Privacy Policy
At Impact Laboratories (referred to herein as “we,” “us,” and similar terms), we are committed to safeguarding your personal information.  This document (the “Privacy Policy”) is intended to be a general statement that describes how we process and protect personal information that you provide or we collect in connection with your use of our electronic services, including www.impactlaboratories.com (the “Websites”) and any related services (collectively, the “Services”).  The scope of this Policy is limited to information collected or received by us through your use of the Services.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page, and may provide information relating to substantive changes via email or other prominent notice. Changes to this Privacy Policy are effective as of the effective date listed above. Please periodically review this Privacy Policy for any changes; you acknowledge that your continued use of any of the Services after any change in this Privacy Policy will constitute your acceptance of such change.

If you have questions or concerns about our privacy policy or practices, please contact us at legal@impactlaboratories.com.

Information We Process to Provide the Services
Providing user accounts and conducting certification services requires access to certain types of basic personal data. For example, if you request a user account, we require a password and your basic contact information, including your name, phone number and email address. We may also ask you to submit and we may process data that is personal to you, including your age, gender, and geographic location. This information is used to create a user profile and provide you with services. We may use your e-mail address or mobile phone number to contact you about your experience with the Services and notify you about news and promotions.
We may also receive information about you if your information is provided to us by a party that is desirous of allowing you to use certain aspects of the Services.

Data Privacy Rights Under General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area, you have the following rights with respect to your personal data:
- Right of Access – a right to understand the nature and extent of how your data is processed;
- Right to be Rectification – a right to request correction of inaccurate data;
- Right to Erasure – a right to request erasure of personal data in some circumstances, commonly referred to as the “Right to be Forgotten”;
- Right to Restriction of Processing – a right to limit how your personal data is processed;
- Right to Data Portability – a right to receive personal data and transfer information to another controller;
- Right to Object – a right to object to processing of your personal data based on your circumstances and a right to object to direct marketing; and
- Right to Freedom from Automated Decision-making – a right not to be subject to decision-making based solely on automated processing, including profiling, that produces significant effects.

We will take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data. Please contact us if you wish to learn what personal data we hold about you or would like to request deletion of your personal data. Once we have verified your identity, we will comply with all reasonable requests.
You may bring a complaint directly to us by emailing us at legal@impactlaboratories.com. We take all of your concerns seriously and will review any written complaints received by us. We will cooperate with the appropriate regulatory authorities to resolve any complaints regarding your personal data.
You also have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
The Standard Contractual Clauses will apply to our transfer of personal information from European Union member countries to the United States in the course of providing services. “Standard Contractual Clauses” mean the standard contractual clauses for the transfer of Personal Information from a Data Controller in the European Economic Area, Switzerland and/or the United Kingdom to Processors established in third countries, in the form set out in the Annex of European Commission Decision 2010/87/EU (or any alternative or successor Decision that approves new standard contractual clauses for transfers to Data Processors in third countries). The Standard Contractual Clauses are currently available on the European Commission's website at the following link: Standard Contractual Clauses.​

Why We Process Your Personal Information
The following list identifies why we might use your personal information when providing the Services:

1. User Accounts.
User accounts allow us to provide users of the site with the ability to access account-holder-only portions of the Services.

2. Customer Surveys & Research
.
We may use your contact information to evaluate and ask you about your experience and your use of the Services. We use this feedback to improve our Services.  We may also aggregate our customer’s data to release information on trends and usage of our Services.  Such an aggregation and release will not include any way of personally identifying you or our other customers, but is used to evaluate our Services and collect statistics concerning the behavior of our user base.

3. Certification Services.
In order to provide certification services, we ask you to provide information about how our customers’ laboratories operate. Normally this does not include any personal information. However, if your answers to any of the certification assessment questions include personal information about you or other individuals, we only use such information for purposes of providing recommendations for how the applicable laboratory can achieve higher certification levels.

