Privacy Policy

How we collect, use, and protect your personal information

Last updated: August 9, 2025

Introduction

ImpactLens ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any capacity.

This policy applies to all information collected through our website (impactlens.ch), our services, and any related services, sales, marketing, or events. By accessing or using our services, you agree to the collection and use of information in accordance with this policy.

We are committed to compliance with the General Data Protection Regulation (GDPR), the Swiss Federal Data Protection Act (FADP), and other applicable privacy laws. If you have any questions about this Privacy Policy, please contact us using the information provided at the end of this document.

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

Contact Forms and Inquiries

When you submit our contact form or make inquiries about our services, we collect:

  • Full name
  • Company name and position
  • Email address
  • Phone number (optional)
  • Message content and specific interests
  • Preferred communication methods

Event Registration and Training Programs

When you register for our events, training programs, or webinars, we collect:

  • Personal and professional contact information
  • Job title and company details
  • Industry and area of expertise
  • Dietary restrictions and accessibility requirements
  • Payment information (processed securely through third-party providers)
  • Professional interests and learning objectives

Newsletter and Content Subscriptions

When you subscribe to our newsletters, whitepapers, or other content, we collect:

  • Email address
  • Name and professional title
  • Company information
  • Content preferences and interests
  • Communication frequency preferences

Expert Network Participation

If you join our expert network or participate as a subject matter expert, we collect:

  • Comprehensive professional background and CV
  • Areas of expertise and specialization
  • Educational background and certifications
  • Previous work experience and achievements
  • Availability and consultation preferences
  • Banking information for payment processing

1.2 Information Automatically Collected

When you visit our website, we automatically collect certain information about your device and browsing behavior:

Technical Information

  • IP address and approximate geographic location
  • Browser type, version, and language settings
  • Operating system and device information
  • Screen resolution and device capabilities
  • Referring website and exit pages

Usage Information

  • Pages visited and time spent on each page
  • Click patterns and navigation paths
  • Search terms used on our website
  • Downloads and content interactions
  • Form submissions and conversion events

1.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Professional networking platforms (LinkedIn) when you connect with us
  • Event partners and co-sponsors for joint events
  • Marketing partners and referral sources
  • Public databases and professional directories
  • Social media platforms when you interact with our content

2. How We Use Your Information

We use the information we collect for various legitimate business purposes, including:

2.1 Service Provision and Communication

  • Responding to your inquiries and providing requested information
  • Delivering our AI marketing, expert network, and partnership services
  • Processing event registrations and managing attendance
  • Facilitating expert network connections and consultations
  • Providing customer support and technical assistance
  • Sending transactional communications related to your account or services

2.2 Marketing and Business Development

  • Sending newsletters, whitepapers, and educational content
  • Promoting relevant events, training programs, and services
  • Conducting market research and gathering feedback
  • Personalizing content and recommendations based on your interests
  • Building and maintaining professional relationships
  • Identifying potential partnership and collaboration opportunities

2.3 Website Optimization and Analytics

  • Analyzing website usage patterns and user behavior
  • Improving website functionality, content, and user experience
  • Conducting A/B testing and optimization experiments
  • Monitoring website performance and security
  • Generating statistical reports and business insights

2.4 Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Protecting our rights, property, and safety
  • Preventing fraud, abuse, and unauthorized access
  • Enforcing our terms of service and other agreements
  • Responding to legal requests and regulatory inquiries

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal information based on the following legal grounds:

3.1 Consent

When you provide explicit consent for specific processing activities, such as:

  • Subscribing to our newsletters and marketing communications
  • Participating in optional surveys and feedback collection
  • Allowing us to use your testimonials and case studies
  • Opting in to receive promotional materials about events and services

3.2 Contractual Necessity

When processing is necessary for the performance of a contract with you, including:

  • Providing requested services and consultations
  • Processing event registrations and payments
  • Facilitating expert network engagements
  • Delivering training programs and educational content

3.3 Legitimate Interests

When processing is necessary for our legitimate business interests, such as:

  • Improving our services and website functionality
  • Conducting business development and networking activities
  • Analyzing market trends and customer needs
  • Protecting our business from fraud and security threats
  • Building and maintaining professional relationships

3.4 Legal Compliance

When processing is necessary to comply with legal obligations, including:

  • Responding to legal requests and court orders
  • Meeting regulatory reporting requirements
  • Maintaining records for tax and accounting purposes
  • Complying with data protection and privacy laws

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and analyze website usage. This section explains what cookies we use and how you can control them.

