Website Privacy Policy v 1.4
Impact Hub Lisbon is deeply committed to the protection of your personal data and your privacy. The last update was made on January 23, 2026.
Our privacy policy offers transparent insights into how we collect, manage, and process your personal data during your interactions with our websites. We prioritize transparency to ensure you have a clear understanding of our data practices.
This privacy policy aims to empower you with comprehensive control over your data. We prioritize your influence and strive to ensure that you have ample opportunities to manage and shape how your data is processed.
I. Terms
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Sensitive personal data’ means personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Data subject’ means the natural person whose personal data is processed by a controller or processor.
‘Data controller’ means the natural or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Data processor’ means a natural or legal person, public authority, agency or other bodies which processes personal data on behalf of the controller.
‘Maker’ means an employee or founder of a local Impact Hub or a person that stands in a contractual relationship to a local Impact Hub that is comparable to an employee.
‘Member’ means a member of a local Impact Hub.
II. Who we are
Impact Hub Lisbon, an entity located in Lisbon, Portugal: HUBIP – HUB Negocios Impacto Portugues Lda, Tv. das Pedras Negras, 1/1D, 1100-404 Lisbon, Portugal
III. Which personal data we process
Depending on your use of our website, we process different information.
1) As far as actively provided by you or your employer, we may process contact data (“contact data“). Contact data may include your name, mailing address, phone number, email address and other information that enables us to contact you.
Purpose. We may process your contact data to enable the implementation of and participation in services, programs and events and to fulfill contractual obligations towards you (partnerships & programs); to contact you (communication); to contact you via email-newsletters to inform you about our services, programs and events (marketing).
The legal bases for the processing are:
– Partnerships & Programs: The performance of a contract OR legitimate interest OR consent.
– Communication: Consent Or performance of a contract.
– Marketing: Legitimate interest, namely where requirements of the GDPR and the E-privacy directive are met OR consent;
2) As far as actively provided by you or your employer, we may process data that relates to your work (“work-related data“). Work-related data may include your company, company details and place of work.
Purpose. We process your work-related data to enable participation in programs and events and to fulfill contractual obligations towards you (partnerships & programs).
The legal bases for the processing is the performance of a contract.
3) We may process data that relates to your use of the websites (“usage data“). Usage data may include information about the website from which you have come (referrer), information about which sub-pages were visited, or how often, information about the duration a sub-page was viewed and other information that shows the activities on our websites. Usage data is provided by Google Analytics.
Purpose. We process your contact data to optimize our websites.
The legal bases for the processing is a legitimate interest.
IV. Third parties that collect personal data on our websites
Some third parties may place a cookie on your device. A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but you can set your browsers to decline them and can delete them whenever you like.
We use the GDPR Cookie Consent plugin (by CookieYes) to manage your preferences. This tool automatically blocks scripts and cookies until you give explicit consent.
You can prevent the setting of cookies by:
Using our cookie banner: When you first visit, you can choose which categories to enable.
Changing settings: Click “Privacy & Cookies Policy” in the footer at any time to withdraw consent.
Browser settings: You can configure your browser to reject all cookies.
Cookie Categories:
Necessary: Essential for the site to work (e.g., storing your consent choice).
Analytics: Helps us understand website performance (PostHog).
Advertisement: Used by third parties (Meta/Facebook, LinkedIn) to track conversions.
V. How we use your personal data
To see the list of all the cookies we use and our policy, please visit https://lisbon.impacthub.net/cookie-policy/.
Google Services
- Analytics
We have integrated Google Analytics on our website. Google Analytics is a web analytics service provided by Google that helps us understand how visitors interact with our website (see section III, 3). This information allows us to improve user experience and evaluate the effectiveness of our communication efforts.
Google Analytics uses cookies to collect standard internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address, which is anonymized before being stored) is transmitted to and stored by Google on servers that may be located outside the EU.
We have configured Google Analytics to respect your privacy as much as possible, including IP anonymization and the disabling of data sharing features. Additionally, analytics cookies are only placed with your explicit consent.
You can manage your cookie preferences at any time. Most browsers allow you to control cookies through their settings, including deleting cookies already stored and blocking new ones.
