Skip to main content

Privacy Policy

DATA CONTROLLER

The Data Controller is Impact 360 with its registered office in Warsaw at 11/195 Ludwika Rydygiera Street, 01-793, Warsaw, registered by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS no.: 0000669672, NIP: 5252704312, REGON: 366849507.

Should there be any questions, concerns or comments regarding the information contained in this Policy, please contact us at the following email address: contact@impactbucharest.com.

In case of any questions regarding issues related to the processing of personal data by the Controller, please contact us at the following email address: iod@odokancelaria.pl

 

PROCESSING OF PERSONAL DATA

The Controller processes only the data that is necessary to participate in the Impact Bucharest Event, inter alia, the creation of an Account, registration and sale of tickets, organisation of participation in the Event, as well as, with additional consent, the sending of the Newsletter.

The Controller may obtain the following personal data:

first name, last name, country, email address, telephone number, image, social media profile details and also all communications, enquiries, statements, views and opinions about us sent by Users or published on social media or through the Website, invoice details, company, company details, position, payment method, gender, language, industry, history of application use and participation in the Event.

The Controller may obtain personal data, in particular, in the following cases:

  • provision of data in connection with pre-registration, contact by email, telephone, through a form or in any other way, on the basis of Article 6(1)(f) of the GDPR – legitimate interest of the Data Controller.
  • registration for an Event, setting up an Account or purchasing tickets and settling the participation in an Event (issuing a VAT invoice) on the basis of Article 6(1)(b) of the GDPR (execution of a contract) and on the basis of Article 6(1)(c) of the GDPR (legal grounds – settlement of a contract/participation in an Event)
  • acquisition of users’ personal data as a result of conducting a business relationship / entering into or performing a contract (e.g. a user’s purchase of an Controller’s service or product), on the basis of Article 6(1)(b) of the GDPR (execution of a contract) and on the basis of Article 6(1)(f) of the GDPR – the Controller’s legitimate interest – maintaining a business relationship
  • publishing them on social media (e.g. obtaining information from the User’s social media profile, to the extent that the information is visible as public) article 6(1)(f) of the GDPR – legitimate interest of the Controller – taking care of the Controller’s image.
  • acquisition or requesting Users’ personal information, when visiting the Data Controller’s websites or using any features or resources available on or through the Website. When Users visit the Website, Users’ devices and browsers may automatically provide certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to the Website and other technical information regarding communication), some of which may constitute personal data. When visiting the Website, no personal data will be stored by the Data Controller, without the prior express consent of the Users. the ability to use our Website may be limited to a certain extent, Article 6(1)(a) of the GDPR (consent) and Article 6(1)(f) of the GDPR – legitimate interest of the Controller- proper functioning of the Controller’s Website

 

PURPOSES OF PROCESSING

The purposes for which the Controller may process Users’ Personal Data are as follows:

Organisation of the participation in the Event: pre-registration (informing about the start of ticket sales) running the registration for the Event, creating Accounts, selling tickets, accounting for the participation in the Event, ensuring its correct operation, security,

Controller’s Website: running and managing our Website, presenting its content; publishing advertising and other promotional and marketing information; communicating and interacting with customers and suppliers, as well as potential employees or collaborators, through our Website.

Marketing communication: the presentation by any means (including email, telephone, text message, social media, postal mail and personal contact) of news and other information that may be of interest to Users, including the distribution of newsletters and other commercial information, having first obtained the Users’ consent to send information in an appropriate manner, based on generally applicable legislation.

Communication and IT operations: management of communication systems, operation for IT security purposes and IT security audits.

Financial management: sales, finance, event billing and sales management.

Survey: engaging with Users to obtain information on Users’ opinions of the event;

Improving our products and services: identifying problems with the organisation and operation of the Event; planning improvements to existing solutions, responding to threats and potential dangers.

 

SHARING OF PERSONAL DATA

Personal data is processed within Impact 360 with its registered office in Poland. Hosting and storage of data takes place in Google Cloud, Personal data necessary for the provision of platform services is also processed by our partners: Brella Ltd. with its registered office in Finland, and Gridaly Sp. z o.o. with its registered office in Poland, which provide support and act as a data processors.

The personal data necessary to provide the newsletter services is also processed by our partner Mailchimp with its registered office in Atlanta, which provides support and acts as a data processor. The processing is carried out on the basis of standard contractual clauses.

The personal data necessary for payment is processed by Stripe, with its registered office in the USA, which acts as data controller. The Controller also shares the data with its partners in the Impact Group, i.e. the Impact Foundation and the partner THE WAY, in order to properly organise and operate the event.

The entities that process the Personal Data of Users obtained through the Website are the companies that are the creators of the Website, as well as the company that provides technical support services to the Controller in connection with the use of the Website. This entity stores and processes Users‘ Personal Data obtained during Users’ use of the Website. The Processor shall ensure the full security of Users’ Personal Data through the use of appropriate and latest technical and organisational measures. The Processor may not use the Users’ Personal Data provided to it for purposes other than those for which it was entrusted to it by the Controller. The Controller has entered into a personal data processing entrustment agreement with the Processor, on the basis of which the Processor has been obliged to comply with the requirements concerning the protection of the Users’ Personal Data.