5.1 Essential Cookies

These cookies are necessary for the website to function properly and cannot be disabled:

  • Session Management: Maintaining your session as you navigate the website
  • Security: Protecting against cross-site request forgery and other security threats
  • Form Functionality: Remembering form inputs and preventing data loss
  • Load Balancing: Ensuring optimal website performance and availability

5.2 Analytics Cookies

These cookies help us understand how visitors interact with our website:

  • Google Analytics: Tracking page views, user sessions, and website performance
  • Heatmap Tools: Understanding user behavior and interaction patterns
  • Conversion Tracking: Measuring the effectiveness of our marketing campaigns
  • A/B Testing: Optimizing website content and user experience

5.3 Marketing Cookies

These cookies are used to deliver relevant advertisements and track marketing performance:

  • Retargeting: Showing relevant ads to previous website visitors
  • Social Media: Enabling social media sharing and tracking engagement
  • Email Marketing: Tracking email campaign effectiveness and engagement
  • Lead Generation: Identifying potential customers and their interests

5.4 Preference Cookies

These cookies remember your preferences and settings:

  • Language Settings: Remembering your preferred language
  • Content Preferences: Personalizing content based on your interests
  • Display Settings: Maintaining your preferred website layout and features
  • Communication Preferences: Remembering your contact and subscription preferences

5.5 Managing Cookies

You can control and manage cookies in several ways:

  • Browser Settings: Most browsers allow you to block or delete cookies through their settings
  • Opt-out Tools: Use industry opt-out tools for advertising cookies
  • Cookie Preferences: Adjust your preferences using our cookie consent banner
  • Third-party Controls: Manage cookies directly through third-party service providers

Please note that disabling certain cookies may affect website functionality and your user experience.

6. Data Security and Protection

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

6.1 Technical Safeguards

  • Encryption: All data transmission is protected using SSL/TLS encryption
  • Secure Storage: Personal information is stored on secure servers with restricted access
  • Access Controls: Multi-factor authentication and role-based access controls
  • Regular Updates: Security patches and software updates are applied promptly
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Backup Systems: Regular data backups with secure storage and recovery procedures

6.2 Administrative Safeguards

  • Staff Training: Regular privacy and security training for all employees
  • Access Policies: Strict policies governing access to personal information
  • Incident Response: Comprehensive procedures for responding to security incidents
  • Vendor Management: Due diligence and contractual protections for third-party providers
  • Regular Audits: Periodic security assessments and compliance reviews

6.3 Physical Safeguards

  • Secure Facilities: Physical access controls to offices and data centers
  • Equipment Security: Secure disposal of hardware containing personal information
  • Environmental Controls: Protection against environmental threats and disasters

6.4 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach is likely to result in high risk
  • Provide clear information about the nature of the breach and steps being taken to address it
  • Offer guidance on steps you can take to protect yourself

7. Your Rights and Choices

Under applicable privacy laws, including GDPR, you have several rights regarding your personal information:

7.1 Right of Access

You have the right to request information about the personal data we hold about you, including:

  • What personal information we collect and process
  • The purposes for which we use your information
  • The categories of third parties with whom we share your information
  • How long we retain your information
  • Your rights regarding your personal information

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information. We will make reasonable efforts to update your information promptly upon receiving a valid request.

7.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal information in certain circumstances, including:

  • The information is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis for processing
  • Your information has been unlawfully processed
  • Deletion is required for compliance with legal obligations

7.4 Right to Restrict Processing

You may request restriction of processing in certain situations, such as:

  • When you contest the accuracy of your personal information
  • When processing is unlawful but you prefer restriction over deletion
  • When we no longer need the information but you need it for legal claims
  • When you object to processing while we verify our legitimate interests

7.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another controller when technically feasible.

7.6 Right to Object

You have the right to object to processing of your personal information in certain circumstances, including:

  • Processing based on legitimate interests
  • Direct marketing communications
  • Profiling for marketing purposes

7.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

7.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Information" section below. We will respond to your request within one month, though this period may be extended by two additional months for complex requests.

