Unite (hereinafter ‘Unite’ or ‘we’), takes the protection of your personal data seriously. We provide our B2B online platforms and associated services in accordance with applicable national and international data protection laws, in particular Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter: GDPR). In the following, we inform you about the nature, extent and purpose of the processing of your personal data by Unite as ‘data controller’.
For the purposes of this Privacy Notice, the data controller is the Unite national subsidiary (i) specified in the Imprint of the respective website or (ii) which operates the procurement platform for the territory where the delivery will take place.
An overview of Unite’s national subsidiaries and the individual contract territories is available at https://unite.eu/en-global/contractual-partners.
If you have any questions that aren’t answered in this Privacy Notice, please contact us at firstname.lastname@example.org. To contact our Data Protection Officer directly, please send your enquiry to the following address indicating that it is ‘for the attention of the Data Protection Officer’:
Unite – Data Protection Officer
Grimmaischer Steinweg 8
Or to: email@example.com
The lead supervisory authority in the EU is the Bayerische Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27, 91522 Ansbach (Germany).
1 Data processing when using our websites
When you visit our websites, various information, such as your IP address, is transferred automatically to our servers and temporarily stored with us. This is based on our legitimate interest (e.g. pursuant to Article 6 (1) lit. f) GDPR) in processing data for the purposes of
Optimising the connection
Ensuring and optimising the user-friendliness and handling of our website
Ensuring system security and stability
Hazard prevention and criminal prosecution in the event of a cyberattack.
More information about data processing on our websites using cookies and similar technologies is available in the cookie banner when you visit our website for the first time. You may access our cookie banner and settings at any time via the ‘Privacy settings’ link in the footer of each of our websites.
2 Registration and access
If you choose to register yourself or your company on our B2B online platforms, a password-protected account with direct access to your data that is stored with us (Unite account) is created pursuant to the General Terms and Conditions Unite.
If a Unite account is not used for more than four years (login), we reserve the right to close the account for privacy and security reasons.
We process personal data in order to provide access to our services (performance of contract) and on the basis of our legitimate interest in processing the data of the person acting for the registering company (e.g. Article 6 (1) lit. b) and f) GDPR).
3 Account administration
The owner of a Unite account may independently add and manage users and companies to the account. The account owner has the following options:
Configure user settings
Grant or terminate user access
Access and save user account data
We may merge Unite accounts following duplicate checks carried out by Unite or the user.
We process this data to perform the contract as well as on the basis of our legitimate interest (e.g. Article 6 (1) lit. b) and f) GDPR).
4 Data from public sources and company databases
We use information from public sources, such as the commercial register or special company databases, to complete necessary company data. This data is processed on the basis of our legitimate interest (e.g. Article 6 (1) lit f) GDPR).
5 Data processing when placing orders
When an order is placed, we process personal data to perform the contract and this is done in our legitimate interest. The purpose is to accept, confirm, process and document order transactions. We use your email address to communicate with you electronically about your order and its processing. To fulfil our contractual obligations, we forward order data to the respective upstream supplier that is responsible for delivering the goods. In doing so, it may be necessary to forward personal contact details (email address and/or telephone number) to the upstream supplier and/or its transport service provider in order to coordinate delivery of the ordered goods.
Orders with third parties
If a contract is concluded directly with a third party via our platform(s), we will forward all data required for contract performance to this third party (e.g. Article 6 (1) lit. b) and f) GDPR).
We process personal payment and invoice data in order to ensure completion of the order. If the order is handled by third parties, the necessary data will be forwarded to them.
If debts remain unpaid despite repeated reminders, we reserve the right to forward the necessary personal data to legal and debt collection services.
6 Customer and business partner verification
Verification of business customers
We check that our business partners (customers/suppliers) meet the access requirements defined in the Terms and Conditions. As the platform is intended solely for businesses, we must carry out this check to exclude consumers.
We process this data (e.g. copy of a trade licence) to perform the contract as well as on the basis of our legitimate interest.
As a seller, we are entitled to make credit checks in order to assess the risk of non-payment or loss of outstanding receivables. On the basis of our legitimate interest and as part of such checks, we forward the necessary data, such as the first and last name of the economic beneficiary, the company name and address details to one of the following credit agencies and receive corresponding credit rating information in return:
a) Creditsafe Deutschland GmbH, Schreiberhauer Straße 30, 10317 Berlin, Germany or
b) Verband der Vereine Creditreform e. V., Hellersbergstraße 12, 41460 Neuss, Germany or
c) Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
d) Crif GmbH, Rothschildplatz 3, A-1020 Vienna, Austria (for orders outside Germany)
e) Coface Central Europe Holding AG, Marxergasse 4c, 1030 Vienna, Austria
f) Crif AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland (for orders within Switzerland)
We use your order data to detect an atypical order. This is to prevent fraud and is carried out in our legitimate interests.
Sanction list check
We cross-check business partners against various sanctions lists. To make such checks, we collect identification data and use it to make comparisons. Not only are we legally obliged to make such checks, they are also in our legitimate interest.
