Effective Date: January 15, 2025
Last Updated: October 13, 2025
At Mikado Impact BV, we place the highest importance on protecting the personal data of all individuals who interact with our organization, including program participants, business partners, employees, and visitors to our website. This Privacy Policy explains how personal data is collected, used, shared, and protected in accordance with the European Union General Data Protection Regulation (GDPR) 2016/679.
Mikado Impact BV is a social impact organization headquartered in the Netherlands, operating in the fields of sustainability, inclusivity, and capacity development. Through programs such as the Embark Project, we contribute to meaningful social change across communities.
Our registered office address: Fluwelen Burgwal 582511 CJ Den Haag, Netherlands
For inquiries regarding data protection, you may contact our Data Protection Officer through the following channels:
Email:privacy@mikadoimpact.com
This Privacy Policy applies exclusively to the personal data of natural persons with whom Mikado Impact BV engages in direct interaction, such as individual participants, applicants, employees, and visitors. It does not extend to legal entities or anonymized or aggregated data. Data processed in the context of contractual relationships with organizations is excluded from this policy unless otherwise stated.
For the purposes of this policy, “data subject” shall exclusively refer to identifiable natural persons with whom Mikado Impact BV has an active and verifiable relationship. General public inquiries, media actors, or anonymous individuals are not considered data subjects unless a clear basis for processing exists.
In the course of our activities, we collect personal data in the following categories:
Your personal data is processed for the following purposes:
Where appropriate and in accordance with Article 6(4) GDPR, Mikado Impact BV may process personal data for purposes compatible with those originally stated, including research, impact measurement, archival, monitoring, or future program development purposes. In such cases, the data will be pseudonymized or anonymized where feasible, and any further use will remain in line with data minimization and purpose limitation principles.
Data processing activities within Mikado Impact BV projects, including those funded by third parties, are carried out in accordance with Mikado’s internal data protection framework. Unless a formal joint controller agreement exists, funders or donors do not influence the processing conditions or purposes.
For the purposes of this Policy, “anonymized data” refers to data that has been processed using industry-standard techniques such as irreversible aggregation, ensuring that no individual can be identified. Such data falls outside the scope of the GDPR as per Recital 26.
We process your personal data based on the following legal grounds:
Mikado Impact BV has conducted a Legitimate Interest Assessment (LIA) to ensure that the processing activities based on Article 6(1)(f) do not override the fundamental rights and freedoms of data subjects. The results of such assessments are documented and reviewed periodically.
Your personal data may be shared, to the extent required by our activities and within legal boundaries, with the following parties:
We work with third-party service providers under data processing agreements. These collaborations are conducted under strict protocols that ensure the security of your data.
Data necessary for project implementation is shared with our project partners, including Mikado Consulting and local non-governmental organizations, solely within the scope of project delivery.
Reports to funding bodies are typically provided in anonymized or aggregated format.
In cases of legal obligation, data may be shared with competent public institutions and regulatory authorities.
Your data is not transferred outside the European Economic Area. Should such a transfer become necessary, appropriate safeguards will be implemented.
Mikado Impact BV may collaborate with external stakeholders such as implementing partners, funders, mentors, evaluators, or cloud service providers. Each party remains independently responsible for their own data processing practices. Mikado does not assume liability for the processing of personal data by such stakeholders unless acting as a joint controller under Article 26 GDPR, in which case a specific joint controller agreement will be concluded in accordance with Article 26 GDPR, and transparency obligations will be fulfilled jointly by the parties involved.
Where data transfer outside the European Economic Area becomes necessary, Mikado ensures the implementation of appropriate safeguards such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy decisions under Article 45 of the GDPR. Transfers shall only occur when the receiving party provides sufficient guarantees to uphold EU-level data protection standards.
Once personal data is lawfully transferred to an authorized third party (e.g. implementing partner, data processor, funding body), Mikado Impact BV shall not be held responsible for any subsequent unauthorized use or breach by that party, unless such breach was directly caused by Mikado’s failure to implement appropriate safeguards.
Your personal data is retained only for the period necessary for processing purposes:
Upon expiration of retention periods, your data is securely deleted or irreversibly anonymized.
Once personal data has been deleted or irreversibly anonymized upon expiration of its retention period, Mikado Impact BV is no longer able to fulfill any data subject rights concerning that data. This includes rights of access, rectification, and erasure.
Consent for the use of photographs and video materials is obtained through a signed or digital release form that clearly states the scope, purpose, and duration of use. Individuals may withdraw such consent at any time by contacting privacy@mikadoimpact.com, after which the relevant materials will be withdrawn from future publications and uses within Mikado’s direct control, unless required for legal archiving. Please note that complete removal from publicly distributed materials or third-party platforms may not always be technically feasible. Mikado will make reasonable efforts to remove such materials from future use and official Mikado platforms. Complete deletion from third-party systems or publicly distributed channels (e.g. shared media or publications) may not be possible.
