Marc Impact Program Privacy Statement

Introduction

Thank you for visiting the Marc Impact Programme (Marc Programme) website. We take the protection of your personal data very seriously when processing it in accordance with the applicable regulations. The following notice provides you (hereinafter referred to as „customer“, „data subject“ or „user“) with an overview of how we ensure data protection and for what purposes and what kind of data we process.

The Marc Programme is an innovative program to increase the positive impact and financeability of impact businesses. The programme is available to businesses registered in Central and Eastern Europe, currently in Austria, the Czech Republic, Croatia, Hungary, Romania and Serbia.
The implementation of the Marc Programme is supported by the European Commission under the EcoVolve: Evolutionizing Ecosystems for Social Enterprises in the CEE Region grant programme.

The Marc Programme is managed, organized and implemented by IFUA Nonprofit Partner Public Nonprofit Ltd. (hereinafter referred to as IFUA NPP or the Data Controller) in close cooperation with SIMPACT Public Nonprofit Ltd. The IFUA NPP and SIMPACT implement the Marc Programme in the participating countries through the involvement of Local Partners, each of which is an independent Data Controller.
Impact Hub Vienna is the local partner for the implementation of the Marc programme in Austria.

This Privacy Policy has been prepared in accordance with the requirements of Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation (GDPR)).

Data Controller and contact details:

Name: Impact Hub Vienna
Registered office: Lindengasse 56, 1070 Wien
Managing Director: Jakob Detering
Tax number: ATU65367355
E-mail address: vienna.hosts@impacthub.net
(hereinafter referred to as the Data Controller)
Impact Hub Vienna is the Data Controller for data management issues, and the Data Controllers process all personal data necessary for the application for and continued participation in the programme.

Programme Sponsoring and Supporting Organisation:
Name: ERSTE Foundation
Name: ERSTE Social Finance Holding
Name: ERSTE Group Bank AG
Name: European Commission
Name: IFUA Nonprofit Partner Public Benefit Nonprofit Ltd.
Name: SIMPACT Non-profit Public Benefit Partnership Ltd.

The Programme Sponsoring and Organisations supporting the Programme are the independent data controllers of all personal data necessary for the application and continued participation in the Programme.

Other partners, financial organisations cooperating in the implementation of the Marc Programme (independent data controllers):

Name: Erste Bank Austria (Austria)
The above Cooperating Partners, financial organisations are the data controllers of the data of impact companies and organisations operating in their respective countries. The data management information related to the activities of the above Cooperating Partners is available on the Partners‘ websites.

Scope of data processed legal basis, purpose and duration of data processing

As a data controller, we store your personal data (the purpose of the processing) in order to provide you with the best possible professional material on our website.

When you register, we will collect your name, email address, password, company name, position – (mandatory) and LinkedIn contact details – (optional) (scope of data processed).

The processing of your data is based on your consent (legal basis for processing). If you do not provide the above scope of data, we will not be able to accept your registration and provide access to professional content. In the event of withdrawal of your consent, your registration and related personal data will be deleted immediately. Request for data deletion and consent withdrawal can be sent to ilinca.oprea@impacthub.net

At events, mass recordings are made of images and audio recordings, which are used by the Data Controller in the Marc programme.

The withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal. In the event of withdrawal of consent, the Data Controller shall not suffer any adverse legal consequences because of such withdrawal.

During the participation in the Marc Programme, Person’s images or voice recordings are made of a crowd at the Programme events and activities, which are used by the Data Controller in the Marc Programme. In case of use other than the previous use, the Data Controller will inform the data subject.
Your data will be kept for 7 years after the end of the implementation (31.08.2026) of the Marc programme (duration of processing).

The website is operated by the following data processors:

  1. WPViking Ltd., as website operator (company registration number: 09-09-026860, tax number: 25173749-2-09, registered office: 4200 Hajdúszoboszló, Kösialja u. 16,
  2. Cloudways Ltd. Junction Business Centre, as hosting provider (Adomain number: MT20765109, registered office: 1st Floor, Sqaq Lourdes, St Julian’s SWQ 3334 Malta)
  3. and MailerLite Inc., MailerLite Limited, as a newsletter provider (Tax ID:
  4. GB 393734660, sregistered office: 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland)
  5. Babele Create Together Srl. as Platform Provider (Company registration number is 33218665, Str Mitropolit Nifon, nr 13, sector 4, Bucharest, Romania).

