Impact Stack Privacy Policy

This document relates to the management of data within the Impact Stack campaigning and fundraising platform, as owned and managed by More Onion e-campaigning GmbH (‘more onion’, or ‘we’). This privacy policy will explain how Impact Stack uses the personal data held on our servers in relation to the use of this platform by our Clients (‘clients’).

‘Personal Data’ is defined in accordance with GDPR.

This document should be read together with the Data Processing Agreement which lays out in further detail the roles and responsibilities of each party. This Data Processing Agreement is signed by more onion and our clients as a part of the Impact Stack contract that all clients must sign to use the Impact Stack platform.

The personal data relevant to this privacy policy is that of the supporters of our clients.


As providers of the technology platform more onion acts as ‘Data Processor’ of all personal data held, in line with GDPR definitions. The client using the platform is the ‘Data Controller’.

What data do we collect?

The nature of the data collected and stored by Impact Stack is determined by clients, but may include:

  • Personal identification information (Name, email address, postal address phone number, etc.)
  • Information on donations made and other forms completed, including any form field values (amount of donation, motivation, messages to politicians etc)
  • No sensitive personal data (as defined by GDPR) may be collected through Impact Stack
  • We do not collect or store any credit card information. This type of information is passed directly to payment processors the client has a direct relationship with
  • We do collect payment information when clients choose to ask for bank account and sort codes to process direct debits

How do we collect your data?

The data is collected through several methods:

  • Encrypted data files transferred to us by the client
  • Data files loaded into Impact Stack or a given to us via a secure file sharing folder by the client
  • Data inputted into Impact Stack forms directly by supporters
  • Data automatically imported from other tools, such as email marketing tools used by the client

How will we use your data?

Data is collected and stored for the sole purposes of clients. For further details on how this data will be processed by clients, please consult clients’ own Privacy Policies.

Personal Data will be processed to the extent necessary to provide the Impact Stack platform in accordance with both the contractual agreement and the client’s instructions (as Data Controller). We process Personal Data only on behalf of the Controller. Processing operations include, but are not limited to:

  • sending emails to campaign targets as designed by clients
  • sending data to third party services such as email broadcast tools and CRMs through integrations and webhooks
  • processing donations, storing form completion data. This operation relates to all aspects of Personal Data processed
  • Analysing the data on behalf of the client

How do we store your data?

Your information may be stored in a number of locations, including:

  1. In databases and log files on our webservers
  2. Our secure file transfer service, NextCloud
  3. On local computers for the purpose of data processing

Our data centres (applicable to 1. and 2.) are based in Germany and we never move personal data outside of the EU.


We will never use supporter data held in Impact Stack for marketing purposes.

What are your data protection rights?

Supporters are entitled to the following:

The right to access – You have the right to request that More Onion Ltd or More Onion GmbH provides copies of personal data held about you. We have the right to charge a reasonable fee for the administrative costs of such requests if they are manifestly unfounded or excessive; or if an individual requests further copies of their data following a request.

The right to rectification – You have the right to request that we correct any information that you believe to be inaccurate. You also have the right to ask us to complete information that you believe to be incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

Supporters should exercise these rights by directly contacting the client, ie Data Controller, who will in turn instruct us as Data Processor to action this request.

What are cookies?

Cookies are placed on your computer to collect standard Internal log information and visitor behaviour information. When you visit our websites (including and, we may collect information from you automatically through cookies or similar technology.

For further information, visit

When visiting a Impact Stack site provided via one of our clients please consult their privacy policy. Impact Stack uses cookies to track information such as where you have come from before visiting the Impact Stack page and the exact URL you are visiting. This information is saved along with any form submission, such as a donation or an online action.

How do we use cookies?

We use cookies in a number of ways including:

  • Understanding how you use our website
  • To improve your experience of the website
  • To allow our clients to further tailor communications with you

What types of cookies do we use?

Functionality – We use some cookies designed to improve your on-site experience. For example what language you prefer and the location you are in. Also whether you have chosen to allow JavaScript within your browser. We may also use cookies to remember which forms you have completed and the values you have given for them.

Understanding – We use some cookies to help us to understand how you use the website, which pieces of content are valuable to you and which devices you use so that we/clients can improve the quality of the content and ensure that it is clear and attractive on your chosen device. We also use cookies to understand which channels for mobilising supporters work best.

How to manage your cookies

You can set your browser to not accept cookies, and the above website will tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Privacy policies of other websites

Our websites may contain links to other websites. Our privacy policy only applies to our website, so if you click on a link to another website out policy does not apply.

Changes to our privacy policy

This policy will be reviewed and updated from time to time. This policy was last updated 9th August 2019.

How to contact us

You can contact us at if you have any questions or would like to exercise one of your data protection rights.

How to contact the appropriate authorities

Should you wish to make a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.