Impact Hub’s Websites Privacy Policy

v.1.3 (19th December 2022)

Impact Hub Company is deeply committed to the protection of your personal data and your privacy. The following privacy policy shall provide you with an extensive and transparent insight into how we – in the course of your interaction with our websites – collect data and how we manage and process this personal data. This privacy policy shall also provide you with extensive and efficient opportunities to influence our processing. In essence, we want you to be in absolute control of your own data disclosure.

 

I. Terms

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘Sensitive personal data’ means personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

‘Data subject’ means the natural person whose personal data is processed by a controller or processor.

‘Data controller’ means the natural or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

‘Data processor’ means a natural or legal person, public authority, agency or other bodies which processes personal data on behalf of the controller.

‘Maker’means an employee or founder of a local Impact Hub or a person that stands in a contractual relationship to a local Impact Hub that is comparable to an employee.

‘Member’means a member of a local Impact Hub.

II. Who we are

Impact Hub Company, an entity located in Vienna, Austria (Impact Hub GmbH, FN 358967v, Lindengasse 56/18-19, 1070 Vienna, Austria).

III. Which personal data we process

Depending on your use of our website, we process different information.

1) As far as actively provided by you or your employer, we may process contact data (“contact data“). Contact data may include your name, mailing address, phone number, email address and other information that enables us to contact you.

Purpose. We may process your contact data to enable the implementation of and participation in services, programs and events and to fulfill contractual obligations towards you (partnerships & programs); to contact you (communication); to contact you via email-newsletters to inform you about our services, programs and events (marketing).

The legal bases for the processing are:

  • Partnerships & Programs: The performance of a contract OR legitimate interest OR consent.
  • Communication: Consent Or performance of a contract.
  • Marketing: Legitimate interest, namely where requirements of the GDPR and the E-privacy directive are met OR consent;

2) As far as actively provided by you or your employer, we may process data that relates to your work (“work-related data“). Work-related data may include your company, company details and place of work.

Purpose. We process your work-related data to enable participation in programs and events and to fulfill contractual obligations towards you (partnerships & programs).

The legal bases for the processing is the performance of a contract.

3) We may process data that relates to your use of the websites (“usage data“). Usage data may include information about the website from which you have come (referrer), information about which sub-pages were visited, or how often, information about the duration a sub-page was viewed and other information that shows the activities on our websites. Usage data is provided by Matomo Analytics.

Purpose. We process your contact data to optimize our websites.

The legal bases for the processing is a legitimate interest.

IV. Third parties that collect personal data on our websites

To see the list of all the cookies we use and our policy, please visit https://old.impacthub.net/cookie-policy/.

We have integrated Matomo Analytics on our websites. Matomo Analytics is a web analytics service which provides us with usage data (see section III, 3). Matomo is a Google Analytics alternative that protects your data and privacy. By using Matomo instead of Google Analytics, we have 100% data ownership and the power to protect user’s privacy. Matomo runs locally on our servers (in this case in Germany) and the data is not shared with Matomo or to any third party without our direct intervention. We have configured Matomo Analytics in the way that it provides the IP address of visitors in an abridged and therefore anonymized form, in our case the recommended two last bytes.

Matomo Analytics also places a cookie on your device. A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but you can set your browsers to decline them and can delete them whenever you like.The cookie enables Matomo to analyze the use of our websites.

According to their website and wikipedia, it’s recommended and used by various public administrations including CNIL,[7] the European Commission[8] and the Italian government.[9]

You can prevent the setting or the use of cookies through the following means.

  • Whenever you visit our websites, you have to expressly give us consent to use cookies. Until you do, any analytics will not be functional.
  • Your browser allows you to delete cookies already on your system and allows you to configure your browser so that it prevents the setting and use of cookies.

Further information as well as the data protection provisions of Matomo:

https://matomo.org/100-data-ownership/?footer

https://matomo.org/gdpr-analytics/?footer

https://matomo.org/privacy-policy/?footer

We use Linkedin Analytics in a similar way to google analytics but specifically for Linkedin activities. You can prevent the setting or the use of cookies through the same means

  • Whenever you visit our websites, you have to expressly give us consent to use cookies. Until you do, Linkedin Analytics will not be functional.
  • Your browser allows you to delete cookies already on your system and allows you to configure your browser so that it prevents the setting and use of cookies.
  • Additionally you can opt-out by visiting https://www.linkedin.com/psettings/guest-controls.

Further information can be found at:

https://www.linkedin.com/legal/privacy-policy

https://www.linkedin.com/legal/cookie-policy

https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=en

Our website is built with WordPress. In order to collect sign-ups to our newsletter as well as requests via our membership page, we are using a WordPress plugin called Gravity Forms. These forms collect the data you provide and stores it on our WordPress website to make it accessible for our Communications Team to access and feed into our mailing list or pass on to our local Impact Hub for membership information respectively. You can find more information as well as WordPress’ privacy policy here: https://wordpress.org/about/privacy/

V. How we use your personal data

We will only use your personal data within the limits provided by the described purposes. We will keep your data for as long as they are needed for their purpose. We may keep personal data for archiving, historical research purposes, and statistical purposes. If we decide to introduce new uses of your personal data that are not covered by the mentioned purposes, we will first upgrade and adjust this privacy policy and will notify you about the changes.

