This notice summarizes how Impact Up addresses obligations under the General Data Protection Regulation (EU) 2016/679.
1. Controller Information
Impact Up SAS acts as data controller for personal data processed through its corporate website and related lead generation or product demonstration workflows, except where another contractual allocation applies.
2. Legal Bases
- Performance of a contract or pre-contractual steps.
- Compliance with legal obligations.
- Legitimate interests such as service security, fraud prevention, and analytics.
- Consent where required by applicable law.
3. Data Subject Rights
- Right of access, rectification, erasure, restriction, and portability.
- Right to object.
- Right to withdraw consent where processing relies on consent.
4. International Transfers
Where personal data is transferred outside the EEA, Impact Up applies appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.
5. Security Measures
Impact Up applies technical and organizational measures proportionate to risk, including access control, encryption where relevant, logging, hardening, and backup procedures.
These measures are designed in alignment with ISO 27001 principles to support confidentiality, integrity, and availability.
6. Complaints and Contact
You may lodge a complaint with your local supervisory authority. In France, this is the CNIL.
For privacy requests or data subject rights, contact privacy@impactup.io.