Privacy policy

The protection of your data is a particular priority for us. With the following data protection statement, we inform you about the processing of your personal data, especially in connection with your visit to our website, the use of our contact form and other online offers, such as our newsletter, and your rights regarding this data processing.

If you have any questions regarding the processing of your data, please feel free to contact us at any time at

1. Responsible party

Positive impacts (PI) GmbH, Goethestr. 56, 50968 Cologne, Germany, registered in the Commercial Register of the District Court of Cologne under the number HRB 103334 (“we”, “us”) is responsible for the processing of your personal data.

2. Visiting our website and creation of statistics

We process personal data on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) to provide you with information about our company, our offers and contact options via our website and to ensure the technically flawless, secure and trouble-free operation of our website. In addition, we compile anonymized visit statistics in order to optimize our website and our offerings.

When you visit our website, the following data in particular is processed for these purposes:

  • Your IP address and the geographical region from which you access our website;
  • Terminal information such as device type, operating system and internet browser;
  • Internet address of the requested website;
  • Internet address of the previously visited website;
  • Host name of the accessing computer;
  • Date and time of the request.

This data is automatically deleted at the latest a few hours after accessing our website or the personal reference is removed by making personal information such as your IP address unrecognizable.

3. Google Analytics for creating visitor statistics

We only process personal data for the creation of more extensive website statistics and for the optimization of our website if you have given us your consent to do so (Art. 6 (1) (a) GDPR). For this purpose, we use Google Analytics and it processes query data (see “Visiting our website and creation of statistics”) as well as other data about your visit (e.g. duration of visit, visit history). We have configured Google Analytics in such a way that IP addresses are shortened (so-called anonymizeIP function) and visit data is aggregated in such a way that we can no longer trace this data back to a specific person.

Insofar as Google Ireland Limited and associated Google companies process the aforementioned data as an independently responsible party for their own purposes, you will find further information on this subject in the Google Privacy Policy and in the Google Analytics FAQ.

4. Providing font files (Google Web Fonts)

We use so-called Google Web Fonts for faster, load-time-optimized construction of our website (legitimate interest according to Art. 6 (1) (f) GDPR.

When you call up our website, your browser loads the embedded web fonts into the browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must establish a connection to the servers of Google such as Google Ireland Limited. In doing so, the request data shown in the section ” Visiting our website and creation of statistics” is processed by Google to provide the font files. You can find more information about Google Web Fonts in the Google Fonts FAQ and the Google Privacy Policy.

5. Request by contact form, e-mail, telephone or fax

If you contact us via our contact form, e-mail, telephone or fax, your request including all personal data contained (contact details, first name/last name, date and time, content of the request) will be stored and processed by us for the purpose of processing your request.

The processing of this data is based on Art. 6 (1) (b) GDPR, insofar as your request is necessary for the performance of a contract or for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us Art. 6 (1) (f) GDPR.

We will only store the data you send to us by contact request for as long as is necessary to process your request and then delete it, unless there is another legal basis for further storage (e.g. statutory retention obligations, such as those arising from tax law).

6. Newsletter

We offer you the opportunity to subscribe to newsletters about our company and our products and services. The contact data provided in this context (e.g. title, first name/last name and e-mail address) and the mailing/usage data collected (e.g. sending and opening of an e-mail) are used by us exclusively for the purpose of providing and improving our newsletter service within the scope of your consent given for this purpose (Art. 6 (1) (a) GDPR). To confirm your request and the e-mail address provided, we use the so-called double opt-in procedure. In this process, we send an e-mail to the e-mail address you provided with the request to confirm your consent. In connection with the double opt-in process, we document your IP address as well as the date and time – in each case for the submission of the web form and the confirmation of the double opt-in e-mail.

You can revoke your consent at any time free of charge with effect for the future, e.g. via the “Unsubscribe” link contained in every e-mail or via the following website:

For more information on how to exercise your rights, please refer to the “Your rights and contact options” section of this privacy policy.

As soon as you unsubscribe from the newsletter, your personal data in this context will be deleted, unless other retention periods (e.g. tax retention periods) conflict with this.

7. Quick Self-Assessment

On, we provide you with the opportunity to fill in a quick survey to help you assess your level of sustainability integration and compare it to peers. The contact data provided in this context (name, e-mail address) is used by us exclusively to provide you with the results of your assessment. To confirm the e-mail address provided, we use a so-called double opt-in procedure.

