TMRW IMPACT GMBH (TMRW IMPACT)
FAIR PROCESSING NOTICES
1. CLIENTS/USERS
1.1. APPROPRIATE COMMUNICATION CHANNELS: TMRW IMPACT’s website, through a clear link (e.g., ‘Privacy notice’) accessible from the homepage, and preferably from all pages.
1.2. NOTICE CONTENTS:
“TMRW IMPACT GmbH (Unter den Linden 26-30, 10117 Berlin, Germany, TMRW Impact) collects and processes personal data on you if you (or your company, which you represent or for which you act as a contact person or user) are an actual, former or prospective client of TMRW IMPACT, or a user of TMRW IMPACT products and services.
TMRW IMPACT acts as the controller of such processing and is committed to respecting your privacy and protecting your personal data in accordance with the law, in particular the EU General Data Protection Regulation 2016/679 (GDPR).
PROCESSING PURPOSES.
The processing of your data is based on the following grounds:
PURPOSE OF PROCESSING | GDPR LEGAL BASIS |
| TMRW IMPACT processes your data: – to manage your or your company’s subscription to our products and services and the onboarding process | The processing is necessary: – in order to take steps prior to entering into a contract with you or your company – for purposes of legitimate interests pursued by TMRW IMPACT (that is, client/prospect management) |
| – to manage the delivery of products and services you or your company have ordered or use, to manage your use of such products and services, including payments and other transactions you make through our products and services, as well as for billing, accounting and administrative management purposes | – for the performance of a contract with you or your company – to comply with legal obligations to which TMRW IMPACT is subject – for purposes of legitimate interests pursued by TMRW IMPACT (that is, product/service delivery and improvement, client and user transactions and management) |
| – for marketing (including client relationship management, subscription to newsletter, alerts and marketing materials, social media, communities and event management), business intelligence and product/services improvement purposes | – for purposes of legitimate interests pursued by TMRW IMPACT (that is, marketing, business intelligence and product/services improvement) |
| – to manage and analyse your interactions with our website and products (see cookie policy) | – for purposes of legitimate interests pursued by TMRW IMPACT (that is, business intelligence, product and website management and improvement) |
In exceptional cases, TMRW IMPACT may need your consent for certain processing operations (which is not the case for the processing purposes detailed above). In such case, TMRW IMPACT will ask for your consent separately.
DATA CATEGORIES.
In addition to the information you have communicated to TMRW IMPACT directly or through your company, TMRW IMPACT may collect and process the following categories of personal data: identity/details (contact person, company, phone, email, address, social media details, personal interests), account details (subscription details, subscribed options/products/services), credentials (login, password, security data, OTP), account profile (license/account type, profile picture and details, contact list), products/services data (information provided through online form, products/services ordered/used, communications contents, whiteboard contents, pictures/text/files shared by users, chat, audio/videos recordings, clickstream data), technical data (user account details, email, browser/devices/applications used, issue description by user, technical measures/recommendations, user follow up, technical support query status), user interactions with products/services, use of product, server logfiles, identifiers (user name, IP address, email address, connection logfiles, cookies), newsletter subscription form/details, social media user subscriptions, and if you take part in events organised by TMRW IMPACT: invitees lists, significant other, event management data (no shows, venue, catering/food allergies where specified by you), photos/videos.
Where you provide personal data on third-parties (whether your employees, users or relatives) to TMRW IMPACT you should make sure you have informed them accordingly.
DATA RECIPIENTS.
TMRW IMPACT may share your data with affiliated or third-party service providers as necessary to deliver the products/services to you and other purposes listed above, as well as to competent local authorities (tax authorities, regulators, law enforcement agencies), external auditors, payment providers, banks and, where applicable (events) communication agencies and event management providers (venue, catering, security).
DATA TRANSFERS OUTSIDE THE EU/EEA.
TMRW IMPACT may transfer your personal data outside of the EU/EEA, including to countries which do not have a similar level of protection of personal data as the EU. In such case, and in accordance with GDPR, data transfers will: be limited to what is necessary to perform the contract with you, or conclude a contract with a third-party in your interest, or be justified by the establishment, exercise or defence of legal claims, or if appropriate, be covered by appropriate safeguards, such as entering into EC approved standard contractual clauses, or in exceptional cases, take place with your consent. In such case, TMRW IMPACT will ask for your consent separately.
