This is the statement of how The Impacter website, operated by The Impacter Development Centre Ltd. applies the data protection principles to data processed on this website. It is provided to fulfil our obligations under the General Data Protection Regulation (GDPR), which requires greater transparency with regard to your personal information, and which gives you greater control over how we use it.
There is a growing demand and need to create innovative solutions which are sustainable, socially beneficial and profitable at the same time. We believe that by finding the right combination of shared values and functional requirements we can multiply the positive outcomes of the same development and reduce the risk of failure. Inevitable trends are here to stay towards responsible investments, value-driven consumer expectations and major industrial changes which are shaped by environmental and social factors.
The power to change the world is in the hands of every innovator, therefore our goal is to provide knowledge, network and inspiration for leaders to implement the concept of responsible innovation which allows them to unlock investment potential and create better products/services.
We would like to inform our visitors that browsing or registering on the website and any supplementary contribution means the approval of the conditions as below:
Operator of the website, Data Controller
The operator of the website and the Data Controller are the same.
Name: The Impacter Development Centre Ltd.
Seat: Taylors Lane, Dublin 8, Dublin, Ireland
Phone number: 085 2202275
1. What type of personal data do we process on our website?
Newsletter and Notifications: Individuals may sign-up to receive our newsletter via email. Subscribers are asked to submit their name, email address, role. We process this data on the basis of consent and you may withdraw your consent at any time. We use MailChimp to keep in touch with our subscribers, please find more information at 3.3 section about the process.
Registration: Visitors can register to attend the events via our website using registration forms. They are asked to provide details such as name, email address, organisation, and role. They submit these details on the basis of consent and can choose whether or not their details can be retained for the purposes of similar communications on future events.
Polls: Any polls that are conducted is regulated by its own Sweepstakes Rules under the relevant Terms and Conditions described in each case.
Event registration: We might send out direct invitations to events to stakeholders via email. Receivers may opt out of receiving direct email invitations by replying to the email invitation or contacting us directly at firstname.lastname@example.org
Some of the links on the website may lead you to other web pages operated by other Parties. The Operator does not take any responsibility or liability for the contents of such website and excludes all responsibility and liability for damages resulted in from using such information. The Operator intends to publish exact and verified information but does not take any responsibility or liability for damages arising from publishing.
3. Data protection
The present legal declaration (hereinafter referred to as „the Present declaration”) enters into force on 08 March 2016 and is valid until withdrawal.
The Impacter Development Centre Ltd. (hereinafter referred to as „Company”) manages your personal data which you provide to the Company. The Present declaration is effective in relation to every organisational unit of the Company where data management is executed. The definition of personal data complies with the currently applicable EU legislation.
Definitions of the present declaration comply with the General Data Protection Regulation.
3.1. Rules of data management
Personal data may be processed for specified and explicit purposes only if necessary to fulfilment of rights or obligations and only to the duration and extent as necessary. Data management must comply with the purposes of data processing in all stages. In case the purpose ceases or data processing is otherwise unlawful, the data will be deleted.
Personal data shall be managed by the Company in case the concerned gives his consent or due to public interest any Act or Decree of local government orders it.
The Company shall notify the Data Subject of both the purpose and the legal basis of the data management prior to its recording.
Employees of the Company as well as any participants assigned by the Company to perform data management are obliged to retain personal data as business privacy.
Should anyone under the present declaration become aware that any personal data managed by the Company false, incomplete or out-of-date, he is obliged to notify the staff of the Company or to initiate the correction of the data at his earliest convenience with the person who is responsible for the recording of the data.
Activities of third persons or entities involved in data processing under the assignment given by the Company, the obligations of data security shall be validated in the retainer agreement concluded with the Data Processor.
The head of the Company decides on the structure of data management and on all scope of duties and competences and he has the right to assign those persons who are responsible for the supervision of data management.
Employees of the Company are obliged to prevent any unauthorised people from getting an insight view of the personal data and to assure that the storage of personal data is protected against unauthorised access, knowing, changing, forwarding as well as cancelling due to the change of applied technology.
For data processed on a consent basis, it is retained as long as the individual wishes us to retain it for. Consent may be withdrawn at any time. For data processed on a legitimate interest basis, it will be retained for as long as there is a purpose associated with the legitimate interest. An individual may object to their data being processed on this basis. Our database will be retained in accordance with the requirements of the associated statute or regulation.
3.2. Rights of Data Subjects; enforcement
The Data Subject may request from the Data Controller: (i) information of the processing of his/her personal data; (ii) rectification of his/her personal data; and (iii) deletion or blocking of his/her personal data – excluding data management as required by the law – on the above mentioned availabilities of the Company.
In line with the request from the Data Subject in relation to data management the Company shall give an answer in writing within the shortest time, but no later than within 30 days – in case of protestation 15 days – in an understandable way.
As a principle, the information is free of charge.
Where a personal data is deemed inaccurate, and if the correct personal data is at the Data Controller’s disposal, the Company shall rectify the personal data in question, while in case specified by the applicable law the personal data shall be deleted by the Company.
For the duration of examining the protestation of the data management – but 5 days maximum – the data management shall be suspended by the Company and it will be examined whether the protestation is established; afterwards, a decision shall be made of which the Data Subject shall be informed by the Company.
