How we handle your data.

1. Controller

The controller for personal data processing on this website (under Art. 4 (7) GDPR) is:

ImpactWorks
Christian Schulze
2900 Hellerup, Denmark
CVR-Nr.: 46021444
Email: christian.schulze@impactworks.online

2. Data we collect

2.1 Server logs (automatic)

When you visit any page on impactworks.online, the hosting infrastructure (Vercel) automatically records non-personal technical data: anonymized IP address, browser type and version, device type, referring URL, timestamp, and the page requested. This is required for security and to deliver the page. The data is kept for a maximum of 30 days.

2.2 AI Readiness Assessment submissions

When you complete the AI Readiness Assessment and choose to receive your results by email, we collect:

• Your name
• Your email address
• Your company name
• Your assessment answers and computed scores
• Submission timestamp

Submissions are stored in the Wix Forms / CRM backend (see section 4 — Wix). They are used to deliver your results, and to allow us to follow up if you wish to discuss them.

2.3 Discovery call bookings

When you book a discovery call via the Cal.eu link, that booking and any data you provide (name, email, optional message) is handled by Cal.eu under their privacy policy. We receive a notification of the booking and the data you submitted.

2.4 Email contact

When you email us directly, we process the email content and your email address for the purpose of replying. Email exchanges are kept for as long as the business relationship requires, typically no longer than 24 months after the last contact.

2.5 Cookies

This site uses only strictly necessary technical cookies (e.g. session cookies on the Wix Blog subdomain). We do not use tracking cookies, advertising cookies, or third-party analytics cookies that require consent under the ePrivacy Directive.

3. Legal basis for processing

We process personal data on the following legal bases (Art. 6 GDPR):

• Art. 6 (1) (b) — to provide a service you requested (e.g. delivering your assessment results)
• Art. 6 (1) (f) — legitimate interest in running and securing the website (server logs, fraud prevention)
• Art. 6 (1) (a) — consent, where you actively opt in (e.g. submitting the assessment form)

4. Third parties / processors

The following service providers process data on our behalf as data processors (Art. 28 GDPR):

4.1 Vercel Inc. (hosting)

The website is hosted on Vercel’s infrastructure. Vercel may store technical request logs in the EU and the US. Standard Contractual Clauses are in place for any transfers outside the EEA. See vercel.com/legal/privacy-policy.

4.2 Wix.com Ltd. (forms, CRM, blog)

Form submissions from the AI Readiness Assessment are processed by Wix as a backend service. The Wix Blog (running on a subdomain blog.impactworks.online) and the CRM Contacts and Forms apps are also Wix services. Wix processes data in the EU and globally; see wix.com/about/privacy.

4.3 Cal.eu (calendar booking)

Discovery call bookings are handled by Cal.eu (Cal.com Inc. / Cal.eu hosting). Cal.eu processes the data you provide during booking. See cal.com/privacy.

4.4 Zapier Inc. (workflow automation)

We use Zapier to automate cross-posting from the Wix Blog to LinkedIn. Zapier briefly processes blog post content and metadata. See zapier.com/privacy.

4.5 LinkedIn Corp. (cross-posting target)

Public blog posts may be republished on LinkedIn. No personal data of site visitors is sent to LinkedIn. Comments and reactions on those LinkedIn posts are governed by LinkedIn’s privacy policy.

5. Data retention

We retain personal data only as long as needed for the purposes described above, or as required by law:

• Server logs: maximum 30 days
• Assessment submissions and CRM contact records: 24 months after the last contact, unless you request earlier deletion
• Email correspondence: as long as the business relationship requires, typically up to 24 months after the last contact
• Booking and invoicing records: 10 years where required by Danish tax law

6. Your rights

Under GDPR, you have the following rights:

• Access (Art. 15) — to know what personal data we hold about you
• Rectification (Art. 16) — to have inaccurate data corrected
• Erasure (Art. 17) — to have your data deleted
• Restriction (Art. 18) — to limit processing
• Data portability (Art. 20) — to receive your data in a structured, commonly used format
• Objection (Art. 21) — to object to processing based on legitimate interest
• Withdraw consent — at any time, with effect for the future

To exercise any of these rights, please email christian.schulze@impactworks.online. We will respond within one month.

7. Right to file a complaint

You have the right to lodge a complaint with a data protection supervisory authority. In Denmark, this is the Danish Data Protection Agency (Datatilsynet, datatilsynet.dk). For visitors in Germany, you may also contact the data protection authority of your federal state.

8. International transfers

Some of our processors (notably Vercel and Wix) operate globally and may transfer data outside the EEA. Where this happens, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and equivalent safeguards to protect your data.

9. Changes to this statement

We may update this privacy statement to reflect changes to our services, third-party processors, or legal requirements. The latest version is always published here. The current version is effective as of the date below.

Last updated: 4 May 2026