Privacy Policy | IMpakt28

Article 1 - Data Controller

The data controller for personal data is the IMpakt28 group, represented by its various legal entities depending on the relevant jurisdiction.

DPO (Data Protection Officer) contact: support@impakt28.vc

Article 2 - Applicable Legal Framework

As IM28 operates internationally, personal data processing is carried out in accordance with applicable regulations based on the User's country of residence, including:

The General Data Protection Regulation (GDPR) for European Union residents
The Federal Data Protection Act (FDPA) for United Arab Emirates residents
The Personal Data Protection Bill for India residents
Applicable national laws in other jurisdictions

Article 3 - Data Collected

3.1 Identification Data

Title, surname, first name
Date of birth
Nationality
Identity document number (ID card, passport)
Full postal address

3.2 Contact Data

Email address
Mobile phone number

3.3 Professional Data (Legal Entities)

Company name
Registration/tax identification number
Registered office address
Identity and contact details of legal representative

3.4 Financial and Transaction Data

Amounts invested and contribution history
Pass transaction history
Payment information
KYC/AML documents

3.5 Technical Data

IP address
Browser type and operating system
Login and browsing data
Cookies and trackers (see Cookie Policy)

Article 4 - Processing Purposes

Your personal data is processed for the following purposes:

Onboarding management and account creation
Identity verification (KYC - Know Your Customer)
Anti-money laundering and counter-terrorism financing (AML/CFT)
Contract execution and Pass management
Payment processing and reward distribution
Communication with IMpakters (notifications, reports)
Platform security and fraud prevention
Service improvement and statistical analysis
Compliance with legal and regulatory obligations

Article 5 - Legal Basis for Processing

The processing of your data is based on:

Contract execution: Pass acquisition and management, reward payment
Legal obligation compliance: KYC/AML, financial regulations, taxation
IM28's legitimate interest: security, fraud prevention, service improvement
Your consent: marketing communications (where applicable)

Article 6 - Data Recipients

Your data may be shared with:

IM28 group entities worldwide
Service providers (hosting, payment, identity verification)
Competent authorities upon legal request
Professional advisors (lawyers, auditors, accountants)

All recipients are bound by confidentiality obligations.

Article 7 - International Data Transfers

Due to IM28's international presence (UAE, Estonia, France, USA, India), your data may be transferred to countries outside your jurisdiction of residence.

These transfers are safeguarded by appropriate guarantees in accordance with applicable regulations:

Approved standard contractual clauses
Adequacy decisions
Binding corporate rules
Other recognized transfer mechanisms

Article 8 - Data Retention

Your data is retained for the following periods:

Account data: duration of contractual relationship + 5 years after closure
KYC/AML documents: minimum 5 years after end of relationship (per local regulations)
Transaction data: 10 years (accounting and tax obligations)
Login data: 1 year
Cookies: see Cookie Policy

Article 9 - Your Rights

In accordance with applicable regulations, you have the following rights:

Right of access: obtain confirmation of processing and receive a copy of your data
Right to rectification: have your inaccurate or incomplete data corrected
Right to erasure: request deletion of your data (within legal limits)
Right to restriction: obtain processing limitation in certain cases
Right to portability: receive your data in a structured format
Right to object: object to processing based on legitimate interest
Right not to be subject to automated decision-making: not be subject to decisions based solely on automated processing

Important

Exercise of these rights must not compromise IM28's essential operations or compliance with its legal obligations (particularly KYC/AML).

To exercise your rights: support@impakt28.vc

Article 10 - Data Security

IM28 implements appropriate technical and organizational security measures to protect your data:

Encryption of data in transit and at rest
Strict role-based access controls
Continuous system monitoring
Regular backups and continuity plans
Staff training on data security

Article 11 - Data Breach Notification

In the event of a personal data breach likely to pose a risk to your rights and freedoms, IM28 will notify the competent authorities and, where necessary, affected individuals within the timeframes required by applicable regulations.

Article 12 - Complaints

If you believe that the processing of your personal data constitutes a violation of applicable regulations, you have the right to lodge a complaint with the competent supervisory authority in your country of residence.

General Provisions

Article 1 - Entire Agreement

These Terms & Conditions (TOU, TOS, Privacy Policy, Cookie Policy) constitute the entire agreement between the parties regarding their subject matter and supersede all prior agreements, communications, or proposals, whether written or oral.

Article 2 - Severability

If any provision of these Terms is held null, invalid, or unenforceable by a competent court, the remaining provisions shall continue in full force and effect. The null provision shall be replaced by a valid provision that most closely reflects the original intent of the parties.

Article 3 - No Waiver

The failure of either party to exercise any right or require performance of any obligation under these Terms shall not constitute a waiver of such right or obligation. No waiver shall be valid unless express and in writing.

Article 4 - Language

These Terms & Conditions are available in French and English. In case of discrepancy in interpretation, the English version shall prevail.

Article 5 - Confidentiality

Each party shall keep all non-public, proprietary, or sensitive information received from the other party strictly confidential and shall not disclose it to any third party except as required by law, regulation, or court order. Confidential information may be shared only with employees, advisors, or service providers who need it to perform their duties and who are bound by confidentiality obligations. This obligation survives termination of the contract.

Article 6 - Survival of Provisions

The provisions relating to confidentiality, data protection, limitation of liability, intellectual property, and dispute resolution shall survive the expiration or termination of these Terms & Conditions.

Article 7 - Assignment

The User may not assign or transfer their rights or obligations under these Terms without the prior written consent of IM28. IM28 may freely assign its rights and obligations to any group entity or successor.

Article 8 - Notices

Any notice under these Terms shall be validly given:

By email to the address provided during registration (for the User)
By email to support@impakt28.vc (for IM28)
By notification on the Platform

Article 9 - Updates to Terms

IM28 reserves the right to modify these Terms & Conditions at any time. The last update date is indicated at the end of the document. Modifications take effect upon publication. For substantial modifications, registered Users will be notified by email.