This is the Privacy and Cookie Policy of ImpactHub Stockholm AB, with its registered office at Luntmakargatan 25, 111 37 Stockholm, Sweden and registered at with company number 559097-6238 (hereinafter “Impact Hub”, “us” or “we”) and available via www.impacthub.se (hereinafter: the Website).

Article 1 – General Terms

Impact Hub declares to abide by the European General Data Protection Regulation 2016/679 of 27 April 2016 with this Privacy Policy.

Impact Hub takes responsibility for the processing of your personal data as data controller.

Article 2 – Data that we collect about you

Personal data means any information that can identify a natural person or any information that can link to an identifiable natural person. Personal data does not include information that is anonymized and where no natural person can be identified.

Personal data that we collect about you can fit into the following broad categories:

  • Category 1: Technical data: IP address and browser type when you use our Website;
  • Category 2: Identification information: when you sign up for an account and when you apply for a job;
  • Category 3: Contact information: email address when you sign up for an account and when you contact us through the contact form;
  • Category 4: Financial data: when you enter your payment details to purchase from us;
  • Category 5: Business data: when you provide us with business information in our order form;
  • Category 6: Social media data: when you choose to interact with us on social media platforms;
  • Category 7: Photos: when you upload a photo to your profile and/or interact with us on social media platforms.

Article 3 – How do we collect data about you

Impact Hub can obtain personal data through different means:

  • direct interaction by you when you provide us with your personal data when communicating with us;
  • by placing cookies (see below);
  • during your use of the Website;
  • request to be sent information to you;
  • create an account on our Website;
  • order a product or service from us;

Article 4 – Purposes of processing your data

In general, we rely on the following basis for the legal processing of your personal data:

  • Where we need to perform the contract we enter into with you i.e. contractual obligations;
  • Where it is necessary for Impact Hub’s legitimate interests;
  • Where we need to comply with a legal or regulatory obligation;
  • Where you have provided us with explicit consent.

Impact Hub shall only use the data collected about you solely for the following purposes:

  • Category 1: Technical data: IP address and browser type when you use our Website to improve your user experience and maintain the performance of our Website.
  • Category 2: Identification information: when you sign up for an account in order to deliver our services that you ordered;
  • Category 3: Contact information: email address when you sign up for an account and when you contact us through the contact form in order to respond to your inquiry and deliver our services that you ordered;
  • Category 4: Financial data: when you enter your payment details to purchase from us so that we can collect payment and deliver services or products that you ordered;
  • Category 5: Business data: when you provide us with business information in our order form in order to perform the services you ordered;
  • Category 6: Social media data: when you choose to interact with us on social media platforms and so that other members can identify and connect with you;
  • Category 7: Photos: when you upload a photo to your profile and/or interact with us on social media platforms so that other members can identify and connect with you.

You are not required to provide Impact Hub with your personal data, however, we may not be able to deliver services to you if you refuse to provide personal data.

Where you provide us with consent to process your personal data, you have the right to withdraw this consent at any time. If you wish to withdraw consent please see Article 9 for more information.

Automated decisions and profiling

We do not process your personal data to create a profile of you and you shall not be subjected to automated decisions.

Article 5 – Data Retention

We will store and process your personal data for the period necessary depending on the purposes of processing and the contractual relationship you may have with Impact Hub.

  • Category 1: Technical data: IP address and browser type for the duration of your visit on our Website;
  • Category 2: Identification information for as long as your contractual relationship with Impact Hub;
  • Category 3: Contact information: email address for as long as your contractual relationship with Impact Hub;
  • Category 4: Financial data: see Article 6
  • Category 5: Business data: when you provide us with business information in our order form for as long as your contractual relationship with Impact Hub.
  • Category 6: Social media data: when you choose to interact with us on social media platforms for as long as your contractual relationship with Impact Hub;
  • Category 7: Photos: when you upload a photo to your profile and/or interact with us on social media platforms for as long as your contractual relationship with Impact Hub.

Article 6 – Payment services

Impact Hub uses the services of PayPal Inc, Stripe and PayEx to process all credit card information and payment information. This is a security measure that Impact Hub implements in order to restrict access to personal data.

Impact Hub does not store your credit card details and only uses it for the purpose of processing your payment. We highly recommend you read the privacy policies of PayPal, Stripe and PayEx to understand how they protect your personal data. This Privacy Policy does not cover the processing performed by PayPal Inc, Stripe and PayEx.

Article 7 – Transfer of data

We may share your data with the following categories of third parties:

  • Employees, freelancers, contractors of Impact Hub;
  • Service providers of Impact Hub;
  • Government authorities such as tax regulators or law enforcement to comply with legal obligations;
  • Professional advisers such as accountants and legal advisers;
  • Payment processors: see Article 6.

We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We guarantee a similar level of protection by imposing contractual obligations to our subcontractors that are similar to this Privacy Policy.