VI. Access to your data

We use the following third-party processors:

1) Website hosting:

  1. a) WPMU Dev provides servers – you can find out more about WPMU Dev and their Privacy Policy at: https://wpmudev.com/docs/privacy/ and their GDPR compliance at: https://wpmudev.com/blog/web-privacy-wordpress-gdpr-compliance/
  2. b) Our website is built using WordPress. Any information it may collect is stored locally and isn’t shared with anyone. It usually adds a cookie to help with comments and logged in users. https://wordpress.org/support/article/cookies/

2) Email:

  1. c) G suite for email communication with our customers and visitors to our site. You can find out more about Google’s G suite and their Privacy Policy at: https://gsuite.google.com/security and their GDPR compliance at https://cloud.google.com/privacy/gdpr
  2. d) MailChimp for our email newsletter.  You can find out more about MailChimp and their privacy policy at: https://mailchimp.com/legal/privacy/ and their GDPR compliant at https://mailchimp.com/en-gb/help/about-the-general-data-protection-regulation/

3) Analytics and User tracking:

  1. e) Matomo Analytics for visitor tracking analytics on our site. As previously mentioned, all data is stored locally on our own (german based)  servers. You can learn more about Matomo Analytics and their privacy policy at https://matomo.org/privacy-policy/?footer
  2. f) Linkedin for visitor tracking analytics on our site.  You can learn more about Linkedin and their privacy policy https://www.linkedin.com/legal/privacy-policy.

4) CDN (Content Delivery Network)

  1. g) We use Cloudflare as our CDN. A CDN helps us speed up web delivery by providing cached internet content from a network location closest to a user. You can learn more about Cloudflare and their privacy policy at https://www.cloudflare.com/en-gb/privacypolicy/

VII. Data Security

The security of all your Personal Information is important to us. To the best of our ability, we are taking appropriate technical or organizational measures to protect your Personal Information against unauthorized access or unlawful processing and accidental loss, destruction or damage. While we strive to protect your Personal Information, we cannot ensure or warrant the security of any information that you directly or indirectly transmit to us, and you do so at your own risk.

VIII. Your rights

We grant to you all the rights relating to your personal data that the European General Data Protection Regulation – as implemented in the Austrian data protection law – provides for data subjects. These rights include:

1) The right to access your data

You have the right to request access to the personal data that we have collected about you and to request specific information and insights on how we treat, share, store and otherwise process this personal data. To exercise this right please file an access request via email. Within 30 days following this request we will provide you with a copy (on paper if you do not choose otherwise) of all the personal data that we possess about you and will explain to you the details of the treatment of your personal data.

2) The right to rectification

In the case personal data that we store about you is incorrect, inaccurate, or outdated you have the right to demand that we correct these errors. To exercise this right it is sufficient to just point the errors out in an email to the address given below.

3) The right to erasure (the ‘right to be forgotten’) / withdrawal of consent

At all times you are absolutely free to withdraw any consent given by stating so in an email. As a consequence of such a withdrawal of consent, within the following 30 days, we will do everything within our reasonable possibilities to make sure that we stop processing and storing personal data about you and will request those partners of us which have access to your personal data to do the same.

4) The right to object to processing

On top of the right to erasure, we grant to you the right to object to the processing of your personal data. You exercise this right by stating so in an email. As soon as you raise objections we will be required to demonstrate that we have compelling grounds for continuing the processing, or that the processing is necessary in connection with our legal rights. If we cannot demonstrate this, we will cease the processing activity in question immediately.

5) The right to restrict processing

In cases in which we, or the partners that have access to your personal data, legally cannot delete the relevant personal data (for example in the case that the data are required for the purposes of exercising or defending legal claims) or where you do not wish to have the data deleted, we may continue to store the data, but you are entitled to limit the purposes for which the data can be processed, via stating so in an email.

6) The right to lodge a complaint with a supervisory authority

You may without prejudice to any other administrative or judicial remedy, lodge a complaint with a supervisory authority in a Member State of your residence, place of work or place of the alleged infringement. They will then inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy

7) The right to data portability

You may obtain and reuse your personal data for your own purposes across different services

8) The right to avoid automated decision-making

You have given explicit consent to any data you may share with us

There will be no decision based solely on automated processing, which produces legal effects including profiling based on your data of affecting you.

IX. Changes to this privacy policy

We reserve the right to change this privacy policy at any time. If we make material changes to this privacy policy we will notify you via email and will update the version number and date above. Your continued relationship with us after having been notified of changes shall constitute your agreement to be bound by any such changes.

X. Governing law

As far as permitted by law, this privacy policy and its terms shall be governed by and construed in accordance with the data protection laws of Austria and any legal dispute concerning this privacy policy, its interpretation, and our handling of your personal data shall be adjudicated in Austrian jurisdiction.

XI. Feedback and how to contact us

If you want to exercise your rights, have any queries on this policy, wish to contact us or know further details on how we use personal data, please contact us electronically at: [email protected] or postal under: Impact Hub Company, Lindengasse 56/18-19, 1070 Vienna, Austria