Privacy policy
Below, we provide you with the information required under Article 13 of the GDPR that you need to review and exercise your data protection rights. We are the controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other data protection regulations such as the Telecommunications and Digital Services Data Protection Act (TDDDG) for this website and the associated data processing.
1. Information about the provider and controller of the website
Impact Hub Berlin GmbH Rollbergstraße 28a 12053 Berlin Email: info.berlin@impacthub.net Website: https://berlin.impacthub.net/ Tel.: +49 30 259 257 25
2. Definitions and interpretation
In this statement, the following terms have the following meanings:
“Account”: refers collectively to the personal data, payment information, and login details used by users to access materials and/or communication systems on the website;
“Content” refers to all text, graphics, images, audio and video files, software, data collections and all other forms of information that can be stored on a computer and appear on this website or are part of this website;
“Cookie” refers to a small text file that Impact Hub Berlin GmbH Ltd. places on your computer when you visit certain parts of this website. This enables us to identify returning visitors and analyze their surfing behavior on the website.
“Data” refers to all information that you transmit to the website. This includes, but is not limited to, account data and information transmitted via our services or systems;
“Impact Hub Berlin GmbH” refers to Impact Hub Berlin GmbH, Rollbergstr. 28A, 12053 Berlin, Germany
‘Service’ refers to all online facilities, tools, services, or information that Impact Hub Berlin GmbH makes available through the website now or in the future;
“System” refers to any online communication infrastructure that Impact Hub Berlin GmbH makes available through the website now or in the future. These include, but are not limited to, web-based emails, message boards, live chat functions, and email links;
“User” / “Users” means any third party who accesses the Website and is not employed by Impact Hub Berlin GmbH and is not acting within the scope of their employment; and
“Website” refers to the website you are currently using (riseacademy-berlin.learnworlds.com) and all subdomains of this website (e.g., subdomain.yourschool.com), unless expressly excluded by their own terms and conditions.
3. Data collected
The following data may be collected without restriction:
3.1 Name
3.2 Date of birth
3.3 Job title and occupation;
3.4 Contact information such as email addresses and phone numbers;
3.5 Demographic information such as postal code, preferences, and interests;
3.6 Financial information such as credit/debit card numbers;
3.7 IP address (collected automatically);
3.8 Type and version of web browser (collected automatically);
3.9 Operating system (collected automatically);
3.10 A list of URLs, starting with a referring website, your activities on this website, and the website you go to next (collected automatically); and
3.11 Cookie information (see Section 10 below).
4. Our use of data
4.1 All personal data you submit will be stored by Impact Hub Berlin GmbH for as long as you use the services and systems offered on the website. Data you submit via a communication system provided by us may be stored for a longer period of up to one year.
4.2 Unless we are required or permitted to do so by law and subject to Section 4, your data will not be disclosed to third parties. This includes our affiliated companies and/or other companies within our group.
4.3 All personal data will be stored securely in accordance with the principles of the Data Protection Act 1998 (General Data Protection Regulation, GDPR). For more information on security, please see section 9 below.
4.4 We may from time to time request some or all of the above data to provide you with the best possible service and experience when using our website. In particular, data may be used by us for the following reasons:
4.4.1 internal records;
4.4.2 improvement of our products/services;
4.4.3 sending you promotional materials by email that may be of interest to you;
4.4.4 contacting you for market research purposes, which may be by email, telephone, fax, or post. This information may be used to customize or update the website.
5. Third-party websites and services
5.1 Cookies
When you use our website, cookies are stored on your computer. Cookies are small text files that are stored on the end device assigned to the browser used by the user and provide the respective service provider who set the cookie with certain information. Cookies cannot execute programs or transfer viruses to your computer. They are generally used to make the Internet offering more user-friendly and effective. The legal basis for the use of technically necessary cookies for the operation of the website is Section 25 (2) No. 2 TDDDG, if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary in order for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. The processing of personal data by technically necessary cookies is carried out to protect our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR in designing and optimizing our website to be user-friendly. Section 25 (1) TDDDG applies to all technically unnecessary cookies, for which consent is obtained. If personal data is also processed by technically unnecessary cookies, data protection consent will be obtained in accordance with Art. 6 para. 1 lit. a) GDPR if no other legal basis exists in accordance with Art. 6 para. 1 GDPR.
