Privacy Policy – Real Impact Hub

Introduction

Real Impact Hub is a strategic consultancy dedicated to partnering with companies to embed accessibility into their core operations. We believe accessibility should be a fundamental practice—from employee experiences to customer-facing services—rather than an afterthought.

In pursuit of this mission, Real Impact Hub (“we”, “our”, “us”) is committed to safeguarding the personal data entrusted to us by our partners, clients, and website visitors. We ensure all personal data is processed in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national laws.

This Privacy Policy applies when you interact with our consultancy services, digital systems, physical space audits, communications, or website.

Article 1: Data Protection Principles

As the data controller, we handle your personal data in accordance with the following GDPR principles:

  • Lawfulness, Fairness, and Transparency: Processed only on a lawful basis with clear communication.

  • Purpose Limitation: Collected for specified, legitimate business and accessibility-improvement purposes.

  • Data Minimization: We only collect what is strictly necessary to reduce friction and expand reach for our clients.

  • Accuracy: We keep records updated to ensure effective service delivery.

  • Storage Limitation: Data is kept only as long as necessary for the project or legal compliance.

  • Integrity and Confidentiality: We use high-level technical measures to secure sensitive organizational and personal data.

  • Accountability: We take full responsibility for our compliance standards.

Article 2: Purposes, Legal Basis, and Categories of Data Processed

We collect information directly from you (during consultations, via forms, or through project audits) and occasionally from third parties (publicly available corporate data).

We process personal data based on the following legal bases (Article 6 GDPR):

How and Why We Process Your Data

At Real Impact Hub, we collect and use your personal information only when we have a clear legal reason to do so under Article 6 of the GDPR. Below is a breakdown of how we manage your data across our different services:

1. Client Onboarding and Consulting Services

To partner with your organization and deliver our accessibility expertise, we process your name, corporate title, business address, your email, and billing details.

  • Legal Basis: Performance of a Contract. We need this information to fulfill our agreement with you and manage the professional relationship.

2. Accessibility Audits and Project Delivery

When we are embedding accessibility into your operations, we may process employee or user feedback, interview recordings, and workplace contact information.

  • Legal Basis: Performance of a Contract. This data is essential for us to provide accurate, high-impact recommendations for your physical or digital spaces.

3. Stakeholder Management

To maintain a professional network and ensure project continuity, we keep records of professional roles, names, and communication history.

  • Legal Basis: Legitimate Interest. It is in our mutual interest to maintain a record of our professional interactions to improve our service delivery over time.

4. Newsletters and Industry Insights

If you choose to stay updated with our latest accessibility trends, we use your name and email address to send you our hub updates.

  • Legal Basis: Consent. We only send these communications if you have explicitly opted in, and you can withdraw this consent at any time.

5. Website Inquiries

When you reach out via our contact forms, we process your name, company name, and email address to respond to your request.

  • Legal Basis: Legitimate Interest. We process this data to answer your specific questions and explore potential partnerships.

6. Event and Webinar Registration

To host accessible and inclusive events, we process your name, email, and any specific accessibility requirements you share with us.

  • Legal Basis: Performance of a Contract. We use this information to ensure the event is tailored to your needs and that you receive the necessary access links or materials

Special Category Data (Sensitive Information)

Given our focus on accessibility, we may process data concerning health or disabilities to help organizations build better practices. We process such data strictly under Article 9(2)(a) (Explicit Consent) or Article 9(2)(b) (Employment/Social Protection Law), ensuring rigorous encryption and anonymity whenever possible.

Cookie Policy

Real Impact Hub uses strictly necessary cookies for website functionality. We do not use non-essential tracking or behavioral advertising cookies.

Article 3: Recipients of Personal Data

We share personal data only when essential for embedding accessibility:

  • Internal Teams: Consultants and project managers on a "need-to-know" basis.

  • Project Stakeholders: We may share aggregated, anonymized insights with client leadership to demonstrate "Real Impact."

  • Sub-processors: Trusted IT or audit partners who adhere to our strict privacy standards.

Our Commitments:

  • We never sell your data.

  • We do not use data for purposes outside the scope of our consulting agreement.

  • Data is stored within the European Economic Area (EEA). Any necessary external transfers utilize Standard Contractual Clauses (SCCs).

Article 4: Data Retention

We retain personal data for 2 years following the conclusion of a consulting project, unless legal or tax obligations (e.g., financial auditing) require a longer period. General inquiries via the website are deleted after 1 year if no partnership is established.

Article 5: Your Rights

Under the GDPR, you have the following rights regarding your data:

  • Access & Rectification: View and correct your data.

  • Objection & Restriction: Limit how we process your information.

  • Erasure: Request the "right to be forgotten."

  • Data Portability: Receive your data in a machine-readable format.

To exercise these rights, contact our Data Protection Lead at: privacy@realimpacthub.com

Article 6: Complaints

If you have concerns about our data practices, please contact us directly. You also have the right to lodge a complaint with the relevant authority (e.g., the CNPD in Luxembourg via https://cnpd.public.lu).