At Impero (in the following us / we / Impero A/S or Impero) we respect your privacy. Security and compliance are a top priority for us. Whether you provide data or we collect it, Impero will always process the information in accordance with applicable rules and regulations.
If you have any questions or queries regarding our data processing, you are always welcome to contact us here:
Klamsagervej 27, 2
(+45) 70 22 53 64
Data Protection Manager (DPM) is Morten Christensen.
This Privacy Statement applies to our activities as a data controller, i.e. when we determine the purpose of and the means for the processing of personal data. Therefore, this Privacy Statement outlines your rights to privacy and our commitment to safeguarding your personal data when you:
– visit our website;
– visit our offices;
– receive marketing or sales communications from us, including emails, phone calls or texts;
– register or attend our events or webinars;
– apply for a job with us
– use the Impero platform
– enter into an agreement with us regarding the Impero platform;
– use the Impero platform
We also act as a data processor, i.e. when we process personal data on behalf of our customers based on their instructions. For more information, see “Your personal data on the Impero platform”.
Your employer is the data controller for the purposes of personal data processed when you use the Impero platform. Impero will process your personal data on behalf of your employer and in accordance with its lawful instructions. The information you provide to us and/or upload to the Platform (whether or not it constitutes personal data) will also be governed by the Service Agreement. Please contact your employer or us if your personal data has been submitted through the Impero platform and you want to know more.
We will collect and process the following data about you:
Information you give us
• When you complete a form or survey via our website, register for a demo or otherwise contact us to request information about our products and services, we will typically obtain contact information such as your name, employer, company email address and company telephone number.
• If you use our “chat” function or similar features, register for an event, webinar, or download certain content, we may require that you provide your contact information such as your name, company name, job title, address, phone number or email address.
• If you contact or correspond with us (for example, using any support function made available by us or if you are interested in our product or services) then we may keep a record of that correspondence (either directly or through our service providers).
• If you visit our offices, you may be required to register as a visitor and provide your name, email address, phone number, company name and time and date of arrival.
• If you apply for a job with Impero.
• When you – either on behalf of, for your employer or as the owner of a sole proprietorship – enter into a Service Agreement regarding the use of the Impero Platform, we will typically obtain contact information such as your name, employer, company email address and company telephone number as well as the name of the sole proprietorship, if it is possible to identify a physical person on the basis hereof.
• if you contact or correspond with us on the use of the Impero platform (for example, using any support function made available by us) and we may keep a record of that correspondence (either directly or through our service providers).
• Any comments, opinions and/or feedback you provide to us regarding the Platform, for example during any trial or beta period that you may participate in, when providing NPS scores or participating in research panels.
• If you use and interact with our webite and/or emails, we automatically collect information about your computer or mobile device for system administration and analysis, including for example your IP address, URL clickstreams, unique device identifiers, operating system, and network and browser type.
• We may also collect other information about your use of the website, including for example the pages you have viewed, the duration spent, and how you navigate through the website.
• If you are a user of the Impero platform we will keep a record of the details of that usage, including the date, time, location, frequency and duration of the usage each time you complete a control, upload documentation or otherwise use the Impero Platform. Technical information about your computer or mobile device for system administration and analysis, including your IP address, URL clickstreams, unique device identifiers, operating system, and network and browser type may be automatically collected, as may be other information about your use of the Platform, including the pages you have viewed, the duration spent on the Platform and data files you have uploaded to the Platform. This information may be linked to your user profile (where relevant).
Information we receive from other sources
• If your employer has given us information about you for the purpose of being the contact person on behalf of your employer, we may obtain contact information about you from your employer such as your name, employer, company email address and company telephone number.
• We may also receive further personal data about you which is publicly available, such as your seniority, years of experience and employment history and similar work-related background, from third party services such as LinkedIn or from providers who provide contact enrichment and lead generation services to us.
• We work closely with third parties (including for example, business partners, subcontractors and analytics providers) and may receive information about you from them. Details of third party providers are set out in the section below entitled “Who we share your personal data with”.
Where we have collected, received or generated personal data from or about you, we may use this for the purposes, and on the legal bases, as set out below.
• Providing our website and services. We process your personal data to provide you with access to our website, the Impero platform if you are a user, as well as support and services. We rely on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, to operate and administer our website and platform and to provide you with content you access and request (e.g., to download content from our website).
• Promoting the security of our website and services. We process your personal data by tracking use of our website, platform and services, creating aggregated, non-personal data, verifying users and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others.
