Impactify (“Impactify”, “we” or “us”) provides a digital advertising technology platform located at https://app.impactify.io/ (“Platform”) and related services (“Services”) for publishers (“Client” or “Clients”) to display advertising on their websites’ inventory (“Website” or “Websites”) that users (“Users”) can see online. Some of the content, advertising, and functionality on our Services may be provided by third parties (“Third Parties”) that are not affiliated with Impactify. Such Third Parties include: advertising providers, technology providers and audience-measurement companies.
We make every effort to protect our Clients privacy and to ensure that Clients can continue to entrust us with their Personal Data in a secure manner. We will always manage Personal Data in a secure and discreet manner and take all reasonable security measures to prevent loss, alteration, unauthorized access, accidental disclosure to third parties and/or other unlawful processing of collected Personal Data. We will always use Client Personal Data fairly in order to be worthy of Client trust.
The processing of Client Personal Data by us is always carried out in compliance with the applicable European privacy regulations, including Regulation (EU) 2016/679 of April, 27th 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR” or the “RGPD”).
The access to certain sections of our Platform as well as any request for information may involve the communication of Client Personal Data.
Information We Collect and Receive
When Clients use the Impactify Platform:
Impactify collects Personal Data from Clients when they voluntarily provide such information, such as when they contact us with inquiries for Services or register for access to the Platform. Personal data may include, but is not limited to the below:
- Email address
- Website URL
- Company name
- Billing information
Impactify may automatically log information using cookies, which are small data files stored on Clients browser. Impactify uses both session cookies, which expire when Clients close their browser, and persistent cookies, which stay on their browser until deleted, to provide them with a more personalized experience on the Platform.
When Users visit Clients’ websites:
When Users visit a Website that uses our Services, Impactify does not collect any information about Users that may directly identify them – we do not collect name or contact details, user address, place of work, date of birth, email address, or phone number.
Our legal basis for processing this information is the User’s consent and our legitimate interests, namely improving our Services.
- Clients and Third Parties
How We Use the Information We Collect and Receive
Personal Information Clients submit to us is used to register them for our Services, to respond to requests that they make, to improve our Services, to better tailor the features, performance, and support of the Services, and to offer them additional information, opportunities, and functionality. We may also use their Personal Information to provide electronic newsletters or promotional emails, should they request to receive such communications from us.
Legal Basis And Purposes For Processing
Impactify will normally process personal information from Clients and Users only where we have their consent to do so:
- Where we need the personal information to perform a contract with Clients, (article 6.1.b of the GDPR),
- Where the processing of Users information is in our legitimate interest and not overridden by their data protection interests or fundamental rights and freedoms. (article 6.1.a of the GDPR).
- Where we find such processing is necessary to comply with our legal obligations or regulatory obligations that we are subject (article 6.1.c. of the GDPR).
- The table below summarizes:
- the object and purpose(s) of the Processing,
- the persons concerned by the Processing,
- the categories of Personal Data Processed,
- the recipients of the Personal Data,
- the duration of the storage of Personal Data.
We undertake to Process Personal Data only for the purposes described below, to the exclusion of any other purpose.
|Object / Purpose||Persons Concerned||Data Processed||Recipient||Storage duration|
|Contact request on the Platform
(Article 6.1.a. of the GDPR)
|IMPACTIFY S.à r.l.||2 years after the last contact|
|Execution of the Services (Article 6.1.b. of the GDPR)||Client||Name
|IMPACTIFY S.à r.l.||2 years after the the end of the services’ execution|
|Newsletters and Promotional offers sent by Impactify(Article 6.1.a. of the GDPR)||Client||Name
|IMPACTIFY S.à r.l.||2 years|
|Legal and accounting obligation of Impactify (Article 6.1.c. of the GDPR)||Client||Name
|IMPACTIFY S.à r.l.||10 years|
Clients’ Rights Regarding Personal Information
In accordance with the articles 15 to 21 of the GDPR, Clients have a right to access, rectify and delete personal data about them, as well as a right to portability of their data. Clients have a right to limit treatment, a right to oppose the treatment and a right to set guidelines on the fate of their personal data after their death. They can exercise these rights by writing to firstname.lastname@example.org.