This website uses the following types of cookies, the scope and functionality of which are explained below:
5.2 Transient cookies
These cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. This allows your computer to be recognized when you return to our website. These cookies are technically necessary for the optimization and presentation of the website. Session cookies are deleted when you log out or close your browser. Session cookies are generally technically necessary for the operation of the website and are therefore set on the legal basis of Section 25 (2) No. 2 TDDDG.
5.3 Persistent cookies
These cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
5.4 Third-party cookies
Impact Hub Berlin GmbH may from time to time use the services of other parties to handle matters that may include payment processing, delivery of purchased items, search engine functions, advertising, and marketing. The providers of these services do not have access to specific personal data provided by users of this website. All data used by these parties is used only to the extent necessary to provide the services requested by Impact Hub Berlin GmbH. Any use for other purposes is strictly prohibited. In addition, all data processed by third parties must be processed in accordance with this policy and in compliance with the General Data Protection Regulation (GDPR) and other data protection regulations such as the Telecommunications and Digital Services Data Protection Act (TDDDG).
We do not currently use any third-party services that also use cookies for the further development and improvement of this online offering (website optimization). Should third-party services be used in the future, this will be done to protect legitimate interests for the proper operation of the website and the provision of the service in accordance with Art. 6 para. 1 lit. f) GDPR. If external services are not technically necessary for the operation of the website, consent will be obtained via a consent banner or consent management platform in accordance with Section 25 (1) TDDDG. Insofar as personal data is also processed by these services and/or cookies, this is done in accordance with Art. 6 para. 1 lit. a) GDPR, unless there is another legal basis for the processing of personal data in accordance with Art. 6 para. 1 GDPR.
If third-party services are used on this website, you will find further information in this privacy policy.
5.5 Prevention of cookies
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may then not be able to use all the functions of this website. In addition, users have the option of accessing our website without cookies. To do this, the appropriate settings must be changed in your browser. Please refer to your browser's help function to find out how to disable cookies. However, we would like to point out that this may impair some functions of this website and limit your user experience. The websites http://www.aboutads.info/choices/ (USA) and http://www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage online advertising cookies. If cookie consent is obtained via consent banners, the cookie settings can be changed at any time and consent can be revoked.
5.6 Provision of the website and log files
The entry of personal data is not necessary for the purely informational use of our website, i.e. if you do not provide us with any other information.
Nevertheless, each time you visit our website, in addition to information from the system of the user's computer or end device, personal data is automatically collected and transmitted to our server by your browser. The following data, which is technically necessary for us to display our website to you, is collected by us:
Processed data:
• Browser type and version
• IP addresses
• Operating system
• Date and time of access
• Time zone difference to GMT
• Content of the request
• Amount of data transferred
• Referrer URL
• Access status/http status code
• Language settings and browser software
• Internet service provider
Data subjects: Website users and visitors
Purposes of processing: The temporary storage of this data in so-called log files is necessary to safeguard our legitimate interests in order to ensure the technical presentation, stability, and security of the website. The data is not evaluated for marketing purposes in this context.
Legal basis: Art. 6 para. 1 lit. f) GDPR
Legitimate interests: technical presentation and stability and security of the website
Storage period: The above-mentioned data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of storage of the data in log files, this is the case after 30 days at the latest. Storage beyond this is possible if there are indications of an illegal attack on our systems. In addition, a statistical evaluation of access to our website may be stored in anonymized form for 12 months.
Guarantees for third-country transfers: Currently no third-country transfers
Right to object (opt-out): only if the data subject can demonstrate a special situation and there are no overriding legitimate grounds for the processing
Further information on processing operations, procedures, and services: none
5.7 Contact by email
You can contact us via the email addresses provided. In this case, the personal data of the sender, i.e. the user, transmitted with the request will be stored. All incoming and outgoing emails are encrypted by us using state-of-the-art transport encryption with at least TLS 1.2. In this context, we would like to point out that transmission as an unencrypted email poses certain security risks, as interception or unauthorized access cannot be ruled out. The processing of this personal data is used solely for the purpose of processing your contact request. Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data sent by email, this is the case when the respective request has been answered and the conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and no contract has been concluded.
