Privacy Policy

Impactify (“Impactify”, “we” or “us”) provides a digital advertising technology platform located at https://app.impactify.io/ (“Platform”) and related services (“Services”) for publishers (“Client” or “Clients”) to display advertising on their websites’ inventory (“Website” or “Websites”) that users (“Users”) can see online. Some of the content, advertising, and functionality on our Services may be provided by third parties (“Third Parties”) that are not affiliated with Impactify. Such Third Parties include: advertising providers, technology providers and audience-measurement companies.

This Privacy Policy is intended to inform each of our Client of our Services, before he or she submits any personal data (“Personal Data”), about the conditions under which the personal data he or she provides on the Platform is processed by us .

We recognize the importance of ensuring the protection and security of privacy and Personal Data and has established this Privacy Policy in accordance with the highest standards of personal data protection and any applicable regulations.

We make every effort to protect our Clients privacy and to ensure that Clients can continue to entrust us with their Personal Data in a secure manner. We will always manage Personal Data in a secure and discreet manner and take all reasonable security measures to prevent loss, alteration, unauthorized access, accidental disclosure to third parties and/or other unlawful processing of collected Personal Data. We will always use Client Personal Data fairly in order to be worthy of Client trust.

The processing of Client Personal Data by us is always carried out in compliance with the applicable European privacy regulations, including Regulation (EU) 2016/679 of April, 27th 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR” or the “RGPD”).

The access to certain sections of our Platform as well as any request for information may involve the communication of Client Personal Data.

Each Client is informed of the collection and processing of her/his  Personal Data and consent, by accepting this Privacy Policy, to the constitution of this file and to the processing of her/his Personal Data, under the conditions and according to the terms defined below.

This Privacy Policy is applicable to the Processing by us, acting as a data controller, of Personal Data voluntarily provided by the Client through the Platform and during the execution of the Services.

Impactify is a member of the IAB Europe Transparency & Consent Framework and complies with the Policies and Specifications with the Transparency & Consent Framework. The IAB Europe ID assigned to Impactify is: 606.

Information We Collect and Receive

When Clients use the Impactify Platform:

Impactify collects Personal Data from Clients when they voluntarily provide such information, such as when they contact us with inquiries for Services or register for access to the Platform. Personal data may include, but is not limited to the below:   

  • Name 
  • Email address
  • Website URL
  • Company name
  • Address
  • Billing information

Impactify may automatically log information using cookies, which are small data files stored on Clients browser. Impactify uses both session cookies, which expire when Clients close their browser, and persistent cookies, which stay on their browser until deleted, to provide them with a more personalized experience on the Platform. 

Impactify’s legal basis for processing this information is the Client’s consent, and by voluntarily providing us with personal data, Clients are consenting to our use of it in accordance with this Privacy Policy. 

When Users visit Clients’ websites:

When Users visit a Website that uses our Services, Impactify does not collect any information about Users that may directly identify them – we do not collect name or contact details, user address, place of work, date of birth, email address, or phone number.

  1. Cookies

Impactify uses Cookies strictly for the operation of the Services. Users have the possibility to opt-out when consulting Websites using Impactify Services, as an information banner on these sites informs them of the deposit of advertising cookies and asks them to consent to them.
Our legal basis for processing this information is the User’s consent and our legitimate interests, namely improving our Services.

  1. Clients and Third Parties

Clients and Third Parties working with Impactify may collect data about Users visiting Clients’ websites, such as IP addresses, cookie identifiers, and mobile device identifiers. The data collected on the Website may be transferred to Third Parties for interest-based advertising. Users may choose whether to receive personalized or unpersonalized ads on those Clients’ websites. Depending on their choice, will depend on the data the Clients and Third Parties collect from them. Users are invited to refer to each Client’s websites privacy policy for further details. Impactify does not control the data privacy or protection policies of Third Parties, and is not responsible for the privacy practices of these Third Parties. 

How We Use the Information We Collect and Receive

Personal Information Clients submit to us is used to register them for our Services, to respond to requests that they make, to improve our Services, to better tailor the features, performance, and support of the Services, and to offer them additional information, opportunities, and functionality. We may also use their Personal Information to provide electronic newsletters or promotional emails, should they request to receive such communications from us.

Legal Basis And Purposes For Processing

Impactify will normally process personal information from Clients and Users only where we have their consent to do so:

  1. Where we need the personal information to perform a contract with Clients, (article 6.1.b of the GDPR), 
  2. Where the processing of Users information is in our legitimate interest and not overridden by their data protection interests or fundamental rights and freedoms. (article 6.1.a of the GDPR). 
  3. Where we find such processing is necessary to comply with our legal obligations or regulatory obligations that we are subject (article 6.1.c. of the GDPR).
  4. The table below summarizes:

  • the object and purpose(s) of the Processing,
  • the persons concerned by the Processing,
  • the categories of Personal Data Processed,
  • the recipients of the Personal Data,
  • the duration of the storage of Personal Data.

    We undertake to Process Personal Data only for the purposes described below, to the exclusion of any other purpose.

Object / Purpose Persons Concerned  Data Processed  Recipient  Storage duration
Contact request on the Platform
(Article 6.1.a. of the GDPR)
Client  Name 
Address
Email address
Website URL
Company name
IMPACTIFY S.à r.l. 2 years after the last contact
Execution of the Services (Article 6.1.b. of the GDPR) Client  Name 
E-mail address
Website URL
Company name 
Billing address
IMPACTIFY S.à r.l. 2 years after the the end of the services’ execution
Newsletters and Promotional offers sent by Impactify(Article 6.1.a. of the GDPR) Client  Name 
E-mail address
Company name 
IMPACTIFY S.à r.l. 2 years
Legal and accounting obligation of Impactify (Article 6.1.c. of the GDPR) Client  Name 
Address
E-mail address
Company name
Billing address
IMPACTIFY S.à r.l. 10 years

Clients’ Rights Regarding Personal Information

In accordance with the articles 15 to 21 of the GDPR, Clients have a right to access, rectify and delete personal data about them, as well as a right to portability of their data. Clients have a right to limit treatment, a right to oppose the treatment and a right to set guidelines on the fate of their personal data after their death. They can exercise these rights by writing to gdpr@impactify.io.