Registration data is processed by data processors using security technologies and procedures that comply with the general data protection requirements. The Data Controllers and processors ensure that technological, physical, organisational and procedural safeguards are in place meeting industry-accepted standards to protect confidentiality, integrity and availability of the processed personal data. To ensure the physical and software protection of the database server storing the data, the servers are in a secure location (inaccessible to anyone).

The Data Controller may use the services of third-party services for the purpose of cleaning and updating the available personal data, ensuring that such third parties’ data management and processing practices comply with the applicable legal requirements. The Controller ensures that no third party may use users’ the personal data for any other purpose other than specified. By accepting this policy, the user expressly consents to the processing of data by third parties for such purposes.
For the purposes of the implementation of the Marc programme and the accounting of the Marc programme support, personal data will be included in a database operated by IFUA NPP and SIMPACT and covering the entire implementation of the programme, where IFUA NPP and SIMPACT will also act as independent joint controllers for the processing of the data. Link to the data management information: https://marc-impactprogramme.net/privacy-statement/

The legal basis for the transfer of data is the legitimate interest pursuant to Article 6(1)(f) GDPR.

Data transfer

 

If your registration (application) belongs to other country than the country where you have registered, your data will be transferred to the affected local partner implementing the Marc Programme in that country as a separate controller.

Use of cookies

 

The website uses cookies (cookie) files to enhance the user experience. These files are stored on your computer. The cookie- are not personally identifiable, they are necessary for the provision our services and provide you with a superior user experience. Website users can disable cookies in their browser at any time.

The cookies allow us to generate statistics on, for example, the number of visitors per day, the most frequently visited pages and the time spent on them. This data allows us to better understand the needs of our visitors, so we can provide services that meet those needs. The data collected in this way will not be linked to any data that would identify you personally This means that the visit is recorded but the identity of the visitor remains unknown. We do not collect information about visitors‘ personal habits. We do not sell or rent log files, stored on our servers, costumer data, or personal information, to anyone, including those linked to our advertised on our sites.

The use of cookies that are strictly necessary for the operation of the website (for the operation of the website, the use of the services and functions provided on the website) does not require the user’s specific consent, because without the management of these cookies the website would not function.
If you enable cookies, the site may store details of the cookies (depending on the content of the page viewed):

  • pixel tracker (1.gif) cookie, which is used to count the number of sessions on the website to optimise CMP delivery
  • HTTP cookie _cf bm, used to distinguish between humans and bots. This is useful for the website to produce valid reports on the use of the website.
  • Cookie Consent stores the status of the user’s consent to cookies for the current domain
  • HTML Local Storage elementor cookie used in conjunction with the WordPress theme of the website. The cookie allows the website owner to modify the content of website in real time
  • The wpEmojiSettingsSupports cookie is part of a cookie suite used to serve and display content. The cookies will keep the correct state of the font, blog/image sliders, colour themes and other settings of the website.
  • And the _ga and _ga_# HTTP cookies are used by Google Analytics to send data about the visitor’s device and behaviour. They track the visitor across devices and marketing channels.

Although some information is automatically recorded as part of the operation of our websites, we do not currently use it for any purpose. Personal information such as your telephone number, postal address, or other information, may only be provided to us if you voluntarily provide it to us when you complete the registration page. In this case, by providing your personal data, you consent to the processing of your data, and to recording, processing, and use of your data.

Processing for newsletter purposes

Your data will be also used for the purposes of sending you our newsletters (professional news, content, training information); and to provide you with further information about the Marc Programme and address any questions you may have about it.

We use your name and e-mail address to send you newsletters, and we also store the date of subscription and the details of your consent to receive the newsletter.

The processing is based on your consent (legal basis for processing), which allows us to send you newsletters. If you withdraw your consent or use of the unsubscribe function available in the newsletter, your personal data will be immediately deleted (duration of processing).

After your unsubscription, we will continue to store the date of unsubscription and your email address solely to maintain a record that you have unsubscribed, ensuring that no further newsletters are sent to you We will not use your data for any other purposes.

Data subject’s rights in relation to data processing

 

During the period of data processing, the Data Subject has the following rights in accordance with the provisions of the Regulation:

  • access to personal data and request information about the processing
  • right to rectification
  • restriction of processing
  • right of erasure
  • the right to object

If the Data Subject wishes to exercise these rights, the identification of the Data Subject and communication with them will be necessary. Therefore, personal data will be required for identification purposes (however identification may only be based on data that Data Controller already processes).
The Controller shall respond to complaints about data management within 30days at the latest.
This time limit may, if strictly necessary, be extended to 60 days if the request is complex and/or the number of requests justifies it, provided that the extension within the 30-day time limit is notified to the Data Subject, stating the reasons.

