PRIVACY POLICY FOR IMPACT STACK AS A SERVICE

more onion is the creator and owner of the campaigning and fundraising software platform 'Impact Stack'.

For clients using this platform, we operate as data processors for our clients. The privacy policy for Impact Stack can be found here.

Introduction

This Privacy Policy relates to the management of data collected by More Onion Ltd (of 34b York Way, King's Cross, London, N1 9AB) and More Onion e-campaigning GmbH (of Lange Gasse 8/2, 1080 Vienna). This Privacy Policy explains how More Onion Ltd and More Onion e-campaigning GmbH ("we") use the personal data we collect from our clients who purchase services from us (“Clients”) and other parties interested in our company who use our website (“you”). Our websites include www.more-onion.com (and all *.more-onion.com websites) as well as www. impact-stack.org (together the “Websites”).

Data Controller

For the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (“GDPR”), the Data Protection Act 2018, the Austrian Data Protection Act and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together “Data Protection Law”), we are the data controller.

‘Personal data’ is defined in accordance with Data Protection Law. This Privacy Policy does not apply to personal data collected through our Client’s use of our toolset Impact Stack. For any use of Impact Stack, the Client is the data controller of all personal data collected, and we act as the data processor. The privacy policy of the Client shall apply to all data collected using Impact Stack. The obligations between us and the Client in in relation to our use of such personal data are set out in the terms of the agreement between the Client and us for Impact Stack.

Legal Basis for Processing

We collect and use the personal data described below in order to provide you with access to our Websites and services in a reliable and secure manner. We also collect and use personal data:

  • For our legitimate business needs.
  • To fulfill our contractual obligations to you.
  • To comply with our legal obligations.

To the extent we process your personal data for any other purposes, we ask for your consent in advance or require that our partners obtain such consent.

What data do we collect?

We collect the following data:

  • Personal identification information of members of staff and job applicants (Name, phone number, etc.)
  • Any other personal data freely disclosed through the course of correspondence
  • Personal identification information of Clients and potential clients (Name, employer, position, email address, etc.)
  • Data on visits to our Websites (anonymised) as well as data about digital interactions (such as the click on the link in an email or who follows us on social media)
  • Data about participation in events, webinars, meetings or other company activities

How do we collect your data?

The data that we collect is primarily provided directly by you, when you:

  • Complete a form on our Websites
  • Send us an email or receive an email from us (and click on a link)
  • Speak to us on the telephone or face-to-face
  • Attend an event we organise or also attend

We may also collect data indirectly from a publicly available source, such as LinkedIn.

How will we use your data?

We collect your data so that we can:

  • Provide online free reports, case studies, news about our offerings and event invites, exclusively for those who have requested to receive them
  • Keep Clients up to date on our work and out offerings
  • Communicate with existing Clients to effectively manage and deliver their projects as well as provide support
  • Measure and optimise the effectiveness of some of our marketing efforts and to improve based on testing and data insights
  • Improve the usability of our web products and offerings

How do we store your data?

Your information may be stored in a number of locations, including:

  • Our email servers (Easyname)
  • Our self-hosted, secure file transfer service "NextCloud" (in our data center)
  • The webservers in our data center
  • Our computers
  • On our mobile phones and other mobile devices
  • On our online CRM system (Nutshell CRM)
  • On our email marketing systems (such as “Mailchimp”)
  • On our support platform “Zendesk”
  • The service “Impact Stack” runs on our web servers
  • The service “Ghost.org” used for the Impact Stack website
  • Airtable used for project and service related information
  • Calendar systems such as “Book.me” and “Google Calendar”
  • Webinar and video conferencing platforms (Zoom, GoToWebinar, Whereby)
  • On web analytics systems, such as Google Analytics, Google Tag Manager, Matomo, Inspectlet or others (only meta data, IP address anonymised, not linked to personal data)

Marketing

We may send marketing materials to people who have requested to receive these. If you have opted in to join our email marketing list, you may opt-out at any time by notifying us via email at contact@more-onion.com.

We may also send materials such as free reports, case studies and event invites to current and former Clients, via their provided company email address. Current and former Clients may opt out of all emails except those essential for the continuation of our agreed work or service, or administrative functions (such as billing).

What are your data protection rights?

You have the following rights under Data Protection Law:

The right to access – You have the right, free of charge to request that we provide copies of personal data held about you. We have the right to charge a reasonable fee for the administrative costs of such requests if they are manifestly unfounded or excessive.

The right to rectification – You have the right to request that we correct any information that you believe to be in accurate. You also have the right to ask us to complete information that you believe to be incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

The right to withdraw consent – You have the right to withdraw your consent to us processing your data at any time.

You can make a request in relation to any of the above rights by contacting us as set out at the end of this Privacy Policy. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of Data Protection Law.

Cookies

We use cookies on our Websites and in our services to distinguish your from other users. This helps us to provide you with a good experience when you browse our Websites or use our services and allows us to improve our Websites and services.

What are cookies?

Cookies are placed on your computer to collect standard Internal log information on visitor behaviour information. When you visit our Websites we may collect information from you automatically through cookies or similar technology (such as session storage and local storage).

We use persistent cookies and session cookies.

Persistent Cookies

A persistent cookie is stored on a user’s device in between browser sessions which allows the preferences or actions of a user across the website (or in some cases across different websites) to be remembered.

Session Cookies

A session cookie allows a website to link your actions during a browser session. We use session cookies to enable certain features of our Websites, to better understand how you interact with our Websites and to monitor aggregate usage by users and web traffic routing on our Websites. Unlike persistent cookies, session cookies are deleted from your computer when you log off from our Websites and then close your browser. For further information about cookies, visit https://www.allaboutcookies.org/

How do we use cookies?