• Providing necessary functionality. We process your personal data to perform our contract with you for the use of our website, platform and services; where we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, to provide you with the necessary functionality during your use of our website and services.
• Managing user registrations. If you have registered for an account with us on behalf of your employer (i.e. a potential customer of Impero), we process your personal data by managing your user account for the purpose of performing our contract with your employer for our services, e.g. a demo or free trial. We base our processing of your personal data on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation.
• Handling contact and user support requests. If you use our “chat” function or request user support, or if you contact us by other means including via e-mail or a phone call, we process your personal data to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in fulfilling your requests and communicating with you.
• Managing event or webinar registrations and attendance. We process your personal data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you. We process your personal data in order for us to fulfill our obligations towards you, i.e. delivering the event, cf. article 6(1)(b) of the General Data Protection Regulation. We send related communication to your on the basis of our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation.
• Developing and improving our website and services. We process your personal data to track and analyze your use of our website, platform and services to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in developing and improving our website, ads and services and providing our users with more relevant content and services, or where we seek your valid consent, cf. article 6(1)(a) of the General Data Protection Regulation. his may also be for internal operations, including troubleshooting, data analysis, testing, research, and statistical purposes.
• Assessing and improving user experience. We process device and usage data as described in ‘Technical information’ above. Sometimes these data may be associated with your personal data, in order to analyze trends in order to assess and improve the overall user experience to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in developing and improving services, or where we seek your valid consent, cf. article 6(1)(a) of the General Data Protection Regulation.
• Identifying customer opportunities. We process your personal data to assess new potential customer opportunities to the extent that it is in our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, to ensure that we are meeting the demands of our customers and their users’ experiences.
• Registering visitors to our offices. We may process your personal data for security reasons, and register visitors to our offices if we deem it necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in protecting our offices and our confidential information against unauthorized access.
• Displaying personalized ads and content. We process your personal data to conduct marketing research, advertise to you, provide personalized information about us – on and off our website. We provide other personalized content based upon your activities and interests to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in advertising our website, content and product or, where necessary, to the extent you have provided your prior, valid consent, cf. article 6(1)(a) of the General Data Protection Regulation.
• For marketing and sales communications. We will process your personal data to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing information, newsletters, telemarketing calls or SMS) about us and our affiliates and partners, including information about our products, promotions, content or events as necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in conducting direct marketing or, alternatively, to the extent you have provided your valid consent, cf. article 6(1)(a) of the General Data Protection Regulation. Please see the “Your rights” section, below, to learn how you can control the processing of your personal data by Impero for marketing and sales purposes.
• Processing job applications and recruitment. In general, applicants are not requested to sign a consent statement, as the processing of personal data during a recruitment process is based on our legitimate interest, cf. article 6(1)(f) of the General Data Protections Regulation. All data regarding applicants is deleted after ended recruitment processes. If deemed necessary to keep data on applicants after a recruitment process/from unsolicited applications, or if we wish to receive further information, e.g. references and personality tests, the applicants shall be requested to sign a consent statement, cf. article 6(1)(a) of the General Data Protection Regulation, distributed by the hiring manager.
• Carry out our obligations arising from the Service Agreement with our customers. If you as a contact person for your employer have negotiated and entered into a Service Agreement regarding the use of the Impero Platform, we process your personal data on the basis of our legitimate interest, cf. Article 6(1)(f) of the General Data Protection Regulation. If you are the owner of a sole proprietorship, we process your personal data in order for us to perform or contractual obligations, cf. Article 6(1)(b) of the General Data Protection Regulation.
• Contact you for your feedback on our services and to help us evaluate and improve our services, for example by acting on any information you have provided to us to the extent it is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation
• Notify you about changes to the Platform and any other services of ours that you use, including informing you about new versions of the Platform and about new features, functionality and service offerings. This processing can be based either on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation or in order for us to perform or contractual obligations, cf. Article 6(1)(b) of the General Data Protection Regulation.
• Deal with any enquiries, correspondence, concerns or complaints you have raised, or that have been raised by or concerning third parties (such as your employer) involving you and any issues caused by your use of the Impero Platform. This processing can be based either on our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation or in order for us to perform or contractual obligations, cf. Article 6(1)(b) of the General Data Protection Regulation.
• Complying with legal obligations. We process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest, cf. article 6(1)(f) of the General Data Protection Regulation, in protecting against misuse or abuse of our website, protecting personal property or safety, pursuing means available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
• subprocessors, service providers (for example of IT services), business partners and/or suppliers, in the course of undertaking marketing activities, including Microsoft, HubSpot and MailChimp, who provide marketing, referrals and CRM management, training, sales and delivery services.