Information on the exercise of Data Subjects‘ rights will be provided to Data Subjects free of charge and at no cost.

Access to personal data and information
You have the right to receive confirmation of whether your personal data is being processed and, if so, the right to:

  • Obtain access to the personal data processed
  • Be informed of the following information:
    • The purposes of the processing
    • The categories of personal data processed about the Data Subject
    • Information about the recipients or categories of recipients to whom the Marc Programme has disclosed or will disclose personal data
    • The envisaged period of storage of the personal data or, if not possible, the criteria used for determining that period
    • The right of the Data Subject to request the rectification, erasure or restriction of the processing of personal data concerning them, and the right to object to processing based on legitimate interests
    • The right to lodge a complaint with a supervisory authority
    • Where the data have not been collected from the Data Subject, any available information about their source
    • the existence of automated decision-making (including profiling), and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject
    • The purpose of exercising this right is to verify the lawfulness of the processing.

Marc Programme provides access to personal data by sending the personal data and information processed to the Data Subject by e-mail, after confirming the Data Subject.

In the request, the Data Subject must specify whether he or she requests access to the personal data or information about the processing.

Where the Programme processes a large amount of data relating to the Data Subject, it may ask the Data Subject to specify which information or processing activities are covered by his or her request before responding.

Right to rectification
The data subject has the right to have inaccurate personal data relating to him or her corrected without delay at his or her request.

Right to restriction of processing
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controller if one of the following conditions is met:

  • the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the Controller to verify the accuracy of the personal data; if verification is not necessary, no restriction shall apply
  • the processing is unlawful, and the Data Subject opposes the erasure of the data and instead requests the restriction of their use
  • the personal data are no longer necessary for the purposes for which they are intended to be processed but are required by the Data Subject for the establishment, exercise or defence of legal claims
  • The Data Subject has objected to the processing, but the Data Controller may also have a legitimate interest in the processing, in which case, until it is established whether the legitimate grounds of the Data Controller prevail over the legitimate grounds of the Data Subject, the processing shall be restricted

If the processing is restricted, such personal data, except for storage, may only be processed with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.


The Data Controller shall inform the Data Subject in advance (at least 3 working days prior to the lifting of the restriction) of the lifting of the restriction on restriction.


Right to erasure – right to be forgotten
The Data Subject shall have the right to obtain the erasure of personal data concerning to the Data Subject without undue delay by the Data Controller if one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected or processed by the Controller
  • You withdraw your consent and there is no other legal basis for the processing
  • the Data Subject objects to processing based on legitimate interest and there is no overriding legitimate ground (i.e. legitimate interest) for the processing
  • the personal data have been unlawfully processed by the Controller, and this has been established based on the complaint
  • the personal data must be erased to comply with a legal obligation under Union or Member State law to which the Data Controller is subject

If, for any lawful reason, the Controller has disclosed the personal data processed about the Data Subject and the Controller is required to delete it for any of the reasons set out above, the Controller shall take reasonable steps, , taking into account the available technology and the cost of implementation – , including technical measures -, to inform other controllers that process the data that the Data Subject has requested the deletion of the links to or copies or replicas of the personal data in question. Generally, the Data Controller does not disclose the Personal Data of the Data Subject.
Erasure does not apply where the processing is necessary:

  • for the exercise of the right to freedom of expression and information
  • to comply with an obligation under Union or Member State law that requires the controller to process personal data
  • for the presentation, exercise or defence of legal claims

Right to object

You have the right to object to the processing of his or her personal data based on legitimate interests at any time on grounds relating to your situation. In this case, the Controller may no longer process the personal data, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

The fact of automated individual decision-making (including profiling)

No automated decision-making (including profiling) takes place at the Data Controller.

Remedies available

If the Data Subject believes that the Data Controller has violated a legal provision on data processing or has failed complied with a request, he or she may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information (postal address: 1530 Budapest, PO Box 5, e-mail: ugyfelszolgalat@naih.hu).

The Controller hereby also informs the Data Subject that he or she may bring a civil action before a court.

3. Data security

The Data Controller shall ensure, by means of the necessary access rights management, internal organisation and technical solutions, that the Data Subject’s data cannot be obtained by unauthorised persons, and that unauthorised persons cannot delete, extract from the system or modify the data. The Data Controller shall also enforce the data protection and data security requirements against its data processors.

The Data Controller keeps records of any data protection incidents and, if necessary, informs the Data Subject of the incidents that occur.

4. Other provisions

The Data Controller reserves the right to amend this Privacy Policy in a manner that does not affect the purpose and legal basis of the processing.