Privacy Policy for Institut Impact
Effective Date: March 10, 2025

1. Introduction

Institut Impact (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, www.institut-impact.si, or engage with our services. We adhere to the applicable data protection regulations, including the General Data Protection Regulation (GDPR).

 

2. Data Controller

The data controller responsible for your personal data is:

Institut Impact
Brilejeva 12
1000 Ljubljana
Slovenia
Email: polona@institute-impact.si

3. Personal Data We Collect

We collect and process the following types of personal data:

  • Identity Data: First name, last name.
  • Contact Data: Email address, phone number.
  • Technical Data: IP address, browser type, operating system, and device details.
  • Usage Data: Website interactions, pages visited, time spent on site (via cookies and tracking tools like Google Analytics).
  • Marketing Data: Newsletter subscriptions and preferences (if opted in).

4. GDPR Compliance Steps

We comply with GDPR through the following measures:

a) Lawful Basis for Processing

We process personal data based on:

  • Consent: When you opt-in to cookies, marketing emails, or newsletters.
  • Contractual Necessity: When providing requested services.
  • Legal Obligation: Compliance with laws.
  • Legitimate Interests: Website analytics and security monitoring.

b) Data Subject Rights

Under GDPR, you have the following rights:
Right to Access – Request a copy of your personal data.
Right to Rectification – Correct inaccurate or incomplete data.
Right to Erasure (Right to be Forgotten) – Request deletion of your data.
Right to Restrict Processing – Limit how we use your data.
Right to Object – Opt-out of marketing and data tracking.
Right to Data Portability – Receive a copy of your data in a structured format.
Right to Withdraw Consent – Withdraw consent at any time (e.g., unsubscribe from emails, disable cookies).

To exercise your rights, contact us at polona@institut-impact.si.

c) Data Retention Policy

  • Personal data is stored only as long as necessary for its intended purpose.
  • Newsletter subscriptions can be canceled at any time via the unsubscribe link.
  • Website analytics data is retained for up to 14 months before automatic deletion.

d) Data Security Measures

  • We use encryption and firewalls to protect data.
  • Access restrictions ensure only authorized personnel handle data.
  • Regular security audits are conducted to prevent data breaches.

e) Data Transfers Outside the EU

Some third-party services (e.g., Google Analytics) may store data outside the European Economic Area (EEA). We ensure GDPR compliance through:
Standard Contractual Clauses (SCCs) for international data transfers.
✔ Google’s GDPR-compliant policies (see Google’s Privacy Policy).

5. Use of Google Analytics and Cookies

We use Google Analytics to track website traffic and user behavior. This helps us improve site performance. Data collected includes:

  • Pages visited, time spent on each page.
  • Device type, browser version.
  • IP address (anonymized).

Cookie Control

  • Visitors can manage cookie settings via our cookie consent banner.
  • You can opt out of Google Analytics using this tool.

6. Data Sharing & Third Parties

We do not sell personal data. However, we may share data with:

  • Service Providers (e.g., Google Analytics, email marketing platforms).
  • Regulatory Authorities (if legally required).

All third parties are GDPR-compliant and bound by data processing agreements.

7. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be posted on our website.

8. Contact Information

For GDPR-related inquiries, contact:

📧 Email: polona@institut-impact.si
🌍 Website: www.institut-impact.si