The Company shall be liable for any and all damages caused to the Data Subject as a result of unlawful processing or any breach of data security requirements. The Data Controller shall also be liable for any damage caused by a data processor acting on its behalf, as well as for any restitution payable to the Data Subject for any violation by the data processor of his rights relating to personality.
The Data Controller is exempted from liability for damages or for payment of restitution if the damage caused by the violation of the rights of the Data Subject relating to personality right is attributable to reasons beyond his control. No compensation or restitution shall be paid either, if the damage was caused by intentional or negligent conduct of the Data Subject.
Rights of data subject
To be informed - An individual has a right to know whether an organisation processes personal information relating to them and certain additional information in relation to the processing, such as its purposes, the categories of data, the recipients of the data, and the existence of additional rights such as the rights to erasure and objection (where applicable).
Get access - Individuals have the right to access their personal data, be aware of and verify the lawful basis on which it is processed.
Rectification and erasure - Individuals have a right to have inaccurate personal data rectified, or completed if it is incomplete. Individuals have a right to have their personal data erased in certain circumstances. This right applies where personal data is processed on the basis of consent or when the personal data is no longer necessary for the purpose which it was originally collected or processed it for; it doesn’t apply where personal data is being processed or retained in order for the organisation to comply with a legal obligation.
Restrict processing - Individuals have the right to request the restriction or suppression of their personal data in certain circumstances. When processing is restricted, an organisation may store the personal data, but not use it. This right applies where
- an individual contests the accuracy of their personal data and this is being verified
- the data has been unlawfully processed (ie in breach of the lawfulness basis on which it is processed) and the individual opposes erasure and requests restriction instead
- an organisation no longer needs the personal data but the individual needs it to be kept in order to establish, exercise or defend a legal claim
- the individual has objected to the processing of their data where it is being processed on the basis of public interest task or legitimate interests and the organisation is considering whether their legitimate grounds override those of the individual.
Data portability - This right allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This right only applies where the lawful basis for processing this information is consent or for the performance of a contract, and the processing is being carried out by automated means.
Objection - An individuals have the right to object to the processing of their personal data where
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics.
Automated decision making and profiling – this defined as:
- automated individual decision-making (making a decision solely by automated means without any human involvement); and
- profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
An organisation can only process personal data in this way when it’s:
- necessary for the entry into or performance of a contract; or
- authorised by Union or Member state law applicable to the controller; or
- based on the individual’s explicit consent.
3.3. Data management during the usage of the website of the Company
Everyone can access the website of the Company without giving any personal identification or data. The User may obtain information without limitation on the website including each webpage. Any information on the website not connected to any person particularly can be collected without limitation. No personal data can be gained from such information, and accordingly, the related data management does not accomplish personal data management as based on the Info Act.
Usage of the Cookies can be prohibited by the settings of the browsers by the User.
By usage of the present website the User approves the processing and management of his personal data in the above manner and for the above purposes.
Google uses the above information for appraisals, analytics and making reports of the performed activities on the website; furthermore, for providing services related to the activities performed on the website and to other usage of the internet.
3.1. Conduct marketing activities
3.1.1. If you have provided us with your email address at some point we might use this email address to target you with specific offers on Facebook or other social media sites that allow re-targeting services.
3.1.2. When you participate in our promotional activities (e.g. competitions during trade shows or on our social media channels), your contact information will be collected to administer these promotions. If you agree (opt-in), we will use your contact information to send you regular news and offers related to our products and services. You will only be added to our marketing database with your prior marketing opt-in permission located on the form your contact details were collected. You can unsubscribe/opt-out from marketing communication at any time by clicking the relevant link in the e-mail message or contacting us at email@example.com
3.1.3. If you choose to participate in our social media activities (e.g. competitions, shared offers or other promotions), we may use the publicly available information you voluntarily share with us during the activity (e.g. your photos). This information might only be used in connection with that specific activity and we do generally try asking you if you agree for us to use it before head.
3.1.4. Provided that you have not objected us using your details in this way, we may contact your business contact information to provide you with information related to our services and products, which we think will be of interest and value to you.
We will use the information you provide on the subscription form to be in touch with you and to provide updates and marketing. You can change your mind at any time by clicking the unsubscribe link in the footer of any newsletter you receive from us, or by contacting us at firstname.lastname@example.org
4. Data processing
The Company shall not reveal any personal data for third parties. The Company does not use any Data Processor and does not forward any personal data.
5. Amendment to the declaration
The Company reserves the right of amendment to the present declaration.
In case the amendment concerns the Data Subject’s personal data utilization, the Company is obliged to notify the Data Subject via e-mail accordingly. In case the details of data management change pursuant to such amendment, the Company will obtain the Data Subject’s consent.
Under data protection legislation an individual has a right to lodge a complaint with the Data Protection Commission if they consider that processing of their personal data is contrary to the GDPR.
The contact detail of the Commission is email@example.com or The Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois. The Data Protection Commissioner also operates a helpdesk function, which is contactable at 0761 104 800 or LoCall 1890 252231.
5. Sensitive Personal Information
The term “sensitive information” called in GDPR “special categories of personal data”, refers to information related to your physical or mental health, racial or ethnic origin, political opinions, religious or other beliefs, your sexual life, genetic data, biometric data (if used to identify an individual) or trade union membership.
In general, we do not collect sensitive information unless it is volunteered by you.
6. Issues not covered by the present declaration
Any issue not covered by the present declaration, shall be governed by the applicable EU legislations and the laws of Hungary.