DATA RETENTION.
TMRW IMPACT will retain your personal data for as long as required to deliver the products/services you or your company have ordered or use, and/or for the mandatory retention duration set forth by applicable law (up to 10 years after the termination of our relation for certain accounting and contractual data).
YOUR STATUTORY RIGHTS.
You have certain rights concerning your personal data under GDPR as mentioned below, and can exercise them by contacting TMRW IMPACT at dataprotection@tmrw.com.
Right to information. If you are a client-related third party (e.g., an employee of a corporate client), TMRW IMPACT may not have your current details and thus cannot contact you conveniently and in confidentiality. You can find updated information on TMRW IMPACT’s processing of your data at any time on this website, or by contacting TMRW IMPACT at dataprotection@tmrw.com.
Access right. You have the right to access your personal data. TMRW IMPACT processes a large quantity of information, and can thus request, in accordance with GDPR, that before the information is delivered, you specify the information or processing activities to which your request relates.
Right to rectification. You can ask TMRW IMPACT to rectify, correct or update inaccurate and/or incorrect data.
Other rights. In certain limited cases (in which case TMRW IMPACT will first analyse whether the conditions for the exercise of such rights are fulfilled, in line with GDPR), you may object to, or request the limitation of, the processing of your personal data, or request the erasure or portability of your personal data.
Where TMRW IMPACT asked for your consent to a specific processing, you have the right to withdraw such consent at any time (for future processing).
You should note that the law authorizes TMRW IMPACT to retain and continue processing certain personal data, even where you have exercised your rights to object or erasure or -if applicable- withdrawn your consent: this is the case in particular where TMRW IMPACT has legitimate and compelling reasons for continuing the processing, such as compliance with applicable law.
Contact.
You can contact TMRW IMPACT’s Data Protection team here:
TMRW IMPACT GmbH.
Unter den Linden 26-30, 10117 Berlin, Germany
Email: dataprotection@tmrw.com
2. EXTERNAL STAFF/CONSULTANTS/SUPPLIERS
2.1. APPROPRIATE COMMUNICATION CHANNELS:
TMRW IMPACT’s intranet (if any, and if concerned data subjects have access thereto) or website, through a clear link (e.g., ‘Privacy notice’) accessible from the homepage, and preferably from all pages.
2.2. NOTICE CONTENTS:
“TMRW Impact GmbH (Unter den Linden 26-30, 10117 Berlin, Germany, TMRW IMPACT) collects and processes personal data on you if you (or your company) are an actual, former or prospective supplier of TMRW IMPACT.
TMRW IMPACT acts as the controller of such processing and is committed to respecting your privacy and protecting your personal data in accordance with the law, in particular the EU General Data Protection Regulation 2016/679 (GDPR).
If you are detached to TMRW IMPACT, please also refer to the Privacy Notice concerning TMRW IMPACT’s employees as some of processing operations detailed therein might also apply to your personal data.
PROCESSING PURPOSES. The processing of your data is based on the following grounds:
PURPOSE OF PROCESSING | GDPR LEGAL BASIS |
| TMRW IMPACT processes your data: – to manage the contractual relation with you or your company, the services you deliver, as well as for billing, payment and accounting purposes | The processing is necessary: – in order to take steps prior to entering into a contract with you or your company, or to perform such contract – for purposes of legitimate interests pursued by TMRW IMPACT (that is, supplier management) – to comply with legal obligations to which TMRW IMPACT is subject |
| – for supplier onboarding purposes, including granting you access to TMRW IMPACT’s IT systems as applicable | – in order to perform a contract with you or your company – for purposes of legitimate interests pursued by TMRW IMPACT (that is, supplier management, IT systems and security management) |
| – for communication and marketing purposes | – for purposes of legitimate interests pursued by TMRW IMPACT (that is, communications and marketing) |
In exceptional cases, TMRW IMPACT may need your consent for certain processing operations (which is not the case for the processing purposes detailed above). In such case, TMRW IMPACT will ask for your consent separately.
DATA CATEGORIES.