We undertake to acknowledge receipt of any request made in this respect by a Client and to process it as soon as possible. It further undertakes to notify any recipient of Personal Data to whom it has been communicated with the Clients’ consent of any rectification, erasure or restriction of Processing, unless such communication proves impossible or requires disproportionate effort.

Impactify Services display some of the information Clients enter when they create their account by registering on the Platform. If Clients wish to change their contact information, they may login to their Impactify account, select the “Account” option, and edit their contact details. To prevent any other information from the account being displayed on the Platform, Clients may contact us by email to delete their account. When we delete Personal Information about Clients, it will be deleted from our active databases but may remain in our archives.

Unsubscribe instructions will accompany each newsletter or promotional communication Impactify sends to Clients. Clients can always contact us in order to change their preferences with respect to informational/promotional contacts, by emailing us. We will send Clients strictly service-related announcements (such as, but not limited to, notices of any updates to our Publisher Agreement or Privacy Policy) when it is necessary to do so. They may not opt-out of these communications, which are not promotional in nature, but if they do not wish to receive these announcements, they have the option to deactivate their account.

In addition, Clients have the right to lodge a complaint with a supervisory authority, the Commission Nationale de la Protection des Données  or “CNPD” in Luxembourg under the following link Complaint form – Individuals – National Data Protection Commission – Luxembourg (public.lu).

Users’ Rights Regarding Cookies and Personal Information

  1. Opt-out for cookies

When consulting Websites, an information banner on these sites informs Users of the deposit of advertising cookies and asks them to consent to them. However, if Users do not want an advertising cookie from Third Parties on their browser, they can disable them on those websites. Users can also opt out of receiving interest-based ads when they browse the web by visiting the Digital Advertising Alliance’s consumer choice page

  1. Personal Information

We do not control the data privacy or privacy policies of Clients and Third Parties. We invite Users to refer to each Website’s and Third Parties’ privacy policy. 
Users can contact us by email to obtain the list of Third Parties to know more about their policies and practices, and exercise their rights regarding their personal information.

California Consumer Privacy Act (“CCPA”)

Impactify does not sell Users or Clients information. 

If a Client wants to change or delete their personal information, they should refer to the instructions under the “Clients’ Rights Regarding Personal Information” section above.

If a User wishes to opt out of the use of cookies for interest-based advertising purposes or know more about our Third Parties policies, they may do so by following the instructions under the “Users’ Rights Regarding Cookies and Personal Information” section above. 

Our Commitment to Security

Although no one can guarantee the security of the information collected and received, we do employ a number of safeguards intended to mitigate the risk of unauthorized access or disclosure of this information. Examples of the types of safeguards we may provide (depending on the circumstances) include:

  • Storing the data Clients provide in controlled facilities;
  • Using HTTPS encryption when Clients authenticate on the Platform, which helps prevent unauthorized access to their login credentials;
  • Limiting access to personal information to employees who need that access to perform their jobs; and
  • Providing company-wide training on privacy and data security.

Confidentiality

We undertake to ensure that each member of its staff authorized to process Clients’ Personal Data is subject to strict obligations of confidentiality and protection of Personal Data, and undertakes in particular to :

  • Only process Personal Data that is strictly necessary to achieve the purposes for which it is collected,
  • not to process Personal Data for purposes other than those for which they were collected, except in the event of an administrative or judicial request or injunction or in application of a legal or regulatory requirement;
  • to take all measures in accordance with customary practice in order to avoid the misuse or fraudulent use of Personal Data and to preserve the physical and logical security of Personal Data;
  • in the event of termination of her/his duties, to return in full the data, computer files and any information support relating to the Personal Data;
  • inform the Client immediately and by any means of any Personal Data Breach of which he/she becomes aware.

Personal Data breach

We will promptly inform each affected Client of any breach of her/his Personal Data that is likely to result in a high risk to her/his rights and freedoms, in accordance with the articles 33 and 34 of the GDPR. This information shall describe in particular the consequences of the breach, as well as the measures taken or envisaged by us to remedy the breach, including the measures taken to mitigate any negative consequences.

However, the above information is not required if either of the following conditions is met:

  • We have implemented appropriate technical and organizational safeguards and these have been applied to the Personal Data affected by the said breach,
  • We has taken subsequent steps to ensure that the high risk to Clients’ rights and freedoms is no longer likely to materialize,
  • it would require disproportionate efforts.

We will notify the CNPD as soon as possible and if possible within 72 hours of becoming aware of any breach that may pose a high risk to Client’ rights and freedoms.

Transfer of Data

We do not transfer Personal Information to a non-EU and/or EEA states members.

Privacy of Minors

We do not knowingly collect or maintain Personal Information from those who are under 16 years old.

Changes to This Privacy Policy and Additional Information

We may update this Privacy Policy from time to time, and so you should review this Policy periodically. If there are significant changes to Impactify’s information practices, you will be provided with appropriate online notice.

How to Contact Us

If you have questions or concerns about this Privacy Policy or about Data Protection in general, you can contact gdpr@impactify.io.

Last updated: March 08, 2024.