Just Impact Group — EMPOWER PEOPLE. CREATE SUCCESS.

And in the end, all the legal stuff.

Privacy,clear andtransparent.

Transparency and openness are part of our company philosophy. That is why we inform you comprehensively about the applicable general data-protection rules.

Privacy policy

In the section below you will find information on how we handle your personal data, which is collected during your navigation on the website and when using the services we provide. In order to make all functions and services of our website available to you, we need to collect and process personal data about you. Processing your personal data may include any kind of action, in particular collecting, organising, storing, querying, evaluating, modifying, selecting, reading, comparing, using, linking, blocking, disclosing, deleting and destroying. The processing of your personal data is always carried out according to the principles of lawfulness and fairness, taking all applicable provisions into account and in compliance with EU Regulation 679/2016 of the European Parliament and of the Council. We explain to you which data we collect, why this is necessary and which rights you have regarding your data.

Responsibility for data processing

Just Impact Group GmbH, Handwerkerzone 12, 39039 Niederdorf, VAT no. IT02365710215, is responsible for the processing of personal data on this website.

If you have any questions, you can contact us at any time.

Phone
+39 0474 741 000
Email
hi@justimpact.group
Website
www.justimpact.group

Data Protection Officer (DPO)

Just Impact Group GmbH has appointed a Data Protection Officer.

Data Protection Officer
Augusto Bernardi
Email
augusto.bernardi@certitudo.info

Purpose of data processing

The controller processes data

  1. to comply with legal obligations
  2. to fulfil obligations arising from contracts
  3. to provide the information and services you request
  4. to verify the efficiency of the system
  5. to carry out marketing activities such as sending commercial information, advertising material and market research
  6. to safeguard liabilities (e.g. payments)
  7. to determine customer satisfaction regarding the quality of products and services

Type of data processing

Your personal data are processed manually, telematically and primarily by automated means and processes that are aligned with the respective purposes. We mainly use databases and electronic platforms operated by us or by third parties. Every kind of data processing ensures the security and confidentiality of the data.

When the connection to the website is established, the IT systems and software procedures automatically and indirectly manage and/or acquire a series of general data and information. The following data may be collected:

  • browser types and versions used
  • the operating system used
  • the website from which an accessing system reaches our website (so-called referrer)
  • the sub-pages accessed via an accessing system on our website
  • date and time of an access
  • an Internet Protocol address (IP address)
  • other similar data and information

These general data and information are stored in the server's databases and log files in order to guarantee you a stable and secure experience. The legal basis is Art. 6 GDPR.

These anonymously collected data and information are evaluated on the one hand statistically and, furthermore, with the aim of increasing data protection and data security in order ultimately to ensure an optimal level of protection for the personal data we process.

Retention of data

In order to comply with the law, the controller has set different retention periods for personal data depending on the individual purposes:

  1. For the management and answering of your enquiries regarding products and initiatives, your personal data are kept for as long as is necessary to handle your request.
  2. For the management of activities related to your use of the website, your personal data are kept for as long as is necessary to provide the service you have requested.
  3. For the management and execution of the legally required services (relating to accounting, administration, taxation, etc.), your personal data are kept for as long as is necessary for that purpose.
  4. For the management of disputes and any legal proceedings, your personal data are kept for as long as is strictly necessary for the pursuit of those purposes and in any case no longer than the applicable limitation periods.

Partnerships with third parties

When we work with our third-party providers, they are contractually obliged to apply the same data-protection and security standards, and we make sure that these are observed. Such third parties acting as data processors guarantee that they neither store the data received from us nor use it for any other purpose.

Within the scope of such agreements, users' email addresses are transmitted to the third-party provider using cryptographic mechanisms (e.g. hashing). Tracing the email address is therefore prevented.

We may need to transfer your data to service providers in countries outside the EEA. The EEA consists of the countries of the European Union as well as Switzerland, Iceland, Liechtenstein and Norway, which are considered countries with equivalent laws regarding data protection and privacy. This type of data transfer may occur when our servers (i.e. where we store data) or our suppliers and service providers are located outside the EEA. Should we transfer your information to a country outside the European Economic Area (EEA), we will ensure that the information is properly protected.

Distribution of data

The personal data we process are generally not subject to distribution. In specific cases, data are transmitted to the following recipients:

  • subcontractors for technical checks, payments, identity and delivery services, analytics providers or credit insurance agencies
  • public administration and authorities, where required by law
  • credit institutions with which we maintain business relationships for the management of receivables/liabilities and for arranging financing
  • any natural or legal, public and/or private persons (legal, administrative and tax advisory firms, courts, chambers of commerce, etc.) where transmitting the data proves necessary or expedient for carrying out our activity

SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us, we use SSL/TLS encryption. You can recognise such an encrypted connection by the fact that the browser's address line begins with “https://”. You can also recognise the encryption by the lock symbol in your browser line. When SSL/TLS encryption is active, the data you transmit to us cannot be read by third parties.

Encrypted payment processing

If, after concluding a paid contract, there is an obligation to provide us with your payment data — for example your account number — these data are required for processing the payment. Payment processing via the common payment methods (Visa/MasterCard, direct debit) takes place over an encrypted SSL/TLS connection.

Contact form

If you decide to send an enquiry via the contact form, the provision of certain personal data is required to meet your requests. This is also the reason why the respective fields of the form are marked with an asterisk or otherwise indicated as mandatory. The provision of additional personal and sensitive data is entirely up to you. A failure to provide, or incomplete provision of, the personal data marked with an asterisk or otherwise indicated as mandatory has the consequence that the service you have requested cannot be carried out. By submitting the form you consent to the processing of your data. Your data are processed for the management and answering of your questions and stored no longer than is necessary for the respective processing purposes.