We share data with the following specific third parties:

  • Google analytics: we use Google analytics to anonymously gather statistics about Website users in order to maintain and improve the user experience and Website. Google analytics is a third-party service provided by Google and this Privacy Policy does not cover the processing performed by Google. For more information about how Google collects and processes your data, please refer to their Privacy Policy.
  • Gaest: is a Danish external booking platform that allows people searching through their site to book our meeting rooms. If you book meeting rooms using this service your personal data will be transferred to this service provider in order to fulfil your request. For more information about how Gaest collects and processes your data, please refer to their Privacy Policy.
  • Croissant Inc: is a US external booking platform that allows people searching through their site to book our meeting rooms. If you book meeting rooms using this service your personal data will be transferred to this service provider in order to fulfil your request. For more information about how Croissant Inc collects and processes your data, please refer to their Privacy Policy.
  • Meetingsbooker: is an Irish external booking platform that allows people searching through their site to book our meeting rooms. If you book meeting rooms using this service your personal data will be transferred to this service provider in order to fulfil your request. For more information about how Meetingsbooker collects and processes your data, please refer to their Privacy Policy.
  • Simply Events: is a Swedish event ticketing platform. Your personal data will be transferred to this service provider in order to provide you with the services you ordered. For more information about how Simply Events collects and processes your data, please refer to their Privacy Policy.
  • Eventbrite: is a Dutch event ticketing platform. Your personal data will be transferred to this service provider in order to provide you with the services you ordered. For more information about how Eventbrite collects and processes your data, please refer to their Privacy Policy.
  • Mailchimp: is a US based email communication tool. For more information about how Mailchimp collects and processes your data, please refer to their Privacy Policy.
  • Zapier: is a US process automation tool that we use to improve our services. For more information about how Zapier collects and processes your data, please refer to their Privacy Policy;
  • Nexudus: is an English company that helps us manage customer purchases and account management. For more information about how Nexudus collects and processes your data, please refer to their Privacy Policy.

Impact Hub shall not be liable in any way for direct or indirect damages caused by a wrongfully or improper use of the personal data by a third party.

Third party external links

We may include links to external third party websites, applications and/or plug-ins. By clicking on those links you may allow third parties to collect or share data about you. We do not control these third party websites and this Privacy Policy does not cover the processing performed by them. We encourage you to check the third party websites for more information about how they handle personal data.

International transfers

Due to the global nature of our operations, we may transfer your personal data outside the European Economic Area. We ensure that there is an adequate level of protection for personal data in the receiving entity.

We may use the following methods to safeguard the transfer of data internationally:

  • Transfer of personal data to a country that has officially been deemed to provide an adequate level of protection for personal data by the European Commission (‘adequacy decisions’);
  • We may use Standard Contractual Clauses approved by the European Commission;
  • We may transfer data to the US if they are part of the Privacy Shield. If the receiving third party is not a part of the Privacy Shield then we may use the Standard Contractual Clauses;

Article 8 – Cookies

A cookie is a small text file that is sent from the server of Impact Hub and is stored on your computer’s hard drive. This allows us to remember your preferences when visiting our Website. The information stored through these cookies can only be read by Impact Hub and only for the duration of your visit to the Website.

Our Website uses cookies and similar technologies to identify you from other users of our Website. This allows us to offer you a better experience when you visit our Website and to optimize our Website in the meantime.

When you use the Website, your device or browser may be sent cookies from third parties, for example when using embedded content and social network links. It’s important for you to know that we have no access to or control over cookies used by these companies or third-party websites. We suggest you check the third party websites for more information about their cookies and how to manage them.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Article 9 – Security measures

We have implemented an appropriate technical and organizational measures, procedures and safeguards are in place to prevent the destruction, loss, adjustment, accidental notification to a third party, removal and unauthorized access of personal data.

We only allow access to your personal data to those employees, contractors and other third parties who have a business need to know. They only process your personal data on our instructions and are subject to a duty of confidentiality.

All employee computers and office computers have firewalls installed as well as AVG’s antivirus program.

We have also ensured that our account management system only integrates with GDPR compliant payment systems where credit card details are automatically encrypted.

Article 10 – Your rights

Under the General Data Protection Regulation, data subjects within the European Economic Area are entitled to the following rights:

  • Right of access – you have the right to be informed on how we use your personal data and you have the right to request access to the personal data that we have collected about you;
  • Right of rectification – you have the right to correct inaccurate information that we may have about you;
  • Right to object – you have the right to object to us processing your personal data;
  • Right to restrict processing – you have the right to request us to suspend processing under certain circumstances;
  • Right to data portability – you have the right to obtain a copy of your personal data in an easily readable format in order to transfer to another service.
  • Right to erasure – otherwise known as the ‘right to be forgotten’ meaning that you have the right to request that we delete all the personal data that we have on you (with certain legal exceptions).
  • Right to withdraw consent – where the processing is based on consent, you have the right to at all times, withdraw your consent.

If you wish to exercise any of your rights under the General Data Protection Regulation please contact us by sending an email to:

Impact Hub Stockholm

Luntmakargatan 25, 111 37 Stockholm, Sweden

+46(0)8-667 49 07

privacy@impacthub.se

Please note that you will be requested to provide specific identification information in order to verify your identity before your request can be processed. This is a security measure that we have implemented to ensure that there is no unauthorized access to personal data by third parties.

We are committed to providing you with a response to your request within 30 days. However if there are delays in providing you with your request, we will notify you of the delay, the reason for the delay and extend our response time.

Right to make a complaint

You have the right to make a complaint anytime with Datainspektionen.

Datainspektionen

Box 8114
104 20 Stockholm

Phone 08-657 61 00

Email: datainspektionen@datainspektionen.se

Article 11 – Changes to this Privacy Policy

We may update this Privacy Policy from time to time to incorporate new rules or guidance issued under the General Data Protection Regulation. We will always notify you of the changes and ensure that the most recent Privacy Policy will be available to you.

If you have any questions regarding this Privacy Policy or you wish to exercise your rights, please refer to Article 8. For everything else, email welcome@impacthub.se

Effective: 25th May 2018.