Processed data:
• Email address
• Name
• Usage data
• Traffic data
Data subjects:
• Employees
• Customers
• Interested parties
• Service providers
• Applicants
• Third parties
Purposes of processing: Electronic communication
Legal basis:
• Art. 6 para. 1 lit. f) GDPR
• Art. 6 para. 1 lit. b) GDPR
Legitimate interests: electronic communication
Storage period: The above data will be deleted as soon as it is no longer necessary for the purpose for which it was collected and there are no legal retention periods to the contrary. Email messages may also constitute business and commercial correspondence. In this case, they must be retained for six years in accordance with Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB).
Guarantees for third-country transfers: Google LLC and Microsoft Inc. (USA) in accordance with Art. 45 GDPR Data Privacy Framework (DPF)
Right to object (opt-out): only if the data subject can demonstrate a special situation, provided that there are no compelling legitimate grounds for the processing
Further information on processing operations, procedures, and services: None
6. Recipients of the data or categories of recipients
Within our organization, those departments that need your data to fulfill their contractual and legal obligations will have access to it.
6.1 External service providers (processors)
Your data will be passed on to our IT and software service providers for the maintenance and support of IT systems and software in order to assist us in providing our services. Your personal data will be processed by commissioned service providers within the scope of order processing in accordance with Art. 28 GDPR.
6.2 Other service providers, partners, and third parties
We may work with other partners if this is necessary to fulfill our service offerings or if we are legally obligated to disclose data. These may include the following partners or third parties:
• Credit institutions and payment service providers
• Credit agencies
• Disclosure to public authorities or by court order
• Advertising agencies
• Document destruction companies, logistics
• Advice and consulting, auditors
• Insurance
• Law firms and competent courts
We attach great importance to processing your data within the EU. However, we may use service providers who operate outside the EU. In such cases, we ensure that an adequate level of data protection is established before your personal data is transferred. This means that EU standard data protection agreements or an EU adequacy decision ensure that a level of data protection is achieved that is comparable to the standards within the EU.
7. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if it is necessary for the fulfillment of our (pre-)contractual obligations, due to a legal obligation, to protect our legitimate interests, consent is given or another legal basis permits this. Subject to legal or contractual permissions, we only transfer data to third countries if the special requirements of Art. 44 ff. GDPR are met. A transfer will then only take place on the basis of an EU adequacy decision in accordance with Art. 45 GDPR or subject to appropriate safeguards in accordance with Art. 46 (2) GDPR, such as EU standard data protection clauses or binding internal data protection regulations, known as Binding Corporate Rules (BCR). Furthermore, data may be transferred to third countries in certain exceptional cases, e.g. to fulfill a contract or a consent given in accordance with Art. 49 GDPR.
8. Data transfer to the USA
Our website includes services provided by companies based in the USA. When these services are active, your personal data may be transferred to the US servers of the respective companies. On July 10, 2023, the EU Commission adopted the new adequacy decision Data Privacy Framework (DPF). This now serves as the basis for data transfers to the USA under the following conditions:
With the DPF, personal data can now be transferred from the EU to the US without the need for further transfer instruments (e.g., standard contractual clauses) or additional measures. The DPF is based on a self-certification mechanism. This requires that the US companies to which the data is to be transferred are also certified under the EU-US Data Privacy Framework.
In contrast, standard contractual clauses must be concluded separately for each individual case of data transfer unless certification under the DPF has been obtained.
9. Storage of data
Where necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and execution of a contract. The personal data required for this purpose will be stored for the duration of the warranty and guarantee claims. In addition, we store personal data to the extent that we are legally obliged to do so. Corresponding documentation and retention obligations arise from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage and documentation are generally between six and ten years in accordance with commercial and tax law requirements under Section 257 HGB and Section 147 AO. The limitation periods of the German Civil Code (BGB) can be up to 30 years if there is a judicial component (§§ 195 ff. BGB). If no legal title has been obtained against the data subject, the regular limitation period of three years applies. We delete personal data of the data subject as soon as the purpose of storage no longer applies and there are no legal retention periods that prevent deletion.
