Unite Network AG (hereinafter referred to as “Unite”) as the operator of Mercateo Unite takes the protection of your data very seriously and maintains the Mercateo Unite platform in accordance with the applicable data protection law which includes the guidelines from the EU General Data Protection Regulation (referred to hereinafter as GDPR). The following illustrates how and to what extent your personal data is processed.
1. General information
Unite Network AG
04109 Leipzig, Germany
Should you have any other queries which could not be answered in this data protection statement, you may contact our data protection officer at firstname.lastname@example.org.
Henry Freiberg is the Data Protection Officer of Unite and the entire group of companies.
The responsible regulatory body for the entire Mercateo group is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
91522 Ansbach (Germany)
2. Data processing upon access to our website
When you visit our website, information such as
- the IP address,
- the date and time of access,
- the name and URL of the retrieved file,
- the website from which this website was accessed (referrer URL),
- the browser you use and, possibly, the operating system of the device you use to connect to the internet as well as the name of your access provider is automatically transmitted to our server and temporarily stored.
The processing is lawful in accordance with article 6, paragraph 1, item f) of the GDPR. This legitimate interest serves the following purposes:
- optimising the connection,
- ensuring and optimising the user-friendliness and handling of the website,
- ensuring the security and stability of the system
- as well as threat protection and prosecution following a cyberattack.
3. Data processing upon registration
Mercateo Unite offers the possibility to register as a customer and/or provider. A password-protected account is created in the process. Which data is collected can be seen in the entry mask which the user has to fill in upon registration. This data is solely used for internal long-term storage of your personal data in a password-protected account. The IP address, the date and time of registration are stored as well. Moreover, a verification may take place to determine that the person signing up is not a consumer. This verification is completed to exclude consumers as the platform is solely geared towards B2B customers. The processing of this data is lawful in accordance with article 6, paragraph 1, item b) of the GDPR.
4. User management by the account holder
Through the user management, the account holder may name certain users as buyers and/or requesters for the account holder. The account holder manages and organises their users. In the process, the account holder can access the information about the users that was entered and generated. The account holder can do the following:
- adjust user settings
- allow or delete account access for the user
- access and store the data of the user account
5. Data processing in the order process
Data is processed when an order is placed in order to complete all operations relating to the order. This procedure is lawful in accordance with article 6, paragraph 1, clause b) of the GDPR. Which data is processed can be seen in the entry mask which you fill in upon ordering. The following data is processed to execute the sales agreement: Your e-mail address is used to communicate with you electronically about your order and its processing. This kind of processing is lawful in accordance with article 6, paragraph 1, clause c) of the GDPR. To fulfil the contractual obligations, the order data is transmitted to the provider, who is the seller, and, if applicable, their transport personnel delivering the goods or rendering the services, to use the data for this purpose. This kind of processing is lawful in accordance with article 6, paragraph 1, clause b) of the GDPR. If you use the Single Creditor model, the data is forwarded to Unite Financial Services GmbH, Neumarkt 9, 04109 Leipzig. Unite Financial Services GmbH is commissioned with the billing, acceptance and forwarding of payments using a payment service provider. The payment service provider in this particular case is Wirecard Bank AG, Einsteinring 35, 85609 Aschheim. If the Single Creditor model is used, a credit check may be conducted. We submit the personal data required for a credit check (name and surname of the managing director, company, and address data) to the following agencies:
a) Creditsafe Deutschland GmbH, Charlottenstr. 68-71, 10117 Berlin, Germany b) Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Germany c) Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
The evaluation is carried out based on mathematical-statistical procedures. In order to calculate the probability value, your address data will also be used. You may object to the submission of your data to the credit agencies in text form (e.g., e-mail, fax, and letter) at any time. In the case of an objection, Unite reserves the right to offer no other type of payment than prepayment. The credit check is lawful in accordance with article 6, paragraph 1, clause f) of the GDPR. Our legitimate interest is based on the fact that we advance funds, depending on the payment method, and seek to maintain an as low as possible financial risk for us.
6. Messaging service on this website
For the messaging service on this website, details on the time when the message was written, your e-mail address and, if you do not post anonymously, your chosen user name are stored in addition to your message. You agree to lawful conduct within the messaging service which means that you will not encourage others to commit crimes against democracy and the rule of law, breach the public peace, commit crimes or promote libel, slander or defamation through your messages. Our messaging services saves the IP addresses of users who write messages. As we do not screen the messages on Mercateo Unite prior to publishing them, we need this data to be able to take action against the author in the event of any legal infringements. As a user of this website, you can subscribe to messages after registering. You will receive a confirmation e-mail to verify that you are the holder of the e-mail address stated in the registration process. You can unsubscribe from this feature at any time by clicking the link in the newsletter.
