Privacy Notice for users of MakeImpact
This privacy notice applies to the users of MakeImpact’s services, incl. our website and web based app (app.makeimpact.io) as well as business partners, which we may be in contact with as part of our business.
We are the Data Controller
MakeImpact IVS (“MakeImpact”) is the Data Controller for the processing of your personal data. Our contact information is:
Øster Søgade 112, st. TH
2100 København Ø
E-mail address: firstname.lastname@example.org
Tel no: +45 27 57 20 32
Categories of personal data
We collect and process the following types of personal data:
Visitors of the web based app: Age, Gender and Favourite SDGs.
Signed up users: First Name, Last Name, Age, Gender, E-mail, Country of Residence, Name of the users Bank, Favorite SDGs and favourite companies the user follows
Users which declare interest in a specific company: First Name, Last Name, Age, Gender, E-mail, Country of Residence, Name of the users Bank, Telephone number, Amount of interest, Chosen company.
Partners and Other Individuals
Business Partners and Individuals: First Name, Last Name, E-mail, Phone number, Company, Position.
Individuals receiving marketing and newsletters: First Name, Last Name and E-mail.
Where do we collect your personal data from?
We do not collect other personal data than the personal data you have given us directly.
The purposes and legal basis for the collection and processing of the personal data
Visitors of the web based app: We collect information about your age and gender and chosen SDGs to find potential investment ideas targeted your profile as well as for statistical and research purposes based on our legitimate interests in analyzing our potential customer segment and user group of our website and teaser, cf. GDPR art. 6(1)(f), cf. the Danish Data Protection Act section 6.
Signed up users: Our processing is necessary to fulfil our contract with you, cf. GDPR art. 6(1)(b), cf. the Danish Data Protection Act section 6.
Users which declare interest in a specific company: Our processing is necessary to fulfil our contract with you, cf. GDPR art. 6(1)(b), cf. the Danish Data Protection Act section 6.
Business Partners and Individuals: Our processing is based on our legitimate interests in ensuring necessary day-to-day contact with our current and potential business partners.
Individuals receiving marketing, newsletters: We send marketing material, incl. newsletters and invitations to events, based on your consent, cf. art. 6(1)(a), cf. the Danish Marketing Practices Act section 10.
All of the above:
- To handle day to day communication.
- To comply with applicable personal data protection regulation and other legitimate interests, e.g. compliance with basic principles and legal grounds for processing personal data; putting in place, maintaining and testing technical and organisational security measures; investigating and reporting suspected personal data breaches, if any; handling requests and complaints from data subjects and others, if any; establishment, exercise or defence of legal claims; handling inspections and queries by supervisory authorities, if any; handling disputes with data subjects and third parties, if any.
You provide the above-mentioned personal data voluntarily to us. You are not obliged to provide the personal data to us except if it follows from a legal obligation. The consequences of not providing the personal data may be that we cannot fulfil our part of the agreement, incl. that we cannot proceed with any investment enquiries.
In relation to marketing and newsletters, you are not obliged to provide the personal data to us, which means that you will not receive any marketing or newsletters from us.
Disclosure of the personal data to other data controllers
As part of our services to you, we will disclose and share your personal data to:
- Your own bank
- Third Parties and Partner, e.g. MailChimp and Google Firebase.
- Regulatory and government bodies when required, e.g. the Danish Data Protection Agency or tax authorities.
The legal basis for the disclosure of the personal data is the following:
- Your consent to the disclosure of your personal information to your own bank, cf. GDPR art. 6(1)(a).
- Third Parties and Partner, cf. GDPR art. 6(1)(b)
- Our legal obligations, if any, cf. GDPR art. 6(1)(c).
Transfer of personal data to data processors
We currently use Google Firebase and MailChimp as our providers of online communication. Google Firebase is used to store your user information and data for the MakeImpact app, here we store all the data you provide us with but we do not register or store any information from third parties about you. In MailChimp we register information such as your first name, last name and e-mail in order to contact you with the information you have consented to e.g. newsletters and updates from MakeImpact.
In addition we use Google Firebase for analytical and statistical purposes e.g. tracking the time you spend on our website and your behavior at the website, in order to improve your experience with our services at MakeImpact.io.
Furthermore we use Google Analytics to measure and analyse the traffic and usage of our website and app with the aim of improving your experience with our services. In connection herewith Google handles your IP address and behaviour, when you use our website and app. You can decline the usage of Google Analytics by installing an ad-on to your browser by following this link: https://tools.google.com/dlpage/gaoptout
Both Google Firebase and MailChimp are a part of the Privacy Shield agreement.
Google Analytics is in Europe provided by Google Ireland Limited located at Gordon House, Barrow Street, Dublin 4, Ireland.
International transfers of personal data (to countries outside the EU/EEA)
We transfer your personal data to the following recipients located in countries outside the EU/EEA. The transfer basis is the EU-U.S. Privacy Shield:
- Google Firebase Inc, 22 4th Street, Suite 1000 (10th Floor), San Francisco, CA 94103, USA
- MailChimp, Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Withdrawal of consent
You have the right to withdraw your consent to the processing or disclosure of your personal data. If you withdraw the consent, this will not affect the lawfulness of the processing and disclosure prior to the withdrawal, but we will no longer use your consent as a legal basis for anything we do with your personal data. Please contact us using the contact details below if you wish to exercise this right.
- We store the personal data for as long as necessary to fulfil the purposes above.
- Personal data about visitors on websites are not stored as we only use session cookies.
- Personal data used for marketing purposes, incl. newsletters, are stored for 2 years starting from the day documentation of the consent is collected, withdrawn or last used (the latest one of these).
Subject to the conditions set out in the applicable data protection legislation, you enjoy the following certain rights:
- The right to request access to the personal data
- The right to rectification of the personal data
- The right to erasure of the personal data
- The right to restriction of processing
- The right to data portability
- The right to objection to the processing of the personal data
You also have the right to file a complaint with the competent supervisory authority, such as the Danish Data Protection Agency. Please consult their website for how to submit a complaint at www.datatilsynet.dk.
You have the right to object, on grounds relating to your particular situation, at any time to our processing of personal data which uses ‘legitimate interests’ as a legal basis for the processing (as set out in article 6(1)(f) of the GDPR). Where you have exercised this right to object, we will no longer process your personal data on the legal basis of ‘legitimate interests’ unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to the processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
Please contact us at email@example.com if you have any questions in regards to the protection of your personal data or if you wish to exercise any of the legal rights set out in this Privacy Notice.
Questions are the root of all answers.
Don’t Be Shy!