Privacy Policy

1. Introduction

ImpaxtBridge ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, in compliance with the EU General Data Protection Regulation (GDPR / DSGVO) and German data protection law (including the Bundesdatenschutzgesetz – BDSG).

2. Data Controller

ImpaxtBridge acts as the data controller for the personal information collected through our platform. You can contact us at:

3. Information We Collect

4. Legal Basis for Processing

We process your personal data based on:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of our service agreement
• Legal Obligation: Processing is necessary to comply with the law
• Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party

5. How We Use Your Information

• To provide and maintain our platform services
• To facilitate connections between nonprofits and tech professionals
• To communicate with you about challenges, submissions, and platform updates
• To improve our services and user experience
• To comply with legal obligations
• To prevent fraud and ensure platform security

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Other Platform Users: Profile information shared with relevant nonprofits or tech professionals
• Service Providers: Third-party services that help us operate our platform (hosting, analytics)
• Legal Requirements: When required by law or to protect our rights

7. Your Rights Under GDPR

As a data subject, you have the right to:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request restriction of processing your data
• Portability: Request transfer of your data to another service
• Objection: Object to processing of your personal data
• Withdraw Consent: Withdraw consent at any time

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain it.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with GDPR and African data protection standards.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, secure authentication, and regular security assessments.

11. Children's Privacy

Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Significant changes will be communicated via email.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.