7. Further data processing
Furthermore, data which you explicitly provide will be collected and recorded. This could apply to individual customer contact, for example, by e-mail, telephone or on the platform, if you use the option to enter data (e.g., login registration, booking form, request forms, feedback comments). You will be informed of the type of data which is intended for collection prior to the respective process if this is not clearly discernible from the type of process to be undertaken (e.g., name and password during login registration or on the ‘User Data’ screen: telephone and e-mail). Moreover, data such as the IP address, date and time might be collected. Furthermore, usage data which you submit when using the platform (executed item searches) and/or which the respective Internet provider discloses when using the platform (amongst others, your computer’s IP address) and/or generates by means of online tracking will be collected. Usage data may include personal or corporate data or make it possible to infer such data. Without your registration or login, anonymous usage data, e.g., the type of browser or operating system which you use or which pages you have visited on the website, will be transmitted by your browser when accessing the platform. The data collected in the process will not be used to identify you or your company. The usage data shall be stored automatically in server log files. This data shall be used to make the handling of any functions on this platform more attractive and improve their efficiency. This represents a legitimate interest to us and is therefore in accordance with article 6, paragraph 1, clause f) of the GDPR.
8. Data processing for advertising purposes
Data processing for advertising purposes represents a legitimate interest to Unite in accordance with article 6, paragraph 1, clause f) of the GDPR as a matter of principle. If you are registered with us, we can process your contact details and inform you about products and services as well as relevant news, irrespective of whether you are subscribed to our newsletter. You have the right to object to the processing of your data for advertising purposes at any time free of charge and with due effect for the future, for the respective communication channel. The contact address for the respective communication channel will be blocked following such an objection relating to any further data processing for advertising purposes. You may submit your objection by e-mail or post to the contact details as specified.
We only send out newsletters after the recipient’s consent in accordance with article 6, paragraph 1, clause a) of the GDPR. Through our newsletter, you will receive information on products/items which are new and/or might interest you, Unite (e.g., e-procurement features), webinars, competitions and events. We do this to pursue advertising purposes of our own and those of third parties, e.g., our suppliers and producers. Subscribing to the newsletter requires a double opt-in. This means that, after entering your e-mail address, you will receive an e-mail asking you to confirm your subscription. This is the only way to prevent others from registering an e-mail address that is not their own. In this process, we log the receipt of the newsletter subscription. This data is used solely for sending out newsletters and is not forwarded to third parties. You may revoke your consent to receiving our newsletter at any time. The link to unsubscribe can be found at the end of every e-mail.
10. Newsletter mailing through the MailChimp e-mail marketing service
We send out newsletters and e-mails with promotional content through MailChimp, a service for sending out newsletters operated by the Rocket Science Group LLC d/s/a, an American limited liability company. The e-mail addresses and names of our newsletter recipients as well as other data from them, as specified in this document, are stored on the MailChimp servers in USA. MailChimp uses this information to send and assess newsletters on our behalf. MailChimp uses this data to optimise and improve its own services. When opening the newsletter, a file is retrieved from the MailChimp servers so that, initially, technical details such as information on the browser, your system as well as your IP address and the time of access is collected. Moreover, it can be determined whether the newsletter was opened, when and which links were clicked. This information serves the technical improvement of the services and the optimisation of the newsletter content. MailChimp has been certified by the EU-U.S. Privacy Shield framework and is obliged to comply with EU data protection requirements. Moreover, we have concluded a data processing agreement with MailChimp. This data processing agreement represents a contract in which MailChimp pledges to protect the information of our users and not to forward them to third parties. Further information on MailChimp and the Privacy Shield data protection agreement is available at: https://mailchimp.com/legal/privacy/ and https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.
11. Third-party websites
Unite does not have any influence on the current content of third-party websites which can be accessed via the platform or on how these websites are operated. Unite shall not be responsible for data protection or for the content of these websites.
12. Recipients outside the EU
We store your data at Unite within the European Union. If we pass on data to third parties, we select the third parties carefully. In doing so, we try to avoid transfer outside the EU. If data is transferred outside the EU, we try to agree standard contract clauses.