The Data Controller may share Users’ Personal Data with administrative or judicial authorities, at their request, in order to inform them of actual or suspected violations of applicable law.  To persons carrying out audits, to consultancy firms, subject to contractual confidentiality obligations.

To third parties processing the entrusted data on behalf of the Data Controller irrespective of their place of establishment, as required by the GDPR regulations (based on standard contractual clauses, adequacy decisions or entrustment agreements).

Notwithstanding the above, the Website may use plug-ins or content presented by third parties. If Users choose to use them, Users’ Personal Data may be shared with third parties or social media platforms. The Controller hereby recommends that you review the privacy policy of the third party before using its plugins or content. We currently use redirects to the following social media on our pages:

Facebook https://www.facebook.com/ImpactCEE/

Twitter https://twitter.com/ImpactCEE

YouTube https://www.youtube.com/channel/UC5KYNlPumkOXUe9XJ_jm-XA

LinkedIn https://www.linkedin.com/company/impact_cee

Instagram https://www.instagram.com/impact_cee/

 

DATA PROTECTION

The Controller shall inform that it has implemented appropriate technical and organisational protection measures to protect Personal Data, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorised publication, unauthorised access and other unlawful and unauthorised forms of Processing, in accordance with applicable law.

Personal data will not be subject to automated decision-making, including profiling.

 

DATA STORAGE

The Data Controller shall only keep personal data for as long as necessary to achieve the purposes indicated in connection with its collection, unless a longer retention period is required by common law.

Personal data contained in financial and accounting documents related to the necessary settlement of participation in an event are stored for a period of 5 years, counting from the end of the calendar year in which the settlement document was issued.

Personal data from your account on the platform will be stored until you make a declaration to this effect to us (withdrawal of consent/objection).

Personal data processed in connection with the dispatch of the Newsletter will be stored until you withdraw your consent to its dispatch.

 

USER RIGHTS

In accordance with the provisions of the General Data Protection Regulation, in relation to Users’ Personal Data that is Processed by the Controller, Users have the following rights:

  • the right of access to personal data;
  • the right to rectification of personal data;
  • the right to erasure of Personal Data (unless specific legislation requires the Controller to retain the data);
  • the right to restrict the processing of personal data;
  • the right to portability of personal data (for processing on the basis of a contract or consent, insofar as the processing is automated);
  • the right to object to the processing of personal data;
  • the right not to be subject to a decision based on automated processing.
  • where the Processing of Personal Data is carried out on the basis of the Users’ consent, Users have the right to withdraw their consent at any time without affecting the lawfulness of the Processing carried out on the basis of the consent prior to its withdrawal.
  • In the event of improper Processing of Personal Data, Users have the right to lodge a complaint with the state supervisory authority for data protection, i.e. the President of the Office for Personal Data Protection (address: 2 Stawki Street, 00-193 Warsaw, Poland).

 

COOKIES

Cookies are text files of small size sent to the user’s computer or other terminal device when browsing the Website. Cookies remember the user’s preferences, which makes it possible to improve the quality of the services provided, to improve search results and the relevance of the information displayed and to personalise the website, to create website statistics.

When a user uses the Website, data concerning the user is automatically collected.

This data includes: IP address, domain name, browser type, operating system type.

The user gives his/her consent to the storing or accessing of cookies by the Service Provider by reading the message about the use of cookies during the first visit to the Controller’s Website, indicating his/her consent to all cookies or indicating his/her consent to selected cookies. The user can change the use of cookies at any time through the settings of the browser installed on the user’s device.

The Controller uses the types of cookies listed below:

Technical cookies – files that are essential to enable users to navigate the Website and use its functions, such as accessing secure areas on the Website.

Performance cookies – collect information about how users use the Website, which parts of the Website they visit most often.

Functional cookies – which record choices made by users (such as user name, language or the region in which users reside).

Third-party social media (e.g. Facebook, Twitter, LinkedIn, Instagram) may record information about you, for example when you click on the ‘Add’ or ‘Like’ button in relation to a particular social network while on the Website. The Service Provider does not control third-party sites or their activities. Information on social media sites is available on the pages of these media.

The Controller also uses the tools of the Google Analytics system.

Google Analytics – files used by the Google company to analyse how the User uses the Website (reports and statistics). The tool does not use data to identify the recipient. This tool collects data in the form of web identifiers, including cookie identifiers, IP address, device identifiers and User identifiers. With the tools provided by Google, the User’s IP address is anonymised. In accordance with Google Analytics terms of service, Google declares that it will not associate the IP address of the data subject with other data held by Google: https://www.google.com/intl/pl/policies/privacy/partners

The Controller uses cookies for:

  • proper functioning, configuration, security and reliability of the Website,
  • monitoring session status,
  • adapting the information displayed to the user’s preferences,
  • analysis, statistics, testing and auditing of displays of the Website.

GENERAL PROVISIONS

This Policy may be amended and updated to reflect changes in Data Controller’s Personal Data Processing practices or changes in common law. We encourage you to read this Policy carefully and check this page regularly to verify any changes that the Controller may make in accordance with this Policy.

Date of last update: 13.05.2024