Back to Home

Privacy Policy

IMpakt28 - Raise28 | International Impact Investment Platform

Version 2.0 - January 2025

Article 1 - Data Controller

The data controller for personal data is the IMpakt28 group, represented by its various legal entities depending on the relevant jurisdiction.

DPO (Data Protection Officer) contact: support@impakt28.com

Article 2 - Applicable Legal Framework

As IM28 operates internationally, personal data processing is carried out in accordance with applicable regulations based on the User's country of residence, including:

  • The General Data Protection Regulation (GDPR) for European Union residents
  • The Federal Data Protection Act (FDPA) for United Arab Emirates residents
  • The Personal Data Protection Bill for India residents
  • Applicable national laws in other jurisdictions

Article 3 - Data Collected

3.1 Identification Data

  • Title, surname, first name
  • Date of birth
  • Nationality
  • Identity document number (ID card, passport)
  • Full postal address

3.2 Contact Data

  • Email address
  • Mobile phone number

3.3 Professional Data (Legal Entities)

  • Company name
  • Registration/tax identification number
  • Registered office address
  • Identity and contact details of legal representative

3.4 Financial and Transaction Data

  • Amounts invested and contribution history
  • Pass transaction history
  • Payment information
  • KYC/AML documents

3.5 Technical Data

  • IP address
  • Browser type and operating system
  • Login and browsing data
  • Cookies and trackers (see Cookie Policy)

Article 4 - Processing Purposes

Your personal data is processed for the following purposes:

  • Onboarding management and account creation
  • Identity verification (KYC - Know Your Customer)
  • Anti-money laundering and counter-terrorism financing (AML/CFT)
  • Contract execution and Pass management
  • Payment processing and reward distribution
  • Communication with IMpakters (notifications, reports)
  • Platform security and fraud prevention
  • Service improvement and statistical analysis
  • Compliance with legal and regulatory obligations

Article 5 - Legal Basis for Processing

The processing of your data is based on:

  • Contract execution: Pass acquisition and management, reward payment
  • Legal obligation compliance: KYC/AML, financial regulations, taxation
  • IM28's legitimate interest: security, fraud prevention, service improvement
  • Your consent: marketing communications (where applicable)

Article 6 - Data Recipients

Your data may be shared with:

  • IM28 group entities worldwide
  • Service providers (hosting, payment, identity verification)
  • Competent authorities upon legal request
  • Professional advisors (lawyers, auditors, accountants)

All recipients are bound by confidentiality obligations.

Article 7 - International Data Transfers

Due to IM28's international presence (UAE, Estonia, France, USA, India), your data may be transferred to countries outside your jurisdiction of residence.

These transfers are safeguarded by appropriate guarantees in accordance with applicable regulations:

  • Approved standard contractual clauses
  • Adequacy decisions
  • Binding corporate rules
  • Other recognized transfer mechanisms

Article 8 - Data Retention

Your data is retained for the following periods:

  • Account data: duration of contractual relationship + 5 years after closure
  • KYC/AML documents: minimum 5 years after end of relationship (per local regulations)
  • Transaction data: 10 years (accounting and tax obligations)
  • Login data: 1 year
  • Cookies: see Cookie Policy

Article 9 - Your Rights

In accordance with applicable regulations, you have the following rights:

  • Right of access: obtain confirmation of processing and receive a copy of your data
  • Right to rectification: have your inaccurate or incomplete data corrected
  • Right to erasure: request deletion of your data (within legal limits)
  • Right to restriction: obtain processing limitation in certain cases
  • Right to portability: receive your data in a structured format
  • Right to object: object to processing based on legitimate interest
  • Right not to be subject to automated decision-making: not be subject to decisions based solely on automated processing

Important

Exercise of these rights must not compromise IM28's essential operations or compliance with its legal obligations (particularly KYC/AML).

To exercise your rights: support@impakt28.com

Article 10 - Data Security

IM28 implements appropriate technical and organizational security measures to protect your data:

  • Encryption of data in transit and at rest
  • Strict role-based access controls
  • Continuous system monitoring
  • Regular backups and continuity plans
  • Staff training on data security

Article 11 - Data Breach Notification

In the event of a personal data breach likely to pose a risk to your rights and freedoms, IM28 will notify the competent authorities and, where necessary, affected individuals within the timeframes required by applicable regulations.

Article 12 - Complaints

If you believe that the processing of your personal data constitutes a violation of applicable regulations, you have the right to lodge a complaint with the competent supervisory authority in your country of residence.

General Provisions

Article 1 - Entire Agreement

These Terms & Conditions (TOU, TOS, Privacy Policy, Cookie Policy) constitute the entire agreement between the parties regarding their subject matter and supersede all prior agreements, communications, or proposals, whether written or oral.

Article 2 - Severability

If any provision of these Terms is held null, invalid, or unenforceable by a competent court, the remaining provisions shall continue in full force and effect. The null provision shall be replaced by a valid provision that most closely reflects the original intent of the parties.

Article 3 - No Waiver

The failure of either party to exercise any right or require performance of any obligation under these Terms shall not constitute a waiver of such right or obligation. No waiver shall be valid unless express and in writing.

Article 4 - Language

These Terms & Conditions are available in French and English. In case of discrepancy in interpretation, the English version shall prevail.

Article 5 - Confidentiality

Each party shall keep all non-public, proprietary, or sensitive information received from the other party strictly confidential and shall not disclose it to any third party except as required by law, regulation, or court order. Confidential information may be shared only with employees, advisors, or service providers who need it to perform their duties and who are bound by confidentiality obligations. This obligation survives termination of the contract.

Article 6 - Survival of Provisions

The provisions relating to confidentiality, data protection, limitation of liability, intellectual property, and dispute resolution shall survive the expiration or termination of these Terms & Conditions.

Article 7 - Assignment

The User may not assign or transfer their rights or obligations under these Terms without the prior written consent of IM28. IM28 may freely assign its rights and obligations to any group entity or successor.

Article 8 - Notices

Any notice under these Terms shall be validly given:

  • By email to the address provided during registration (for the User)
  • By email to support@impakt28.com (for IM28)
  • By notification on the Platform

Article 9 - Updates to Terms

IM28 reserves the right to modify these Terms & Conditions at any time. The last update date is indicated at the end of the document. Modifications take effect upon publication. For substantial modifications, registered Users will be notified by email.