigitalOcean and their Privacy Policy at: https://www.digitalocean.com/legal/privacy/

b) ServerPilot provides – you can find out more about Serverpilot and their Privacy Policy at: https://serverpilot.io/privacy

c) WordPress’ plug-in Gravity Forms stores information filled in by website visitors in forms on the Impact Hub website, you can find more about WordPress and their Privacy Policy at: https://wordpress.org/about/privacy/

2) Email:

c) G suite for email communication with our customers and visitors to our site. You can find out more about Google’s G suite and their Privacy Policy at: https://gsuite.google.com/security

d) MailChimp for our email newsletter.  You can find out more about MailChimp and their privacy policy at: https://mailchimp.com/legal/privacy/

3) Analytics and User tracking:

e) Google Analytics for visitor tracking analytics on our site.  You can learn more about Google Analytics and their privacy policy at https://policies.google.com/privacy/update

VII. Data Security

The security of all your Personal Information is important to us. To the best of our ability, we are taking appropriate technical or organizational measures to protect your Personal Information against unauthorized access or unlawful processing and accidental loss, destruction or damage. While we strive to protect your Personal Information, we cannot ensure or warrant the security of any information that you directly or indirectly transmit to us, and you do so at your own risk.

VIII. Your rights

We grant to you all the rights relating to your personal data that the European General Data Protection Regulation – as implemented in the Austrian data protection law – provides for data subjects. These rights include:

1) The right to access your data

You have the right to request access to the personal data that we have collected about you and to request specific information and insights on how we treat, share, store and otherwise process this personal data. To exercise this right please file an access request via email. Within 30 days following this request we will provide you with a copy (on paper if you do not choose otherwise) of all the personal data that we possess about you and will explain to you the details of the treatment of your personal data.

2) The right to rectification

In the case personal data that we store about you is incorrect, inaccurate, or outdated you have the right to demand that we correct these errors. To exercise this right it is sufficient to just point the errors out in an email to the address given below.

3) The right to erasure (the ‘right to be forgotten’) / withdrawal of consent

At all times you are absolutely free to withdraw any consent given by stating so in an email. As a consequence of such a withdrawal of consent, within the following 30 days, we will do everything within our reasonable possibilities to make sure that we stop processing and storing personal data about you and will request those partners of us which have access to your personal data to do the same.

4) The right to object to processing

On top of the right to erasure, we grant to you the right to object to the processing of your personal data. You exercise this right by stating so in an email. As soon as you raise objections we will be required to demonstrate that we have compelling grounds for continuing the processing, or that the processing is necessary in connection with our legal rights. If we cannot demonstrate this, we will cease the processing activity in question immediately.

5) The right to restrict processing

In cases in which we, or the partners that have access to your personal data, legally cannot delete the relevant personal data (for example in the case that the data are required for the purposes of exercising or defending legal claims) or where you do not wish to have the data deleted, we may continue to store the data, but you are entitled to limit the purposes for which the data can be processed, via stating so in an email.

IX. Changes to this privacy policy

We reserve the right to change this privacy policy at any time. If we make material changes to this privacy policy we will notify you via email and will update the version number and date above. Your continued relationship with us after having been notified of changes shall constitute your agreement to be bound by any such changes.

X. Governing law

As far as permitted by law, this privacy policy and its terms shall be governed by and construed in accordance with the data protection laws of Austria and any legal dispute concerning this privacy policy, its interpretation, and our handling of your personal data shall be adjudicated in Austrian jurisdiction.

XI. Feedback and how to contact us

If you want to exercise your rights, have any queries on this policy, wish to contact us or know further details on how we use personal data, please contact us electronically at: [email protected] or postal under: Impact Hub Company, Lindengasse 56/18-19, 1070 Vienna, Austria