We undertake to acknowledge receipt of any request made in this respect by a Client and to process it as soon as possible. It further undertakes to notify any recipient of Personal Data to whom it has been communicated with the Clients’ consent of any rectification, erasure or restriction of Processing, unless such communication proves impossible or requires disproportionate effort.
Impactify Services display some of the information Clients enter when they create their account by registering on the Platform. If Clients wish to change their contact information, they may login to their Impactify account, select the “Account” option, and edit their contact details. To prevent any other information from the account being displayed on the Platform, Clients may contact us by email to delete their account. When we delete Personal Information about Clients, it will be deleted from our active databases but may remain in our archives.
In addition, Clients have the right to lodge a complaint with a supervisory authority, the Commission Nationale de la Protection des Données or “CNPD” in Luxembourg under the following link Complaint form – Individuals – National Data Protection Commission – Luxembourg (public.lu).
Users’ Rights Regarding Cookies and Personal Information
- Opt-out for cookies
When consulting Websites, an information banner on these sites informs Users of the deposit of advertising cookies and asks them to consent to them. However, if Users do not want an advertising cookie from Third Parties on their browser, they can disable them on those websites. Users can also opt out of receiving interest-based ads when they browse the web by visiting the Digital Advertising Alliance’s consumer choice page.
- Personal Information
Users can contact us by email to obtain the list of Third Parties to know more about their policies and practices, and exercise their rights regarding their personal information.
California Consumer Privacy Act (“CCPA”)
Impactify does not sell Users or Clients information.
If a Client wants to change or delete their personal information, they should refer to the instructions under the “Clients’ Rights Regarding Personal Information” section above.
Our Commitment to Security
Although no one can guarantee the security of the information collected and received, we do employ a number of safeguards intended to mitigate the risk of unauthorized access or disclosure of this information. Examples of the types of safeguards we may provide (depending on the circumstances) include:
- Storing the data Clients provide in controlled facilities;
- Using HTTPS encryption when Clients authenticate on the Platform, which helps prevent unauthorized access to their login credentials;
- Limiting access to personal information to employees who need that access to perform their jobs; and
- Providing company-wide training on privacy and data security.
We undertake to ensure that each member of its staff authorized to process Clients’ Personal Data is subject to strict obligations of confidentiality and protection of Personal Data, and undertakes in particular to :
- Only process Personal Data that is strictly necessary to achieve the purposes for which it is collected,
- not to process Personal Data for purposes other than those for which they were collected, except in the event of an administrative or judicial request or injunction or in application of a legal or regulatory requirement;
- to take all measures in accordance with customary practice in order to avoid the misuse or fraudulent use of Personal Data and to preserve the physical and logical security of Personal Data;
- in the event of termination of her/his duties, to return in full the data, computer files and any information support relating to the Personal Data;
- inform the Client immediately and by any means of any Personal Data Breach of which he/she becomes aware.
Personal Data breach
We will promptly inform each affected Client of any breach of her/his Personal Data that is likely to result in a high risk to her/his rights and freedoms, in accordance with the articles 33 and 34 of the GDPR. This information shall describe in particular the consequences of the breach, as well as the measures taken or envisaged by us to remedy the breach, including the measures taken to mitigate any negative consequences.
However, the above information is not required if either of the following conditions is met:
- We have implemented appropriate technical and organizational safeguards and these have been applied to the Personal Data affected by the said breach,
- We has taken subsequent steps to ensure that the high risk to Clients’ rights and freedoms is no longer likely to materialize,
- it would require disproportionate efforts.
We will notify the CNPD as soon as possible and if possible within 72 hours of becoming aware of any breach that may pose a high risk to Client’ rights and freedoms.
Transfer of Data
We do not transfer Personal Information to a non-EU and/or EEA states members.
Privacy of Minors
We do not knowingly collect or maintain Personal Information from those who are under 16 years old.
How to Contact Us
Last updated: October 5, 2022.