4. Marketing.
We may use your information when developing and providing relevant marketing materials. Our goal is to only provide you with materials that are of interest to you. We provide marketing materials to our users, including direct emails and other written materials. You may opt out of direct marketing communications by either clicking “unsubscribe” within any emails sent, or requesting removal by emailing us at legal@impactlaboratories.com.

5. Detecting and Preventing Fraud.
We use your information to monitor for potentially fraudulent activities committed using the Services.

Our Legal Bases for Processing Personal Information
Legitimate Interests. Our use of your information is necessary for our legitimate interests under purposes A - E. We have a legitimate interest in providing an excellent user experience and we would be unable to provide our users with secure access to the client-only area or provide notifications to users relating to their business interests without access to their personal information. We also have legitimate interests in providing customer support, evaluating and improving our Services (via data gathering or direct customer feedback), and in detecting and preventing fraud, which helps protect us and our customers from harm. We value your fundamental rights and freedoms and therefore do not engage in uses of your information where our legitimate interests are outweighed by your fundamental rights and freedoms.
Legal Obligations; Vital Interests. In addition to the specific bases for disclosure of personal data set forth in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. To the extent we are legally required to disclose information to law enforcement, we will comply with such requests. We will not otherwise voluntarily disclose your information.

Personal Information Collected By Us Within the Preceding 12 Months
Over the past 12 months, we have collected information concerning users’ names, addresses, email addresses, usernames, use of the Service, IP addresses, MAC addresses, IMEI, browsers, devices, operating systems, and certification assessment responses.

How long will you retain my Personal Information?
We will retain your personal information for the period necessary to fulfill the purposes outlined in this policy unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.

Can I Limit the Processing of my Personal Information? Can I Request Deletion of my Personal Information?
Yes, you may limit our processing of your data or request deletion by contacting us at legal@impactlaboratories.com. However, if compliance with your request would prevent us from being able to provide the Services to you, then compliance with your request may require cancellation of particular aspects of the Services previously arranged.

How can I Access my Information? Can I Request a Correction?
Yes, you may obtain a copy or request a correction of your personal information by emailing legal@impactlaboratories.com. You may also contact applicable regulatory authorities regarding our processing of your personal information.

California Consumer Privacy Act
If you are a California resident, you may have additional privacy rights regarding your personal data. These rights include the right to request disclosure of the categories of information collected, why that information is collected, and the types of third parties receiving access to your information. You may also request deletion of your data and obtain information relating to any sharing of information with third parties.

To every extent possible, users will receive equal service and price regardless of whether they exercise their privacy rights under the California Consumer Privacy Act. We do not sell or rent the personal data of our users.

You may contact us regarding these rights by emailing us at legal@impactlaboratories.com.

Usage Statistics & Tracking
Cookies. Cookies are small text files that that are transferred to your computer and/or device to remember things about your visit, such as your preferences or a username and password.  Information contained in a cookie may be linked to your personal information for purposes such as improving the quality of the Service or tailoring recommendations to your interests.  You can disable cookies at any time, although it may prevent you from accessing or using some or all features of the Services.
Ads.  Ads appearing as part of any of our products may be delivered to users by advertising partners, who may set cookies.  These cookies allow the ad server to recognize your computer each time they send you an online advertisement, to compile information about you, or to compile information about others who use your computer.  This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you.
Web Beacons. A “Web Beacon” is an object that is embedded in a web page that is usually invisible to the user and allows website operators to check whether a user has viewed a particular web page. We may use Web Beacons with the Services to count users who have visited particular pages or to deliver co-branded services. Web Beacons are not used to access users’ personally identifiable information; they are a technique we may use to compile aggregated statistics about usage of the Services. Web Beacons collect only a limited set of information including a cookie number, time and date of a page view, and a description of the page on which the Web Beacon resides.
You may not decline Web Beacons. However, they can be rendered ineffective by declining all cookies or modifying your browser setting to notify you each time a cookie is tendered and permit you to accept or decline cookies on an individual basis. Third parties are not permitted to use Web Beacons with the Services.