Google Analytics Unite uses Google Analytics, a web analysis service provided by Google Inc. (“Google”), CA 94043, 1600 Amphitheatre Parkway, Mountain View, USA, for customising and optimising our website. Google Analytics uses ‘cookies’, which are stored on your computer, to help the website analyse how users use the website. As a rule, the information generated by the cookies about your use of this website will be transmitted to and stored by Google on servers in the United States. The information generated by the cookies includes:
- browser type,
- operating system,
- the website from which this website was accessed (referrer URL),
- IP address,
- date and time of the server request.
This website uses Google Analytics with the IP anonymisation feature (“anonymizeIp”). This means your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states of the Treaty on the European Economic Area. The full IP address will be transmitted to a Google Server in the USA and shortened there only on an exceptional basis. On behalf of Unite, Google will use this information for evaluating your use of the website. For this purpose, reports on website activity will be compiled and other services provided to Unite relating to website activity for market research and tailoring the offer to suit market needs. Google will not associate the IP address transmitted under Google Analytics by your browser with other data held by Google. You may prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we must advise you that in this case, you might not be able to use all functions of this website to their full extent. You may prevent Google from recording the data generated by the cookie and pertaining to your use of the website (including your IP address), or processing this data by downloading and installing the following browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You may also prevent data collection by Google Analytics by clicking the following link. An opt-out cookie will be set up which will prevent the collection of your data when visiting this website in the future: Deactivate Google Analytics.
Facebook Custom Audiences Remarketing Our website uses the Custom Audiences remarketing feature by Facebook Inc. (“Facebook”) 1601 S. California Ave, Palo Alto, CA 94304, USA, by using a Facebook pixel without advanced matching. It allows for tracking of users’ behaviour after they were forwarded to a specific provider’s website by clicking on a Facebook ad. This process enables an assessment of the effectiveness of Facebook ads for statistical and market research purposes and can contribute to optimising future advertising measures. The use of the retargeting feature is based on our legitimate interest to present to you interest-based ads. The collected data is anonymous for us and therefore provides us with no indication of the identity of the users. However, Facebook stores and processes this data so that a connection to the respective user’s profile is possible and Facebook may use the data for its own advertising purposes in accordance with Facebook’s data policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to display ads on and outside Facebook. Moreover, a cookie might be stored on your computer for these purposes. For further information on the collection and utilisation of your data by Facebook as well as your rights and options to protect your privacy in this context, please see Facebook’s data policy at ttps://www.facebook.com/about/privacy/. Alternatively, you can deactivate the Custom Audiences remarketing feature at https://www.facebook.com/settings/?tab=ads#_=_. To do so, you need to be logged into Facebook. Please click here if you wish to deactivate this remarketing feature
LinkedIn conversion tracking and retargeting Our website uses the conversion tracking technology as well as, building upon that, the Matched Audience retargeting feature of the LinkedIn Corporation (“LinkedIn”), 2029 Stierlin Court, Mountain View, CA 94043, USA. The use of the retargeting feature is based on our legitimate interest to present to you interest-based ads. Moreover, we receive anonymous reports of the performance of these ads and information on how you interact with this website from LinkedIn. For this purpose, the LinkedIn Insight Tag was integrated into this website. This tag establishes a connection to LinkedIn servers when you visit this website, provided that you are logged into your LinkedIn account at the same time. LinkedIn links your visit to this website with your personal user account in this manner. For further information on the collection and utilisation of your data by LinkedIn as well as your rights and options to protect your privacy in this context, please see LinkedIn’s data policy at https://www.linkedin.com/legal/privacy-policy. Alternatively, you can unsubscribe from interest-based advertising on LinkedIn at https://www.linkedin.com/psettings/enhanced-advertising. For this purpose, you must be logged into your LinkedIn account. Please click here if you wish to deactivate this feature.
Intercom We use the service of Intercom Inc., 55 Second Street, Suite 400, San Francisco, CA 94105, USA („Intercom“). as a com-munication medium (live chat) and as an analysis service. In this context, we pass on inventory data (such as e-mail, name, company name) as well as usage data based on our legitimate interests (in accordance with Art. 6 Para. 1 lit. f. DSGVO). We pursue the following purposes: • Customer Service • Customer behaviour analysis • Optimization Further information is available at: https://www.intercom.com/legal/privacy. If you do not want this information collected and shared by Intercom, please use the opt-out cookie: Deactivate Intercom
Third parties To ensure that the articles are presented in a lively, optimal manner, we also at times embed videos in the article description on our website. The embedding is executed by a third-party provider. If you access a video, a connection to the respective third-party server will be established and certain information relating to the utilisation will be transmitted. This data is processed in accordance with the respective privacy regulations of the third-party providers. Unite does not have any knowledge of the content of the data collected by the respective third-party providers and does not have any influence on how the data is used.
