Privacy Policy

How we work to protect employee personal data

At ImpactWise, we treat privacy seriously and will only use your employees’ personal data to help you run volunteer campaigns by providing your employees with access to the ImpactWise platform, administer your employee ImpactWise accounts, give your employees product support when needed, and improve the ImpactWise product experience. We encourage you to read this document thoroughly and contact us at privacy@impactwise.io in case of any queries or issues.

With respect to you as a company that has bought access to the ImpactWise volunteer management platform and your employees, ImpactWise CSR LTD acts as a data processor. We collect your employee personal data because we have been contracted by you, acting as the data controller in this case, to give your employees access to ImpactWise and to help your employees run volunteer campaigns. We do not explicitly request your employees’ consent to collect data because they already gave consent to you for it to be collected and used in legitimate business interests in the course of their employment, or processing their data is necessary for the performance of their employment contracts. This constitutes lawful basis for processing under the EU GDPR.

We collect data your employees have given to you from their accounts on your Microsoft Teams or Slack network and Azure Active Directory (if integrated).

  • Profile picture

  • Company email address

  • First and last names

  • Job title, department, and office location

  • Link to the employee’s Microsoft Teams or Slack user profile and associated user ID

  • Any other personal data if revealed in conversation with our chatbot

The personal information we collect from your employees’ ImpactWise user profile is:

  • Company email address

  • First and last names

  • Profile picture they upload into ImpactWise

  • The IP address of the computer(s) they use to connect to ImpactWise

  • Unique user and computer identifier in the form of a browser cookie

  • The date and time of their first and latest login and activity


We will hold on to this data for the duration of our engagement with you. Personal data of your employees is deleted within 30 days of the engagement ending. We do not process or control data belonging to special categories, like health information or political views.

Your employees’ personal data is stored on Microsoft Azure servers and is always transferred securely, protecting you against data breaches and disruption. The location of these servers varies depending upon our agreement with you. If you are unsure as to which datacentres are being used for your data please contact your Customer Success Representative. We use the information to:

  • Identify volunteers and allow you to run volunteer and social impact campaigns

  • Send automated and manual communications to your employees

  • Allow you to run analytics on the performance of your volunteer campaigns

  • Set up your employees’ ImpactWise accounts and provision platform access

  • Authenticate users by using their company email address as a unique identifier

  • Personalise users’ ImpactWise experience by letting them save their preferences

  • Carry out product satisfaction surveys to help us improve the platform

  • Generate product usage analytics to improve users’ ImpactWise experience

  • Meet audit log requirements set out in our agreement with you

  • Provide product support when requested by users and notify them of disruption

  • Give users updates about improvements made to the product via email or in-app

We host our platform and all data on third-party Microsoft Azure servers.

Personal data may be viewed outside of the EU by employees of ImpactWise and its subsidiaries in the process of providing product support. This data processing is contractually governed by the same data privacy guarantees outlined above. We may also use third parties located in countries considered to provide adequate data protection by the European Commission for processing personal data, for example to send user administration and other email communications.

Under the EU General Data Protection Regulation, your employees have a right to:

  • Be notified within 72 hours of a data beach concerning your data. We will notify you within 12 hours if we discover a data breach.

  • Access what and how their personal data is being processed and request a copy of it. You or your employees can do this by contacting us at privacy@impactwise.io.

  • Be forgotten if their data is no longer relevant to its original purpose. For such requests, you or your employees may contact us at privacy@impactwise.io.

  • Get a copy of their data that we store in a portable (easy to use elsewhere) format. We can provide a copy of the data in XLS format if requested at privacy@impactwise.io.

  • Have a record of their personal data be corrected in case of errors or inaccuracies. To do this, they may contact you directly, ImpactWise support, or privacy@impactwise.io.

  • Complain to the GDPR supervisory authority appointed by their member state if you believe your rights are being encroached.