Privacy Policy

Effective Date: 01 February 2026

At Impactly ("Impactly," "we," "us," or "our"), we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website www.impactly.eu, our data platform, and related services (collectively, the "Service").

All personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR").

1. Data Controller

Impactly OÜ (Estonian registry code: 16149537) is the Data Controller of your information.

2. Information We Collect and Process

We collect and process information in different ways, focusing on the minimum necessary to provide and improve our Service.

Information You Directly Provide:

  • When you register for our Service or contact us, you may provide personal information such as your name and email address. This information is necessary to create and manage your user account and to communicate with you.
  • Registered business users (Companies or Financial Institutions) may submit business-related data to the Service. This includes company business data or documents uploaded for processing on our platform. While this information is primarily business-related, it may incidentally contain personal data (e.g., names of company representatives or contact details within documents). We process such incidental personal data only as part of the business data, in accordance with our agreements with the business users.

Publicly Available and Third-Party Data:

  • We collect information from publicly available sources (e.g., official business registries, public corporate websites) and from third-party data providers as part of our Service. This is generally business information, but may include publicly listed names of company officials.

Automatically Collected Information:

  • Log Files: Like many websites, we collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, and time spent on those pages. This information is used for service operation, security, and understanding user interaction with our platform.
  • Cookies: We use cookies and similar tracking technologies as described in our Cookie Policy. Strictly necessary cookies are used for core functionalities like session management and language preferences. Analytics cookies are used with your consent to help us understand user interaction and improve our Service.

3. How We Use Your Information

We use the information we collect, including personal data, for the following purposes:

  • To provide, operate, maintain, and improve our Service.
  • To create and manage user accounts and authenticate users.
  • To process business data using our platform, including analysis with AI, to provide data and insights for our users.
  • To enable Companies to review and manage their data profiles.
  • To enable Financial Institutions to browse company profiles and receive data in accordance with the agreements.
  • For platform analytics, error tracking, and to understand user interaction to improve our Service (primarily using aggregated or anonymized data where possible).
  • To communicate with you, including responding to your inquiries and sending service-related information and updates.
  • To comply with legal obligations and enforce our policies, including our Terms of Service.

4. Legal Basis for Processing Your Personal Data

Our legal basis for collecting and using the personal information described above depends on the personal data and the specific context:

  • Performance of a Contract: Processing your name, email, and IP address is necessary to provide the Service to you according to our Terms of Service, including account creation and enabling platform functionalities.
  • Consent: We rely on your consent for:
    • The use of non-essential analytics cookies, as detailed in our Cookie Policy.
    • Sending marketing communications, if you opt-in.
  • Legitimate Interests: We process some data based on our legitimate interests, provided these are not overridden by your data protection rights. This includes:
    • Processing publicly available business information (which may incidentally include personal data of public figures associated with those businesses) to populate our database and provide our Service.
    • Analyzing usage patterns (primarily through aggregated or anonymized data) to improve our Service, ensure security, and prevent misuse.
    • Using error tracking to maintain our platform and website stability.
  • Legal Obligation: Processing may be necessary for compliance with a legal obligation to which we are subject.

5. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. This means we will retain your account information (name, email) as long as your account is active or as needed to provide you services. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Users may request data deletion by contacting info@impactly.eu, which we will honor within a reasonable timeframe, subject to legal or regulatory retention requirements. Business data uploaded by users will be retained according to our agreements with those users and our data retention policies for such business data.

6. Cookies

We use cookies and similar tracking technologies. Some are strictly necessary for our platform's functioning (e.g., session management, language preferences). Others, for analytics and service improvement, are used only with your explicit consent. For detailed information, please see our Cookie Policy.

7. Data Processors and International Transfers

To provide our Service, we engage third-party service providers (data processors) who may process personal data on our behalf for purposes such as hosting, data storage, data processing pipelines (including AI model analysis), and user account management. We have data processing agreements in place with these providers where required by GDPR.

Your personal data is primarily processed within the European Union (EU) or European Economic Area (EEA). Our core infrastructure, including hosting, data storage, and the majority of our AI processing, is located within EU data centres. However, in order to provide our Service we occasionally use third-party services whose servers may be located outside the EU/EEA, including in the United States. We are actively seeking to minimise international data transfers. Where personal data is transferred outside the EU/EEA to a country not deemed to provide an adequate level of data protection by the European Commission, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) and, where necessary, supplementary measures following a Transfer Impact Assessment, to ensure your personal data remains protected in accordance with GDPR.

8. Data Security

We implement appropriate technical and organizational measures to protect the personal data we process against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. This includes measures such as encryption and access controls. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.

9. Use of Artificial Intelligence (AI)

We utilize AI and Large Language Models (LLMs) as a core part of our Service to extract, analyse, and structure business-related information. AI processing is applied exclusively to business entities and business-related data; it is not used to profile, assess, or make decisions about individual natural persons. The outputs generated by our AI are intended to support and inform our users' own analysis and decision-making. While we strive for accuracy, AI-generated content may contain inaccuracies or limitations, and users should apply their own professional judgment when relying on such outputs. No automated decisions with legal or similarly significant effects on individuals are made solely by AI within our Service.

10. Your Data Protection Rights (Under GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights:

  • The right to access, update or to delete the personal information we have on you.
  • The right of rectification: You have the right to have your information rectified if it is inaccurate or incomplete.
  • The right to object: You have the right to object to our processing of your Personal Information.
  • The right of restriction: You have the right to request that we restrict the processing of your personal information.
  • The right to data portability: You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent: You have the right to withdraw your consent at any time where Impactly relied on your consent to process your personal information.

If you wish to exercise any of these rights, please contact us at info@impactly.eu. We may ask you to verify your identity before responding to such requests. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), or with another supervisory authority in the EEA member state of your habitual residence or place of work. For more information, please contact your local data protection authority in the EEA.

11. Children's Information

Our Service is not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children under 18 (or the relevant age of majority). If you believe that your child has provided us with personal information, please contact us immediately, and we will take steps to remove such information from our records.

12. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting a notice on our website, updating the "Effective Date" at the top of this policy, and requesting your acknowledgement of the updated Privacy Policy within the Service upon your next use. Your continued use of the Service following such notification and acknowledgement constitutes your acceptance of the revised policy.

13. Acknowledgement

By using our Service, you acknowledge that you have read and understood this Privacy Policy. Where consent is the legal basis for processing (e.g., non-essential cookies), this will be obtained separately through dedicated consent mechanisms. In the event of material changes to this Privacy Policy, we will present the updated policy to you within the Service and request your explicit acknowledgement before you continue using the Service.

14. Contact Us

If you have any questions about this Privacy Policy, your data protection rights, or our data practices, please contact us:

Impactly OÜ (registry code: 16149537)
Looduse 1, 76901 Tabasalu, Estonia
Email: info@impactly.eu