• analytics and search engine providers that assist us in the improvement and optimisation of our marketing activities and the analysis of data supplied via the platform for contact enrichment and lead generation purposes, including Google, Hotjar, LinkedIn, Facebook, MailChimp and HubSpot; and
• sub-processors, service providers (for example of IT services), business partners and/or suppliers for the performance of any contract that we enter into with your employer (such as the Service Agreement). This includes Microsoft® Azure who provide cloud hosted infrastructure and services used by us to operate the Platform as a hosted solution and MailChimp and HubSpot who provide communication tools and functionality.
• government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information).
We require all our third party service providers and partners to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
We may also disclose your personal data to other third parties in the following circumstances:
• if we sell or buy any business assets or receive investment into our business, we may disclose your personal data to the prospective or actual buyer, seller or investee of such business or assets;
• if Impero or substantially all of its assets are acquired by a third party, in which case personal data held by us, including your data and data about our customers, suppliers and correspondents will be one of the transferred assets;
• we may disclose your personal data to our legal advisers if they need to have access to this information in order to advise us on our legal rights and obligations; and
Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we have a legal right or obligation to do so.
All of the data in the Impero platform, that our customers submit, is hosted within the EU. But some of our service providers for analytics, communication and support infrastructure are based outside the European Economic Area (“EEA”), predominantly in the United States. We may transfer your personal data to those services providers in the United States or other countries outside the EEA in order to undertake marketing, sales and support activities.
We have put in place appropriate measures to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the EU laws on data protection, including putting in place written contractual agreements to meet EU-approved data protection obligations. If you require further information about these protective measures, please contact us at email@example.com.
We maintain appropriate technical and organizational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorized access or inadvertent disclosure, which may include two factor authentication and end-to-end encryption.
We will retain your personal data for a period consistent with the original purpose of collection (see the “How we use your personal data” section above). We determine the appropriate retention period for personal data on the basis of the amount, nature and sensitivity of your personal data processed, the potential risk of harm from unauthorized use or disclosure of your personal data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
To avoid doubt: Aggregated and anonymized data and information other than personal data can be stored indefinitely.
Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent to us (whether by phone, email or other means), you consent to our use of that personal data as set out in this policy. If you disclose someone else’s personal data to us, you confirm that you have their consent to disclose this to us and for us to use and disclose it in accordance with this policy.
You have the following rights in regards to your personal data:
• Access. You have the right to access information about the personal data we hold about you. We reserve the right to charge a reasonable fee in response to unreasonable or repetitive requests, or requests for further copies of the same information.
• Right to object to processing. You can object to processing of your personal data where that processing is being undertaken by us on the basis of our legitimate interest (or a third party’s). In such cases we are required to cease processing your data unless we can demonstrate compelling grounds which override your objection. You can also object at any time to the processing by us of your personal data for direct marketing purposes.
• Rectification. You have the right to request that we rectify any inaccurate personal data that we have about you.
• Erasure. To the extent permitted by applicable data protection laws, you have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if your object to our continued processing (as mentioned above). This right does not extend to information which is not personal data. We also reserve the right to retain your personal data in an anonymised form for statistical and benchmarking purposes.
• Request to restriction of processing. This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
• Portability. You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies.
• Automated processing. Not to be subject to a decision which produces legal effects based solely on automated processing, including profiling, (“Automated Decision-Making”) without your explicit consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) in accordance with applicable data protection laws. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Or we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
To update billing information on behalf of your employer (where your employer is an existing Impero customer), discontinue your account and/or request return or deletion of your personal data or to exercise any of your other rights, please contact us by emailing firstname.lastname@example.org. Please allow at least 7 working days for your request to be actioned.
If we process your personal data for the purpose of sending you marketing communications, you may manage your receipt of marketing, sales and non-transactional communications from Impero by clicking on the “unsubscribe” or “update subscription preferences” link located on the bottom of Impero sales and marketing emails, by unsubscribing if you receive Impero SMS communications, or by writing to us at email@example.com.
Please note that opting out of marketing communications does not opt you out of receiving important service communications related to your current relationship with us, such as communications about any contract you have entered into with us, event registrations, service announcements, customer support or security information.
We are committed to resolving any privacy concerns you have. However, if you feel we have not addressed your specific concern, you have the right to make a complaint at any time to the relevant supervisory authority in your country responsible for data protection issues.