Privacy Policy for ActNation.io

Effective Date:  Jan 2025

1. INTRODUCTION


This Privacy Policy explains how ActNation ApS ("ActNation", "we", "our", or "us") collects, uses, and protects the personal data of users, including company employees, companies, and NGOs using our payroll impact platform.

We also use third-party systems such as HubSpot (CRM) and Google Analytics to manage customer relationships and analyze platform usage. These platforms process data to enhance our services, communications, and performance monitoring.


2. DATA COLLECTION AND USAGE


We collect various types of data to operate, improve, and secure our services. The categories of data collected include:

- Employee Information: Name, email, CPR number (for tax reporting purposes), donation preferences, and account settings.
- Company Information: Name, CVR number, invoicing details, payment history, and subscription preferences.
- NGO Information: Name, CVR number, uploaded campaigns, and donation tracking data.
- Usage Data: Interactions with the platform, log files, IP addresses, browser type, device type, pages visited, time spent on pages, and referral sources (Google Analytics).
- Cookies and Tracking Technologies: Information collected through cookies, tracking pixels, and similar technologies to improve user experience and analyze platform usage.
- Technical and Diagnostic Data: Performance metrics, system logs, error reports, and crash diagnostics to maintain and enhance system reliability.
- CRM Data (HubSpot): Customer interactions, communications, and engagement history.
- Support and Communication Data: Customer service inquiries, chat conversations, and email communications with ActNation’s support team.
- Marketing and Engagement Data: User engagement with emails, newsletters, promotional offers, and participation in surveys or feedback requests.
Users Without Payroll Integration
Some users may choose not to integrate their payroll system with ActNation. In these cases, we only collect the following personal data:
	•	Name and email address (for account creation and communication).
	•	Donation transactions made via the Company Wallet (for tracking and reporting purposes).
CPR numbers and payroll-related data are NOT collected or processed for these users.

3. PURPOSE OF PROCESSING


We process personal data for the following purposes:

- Facilitating payroll-based donations and employer contributions.
- Generating tax receipts for NGOs and employees.
- Managing company subscriptions, invoicing, and payment processing.
- Providing personalized user experiences and improving platform usability.
- Conducting analytics to enhance platform performance and security (Google Analytics).
- Managing customer relationships and communications (HubSpot CRM).
- Detecting, preventing, and responding to fraud, security breaches, and unauthorized access.
- Sending transactional communications, service updates, and promotional messages where permitted.
- Ensuring compliance with legal and regulatory obligations.
For users who opt out of payroll integration, we process only the necessary data for account management, donation tracking, and employer contribution processing via the Company Wallet.

4. DATA SHARING


We do not sell personal data. However, we may share data under the following conditions:

- With NGOs: Employees’ donation details (if not anonymized) for tax reporting.
- With Payment Providers: Secure processing of payments.
- With Authorities: If required by law (e.g., tax authorities).
- With Payroll Systems: To ensure accurate payroll deductions and data management.
- With Financial Systems: To ensure proper and lawful contributions and donation tracking.
- With CRM Systems (HubSpot): For managing customer interactions, support requests, and marketing communications.
- With Analytics Providers (Google Analytics): To analyze user behavior and improve the platform.
- With Cloud and IT Service Providers: For hosting, database management, and security services.
- With Marketing and CRM Platforms: To send permitted communications and manage user engagement.
-For users who do not integrate with a payroll system, no payroll-related data, including CPR numbers, is shared with payroll providers or tax authorities. Only name, email, and Company Wallet donation transactions are processed and stored

5. COOKIES AND TRACKING TECHNOLOGIES


We use cookies and tracking technologies for the following purposes:

- Essential Cookies: Necessary for the operation of the platform (e.g., authentication, security, and fraud prevention).
- Performance Cookies: Collect analytics on user behavior to improve platform functionality (Google Analytics).
- Functionality Cookies: Remember user preferences to enhance user experience.
- Marketing Cookies: Track engagement with promotional content and optimize advertising strategies.

Users can manage cookie preferences through their browser settings or opt out of tracking where applicable.

6. DATA RETENTION


We retain personal data as long as necessary to provide services and comply with legal obligations. Data may be retained longer where required for compliance, dispute resolution, or enforcement of agreements.

- Account data: Retained for the duration of the subscription and deleted upon request, subject to legal retention requirements.
- Transaction and invoicing data: Retained for accounting and compliance purposes as required by tax laws.
- Usage logs and analytics data: Retained for security monitoring and service improvement.
- Support tickets and communications: Retained for service continuity and customer support analysis.
- CRM data: Retained as long as there is an active customer relationship or legitimate business interest.

7. SECURITY MEASURES


We implement technical and organizational security measures to protect personal data, including:

- Encryption of sensitive data in transit and at rest.
- Secure authentication and access controls.
- Regular security audits and vulnerability assessments.
- Monitoring and detection of unauthorized access or suspicious activity.

8. USER RIGHTS UNDER GDPR


Users have the following rights under GDPR:

- Right to Access: Request copies of their personal data.
- Right to Rectification: Request corrections to inaccurate or incomplete data.
- Right to Erasure (Right to be Forgotten): Request deletion of personal data.
- Right to Restriction of Processing: Request limited processing in certain circumstances.
- Right to Data Portability: Request transfer of personal data to another service provider.
- Right to Object: Object to processing of data for specific purposes, such as marketing.
- Right to Withdraw Consent: Withdraw consent where processing is based on consent.
- Right to Lodge a Complaint: File complaints with the Danish Data Protection Agency if they believe their rights are violated.

Users may exercise these rights by contacting ActNation's Data Protection Officer at safiya@actnation.io

9. INTERNATIONAL DATA TRANSFERS


Personal data is primarily processed within the EU. If data is transferred outside the EU, ActNation ensures adequate protection through:

- Standard Contractual Clauses (SCCs) approved by the EU Commission.
- Data Protection Agreements (DPAs) with service providers ensuring compliance with GDPR.
- Technical safeguards such as encryption and secure access controls.

10. NGO Listings & Public Information

We include publicly available information from NGO websites to promote collaboration, visibility, and transparency across our platform. This includes:
	•	NGO name
	•	Website and/or registration number
	•	Publicly listed mission, goals, or summary
	•	Generic, non-personal contact info (e.g., contact@ngo.org)
We process this information under legitimate interest as defined in Article 6(1)(f) of the General Data Protection Regulation (GDPR), in alignment with Recital 47, which allows for the use of publicly available data for relevant, low-risk purposes when individuals or organizations can reasonably expect such use.
NGOs listed on our platform are never charged for inclusion. They may optionally choose to create an account to actively manage or promote their campaigns.
If your organization prefers not to be listed or would like to update your information, please contact us at support@actnation.io
In accordance with GDPR Article 14(5)(b), individual notification is not required where doing so would involve disproportionate effort and where transparent public notice (such as this policy) is provided.
You may exercise your right to object to this processing at any time under Article 21 of the GDPR.



11. CHANGES TO THIS PRIVACY POLICY


We may update this Privacy Policy periodically to reflect changes in our services or legal requirements. Users will be notified of significant changes via email or platform notifications.


12. CONTACT INFORMATION
If you have questions or concerns about this Privacy Policy, please contact:

ActNation ApS
CVR 43734342
Havnegade 53 A 3, 1058 København K, Denmark
Email: support@actnation.io