10. Changes in company ownership and control
10.1 Impact Hub Berlin GmbH may from time to time expand or reduce its business, which may include the sale of certain business units or the transfer of control over certain business units to other parties. Data provided by users will, to the extent relevant to such transferred business, be transferred together with that business, and the new owner or controlling party will be entitled to use the data for the purposes for which it was provided by you in accordance with the provisions of this statement.
10.2 If data provided by users is transferred in this way, you will be contacted in advance and informed of the changes. When contacted, you will have the option of having your data deleted or not made available to the new owner or controller.
11. Control of access to your data
11.1 If you are required to provide data, you have the option of restricting our use of that data. This may include:
11.1.1 Use of the data for direct marketing purposes; and
11.1.2 Disclosure of data to third parties.
12. Your right to withhold information
12.1 You can access certain areas of the website without providing any data. However, in order to use all of the services and systems available on the website, you may be required to provide account information or other data.
12.2 You can restrict the use of cookies in your internet browser settings, provided that they are not technically necessary for the operation of the website. For more information, see section 5.5 below.
13. Access to your own data
13.1 You can access your account at any time to view or change your data. If your circumstances change, you may need to change or update your data. Additional data relating to your marketing preferences may also be stored and can be changed by you at any time.
13.2 Within the scope of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients, and the purpose of data processing, and, if the legal requirements are met, you have the right to correct, block, or delete this data.
13.3 Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
• If you dispute the accuracy of your personal data stored by us, we will usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
• If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.
• If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.
13.4 Right to data portability
You have the right to have data that we process based on your consent or in fulfillment of a contract delivered to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
13.5 Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. To do so, simply send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
13.6 Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
If data processing is based on Art. 6 para. 1 lit. e) or f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21 para. 1 GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes. (objection pursuant to Art. 21 (2) GDPR).
13.7 Right to lodge a complaint with a supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
13.8 Rights in data processing based on legitimate interest
Pursuant to Art. 21 (1) GDPR, you have the right to object, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e) GDPR (data processing in the public interest) or on Art. 6 para. 1 lit. f) GDPR (data processing to safeguard a legitimate interest). This also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
13.9 Rights in relation to direct marketing
If we process your personal data for direct marketing purposes, you have the right, pursuant to Art. 21 (2) GDPR, to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made informally and should be addressed to: Impact Hub Berlin Gmbh, 12053 Berlin,
14. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We hereby inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contractual partner). It is necessary for you to provide us with personal data in order to conclude a contract. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. Before providing personal data, the data subject may contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences the non-provision of the personal data would have.
15. Automated decision-making, profiling
We do not use automated decision-making, including profiling within the meaning of Art. 22 GDPR, for the establishment and execution of a contractual relationship.
16. Security
Data security is of great importance to Impact Hub Berlin GmbH. To protect your data, we have established appropriate physical, electronic, and administrative procedures to protect and secure the data collected online.
17. Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offering.
In doing so, we or our hosting service provider on our behalf process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR. The data processing by our hosting service provider is carried out within the framework of a data processing agreement in accordance with Art. 28 GDPR.
18. Protection of minors
Our offer is generally aimed at adults. Persons under the age of 18 may not transmit any personal data to us without the consent of their parents or legal guardians. Minors under the age of 16 also require the consent of their parents or legal guardians for consent to external services on the website.
19. Changes to this statement
Impact Hub Berlin GmbH reserves the right to change this privacy policy from time to time at its own discretion or in accordance with legal requirements. All changes will be published on the website immediately. This privacy policy will be updated regularly as the Internet or our website develops. We will announce any changes on this page in good time. Please check this page regularly to stay up to date with our current data usage policy.
(Current status: 15.07.2025)
20. Contact
If you have any questions about data protection, our external company data protection officer can be contacted as follows:
GFAD Datenschutz GmbH
Data Protection Officer
Huttenstraße 34/35
10553 Berlin