Under the GDPR, you have the following rights:
To exercise your rights, you may contact us at privacy@mikadoimpact.com. Your requests will be evaluated and responded to without undue delay and, in any event, within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests, in accordance with Article 12(3) GDPR.
Withdrawal Consequences
Please note that withdrawing your consent may result in the inability to participate in ongoing or future programs or to receive certain services, depending on the nature of the processing activity that relies on your consent.
Request Handling Limitations
Mikado Impact BV reserves the right to reject requests that are manifestly unfounded, excessive, or repetitive in nature, as permitted under Article 12(5) GDPR. In such cases, we may also charge a reasonable administrative fee.
Mikado Impact BV only processes requests submitted directly by the data subject or by a legal representative duly authorized through verifiable documentation. Requests submitted by third parties without legal authority will not be processed.
Before lodging a formal complaint with the Dutch Data Protection Authority, verified data subjects are encouraged to contact Mikado’s Data Protection Officer prior to filing a complaint with the supervisory authority. Mikado only accepts and processes complaints submitted by or on behalf of individuals whose identity and data subject status can be reasonably established.
Mikado Impact BV does not engage in fully automated decision-making, including profiling, that produces legal or similarly significant effects as defined in Article 22 of the GDPR. While program applications and participant matching may involve categorization based on submitted data, all such processes are subject to human oversight and review.
Key decisions regarding program eligibility, participant matching, or evaluation are made by qualified personnel and include appropriate levels of human review.
Comprehensive technical and administrative measures are implemented to ensure the security of your personal data:
Mikado Impact BV aims to conduct annual internal data protection audits, subject to operational feasibility, to ensure compliance with GDPR Articles 24 and 32. These audits are supervised by the Data Protection Officer, and findings are incorporated into ongoing risk management procedures.
Our website uses cookies to enhance user experience and analyze site traffic. Cookies are small text files placed on your browser and are used for the following purposes:
You can manage or reject cookies through your browser settings. However, disabling cookies may prevent some features of our website from functioning properly.
In the event of a data breach, we act in accordance with our established procedures. Breaches that pose a risk to individuals’ rights and freedoms are reported to the Dutch Data Protection Authority within 72 hours of detection. In high-risk situations, affected individuals are also notified without undue delay.
Breach notification includes:
Personal data of children under 16 years of age is processed only with parental or legal guardian consent. In our programs directed at children, the principle of data minimization is rigorously applied, and only absolutely necessary data is collected.
This Privacy Policy is reviewed at least annually in light of changes in legal regulations or significant changes in our data processing activities. Updates are published on our website, and registered users are notified by email of significant changes.
Before changes to the policy take effect, our users are given a reasonable period for review and evaluation.
Continued use of our services or participation in our programs after the effective date of policy updates shall be deemed acceptance of the updated terms, unless you explicitly notify us of your objection in writing within a reasonable time period.
For material changes that introduce new data processing activities based on consent, Mikado will seek renewed explicit consent only where legally required, in accordance with GDPR principles.
While Mikado Impact BV implements industry-standard security measures to protect your data, it does not guarantee absolute security. In cases of data breaches resulting from cyberattacks, force majeure events, or third-party misconduct beyond Mikado’s reasonable control, Mikado shall not be held liable for any consequential, incidental, or indirect damages.
In the event of any discrepancy between different language versions of this Privacy Policy, the English version shall prevail as the sole and authoritative version for interpretation purposes.
This Privacy Policy and any dispute or claim arising out of or in connection with it shall be governed by the laws of the Netherlands. Exclusive jurisdiction is vested in the competent courts of Amsterdam, the Netherlands.
This Privacy Policy does not create any rights or obligations enforceable by any person or entity other than Mikado Impact BV and the individual data subjects to whom it applies. No third party shall have any right to enforce any term of this Policy.
This Privacy Policy shall be interpreted in good faith, in light of its stated purpose to protect personal data in accordance with GDPR principles, and not in a manner that extends Mikado Impact BV’s responsibilities or obligations beyond those expressly set forth herein.
Mikado Impact BV
Fluwelen Burgwal 582511 CJ Den Haag
Netherlands
Data Protection Officer:
Email: privacy@mikadoimpact.com
Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
Web: www.autoriteitpersoonsgegevens.nl
Phone: 0900-2001201
PROTECTION OF PERSONAL DATA
WEBSITE COOKIE POLICY
Your personal data; Protecting the privacy of visitors to the website operated by Mikado (www.mikado.com) operated by Mikado(hereinafter referred to as “COMPANY” or “Mikado”) as the data controller is one of the leading principles of our Corporation. This Cookie Use Policy (“Policy”) explains to all our website visitors and users which types of cookies are used and under what circumstances.
Cookies are small text files that are stored on your device or network server by websites you visit through your computer or mobile device.