8. Business relationships

In connection with the business relationships we maintain with you, we process personal data for the performance of the contract (Art. 6 (1) (b) GDPR). Unless the data subject is a contractual partner, we have a legitimate interest in processing personal data (Art. 6 (1) (f) GDPR) in order to perform certain tasks related to the operation of our business, such as maintaining our business relationships, accounting and for tax purposes. In addition, we process personal data in order to fulfill our legal obligations in accordance with the applicable laws (Art. 6 (1) (c) GDPR).

The types of personal data we process in this context depend crucially on the respective business relationships. Usually, contact information of the relevant contact persons or information about the position or behavior of persons relevant in relation to the business relationship is processed.

We retain personal data only as long as there is a legal basis for doing so. We regularly check whether the legal requirements for further storage still exist. If the review shows that there is no legal basis for the continued storage of data in connection with the respective business relationships, we will securely delete or anonymize personal data. If you would like more detailed information on the storage period of certain data, please feel free to contact us at any time.

9. Limitation of data processing

In all cases where we process personal data, we limit this processing to the minimum necessary to achieve the respective processing purpose. This also means that we delete or anonymize data as soon as it is no longer necessary for achieving the respective processing purpose, unless there is a legal basis for continued storage, e.g. a legal (such as tax law) retention obligation.

10. Who we share your data with

We work together with service providers (e.g. web hosters) who receive access to personal data in this context.

With regard to our website, this includes in particular the web hoster 1&1 IONOS SE based in Germany. With regard to our newsletter, this is Mailchimp, and as CRM to manage our contacts, it is Hubspot, both based in the USA. The Quick Self-Assessment platform is run by Harding Scott Ltd. based in the UK. These service providers process your data on our behalf and exclusively according to our instructions on the basis of a data processing agreement (Art. 28 GDPR).

In addition, we work with Google Ireland Limited based in Ireland and Google LLC based in the USA and Google subsidiaries (Google). Insofar as Google carries out processing for its own purposes, Google is independently the responsible party. You can find more information on processing by Google in the Google Privacy Policy.

11. Data processing in countries outside the European Union/European Economic Area

If, in individual cases, personal data is processed by a service provider located outside the scope of the GDPR, we have provided suitable safeguards to ensure that a high level of protection of your personal data is guaranteed at all times. For example, we have concluded so-called EU standard contractual clauses with the relevant service providers. These standard contractual clauses are contractual rules provided by the European Commission, the use of which ensures a high level of data protection. The sample standard contractual clauses and further information on their use can be found at the European Commission’s website .

Currently, only processing of personal data on servers in the USA by our service provider Google (Google Ireland Limited or Google LLC and subsidiaries), Hubspot and Mailchimp may occur. We have concluded EU standard contractual clauses with Google, Hubspot and Mailchimp.

If you would like more information about the safeguards we use or about the countries in which we have personal data processed, please feel free to contact us at any time.

12. Your rights and contact options

With regard to the processing of your personal data, you have the following rights if the legal requirements are met:

  • The right to obtain information about the processing of your personal data (Art. 15 GDPR);
  • The right to request the correction of incorrect or incomplete data (Art. 16 GDPR);
  • The right to request the erasure of your data (Art. 17 GDPR);
  • The right to request the restriction of the processing of your data (Art. 18 GDPR);
  • Where data processing is based on consent or the execution of a contract and also involves the use of automated processing, you have the right to receive your data in a structured, commonly used and machine-readable format and to have it transferred to another data processor (Art. 20 GDPR);
  • If the processing is based on a legitimate interest of positive impacts (PI) GmbH or a third party or is in the public interest or in the exercise of official authority, you have the right to object to the processing of your data on grounds relating to your particular situation. In addition, you have the right to object to the processing of data for direct marketing purposes. This also applies to profiling, insofar as it is related to direct advertising. (Art. 21 GDPR).
  • If the data processing is based on consent, you have the right to revoke this consent at any time free of charge with effect for the future, whereby the legality of the consent given until such revocation remains unaffected by such revocation.
  • Furthermore, you have the right to file a complaint with the responsible supervisory authority regarding the processing of your data (Art. 77 GDPR).

To make such a complaint, you can contact, for example:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia

P.O. Box 20 04 44, 40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-999

If you have any questions, feedback or other suggestions, please feel free to contact us at any time or send us an e-mail at