We use cookies in a number of ways including:

  • To track how many unique individuals (browsers) visit our pages (data is anonymised and not linked directly to your personal information)
  • To periodically record sessions of users as a means to improve usability of our website (data is anonymised and not linked directly to your personal information)
  • To secure form submissions and protect them against spam
  • To pre-fill forms within the same browser session, so you don't have to type in your details multiple times (using session storage)
  • To ensure access control

What types of cookies do we use?

Functionality – We use some cookies designed to improve your on-site experience. For example what language you prefer and the location you are in. Also whether you have chosen to allow JavaScript within your browser. We may also use cookies to remember which forms you have completed and the values you have given for them.

Understanding – We use some cookies to help us to understand how you use our Websites, which pieces of content are valuable to you and which devices you use so that we can improve the quality of the content and ensure that it is clear and attractive on your chosen device.

The table below explains the cookies we use and why we use each of them.

Cookie Type Purpose
Google Analytics Tracking cookies These cookies are used to collect information about how visitors use our Websites. We use the information to compile reports and to help us improve the Websites. The cookies collect information in an anonymous form, including the number of visitors to the Websites, where visitors have come to the Websites from and the pages they visited. If you do not allow these cookies we will not be able to include your visit in our statistics. You can read the full Google Analytics privacy policy at: https://www.google.com/policies/privacy/.
Anonymous Analytics Analytics cookies. We use analytics cookies to tell us whether you have visited the Websites previously, and to gather statistics about visits to a page.
Geotargeting Location cookies These cookies are used by software which tries to work out what country you are in from information supplied by your browser when it requests a web page. This cookie is completely anonymous, and is only used to help target content.
Registration Signin cookies When you sign in, we generate cookies that let us know whether you are signed in or not. Our servers use these cookies to work out which account you are signed in with.
Site Performance Preference cookies We use site performance cookies to remember preferences you may have set on our Websites.
YouTube Embedded cookies We embed videos from our official YouTube channel using YouTube's privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. https://policies.google.com/privacy
Zendesk Suppport chat Session cookie This cookie identifies you as a user when you use use the embedded support chat on our website. It is not connected to other data. https://www.zendesk.com/company/privacy-and-data-protection/
Atlassion / Cloudflare Session cookie This cookie identifies your browser session for performing load balancing, delivering some of the files embedded on our site. This cookie is only loaded on the *.impact-stack.org websites. Privacy policy: https://www.cloudflare.com/privacypolicy/ It is used by the service Ghost.io which is the CMS used for the impact stack website. Ghost privacy policy: https://ghost.org/privacy/
Getsitecontrol Session cookie This service shows forms and popups that are embedded on our site. The cookies are used to identify your browsing session. You can find their privacy policy here: https://getsitecontrol.com/privacy/
Impact Stack Webform Tracking Session cookie The Impact Stack webform tracking cookie is used for analysis and optimisation purposes. The data from the cookie will be saved with any form submissions you make on our websites. For more details please visit https://www.impact-stack.org/privacy-policy/
Drupal 7 "Java Script enabled" Session cookie This cookie is used to keep a record of whether the browser has Java Script enabled or not. This cookie is required for the site to function.
Impact Stack Webform prefilling Session storage Impact Stack saves your data in the session storage so you don't have to fill in the same information multiple times while using the platform. This data is saves when you land on the page where your data is passed through via the URI parameter or once you have submitted a form on the platform. The data is deleted as soon as the session is closed.

How to manage your cookies

You can set your browser to not accept cookies, and the above website will tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Links to other websites

Our websites may contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Protection of your data

All information you provide to us is stored on our secure servers. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Websites or services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will endeavour to protect your personal data, we cannot guarantee the security of your data transmitted to our Websites or the services. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Where we store your data

All of our Websites are hosted on servers in Germany and on an international Content Delivery Network. However our Websites and services are global and your information (including personal data) may be stored and processed in any country where we have operations or where we engage service providers, and we may transfer your information to countries outside of your country of residence, which may have data protection rules that are different from those of your country of residence.

The personal data that we collect from you may therefore be transferred to, and stored at, a destination outside the European Economic Area ("EEA") or the UK. It may also be processed by staff operating outside the EEA or UK who work for us or for one of our suppliers or partners. Such staff or subcontractors may be engaged in, among other things, the fulfilment of your order, the processing of your payment details or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing outside of the EEA or the UK.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. In particular, this means that your personal data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission (“Standard Contractual Clauses”).

Our Website and services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access our Websites and services from outside the EEA or the UK. This means that where you chose to post your data on our Websites or within the services, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA or the UK may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.

Data Retention

We retain personal data for as long as necessary for the relevant activity for which it was provided or collected. This will be for as long as we provide any services to you, your account with us remains open or any period set out in any relevant contract you have with us. However, we may keep some data after your account is closed or you cease using our Websites or services for the purposes set out below.

After you have closed your account we usually delete personal data, however we may retain personal data where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, maintain security, prevent fraud and abuse, resolve disputes, enforce our legal agreement with your, or fulfil your request to “unsubscribe” from further messages from us.

We will retain de-personalised information after your account has been closed.

Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from our Websites or the services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.

Age of Users

Our Websites and the services are not intended for and shall not be used by anyone under the age of 16.

Changes to our Privacy Policy

This Privacy Policy will be reviewed and updated from time to time. Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

This Privacy Policy was last updated on the 30th November 2020.

How to contact us

You can contact us at contact@more-onion.com if you have any questions or would like to exercise one of your data protection rights.

How to contact the appropriate data protection supervisory authorities

Should you wish to make a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you should direct your enquiry to following data protection supervisory authority:

For individuals located in the EU: To our lead supervisory authority in Austria: Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, Austria.

For individuals located in the UK: The Information Commissioner’s Office at, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.