In addition to the information you have communicated to TMRW IMPACT directly or through your company, TMRW IMPACT may collect and process the following categories of personal data: identity/details (name, contact details), work done, tariffs/expenses, time spent, bank details, invoice payment status, pictures, photos, videos, articles, contributions, and if you take part in events organised by TMRW IMPACT: invitees lists, significant other, event management data (no shows, venue, catering/food allergies where specified by you), photos/videos.
Where you provide personal data on third-parties (whether your employees, users or relatives) to TMRW IMPACT you should make sure you have informed them accordingly.
DATA RECIPIENTS.
TMRW IMPACT may share your data with affiliated or third-party service providers as necessary to receive and use the products/services you deliver and other purposes listed above, as well as to your company, competent local authorities (tax authorities, regulators, law enforcement agencies), external auditors, payment providers, banks and, where applicable (events) communication agencies and event management providers (venue, catering, security).
DATA TRANSFERS OUTSIDE THE EU/EEA.
TMRW IMPACT may transfer your personal data outside the EU/EEA, including to countries which do not have a similar level of protection of personal data as the EU. In such case, and in accordance with GDPR, data transfers will: be limited to what is necessary to perform the contract with you, or conclude a contract with a third-party in your interest, or be justified by the establishment, exercise or defence of legal claims, or if appropriate, be covered by appropriate safeguards, such as entering into EC approved standard contractual clauses, or in exceptional cases, take place with your consent. In such case, TMRW IMPACT will ask for your consent separately.
DATA RETENTION.
TMRW IMPACT will retain your personal data for as long as required to manage the products/services you or your company provide to TMRW IMPACT and related payments, and/or for the mandatory retention duration set forth by applicable law (up to 10 years after the termination of our relation for certain accounting and contractual data).
YOUR STATUTORY RIGHTS.
You have certain rights concerning your personal data under GDPR as mentioned below, and can exercise them by contacting TMRW IMPACT at dataprotection@tmrw.com.
Right to information. If you are a supplier-related third party (e.g., an employee of a supplier of TMRW IMPACT), TMRW IMPACT may not have your current details and thus cannot contact you conveniently and in confidentiality. You can find updated information on TMRW IMPACT’s processing of your data at any time on this website, or by contacting TMRW IMPACT at dataprotection@tmrw.com.
Access right. You have the right to access your personal data. TMRW IMPACT processes a large quantity of information, and can thus request, in accordance with GDPR, that before the information is delivered, you specify the information or processing activities to which your request relates.
Right to rectification. You can ask TMRW IMPACT to rectify, correct or update inaccurate and/or incorrect data.
Other rights. In certain limited cases (in which case TMRW IMPACT will first analyse whether the conditions for the exercise of such rights are fulfilled, in line with GDPR), you may object to, or request the limitation of, the processing of your personal data, or request the erasure or portability of your personal data.
Where TMRW IMPACT asked for your consent to a specific processing, you have the right to withdraw such consent at any time (for future processing).
You should note that the law authorizes TMRW IMPACT to retain and continue processing certain personal data, even where you have exercised your rights to object or erasure or -if applicable- withdrawn your consent: this is the case in particular where TMRW IMPACT has legitimate and compelling reasons for continuing the processing, such as compliance with applicable law.
Contact.
You can contact TMRW IMPACT’s Data Protection team here:
TMRW Impact GmbH
Unter den Linden 26-30, 10117 Berlin, Germany
Email: dataprotection@tmrw.com
3. JOB APPLICANTS, EMPLOYEES, EXTERNAL STAFF/CONSULTANTS
3.1. APPROPRIATE COMMUNICATION CHANNELS: TMRW IMPACT’s intranet (if any, and if concerned data subjects have access thereto) or website, through a clear link (e.g., ‘Privacy notice’) accessible from the homepage. It is not recommended adding this notice in the employment or service contract as (i) this is not required or useful, and (ii) the contents of the notice are prone to change.
3.2. NOTICE CONTENTS:
“TMRW Impact GmbH (Tempelhofer Ufer 11, 10963 Berlin, Germany, TMRW IMPACT) collects and processes personal data on you when you apply for a job with TMRW IMPACT, or if you are an actual, former or prospective employee or external staff of TMRW IMPACT.
