IMPACT INSTITUTE PRIVACY POLICY & COOKIES 

 

Introduction 

21 Markets B.V. (also referred to as ‘Impact Institute’, ‘we’, ‘our’ and ‘us’), with contact and company stated details below, understands that your privacy is important to you. We respect your privacy and protect your personal data, which is any information that is capable of identifying you as an individual personThis privacy policy describes how we treat and protect your personal data. With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights. 

 

In general, Impact Institute’s business is to empower organizations and individuals to realize the impact economy by creating a common language for impact and providing the tools to use it. We develop open-source standards for impact measurement and valuation and provide organizations with the tools, training, and services to implement them. Impact Institute is not focusing on  on gathering, using or other processing of your personal dataHowever, if we do process personal data, this privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights. 

 

This privacy policy applies to personal data provided to us by individuals themselves, or by others such as companies and institutions that we provide services to or cooperate with and in that context, provide us with information about their employees or business relationships.  

 

We may use personal data provided to us for any of the purposes described in this privacy policy or as otherwise stated at the moment of collection. 

 

Scope 

We process personal data of and this privacy policy applies to business contacts, clients, users of our applications and websites, subscribers to our newsletter, suppliers and to individuals whose personal data we obtain in connection with providing professional services to our clients. 

 

Use of personal data 

Business contactsparticipants to education 

We process personal data about existing business contacts, potential clients and/or individuals associated with them, and participants to our training and education courses (collectively “business contacts”). The collected data may include name, employer/organization, job title, e-mail address, telephone number. Legal grounds: legitimate interestsperformance of a contract. 

 

Personal data relating to business contacts may be used for the following purposes: (a) providing, administering, managing our businesses and services in general, (b) organization/hosting of seminars, education courses and events, (c) managing client relationships, acquisitions, (d) developing our businesses and services. 

 

Personal data of business contacts will be retained for as long as we have, or need to keep a record of, a relationship with a business contact. Personal data of business contacts may be held for longer periods where extended retention periods are required by law and/or in order to establish, exercise or defend our legal rights. 

 

Clients 

We process personal data about clients and/or individuals associated with them. The collected data may include name, employer/organization, job title, e-mail address, telephone number. Legal grounds: legitimate interests, legal obligation, performance of a contract. 

 

Personal data relating to clients may be used for the following purposes: (a) to provide our services, deliver deliverables, products, etc., (b) providing access to databases (cadministering, managing and developing our businesses and services in general, (d) organization/hosting of seminars and events, (emanaging client relationships, (fdeveloping our businesses and services. 

 

Personal data of clients will be retained for as long as we have, or need to keep a record of, a relationship with a client. Personal data of clients may be held for longer periods where extended retention periods are required by law and/or in order to establish, exercise or defend our legal rights. 

 

Users of our applications and websites, subscribers to our newsletter 

Users of our websites and applications are generally in control of the personal data shared with us. We may capture limited personal data (IP address, cookies, location) automatically, e.g. via the use of cookies and analytics tools on our applications and websites. Please see the section on cookies below for more information. We collect name, email address and organization from subscribers to our newsletter and when users contact us through our websites. Legal grounds: legitimate interests, performance of a contract, consent. 

 

Personal data relating to users of our applications and websites, subscribers to our newsletter may be used for the following purposes: (a) providing our services (b) responding to enquiries, communicating, sending newsletters, (b) developing our applications, websites, businesses and services, including aggregating data for application/website analytics and improvements, (c) understanding how users use the features and functions of our applications/websites in order to improve the user experience, (d) developing our businesses and services. 

 

Personal data collected through our applications/websites will be retained for as long as it is necessary and allowed by law. 

 

Suppliers (excluding freelancers) 

We process personal data concerning suppliers (including subcontractors and/or individuals associated with them, but excluding freelancers). The collected data may include name, organization, job title, e-mail address, telephone number. Legal grounds: legitimate interests, legal obligation, performance of a contract. 

 

Personal data relating to suppliers may be used for the following purposes: (a) receiving services, products, deliverables, etc. (b) administering, managing and developing our businesses and (receipt of) services and products, deliverables, in general, (b) organization/hosting of seminars and events, (c) managing supplier relationships, (d) developing our businesses and services. 

 

Personal data of suppliers will be retained for as long as we have, or need to keep a record of, a relationship with a supplier. Personal data of supplier may be held for longer periods where extended retention periods are required by law and/or in order to establish, exercise or defend our legal rights. 

 

Individuals whose personal data we obtain in connection with providing professional services to our clients 

 

As stated before, iits core business Impact Institute is not focusing on gathering, using or other processing of your personal data. Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to share only personal data with us where it is strictly needed for those agreed purposes. Generally, we collect personal data from our clients or from a third party acting on the instructions of the relevant client. Legal grounds: Legitimate interests, performance of a contract or consent. 