Further information and the data protection provisions of Google can be found at:
Google Analytics Terms of Service
Google’s commitment to data privacy and security
- YouTube: Embedded videos (used in “Privacy Enhanced Mode” where possible).
- G-Suite: Used for internal email communication.
- Google Maps
We will only use your personal data within the limits provided by the described purposes. We will keep your data for as long as they are needed for their purpose.
LinkedIn
We use LinkedIn tracking to analyze visitor behavior. You can opt-out by visiting https://www.linkedin.com/psettings/guest-controls.
Further information can be found at: https://www.linkedin.com/legal/privacy-policy
Gravity Forms (WordPress)
Our website is built with WordPress. In order to collect sign-ups to our newsletter as well as requests via our membership page, we are using a WordPress plugin called Gravity Forms. These forms collect the data you provide and stores it on our WordPress website to make it accessible for our Communications Team to access and feed into our mailing list. You can find more information as well as WordPress’ privacy policy here: https://wordpress.org/about/privacy/
We will only use your personal data within the limits provided by the described purposes. We will keep your data for as long as they are needed for their purpose. We may keep personal data for archiving, historical research purposes, and statistical purposes. If we decide to introduce new uses of your personal data that are not covered by the mentioned purposes, we will first upgrade and adjust this privacy policy and will notify you about the changes.
HubSpot (CRM & Marketing Automation)
We use HubSpot, a service provided by HubSpot, Inc. (USA) and its European subsidiary HubSpot Ireland Limited, to manage our contact relationships, automate marketing communications, and track interactions with our website and services.
Data collected: HubSpot may process contact data (name, email address, phone number), website usage data (pages visited, forms submitted, email clicks), and other data you provide directly through our forms or communications.
Purpose: We use HubSpot for contact management and CRM; sending marketing communications and newsletters; tracking campaign performance; and qualifying and following up with prospective members and partners.
Legal basis: Legitimate interest and/or consent, pursuant to Article 6(1)(f) and (a) of the GDPR, depending on the nature of the processing.
International data transfers: HubSpot, Inc. is headquartered in the United States. Data transfers to the US are carried out under Standard Contractual Clauses (SCCs) approved by the European Commission, which provide adequate safeguards under Article 46 of the GDPR. HubSpot is also certified under the EU-US Data Privacy Framework.
Data Processing Agreement: We have a Data Processing Agreement (DPA) in place with HubSpot.
Opt-out: You may unsubscribe from marketing communications at any time via the unsubscribe link in any email, or by contacting us at [email protected].
Privacy Policy: https://legal.hubspot.com/privacy-policy
VI. Access to your data
We use the following third-party processors:
1) Website hosting:
a) WPMU Dev provides servers – you can find out more about WPMU Dev and their Privacy Policy at: https://wpmudev.com/docs/privacy/ and their GDPR compliance at: https://wpmudev.com/blog/web-privacy-wordpress-gdpr-compliance/
b) Our website is built using WordPress. Any information it may collect is stored locally and isn’t shared with anyone. It usually adds a cookie to help with comments and logged in users. https://wordpress.org/support/article/cookies/
2) Email:
c) Google Workspace (formerly G Suite) is used for email communication with our customers and visitors to our site. You can find out more about Google Workspace and their Privacy Policy at: https://workspace.google.com/security/ and their GDPR compliance at: https://cloud.google.com/privacy/gdpr
d) MailChimp for our email newsletter. You can find out more about MailChimp and their privacy policy at: https://mailchimp.com/legal/privacy/ and their GDPR compliant at https://mailchimp.com/en-gb/help/about-the-general-data-protection-regulation/.
3) Analytics and User tracking:
e) Google Analytics is used for visitor tracking and site analytics. We have configured Google Analytics with privacy-enhancing features such as IP anonymization and limited data sharing. You can learn more about Google’s data practices and privacy policy at: https://policies.google.com/privacy and https://support.google.com/analytics/answer/6004245
f) LinkedIn may also track visits to our site when visitors are logged into their LinkedIn account. You can learn more about LinkedIn and their privacy policy at: https://www.linkedin.com/legal/privacy-policy
4) CDN (Content Delivery Network)
g) We use Cloudflare as our CDN. A CDN helps us speed up web delivery by providing cached internet content from a network location closest to a user. You can learn more about Cloudflare and their privacy policy at https://www.cloudflare.com/en-gb/privacypolicy/.