TMRW IMPACT acts as the controller of such processing and is committed to respecting your privacy and protecting your personal data in accordance with the law, in particular the EU General Data Protection Regulation 2016/679 (GDPR).
If you are detached to TMRW IMPACT as a consultant or external staff, please also refer to the Privacy Notice concerning TMRW IMPACT’s suppliers as some of processing operations detailed therein might also apply to your personal data.
PROCESSING PURPOSES.
The processing of your data is based on the following grounds:
| PURPOSE OF PROCESSING | GDPR LEGAL BASIS |
| TMRW IMPACT processes your data: | The processing is necessary: |
| 1. FOR JOB APPLICANTS: | |
| – to review job applications and manage recruitments | – in order to take steps prior to entering into a contract with you – for purposes of legitimate interests pursued by TMRW IMPACT (that is, HR management) |
| 2. FOR EMPLOYEES, INTERNS, EXTERNAL STAFF/CONSULTANTS: | |
| – as required by law (labour, tax, social, corporate, sanitary -e.g., COVID-19 mandatory checks- or other) and make legally required filings or reporting to authorities | – to comply with legal obligations to which TMRW IMPACT is subject |
| – to manage staff onboarding, payroll management, process payments and expenses, benefits management | – for the performance of a contract with you or your company – to comply with legal obligations to which TMRW IMPACT is subject |
| – for usual human resources management purposes (including employment, service or consultancy contract management and performance, appraisals performance reviews, training, background checks, discipline, investigations, security, emergency contacts, contingency plans, career development, absence/sickness leave, working time, project management, budgeting and financial forecasting and record-keeping purposes), to ensure the security of TMRW IMPACT’s assets, the continuity of activities and, in general, administer TMRW IMPACT’s business | – for purposes of legitimate interests pursued by TMRW IMPACT (that is, HR, asset security, activities and business management) – to comply with legal obligations to which TMRW IMPACT is subject |
| – for timekeeping, billing and invoicing | – for purposes of legitimate interests pursued by TMRW IMPACT (that is, financial management) – to comply with legal obligations to which TMRW IMPACT is subject |
| – for physical security (badge issuance and management, access restrictions) | – for purposes of legitimate interests pursued by TMRW IMPACT (that is, premises, asset and information protection) |
| – for IT management (IT licenses and accounts management, contacts/agenda management, collaborative tools, visio, chatrooms, file storage), electronic communications management (corporate email, mobile phones, telephony and connectivity) and related monitoring and investigations | – for purposes of legitimate interests pursued by TMRW IMPACT (that is, IT and asset management and protection) |
| – for internal communications and marketing purposes | – for purposes of legitimate interests pursued by TMRW IMPACT (that is, internal communications and marketing) |
DATA CATEGORIES.
In addition to the information you have communicated to TMRW IMPACT directly (or, for external staff/consultants, through your company), TMRW IMPACT may collect and process the following categories of personal data: for job applicants: identity (first/last name), contact details (address, phone, email, professional social media profiles), professional details (CV, experience, training, references, licenses, certifications, portfolios), tests, appraisals, role play video recordings, background checks (former employers, schools/universities), sanctions list research, interview notes, assessment, final decision, residence certificate, work permit, email correspondence with you, non-disclosure agreements, disclosures re. conflicts of interest, salary/benefits and professional expectations; for employees and (where applicable) external staff/consultants: identity (first/last name, social security number/affiliation details, ID/passport, address, phone, email), personal details (next of kin, emergency contacts, date of birth, nationality, civil status, household composition, personal interests), professional details (licenses, certifications), position (service, job description, position/professional profile, seniority, reporting lines, business cards, hiring/termination date), internal employee number, salary, benefits (additional health insurance), financial data and bank details (IBAN), criminal record, residence certificate, visas, work permit, medical certificates, sickness/absence periods, occupational accidents files/reports, workplace/job description adaptation (workplace and equipment preferences), including for disabled employees or employees with particular conditions, food allergies /preferences (internal events organisation), personal leave, parking allocation as applicable, payroll management (tax details, withholdings, tax card, deductions), presence/absence/working time management, time/job allocation, overtime work), attestations (work certificates), professional travel/venue arrangements, expenses (vouchers), employment contract details, disciplinary file, photo, appraisal interview notes and feedback, training followed (contents, certificates, presence, test results), training requests, training or HR-related interviews, feedback on employees, promotions/change, IT account details (internal number, name, account login, passwords, email, phone, address, function, office, department, reporting line/subordinates, professional groups, user profile/access rights, IT user profile, access rights, corporate equipment/allocation, Outlook profile, emails, contacts, tasks, calendar, documents, Teams profile/logs/chats/visio data, access/logfiles, user interactions, IT traces, date/hour of connection, interactions with applications, IP addresses, license management data, software applications or paying/license-based web applications, license rights, account credentials, use logs and related monitoring and investigations results) and project management data (task allocation/completion/priority, assignor/assignee, work log).