 

Where we need to process personal data to provide our services, we ask our clients to provide the necessary information to the data subjects concerned, regarding its use. 

 

We may collect personal data on personal details (e.g. name, age/date of birth, gender, marital status), contact details (e.g. email address, contact number, postal address), financial details (e.g. salary, payroll details and other financial-related details such as income, investments and other financial interests, benefits, tax status), job details (e.g. title, role, grade, experience, performance information and other information about management and employees). 

 

Personal data relating to individuals whose personal data we obtain in connection with providing professional services to our clients may be used for the following purposes(a) providing our services, deliver deliverables, products, etc., (b) administering, managing and developing our businesses and services in general, (b) organization/hosting of seminars and events, (c) managing client relationships, (d) developing our businesses and services. 

 

Personal data relating to individuals whose personal data we obtain in connection with providing professional services to our clients will be retained for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law). 

 

Security 

We have implemented generally accepted standards of technology and reasonable operational security measures to protect personal data from loss, misuse, alteration, or destruction. Only authorized Impact Institute personnel are provided access to personal data, and these employees are required to treat this information as confidential. We train our employees in online privacy and security measures. Despite these precautions however, we cannot guarantee that unauthorized persons will not obtain access to your personal data. Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. 

 

Sharing of personal data 

We do not sell or otherwise release personal data to third parties for the purpose of allowing them to market their products and services.  

 

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we apply contractual arrangements and security mechanisms in place as appropriate to protect the data and to comply with our data protection, confidentiality and security standards. 

 

We may share personal data with: 

  1. Our group companies (True Price B.V., True Price Holding B.V.True Price foundation, 21 Markets B.V., 21 Markets Holding B.V., Nederlands Impact Instituut Holding B.V., Value 21 B.V., Stichting Impact Economy Foundationall with offices at Haarlemmerplein 2, 1013 HS Amsterdam, The Netherlands). 

  1. Our suppliers, such as third parties that provide hosting, data processing or IT services to usthat otherwise assist us in providing goods, services or information, or to insurers and professional advisers. 

  1. Our client(s), if the personal data was obtained in connection with providing professional services to that client(s), to that (those) client(s) only. 

 

Cookies 

We use cookies (these are small text files that help store user preferences and activity, including similar technologies such as pixels, beacons) to recognize you when you use our applications/websites and to collect information such as the number of visits, popular pages on our applications/websites, and other information about your activities on our applications/websites. This allows us to ensure our applications/websites are functioning properly and to improve our applications/websites. Besides, we may log anonymous/statistical data from operating systems, so that we can distinguish categories of visitors, based for instance on the domain type and internet browser used.  

 

Functional cookies 

We use functional cookies to facilitate the use of our website. These functional cookies enable our websites to record the choices you have made on the websites. 

 

Analytics cookies 

Impact Institute uses Google Analytics to collect information about, for example, the date and time when you visit our websites and the pages you view. We use this data to improve our sites, to compile traffic statistics (such as the times of the day or days of the week when the websites attract most visitors) and to measure the popularity of the different parts of the site. We use this data in aggregate form only and these cookies do not collect information that can be traced back to an individual. We may also use Visual Website Optimizer and Hotjar to test different versions of our websites and landing pages to find out which one works best. 

 

You can install the Google Analytics Opt-out Browser Add-on to prevent our websites from passing on information about your visits to Google Analytics. 

 

Your rights 

In some circumstances, you may have the right to request access to the personal data that we have collected about you for the purposes of reviewing, rectifying or requesting erasure of the data. You may also have the right to request a copy of the personal data that we have collected about you and to have any inaccurate personal data about you rectified and any incomplete personal data about you completed. In certain circumstances, you may also withdraw the consent to process your personal data. Withdrawal will not affect the lawfulness of processing before the withdrawal. 

 

If you would like to make a request to access, review, or rectify the personal data we have collected about you, or to discuss how we process your personal data, please contact us at [email protected]. 

 

If we were not able to respond to your request or concern and if you are a resident of the European Economic Area, you have the right to file a complaint with the Data Protection Authority where you live, work, or where the issue took place. Please find the details of your local Data Protection Authority, at: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm 

 

Updates to this Privacy Policy 

We reserve the right to make changes to this Privacy Policy. This is version 2.0 of October 2020. 

 

Contact details and company details 

If you have any complaint or question about our Privacy Policy, please contact us at: 

 

21 Markets B.V. 

attn. Privacy 

Haarlemmerplein 2 

1013 HS Amsterdam 

The Netherlands  

 

E-mail: [email protected] 

Office: +31(0)20 240 34 

 

Dutch Chamber of Commerce no. 59575417