When submitting a request, please provide:

  • Clear identification of the right you wish to exercise
  • Sufficient information to verify your identity
  • Specific details about your request
  • Preferred method of response

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods vary depending on the type of information and the purpose for which it was collected:

8.1 Contact and Inquiry Information

  • Active Inquiries: Retained until the inquiry is resolved and for 2 years thereafter
  • General Contact Information: Retained for 5 years from last contact or until you request deletion
  • Marketing Communications: Retained until you unsubscribe or for 3 years from last engagement

8.2 Event and Training Information

  • Registration Data: Retained for 7 years for tax and accounting purposes
  • Attendance Records: Retained for 3 years for certification and follow-up purposes
  • Feedback and Evaluations: Retained for 5 years for service improvement

8.3 Expert Network Information

  • Expert Profiles: Retained for the duration of participation plus 3 years
  • Consultation Records: Retained for 7 years for legal and compliance purposes
  • Payment Information: Retained for 7 years for tax and accounting purposes

8.4 Website Analytics

  • Usage Data: Retained for 26 months in Google Analytics
  • Cookie Data: Varies by cookie type, typically 1-24 months
  • Log Files: Retained for 12 months for security and troubleshooting

8.5 Factors Affecting Retention

When determining retention periods, we consider:

  • The nature and sensitivity of the personal information
  • Legal and regulatory requirements
  • The purposes for which the information was collected
  • Whether the purposes can be achieved through other means
  • The potential risks to individuals from continued processing

9. International Data Transfers

ImpactLens is based in Switzerland, and we primarily process personal information within the European Economic Area (EEA) and Switzerland. However, some of our service providers may be located in other countries, including the United States.

9.1 Transfer Safeguards

When we transfer personal information outside the EEA or Switzerland, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with adequacy decisions from the European Commission
  • Standard Contractual Clauses: Use of EU-approved standard contractual clauses with service providers
  • Binding Corporate Rules: Transfers within multinational organizations with approved binding corporate rules
  • Certification Schemes: Transfers to organizations with approved certification schemes
  • Specific Derogations: Transfers based on explicit consent or other specific derogations

9.2 Specific Transfer Scenarios

Cloud Services

We use cloud service providers that may store data in multiple locations. These providers have implemented appropriate technical and organizational measures and are bound by standard contractual clauses.

Analytics and Marketing Tools

Some analytics and marketing platforms may transfer data to the United States. We ensure these transfers are covered by appropriate safeguards such as Privacy Shield certification or standard contractual clauses.

Expert Network Operations

When facilitating international expert consultations, we may transfer limited professional information to other countries. Such transfers are based on legitimate interests and appropriate safeguards.

10. Children's Privacy

Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us using the information provided below. We will work with you to address any concerns and take appropriate action.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you of material changes through email or prominent website notice
  • Provide a summary of key changes when significant updates are made
  • Maintain previous versions for reference when requested

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes indicates your acceptance of the updated policy.

12. Contact Information and Complaints

12.1 Data Controller

ImpactLens is the data controller for the personal information we collect and process. You can contact us regarding any privacy-related matters:

ImpactLens
Rue Fendt 1
1201 Geneva, Switzerland

Email: privacy@impactlens.ch
General Contact: change@impactlens.ch
Phone: +41 76 672 54 57

12.2 Filing Complaints

If you have concerns about how we handle your personal information, please contact us first so we can address your concerns. If you are not satisfied with our response, you have the right to file a complaint with the relevant supervisory authority:

Switzerland

Federal Data Protection and Information Commissioner (FDPIC)
Website: www.edoeb.admin.ch
Email: contact@edoeb.admin.ch

European Union

You may also file a complaint with the supervisory authority in your EU member state. A list of supervisory authorities is available at: edpb.europa.eu

12.3 Our Response Commitment

We are committed to addressing your privacy concerns promptly and thoroughly:

  • Acknowledgment: We will acknowledge receipt of your inquiry within 2 business days
  • Investigation: We will investigate your concern thoroughly and fairly
  • Response: We will provide a substantive response within 30 days (or as required by applicable law)
  • Follow-up: We will follow up to ensure your concern has been adequately addressed

13. Additional Information

13.1 Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or significantly affects individuals. Any automated processing we conduct is limited to website analytics and basic personalization that does not impact your rights or interests.

13.2 Marketing Communications

You can opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Contacting us directly using the information provided above
  • Updating your preferences through your account settings (if applicable)

13.3 Third-Party Links

Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites you visit.

13.4 Business Continuity

In the event of a business disruption, we have procedures in place to protect your personal information and maintain compliance with privacy obligations. These procedures include secure data backup, alternative processing arrangements, and communication protocols.