Where you provide personal data on third-parties (including your relatives) to TMRW IMPACT you should make sure you have informed them accordingly.
DATA RECIPIENTS.
TMRW IMPACT may share your data with affiliated or third-party service providers as necessary to achieve the above listed purposes, as well as to your company (for external staff/consultants), competent local authorities (tax authorities, regulators, law enforcement agencies), external auditors, payment providers, banks and, where applicable (events) communication agencies and event management providers (venue, catering, security).
DATA TRANSFERS OUTSIDE THE EU/EEA.
TMRW IMPACT may transfer your personal data outside the EU/EEA, including to countries which do not have a similar level of protection of personal data as the EU. In such case, and in accordance with GDPR, data transfers will: be limited to what is necessary to perform the contract with you, or conclude a contract with a third-party in your interest, or be justified by the establishment, exercise or defence of legal claims, or if appropriate, be covered by appropriate safeguards, such as entering into EC approved standard contractual clauses, or in exceptional cases, take place with your consent. In such case, TMRW IMPACT will ask for your consent separately.
DATA RETENTION.
For job applicants: TMRW IMPACT will retain your personal data as long as necessary for the hiring process and, if your application is not retained, for up to 2 years as we might have other positions matching your profile, unless you object to such retention by email to your usual HR contact at TMRW IMPACT or to dataprotection@tmrw.com. For employees and external staff/consultants: TMRW IMPACT will retain your personal data for as long as required to manage the employment relation or the business relation with you or your company, and/or for the mandatory retention duration set forth by applicable law (up to 10 years after the termination of our relation for certain accounting and contractual data).
YOUR STATUTORY RIGHTS.
You have certain rights concerning your personal data under GDPR as mentioned below, and can exercise them by contacting TMRW IMPACT at dataprotection@tmrw.com.
Right to information. If you are a supplier-related third party (e.g., an employee of a supplier of TMRW IMPACT), TMRW IMPACT may not have your current details and thus cannot contact you conveniently and in confidentiality. You can find updated information on TMRW IMPACT’s processing of your data at any time on this website, or by contacting TMRW IMPACT at dataprotection@tmrw.com.
Access right. You have the right to access your personal data. TMRW IMPACT processes a large quantity of information, and can thus request, in accordance with GDPR, that before the information is delivered, you specify the information or processing activities to which your request relates.
Right to rectification. You can ask TMRW IMPACT to rectify, correct or update inaccurate and/or incorrect data.
Other rights. In certain limited cases (in which case TMRW IMPACT will first analyse whether the conditions for the exercise of such rights are fulfilled, in line with GDPR), you may object to, or request the limitation of, the processing of your personal data, or request the erasure or portability of your personal data.
Where TMRW IMPACT asked for your consent to a specific processing, you have the right to withdraw such consent at any time (for future processing).
You should note that the law authorizes TMRW IMPACT to retain and continue processing certain personal data, even where you have exercised your rights to object or erasure or -if applicable- withdrawn your consent: this is the case in particular where TMRW IMPACT has legitimate and compelling reasons for continuing the processing, such as compliance with applicable law.
Finally, you can contact the Luxembourg data protection authority (Commission nationale pour la protection des données) to introduce a claim..
Contact. You can contact TMRW IMPACT’s Data Protection team here:
TMRW Impact GmbH
Unter den Linden 26-30, 10117 Berlin, Germany
Email: dataprotection@tmrw.com