15. Social media plug-ins
Our website uses social media plug-ins in accordance with article 6, paragraph 1, clause a), clause f) of the GDPR. The advertising purposes of these represent a legitimate interest to us.
Facebook Like feature Plug-ins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, have been integrated into our website. The Facebook plug-ins on our site are marked by the Facebook logo or the Like button. An overview of all Facebook plug-ins is available at: https://developers.facebook.com/docs/plug-ins/. If you visit our website, the plug-in establishes a direct connection between your browser and the Facebook server. Data is transmitted and stored by Facebook as part of this process. Consequently, Facebook receives the information that you visited our website with your IP address. If you click the Like button while logged into your Facebook account, you can link content from our website to your Facebook profile. Therefore, Facebook can link your visit to our website to your user account. Unite does not have any knowledge of what kind of data is transmitted or how it is used by Facebook. For further information on the subject, please see Facebook’s data policy at https://de-de.facebook.com/policy.php. If you do not wish for Facebook to be able to link your visit to our website to your user account, please log out of your Facebook account before visiting our website. You can completely prevent the loading of the Facebook plug-ins through add-ons for your browser, e.g., Facebook Blocker.
Twitter Plug-ins provided by the messaging service of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, have been integrated into our website. The Twitter plug-ins can be recognised by the Twitter logo and the addition “Tweet”. The Twitter plug-in is activated with just one click through which your browser establishes a direct connection to the Twitter servers. This may also lead to a data exchange with other Twitter users. We do not receive any information about the data transmitted to Twitter. We do not have any knowledge about the purpose and extent of the data collected or the subsequent processing and use of the data by Twitter. For further information, please visit https://twitter.com/privacy. Furthermore, you can adjust the privacy settings in the settings of your Twitter account.
XING Plug-ins of the XING network operated by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany, have been integrated into our website. Websites which use the XING Share button establish a short-term direct connection to the XING servers through your browser. The XING Share button features especially serve to calculate and display the counter value. As far as we are aware, XING does not store any personal data about you regarding your visit to this website, in particular, no IP addresses. Your user behaviour is not assessed by using cookies. Information on XING’s data protection policy and the XING Share button feature can be viewed at https://www.xing.com/app/share?op=data_protection. We do not receive any information about the data transmitted to Xing.
16. Deletion of personal data
Upon the suspension of the respective authorisation, in particular after achieving the intended purpose, the data which we have stored shall be blocked from further use and, after the retention period legally required by tax and commercial law, deleted, unless you have expressly consented to the further use of your data or other contractual stipulations have been made.
17. Data security
Suitable technical and organisational measures shall be taken to safeguard your data from unintentional or unlawful deletion, transfer, access, manipulation, loss or any other misuse. For your security, your data shall be encrypted using the SSL (Secure Socket Layer) website certificate. It is an encryption standard which is also used, for instance, in online banking. You can recognise a secure SSL connection by, amongst other things, at the s added to http (https://) in the address bar of your browser or the lock symbol at the bottom of your browser. Please note when using the internet that security depends on several factors and cannot be completely ensured at all times.
18. Overview of your rights
Right of access You have the right to obtain information on the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the source where the personal data is not collected from you directly.
Right to rectification You have the right to obtain the rectification of inaccurate personal data and the completion of correct data.
Right to erasure You have the right to obtain the erasure of your personal data.
Right to data portability You have the right to receive the personal data, which you have provided, in a commonly used and machine-readable format and to demand transmission of this data to another controller.
Right to lodge a complaint Please contact the supervisory authority of your habitual residence or the supervisory authority responsible for us.
Right to restriction of processing You have the right to obtain restriction of processing if the accuracy of the personal data is contested by the data subject, the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead. You may also request a restriction if the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, the data subject has objected to processing pursuant to article 21 of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to object The general right to object shall apply to all purposes of processing of personal described herein and based on article 6, paragraph 1, clause f) of the GDPR. Unlike for the processing described under “Data processing for advertising purposes”, we shall only be obligated to implement the objection if you demonstrate compelling legitimate grounds based on your particular situation.
Last updated 09|2018