Money laundering checks
If we or our affiliated companies use services that require identification in accordance with applicable money laundering legislation (especially KYC checks), we do this to meet legal requirements.
7 Communication and usage data
We may collect and store data which you voluntarily provide to us, e.g. when contacting us by email, telephone or other means (such as by chat or when using the appointment booking or contact form). We will inform you about the type of data we need to collect before the respective process is carried out, if this is not apparent from the process itself. The data is used to improve our services and make any necessary contact with you.
Data such as your IP address, the date and time may also be collected.
We will also collect usage data created by you when using the platform (e.g. when using the search option). This usage data may include personal data or enable conclusions to be drawn about such data. Usage data is stored automatically in server log files, and serves the purpose of making the usage of the platform’s features more attractive as well as to ensure and improve their efficiency. This constitutes a legitimate interest for us.
We sometimes carry out customer surveys to improve our services. Participation in these surveys is voluntary. If personal data is collected during a survey, we process the data on the basis of our legitimate interest, unless you have given your consent.
8 Sales activities and customer development
Publicly available company and contact data as well as company and order data of a company at Unite may be used to determine customer development potential and to make contact with the aim of providing sales or procurement support to the company. If personal data is processed as part of this, this is based on Unite’s legitimate interest (e.g. Article 6 (1) lit. f) GDPR).
9 Data processing for advertising purposes and newsletters
Data processing for advertising purposes constitutes a legitimate interest for Unite. Unite is entitled to process your contact data and advise you of products and services as well as relevant news or invitations to surveys, regardless of whether you have subscribed to our newsletter. Right to object: You have the right to object to the processing of your data for advertising purposes at any time. You can object by clicking on the unsubscribe link (at the end of advertising emails), by email or by post. Please note that it may take a few days for your objection to be fully processed.
Unite or its affiliated companies (https://unite.eu/en-global/contractual-partners) send advertising emails/newsletters following prior registration (consent, e.g. in accordance with Article 6 (1) lit. a) GDPR).
The newsletters may contain information about new and/or interesting products/items as well as information about Unite and its partners, webinars, competitions and events. This is a form of advertising for both Unite and third parties (suppliers, manufacturers and partners).
Subscribing to the newsletter requires a double opt-in procedure. This means that after entering your email address, you will receive an email after registration asking you to confirm your subscription. This is the only way to prevent others from signing up with an email address that is not their own. We log subscriptions to the newsletter. You can withdraw your consent to receiving the newsletter at any time. A link to unsubscribe is included at the end of every email. Please note that it may take a few days for your objection to be fully processed.
We may use tracking technologies to analyse general user behaviour. The data collected may include the open rate and the click rate.
10 Sharing data with third parties
We use third parties, in particular processors, to provide IT infrastructure, such as customer management systems, hosting services and communication services. These third parties are selected carefully and in compliance with the applicable data protection legislation.
Other potential recipients of your data are referred to in the above sections, in particular in sections 1 and 5. If a legal obligation or legal prosecution and enforcement proceedings arise, authorities, courts and external auditors may receive your data.
11 Data transfer to third countries
We attach great importance to processing data within the EU. At Unite, we therefore store data in data centres that are located within the EU (primarily in Germany).
If data is transferred to service providers in countries outside the EU, we ensure that the transfer takes place in accordance with the applicable data protection legislation. We operate in accordance with the adequacy decisions of the European Commission or use standard contractual clauses that are published by the European Commission.
12 Duration of data storage
We only store personal data for the amount of time that is required for the respective processing purpose. We also store data for the period required by commercial and tax regulations or where we have a legitimate interest in retaining the data for documentation purposes or for securing evidence; this especially applies during ongoing limitation periods for any claims.
13 Data security
We take the necessary and appropriate technical and organisational measures to guarantee an appropriate level of protection for your data. In doing so, we take into account the state of technological knowledge, the cost of implementation, and the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and the extent of the risks to the rights and freedoms of data subjects.
For your security, your data is encrypted using an SSL (Secure Sockets Layer) website certificate.
14 Rights of the data subject
Right of access: You are entitled to receive information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your personal data has been or will be disclosed, the intended storage period and the source of your personal data, if it was not collected from you directly.
Right to rectification: You are entitled to request the rectification of inaccurate data as well as the completion of correct data.
Right to deletion and restriction: You are entitled to request the deletion of your personal data or alternatively to request the restriction of processing in accordance with the legal requirements.
Right to data portability: You are entitled to receive personal data which you have provided in a commonly used, machine-readable format, or to have it transmitted to another data controller.
Right to lodge a complaint: Please contact the supervisory authority for your habitual residence or the supervisory authority responsible for us.
Right to object: You can object to all data processing described here that is carried out on the basis of our legitimate interest (e.g. Article 6 (1) lit. f) GDPR). Unlike the data processing described in the section ‘Data processing for advertising purposes and newsletters’, we are only required to accept the objection request if you demonstrate compelling legitimate grounds based on your particular circumstances.
To exercise your rights, please contact firstname.lastname@example.org.