MakeImpact provides a subscription based online service at www.makeimpact.io (the “Website”) and these Terms & Conditions (the “Terms”) apply to any use of the Website. By using the Website and registering as a user, you accept to be subject to these Terms.
The Website is provided by MakeImpact ApS, a Danish company situated at Birkedommervej 27, 2nd Floor – 2400 Copenhagen NV – Denmark and registered with the following company no.: 39899639 (hereinafter referred to as “MakeImpact” or “us” or “we”).
You may be asked to agree to additional terms and conditions if you register or sign up for any additional, alternative or enhanced services or products.
WE ARE THE DATA CONTROLLER
MakeImpact ApS (“Make!mpact”) is the Data Controller for the processing of your personal data. Our contact information is:
MakeImpact ApS Birkedommervej 27, 2sal
2400 København NV
E-mail address: firstname.lastname@example.org Tel no: +45 27 57 20 32
CATEGORIES OF PERSONAL DATA
We collect and process the following types of personal data:
Signed up users of the web-based services: First Name, Last Name, and E-mail.
Partners and Other Individuals
Individuals receiving marketing and newsletters: First Name, Last Name, and E-mail.
WHERE DO WE COLLECT YOUR PERSONAL DATA FROM?
We do not collect other personal data than the personal data you have given us directly.
THE PURPOSES AND LEGAL BASIS FOR THE COLLECTION AND PROCESSING OF THE PERSONAL DATA
Signed up users: We collect the above-mentioned information about you in order to identify our users either directly or indirectly, and to better offer our services, cf. GDPR art. 6(1)(f), cf. the Danish Data Protection Act section 6 and our further processing are necessary to fulfill our contract with you, cf. GDPR art. 6(1)(b), cf. the Danish Data Protection Act section 6.
Business Partners and Individuals: Our processing is based on our legitimate interests in ensuring necessary day-to-day contact with our current and potential business partners.
Individuals receiving marketing, newsletters: We send marketing material, incl. newsletters and invitations to events, based on your consent, cf. art. 6(1)(a), cf. the Danish Marketing Practices Act section 10.
All of the above:
To handle day to day communication.
To comply with applicable personal data protection regulation and other legitimate interests, e.g. compliance with basic principles and legal grounds for processing personal data; putting in place, maintaining and testing technical and organizational security measures; investigating and reporting suspected personal data breaches, if any; handling requests and complaints from data subjects and others, if any; establishment, exercise or defense of legal claims; handling inspections and queries by supervisory authorities, if any; handling disputes with data subjects and third parties, if any.
In relation to marketing and newsletters, you are not obliged to provide personal data to us, which means that you will not receive any marketing or newsletters from us.
DISCLOSURE OF THE PERSONAL DATA TO OTHER DATA CONTROLLERS
As part of our services to you, we will disclose and share your personal data to:
Third Parties and Partner, e.g. Mighty Networks, MailChimp and Google Firebase.
Regulatory and government bodies when required, e.g. the Danish Data Protection Agency or tax authorities.
The legal basis for the disclosure of the personal data is the following:
Third Parties and Partner, cf. GDPR art. 6(1)(b)
Our legal obligations, if any, cf. GDPR art. 6(1)(c).
TRANSFER OF PERSONAL DATA TO DATA PROCESSORS
We share your personal data with selected third parties that provide us with a variety of different services that support the technical operation of our website and the delivery of our services (“data processors”). These third parties are data processors for the personal data for which we are the data controller. We have data processing agreements in place with the data processors, and it follows from these agreements that they must act solely in accordance with our instructions.
INTERNATIONAL TRANSFERS OF PERSONAL DATA (TO COUNTRIES OUTSIDE THE EU/EEA)
In some cases, we will be transferring personal data to countries outside the EU/EEA. Such transfers will only take place subject to appropriate safeguards are in place for the transfer such as:
The country has been deemed by the Commission of the European Union to have an adequate level of protection of personal data.
The country has not been deemed by the Commission of the European Union to have an adequate level of protection of personal data, but we provide appropriate safeguards for the transfer through the use of “Model Contracts for the Transfer of Personal Data to Third Countries”, as published by the Commission of the European Union, any other contractual agreement approved by the competent authorities or any other legal basis, including the use of supplementary measures if deemed necessary, or if any of the derogations of article 49 of the GDPR are deemed adequate as a basis for the transfer.
WITHDRAWAL OF CONSENT
You have the right to withdraw your consent to the processing or disclosure of your personal data. If you withdraw the consent, this will not affect the lawfulness of the processing and disclosure prior to the withdrawal, but we will no longer use your consent as a legal basis for anything we do with your personal data. Please contact us using the contact details below if you wish to exercise this right.
We store the personal data for as long as necessary to fulfill the purposes above.
Personal data about visitors on websites are not stored as we only use session cookies.
Personal data used for marketing purposes, incl. newsletters are stored for 2 years starting from the day documentation of the consent is collected, withdrawn or last used (the latest one of these).
Subject to the conditions set out in the applicable data protection legislation, you enjoy the following certain rights:
The right to request access to the personal data
The right to rectification of the personal data
The right to erasure of the personal data
The right to restriction of processing
The right to data portability
The right to objection to the processing of the personal data
You also have the right to file a complaint with the competent supervisory authority, such as the Danish Data Protection Agency. Please consult their website for how to submit a complaint at www.datatilsynet.dk
You have the right to object, on grounds relating to your particular situation, at any time to our processing of personal data which uses ‘legitimate in article 6(1)(f) of the GDPR). Where you have exercised this right to object, we will no longer process your personal data on the legal basis of ‘legitimate interests’ unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights, and freedoms or if the processing is necessary for the establishment, exercise or defense of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to the processing for direct marketing purposes, your personal data will no longer be processed for such purposes.