For Impactly, secure processing of personal data is important. WhenImpactly's customers use Impactly, the customer is the datacontroller. This means that you as a customer own the personal datathat is processed in Impactly. Impactly processes this personal dataon the instructions of the customer, who is the data controller.
For more information and for sending Impactly's standard dataprocessing agreement, please contact GDPR@Impactly.dk.
Personal data policy
Notification of the collection of personal data
1. We are the data controller – how do we contact you? Impactly is the data controller for the processing of the personal data we have received about you. You can find our contact details below.
2. Contact details of the Data Protection Officer Impactly does not use a data protection officer, and therefore we ask you to contact us directly with any queries. Our contact details are set out in point 1.
3. The purposes and legal basis of the processing of your personal data We process your personal data for the following purposes and on the following legal basis:
Provide services, including applications and websites.
Forward notifications to users of Impactly's solutions.
Enable communication with and provide the necessary service in connection with our services.
Article 6 (1) of the General Data Protection Regulation 1 (b). That is, when the processing is necessary for the performance of a contract to which you are a party or which is necessary prior to a contract to which you have requested to enter into yourself.
Organize events and presentations, etc.
Article 6 (1) of the General Data Protection Regulation 1 (f).
The legitimate interests we pursue are to conduct and communicate about events.
The legitimate interests we pursue are our interest in providing the best service to our clients and in managing client relationships.
The legitimate interests we pursue are our interest in providing the best service to our clients and in managing client relationships. The legitimate interests we pursue are our interest in communicating with stakeholders, targeting the material we publish, as well as our marketing interest. In cases where the newsletter or subscription is delivered using an external or technical partner, we share your information with the partner. For example, it can be a technical supplier, a web agency, a printing company or a distributor.
Processing of sensitive personal data in connection with the provision of services, etc., as well as in connection with total and irrevocable anonymization
Article 6 (1) of the General Data Protection Regulation 1 (b), article 9, para. 1, letter a of the Danish Corporate Tax Act (Selskabsskatteloven). As a rule, we never process sensitive personal data about you. If you voluntarily submit or register such information in our systems, we process information to the extent that this is both a) necessary to provide the service with which you have provided the information in connection with and b) within the framework of what you may voluntarily, specifically and informedly expect and consented to by providing the information.
This also includes anonymising sensitive personal data about you so that it is no longer personally identifiable, as anonymisation in itself is a processing. When data is totally and irrevocably anonymized, it is no longer personal data, can no longer be used to identify you, and is therefore not covered by the personal data rules. Such data sets can be used by Impactly for statistical and other purposes, and therefore we are the data controller for the anonymisation process.
4. Categories of personal data We process the following categories of personal data about you:
Basic personal data (email address, postcode, country of residence, first name, last name, gender, date of birth, etc.)
Contact information (e.g., email, phone numbers)
User data for the use of the website, etc.
Users of Impactly's solutions (In this respect Impactly's customers are data controllers, Impactly is data processor)
Pseudonymous identifiers, (e.g. a fictitious username)
Video, audio and text, including in chat format. Video calls are not saved in the solution, however, video calls are processed in the Solution.
User data for the use of the Solution, including authentication data (username, password, security questions, audit trail, Device ID to be able to send push notifications to users who cannot track the data subject).
Well-being data, (e.g. mental health, progression in mental health and well-being challenges, etc.). If the citizen chooses to disclose sensitive personal data via the Solution, this data will be processed and stored in the Solution.
Employment and social conditions, including job status data/information about public support, education, etc.
Other categories of information that you voluntarily and without request from Impactly choose to provide for the provision of our services, which at your option may be sensitive personal data or information about criminal offences.
5. Recipients or categories of recipients
Impactly uses data processors, but does not disclose your personal data to other third parties without your separate and explicit consent. Impactly uses Google and Amazon Web Services as subcontractors, and therefore also data processor. These subcontractors are used solely to support Impactly's applications and are not used for marketing purposes. Personal data is processed within the EU/EEA via AWS and Google services located in AWS Region eu-central-1 Frankfurt and Google Region europe-west3 Frankfurt, respectively. Impactly uses Webflow as a subcontractor for Impactly's websites, which are used as a tool for building websites. Information submitted via Impactly's website is therefore processed by Webflow, including for marketing purposes, such as sending material and information, as well as sending newsletters.
Navn: Amazon Web Services, Dansk filial af Amazon Web Services EMEA SARL, Luxembourg c/o Azets Insight A/S
Adresse: Lyskær 3C, 1. tv, 2730 Herlev Denmark
Amazon Web Services provides cloud infrastructure that is used, among other things, for calculations and processing, storage, databases, networking, as well as managing general software development. This is used to provide stability, security, and accessibility. Location: AWS Region eu-central-1 Frankfurt.
Navn: Google LLC
Adresse: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Google provides an administrative system for Impactly through Google Suite. Location: Google Region europe-west3 Frankfurt.
Adresse: 398 11th Street, 2nd FloorSan Francisco, CA 94103
Webflow provides software used to build websites, including contact forms on websites. The purpose of using webflow is to maintain a good level of service for visitors to Impactly's website, as well as obtain information for dialogue between you and Impactly or newsletters. Location: Webflow servers, cached in the nearest location for accessing the website.
6. Transfers to recipients in third countries, including international organizations We will not transfer your personal data to recipients outside the EU and EEA. 7. Where your personal data comes from Personal data originates either from yourself or from the organisation with which you are associated in connection with the use of Impactly's applications. If you are a customer or business partner, the organisation may be your employer. If you are a citizen or other user of an application, the organization may, for example, be the municipality or organization that has assigned you a course and that referred you to use our application in this regard.
8. Storing your personal information
Your personal data will be deleted at the latest after your user has been inactive for 2 years. If you do not have a user, the information is generally deleted no later than 2 years after our last contact with you. We reserve the right to delete your personal data at an earlier time if you request this or if we do not have a legitimate purpose for processing the personal data anymore.
9. Automated decisions, including profiling Impactly does not make automated decisions based on your personal data.
10. Right to withdraw consent
You have the right to withdraw your consent at any time. You can do this by contacting us at the contact details set out above in point 1. If you choose to withdraw your consent, it will not affect the lawfulness of our processing of your personal data based on your previously given consent and up to the time of withdrawal. Therefore, if you withdraw your consent, it will only take effect from this time. 11. Your rights
You have a number of rights under the General Data Protection Regulation in relation to our processing of information about you. Ifyou want to exercise your rights, please contact us.
Right to see information (right of access) You are entitled to have insight into the information that we process about you, as well as a number of additional information items.
Right to rectification (correction) You have the right to have inaccurate information about yourself corrected.
Right to restrict processing In certain cases, you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, we may only process the information – except for storage – with your consent, or for the purpose of establishing, exercising or defending legal claims, or for the protection of a person or important public interests.
Right to object In some cases, you have the right to object to our processing or legitimate processing of your personal information. You can also object to the processing of your information for direct marketing.
You can read more about your rights in the Danish Data Protection Agency's guidelines on the rights of data subjects, which you can find at www.datatilsynet.dk.
12. Complaints to the Danish Data Protection Agency You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data.