Referrer measurement

Using a so-called referrer measurement, we also collect data on which advertising medium or marketing campaign visitors to the website used to reach the contact form. This allows us to evaluate and optimise the success and performance of specific advertising activities.

Newsletter

We send newsletters with promotional information only with the consent of the recipient or with legal permission. Our newsletter contains information about the company, services, offers and campaigns (e.g. new platform features, travel tips, travel offers, complementary offers for your trip, vouchers, prize draws or notes on participating in the community), which may originate from us or our partners. When and how often the newsletter is sent depends on the respective newsletter. Before we send a newsletter, we obtain confirmation of the subscription to the newsletter (double opt-in procedure). This is regulated in Art. 6 (1)(b) GDPR. Recipient data are transmitted to the service provider for the newsletter dispatch. This partnership is regulated in the data-processing agreement under the GDPR. To meet the legal requirements, we log subscriptions to the newsletter. This includes in particular the recording of the registration and confirmation times. Personal master data only serve to personalise the newsletter, and recipients can object to the dispatch at any time directly within the newsletter. The storage period corresponds to the duration of the newsletter subscription.

Use of cookies

To improve the use of our website, we use cookies. Cookies are text information that is stored on a computer via the browser when visiting a website. This storage serves to recognise a session. You can delete stored cookies at any time via your web browser or adjust the settings so that no cookies are stored. Under certain circumstances, not all of our services and functions may then be available. Further information on this can be found in our cookie policy.

Profiling

Profiling is any form of automated processing of personal data which consists of using such personal data to evaluate, analyse or predict certain aspects relating to a natural person. For this kind of marketing we have entered into agreements with third-party providers.

Rights of the user

The rights listed above can be exercised by the data subject or a person commissioned by them by means of a request to the controller via registered letter or email. The user has the right to obtain a copy of the personal data in our possession. The response is provided within the legally required deadline.

In certain cases we may retain some information for legal purposes (suspicion of fraud, breach of the general terms and conditions). Should you believe that your rights have been violated, you also have the right to lodge a complaint with the competent data-protection authority or to take legal action.

We summarise the rights of the affected user once again as follows:

Right to confirmation

Every data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them are being processed. If a data subject wishes to make use of this right of confirmation, they can contact us at any time.

Right of access

Every data subject has the right to obtain free information at any time about the personal data stored about them. The information includes:

  • the purposes of processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations. Where the data are transferred to a third country, the data subject also has the right to obtain information about the safeguards relating to the data processing.
  • the planned duration for which the personal data will be stored
  • the existence of a right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the company in question: all available information about the origin of the data
  • the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and — in such cases — meaningful information about the logic involved as well as the significance and the intended effects of such processing for the data subject.

Right to rectification

Every person affected by the processing of personal data has the right to demand the immediate rectification of inaccurate personal data concerning them.

Right to erasure

Every person affected by the processing of personal data has the right to require the controller to erase personal data concerning them without delay, where one of the following grounds applies and as long as the processing is not necessary:

  • The personal data have been collected or otherwise processed and are no longer necessary.
  • The data subject withdraws the consent on which the processing was based pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR, or the processing conflicts with another legal basis.
  • The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is required to comply with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data have not been collected in relation to services offered pursuant to Art. 8 (1) GDPR — protection of minors.

Right to restriction of processing

Every person affected by the processing of personal data has the right to obtain restriction of processing from the controller where one of the following applies:

  • The accuracy of the personal data is contested by the data subject. The restriction applies for a period that allows the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data.
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims.
  • The data subject has objected to the processing pursuant to Art. 21 (1) GDPR, and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

Right to data portability

Every person affected by the processing of personal data has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided.

Furthermore, when exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to obtain the transmission of the personal data directly from one controller to another controller, where technically feasible and provided that the rights and freedoms of other persons are not adversely affected.

Right to object

Every person affected by the processing of personal data has the right, on grounds relating to their particular situation, to object at any time to processing of personal data concerning them. This also applies to profiling based on these provisions.

We will no longer process the personal data in the event of an objection unless we can demonstrate compelling grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.

If we process personal data for direct-marketing purposes, the data subject has the right to object at any time to the processing of personal data for the purposes of such advertising. This also applies to profiling, insofar as it is connected to such direct marketing.

Automated individual decision-making, including profiling

Every person affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or significantly affects them, unless the decision is necessary for entering into or the performance of a contract between the data subject and the controller. If the decision is necessary for entering into or the performance of a contract between the data subject and the controller, or is made with the data subject's explicit consent, we will take appropriate measures to safeguard the rights and freedoms.

Right to withdraw consent under data-protection law

Every person affected by the processing of personal data has the right at any time to withdraw their consent to the processing of personal data.

Place where your personal data are processed

Your personal data are processed mainly in our premises and in those departments where the persons responsible for the data processing are located. The contractually agreed service is provided exclusively in a Member State of the European Union or in a Contracting State of the Agreement on the European Economic Area. Any relocation of the service or parts of it to a third country requires the prior consent of the client and may only take place if the special requirements of Art. 44 et seq. GDPR are fulfilled (e.g. adequacy decision of the Commission, EU standard data-protection clauses, approved codes of conduct).

Please contact us for further information at the addresses given in the “Imprint” section.

Back to home