5) Marketing: Meta (Facebook/Instagram): For campaign performance tracking.
6) CRM & Marketing Automation:
h) We use HubSpot (provided by HubSpot Ireland Limited, and HubSpot, Inc. in the USA) for contact relationship management, marketing automation, and tracking interactions with our website and services. Data transfers to the US are carried out under Standard Contractual Clauses (SCCs) approved by the European Commission. We have a Data Processing Agreement (DPA) in place with HubSpot. You can learn more about HubSpot and their privacy policy at: https://legal.hubspot.com/privacy-policy and their GDPR compliance at: https://legal.hubspot.com/gdpr
VII. Data Security
The security of all your Personal Information is important to us. To the best of our ability, we are taking appropriate technical or organizational measures to protect your Personal Information against unauthorized access or unlawful processing and accidental loss, destruction or damage. While we strive to protect your Personal Information, we cannot ensure or warrant the security of any information that you directly or indirectly transmit to us, and you do so at your own risk.
VIII. Your rights
We grant to you all the rights relating to your personal data that the European General Data Protection Regulation provides for data subjects. These rights include:
1) The right to access your data
You have the right to request access to the personal data that we have collected about you and to request specific information and insights on how we treat, share, store and otherwise process this personal data. To exercise this right please file an access request via email. Within 30 days following this request we will provide you with a copy (on paper if you do not choose otherwise) of all the personal data that we possess about you and will explain to you the details of the treatment of your personal data.
2) The right to rectification
In the case personal data that we store about you is incorrect, inaccurate, or outdated you have the right to demand that we correct these errors. To exercise this right it is sufficient to just point the errors out in an email to the address given below.
3) The right to erasure (the ‘right to be forgotten’) / withdrawal of consent
At all times you are absolutely free to withdraw any consent given by stating so in an email. As a consequence of such a withdrawal of consent, within the following 30 days, we will do everything within our reasonable possibilities to make sure that we stop processing and storing personal data about you and will request those partners of us which have access to your personal data to do the same. Please contact us at [email protected]
4) The right to object to processing
On top of the right to erasure, we grant to you the right to object to the processing of your personal data. You exercise this right by stating so in an email. As soon as you raise objections we will be required to demonstrate that we have compelling grounds for continuing the processing, or that the processing is necessary in connection with our legal rights. If we cannot demonstrate this, we will cease the processing activity in question immediately.
5) The right to restrict processing
In cases in which we, or the partners that have access to your personal data, legally cannot delete the relevant personal data (for example in the case that the data are required for the purposes of exercising or defending legal claims) or where you do not wish to have the data deleted, we may continue to store the data, but you are entitled to limit the purposes for which the data can be processed, via stating so in an email.
6) The right to lodge a complaint with a supervisory authority
You may without prejudice to any other administrative or judicial remedy, lodge a complaint with a supervisory authority in a Member State of your residence, place of work or place of the alleged infringement. They will then inform you on the progress and the outcome of the complaint including the possibility of a judicial remedy
7) The right to data portability
You may obtain and reuse your personal data for your own purposes across different services
8) The right to avoid automated decision-making
You have given explicit consent to any data you may share with us
There will be no decision based solely on automated processing, which produces legal effects including profiling based on your data of affecting you.
IX. Changes to this privacy policy
We reserve the right to change this privacy policy at any time. If we make material changes to this privacy policy we will update the version number and date above. Your continued relationship with us after having been notified of changes shall constitute your agreement to be bound by any such changes.
X. Governing law
As far as permitted by law, this privacy policy and its terms shall be governed by and construed in accordance with the data protection laws of Portugal and any legal dispute concerning this privacy policy, its interpretation, and our handling of your personal data shall be adjudicated in portuguese jurisdiction.
XI. Feedback and how to contact us
If you want to exercise your rights, have any queries on this policy, wish to contact us or know further details on how we use personal data, please contact us electronically at: [email protected] or postal under: Impact Hub Lisbon, Tv. das Pedras Negras, 1/1D, 1100-404 Lisbon, Portugal