It is often used to provide you with a personalized experience during your use of the website you are visiting, to improve the services offered and to improve your experience, and may contribute to ease of use when browsing a website. If you do not choose to use Cookies, you can delete or block Cookies in your browser settings. However, we would like to remind you that this may affect your use of our website. Unless you change your Cookie settings from your browser, we will assume that you agree to the use of cookies on this site.
WHAT KIND OF DATA IS PROCESSED IN COOKIES?
In the cookies on the websites, depending on the type, data about your browsing and usage preferences on the device on which you visit the site are collected. This data includes information about the pages you access, the services and products you view, your preferred language option, and your other preferences.
WHAT IS COOKY AND WHAT ARE THEIR INTENDED USES?
Cookies are small text files that are stored on your device or network server via browsers by websites you visit. These small text files, which contain your preferred language and other settings on the site, help remember your preferences the next time you visit the site and help us make improvements to our services to improve your experience on the site. So you can have a better and personalized user experience on your next visit.
The main purposes of using cookies on our Website are listed below:
To improve the services offered to you by increasing the functionality and performance of the website,
To improve the Website and to offer new features through the Website and to personalize the features offered according to your preferences;
To ensure the legal and commercial security of the Website, you and the Authority, to prevent fraudulent transactions through the Site;
To fulfill its legal and contractual obligations, especially those arising from the Law No. 5651 on the Regulation of Publications on the Internet and the Fight Against Crimes Committed Through These Publications and the Regulation on the Procedures and Principles for the Regulation of Publications on the Internet.
TYPES OF COOKIES USED ON OUR WEBSITE
3.1. Session Cookies
Session cookies ensure that the website functions properly during your visit. They are used for purposes such as ensuring the security and continuity of our sites and you during your visit. Session cookies are temporary cookies, they are deleted when you close your browser and come back to our site, and they are not permanent.
3.2. Persistent Cookies
Such cookies are used to remember your preferences and are stored on your device via browsers Persistent cookies remain stored even after you close your browser or restart your computer from which you visited our site. These cookies are kept in subfolders of your browser until they are deleted from your browser’s settings.
Some types of persistent cookies; It can be used to provide you with special suggestions considering issues such as the purpose of your use of the Website.
Thanks to persistent cookies, if you visit our Website again with the same device, it is checked whether there is a cookie created by our Website on your device and, if there is, it is understood that you have visited the site before and the content to be transmitted to you is determined accordingly and thus a better service is provided to you.
3.3. Mandatory/Technical Cookies
These are mandatory cookies for the website you are visiting to function properly. The purpose of such cookies is to provide the necessary service by ensuring the operation of the site. For example, it allows you to access secure parts of the website, use its features, and navigate over it.
3.4. Analytical Cookies
They collect information about the way the website is used, the frequency and number of visits, and show how visitors get to the site. The purpose of the use of such cookies is to improve performance by improving the way the site works and to determine the general trend direction. They do not contain data that can enable the identification of visitors. For example, they show the number of error messages shown or the most visited pages.
3.5. Operaional/Functional Cookies
It records the choices made by the visitor within the site and remembers them on the next visit. The purpose of such cookies is to provide ease of use to visitors. For example, it prevents the site user from re-entering the user’s password on each page they visit.
3.6. Targeting/Advertising Cookies
They measure the effectiveness of the advertisements served to visitors and calculate the number of times the advertisements are viewed. The purpose of such cookies is to serve advertisements that are tailored to the interests of visitors.
Likewise, they ensure that the interests of visitors are identified specifically for their navigation and that appropriate content is presented. For example, it prevents the ad shown to the visitor from being shown again in a short period of time.
HOW ARE COOKIE PREFERENCES MANAGED?
To change your preferences regarding the use of cookies, or to block or delete cookies, simply change your browser settings.
Many browsers give you the option to accept or reject cookies, to accept only certain types of cookies, or to be alerted by the browser when a website requests to store cookies on your device so that you can control cookies.
It is also possible to delete cookies that were previously saved in your browser.
If you disable or reject cookies, you may need to set some preferences manually, some features and services on the website may not work properly because we will not be able to recognize and associate your account. You can change the settings of your browser by clicking on the corresponding link in the table below.
Google Chrome https://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
Internet Explorer https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox https://support.mozilla.com/en-US/kb/Cookies
Opera https://www.opera.com/browser/tutorials/security/privacy/
Safari https://support.apple.com/kb/ph19214?
Microsoft Edge https://support.microsoft.com/tr-tr/help/17442/windows-internet-explorer-delete-manage-cookies
ENFORCEMENT OF THE WEBSITE PRIVACY POLICY
The Website Privacy Policy is dated In the event that all or certain articles of the Policy are renewed, the effective date of the Policy will be updated. The Privacy Policy is published on the website of the Authority (www.mikado.com) and made available to the relevant persons upon the request of the personal data owners.