Impactpool privacy policy

This is the privacy policy that applies to the processing of Personal Data relating to the users and visitors of Impactpool.org, which is run by Intalma - International Talent Management AB (Swedish cnr 559004-4680).

Intalma - International Talent Management AB will hereafter be referred to as "Company", "we", "us", or "our". We take your privacy seriously and are committed to keeping our users as satisfied as we possibly can.

We are the “Controller” of the personal data concerned in this privacy policy, meaning that we are responsible for, and determine the purposes and means of the processing of personal data.

To better protect your privacy and personal data, we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. Personal data means all information that can help to identify you as a unique person (i.e. name, address, pictures, IP-address etc.) and that are gathered through our digital channels, like this website, mobile applications and/or other future digital interfaces that are linked to this policy. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.

Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your personal data in accordance with our website. Furthermore, your rights as a data subject are described in this policy.

We take privacy matters and your security very seriously when processing your personal data. If you have any questions you are welcome to contact us at service(at)impactpool.org.

What personal information do we collect, how and why do we collect it, for what purpose and how long will we store it?

We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form or enter information on our site.

Purpose of processing

Make it possible to register on the website
Make orders on the platform
Maintain a profile

Processing being carried out

Identifying users; Perform matching of suitable jobs; notification of such jobs; make profile searchable by potential employers; Communications related to purchase; processing of order and transaction information related to payments; Internal registration and revisions or required for tax- or auditing purposes

Legal ground for processing

Fulfilling of the agreement: Collection of such information and processing is necessary for us to fulfill our rights and obligations per the agreement with you (See our Terms and Conditions). If the required information cannot be collected, we cannot fulfill our obligations per the agreement.

Retention period

Until the agreement ceases. Or as long as legally required by tax and audit purposes.

Purpose of processing

Direct marketing - Newsletter

Processing being carried out

Direct marketing (by us our through our external partners)

Categories of personal data

Name
Email
Phone number
Address
Information regarding your computer and your visits to this website, including:
- IP-address
- Geo-location
- Browser
- Source of reference
- Visiting time and pages

Legal grounds for processing

Legitimate interests: The processing is necessary to market our products to our customers.

Retention period

12 months after agreement ceases.

Purpose of processing

Improving of products

Processing being carried out

To personalize user's experience and to allow us to deliver the type of content and product offerings in which you are most interested. To improve our website in order to better serve you. To allow us to better service you in responding to your customer service requests.

Categories of personal data

Information regarding your computer and your visits to this website, including:

IP-address
Geo-location
Browser
Source of reference
visiting time
Pages and actions taken during the visit

Legal grounds for processing

Legitimate interests: The processing is necessary to improve our products for our customers.

Retention period

12 months after agreement ceases.

Source of information

Normally we only process personal data that you have given us or data that is gather in connection with your purchases or utilization of our services. In certain cases, we can complement such data with information from a third party to assess and improve our digital channels and services. Information that we gather from such third parties are the following:

Name and email from LinkedIn in case that you are connecting with your LinkedIn account
Name and email from Paypal when you are making payments through Paypal

Information to other recipients

When necessary to carry out our services we can use external providers of services (data processors). These providers can process personal data that has been provided by you or personal data that is gathered through the digital channels or our provided services. We use processors to assist us with the following:

Payments: Stripe and Paypal
Marketing Mailchimp, Facebook
IT-services Groove, Microsoft, Google, Mailchimp, Sendgrid, Sentry
Statistics and surveys: Google

We will always strive to limit such access and only share information that is necessary for the processors to be able to carry out their tasks. We make sure that our processors meet our high standards and that they have adequate security measures. We demand that they (i) protect your personal data in accordance with this policy and relevant legislation and (ii) refrain from using your personal data for any other purpose than providing us with the agreed upon product or service.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. Such third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Third country transfers

We always try to keep your personal data within the EU/EEA and most of our own IT-systems are localized accordingly. Providers outside of the EU/EEA are [Stripe, Paypal, Groove, Mailchimp, Sendgrid]. During support and maintenance, we might also temporarily need to transfer information outside of the EU/EEA.

All such information will always be kept to a minimum and relevant to the cause. Regardless where the personal data is transferred, we always take adequate technical and organizational measures to secure that the level of security is the same as within the EU/EEA and therefore maintains an adequate security level, i.e. by using the EU-commissions standard contractual clauses or companies that are affiliative to the Privacy Shield.

Changes to this policy

If we need to change the contents of this policy we will inform you about this when you log in to the website and/or through the additional channels.

Your rights

You have the right to request information regarding the personal data that we process of you and have inaccurate information corrected. Keep in mind that we can ask for additional information about you to ensure safe and effective processing of your request and to ensure that information is given to the right person.

You have the right to demand that we remove the personal data we have of you, i.e. if information no longer is needed to achieve the purpose they were collected for or if you no longer wish to receive direct marketing etc. Observe that when deemed necessary we can reject your request, i.e. if the personal data is required for tax- or auditing purposes.

You also have the right to request the limitation of processing. In such cases, we may have to assess the situation before making such a decision.

In cases where you have given your consent or if the processing is based on a contractual relationship with you, you have the right to, under certain circumstances, have your data transferred to another personal data controller. This, on the other hand, requires that the transfer is technologically possible and can be done by automated means.

If you want to know how we process your personal data you can send a written and signed request to us (see “Contact information” below).

How do we protect visitor information?

Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers. The gateway we use is PCI DSS 3.0 Certified.

However, providing personal data through digital channels always comes with a risk since it is not possible to entirely secure technological systems from unauthorized access.

Google

Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users.

Contact information

If you have any questions regarding the processing of personal data you are welcome to contact us:
Intalma - International Talent Management AB
Boo Strandväg 13
SE 132 36 Saltsjö-Boo
service@impactpool.org

If your personal data is not processed in accordance with this policy or relevant data protection legislation you have the right to file a complaint to the relevant privacy authority, e.g. the Swedish Data Protection Authority (Datainspektionen/Integritetsskyddsmyndigheten).

This policy was revised and updated 25 May 2018.