Data Privacy Policy of UNIT4 GmbH & Co. KG

In this Data Privacy Policy, we inform you about the following topics:

1: Data processor and data protection officer; scope of application

2: General principles on the processing of your personal data

3: Use of our WEBSITE for information (logfiles, cookies)

4: Contact/feedback

5: External links

6: Business relationship

7: Job application

8: Data security

9: Your rights

10: Changes to this Data Privacy Policy

1.Data processor and data protection officer; scope of application

(1) We, UNIT4 GmbH & Co. KG, Regerstraße 19, 70195 Stuttgart, Germany, phone no.: +49 (0) 711 263459-0, fax: +49 (0) 711 263459-10, email: info@unit-4.com, operate the websites which is accessible at unit-4.com (hereinafter also referred to as “WEBSITE”) and are the data controller responsible for the processing of personal data relating to you, the user of our WEBSITE (“You”) in accordance with Art. 4 (7) EU General Data Protection Regulation (“GDPR”).

Our data protection officer is Ariane Schepp (Kuhn-privacy Dr Norbert Kuhn), Heustraße 3, 70174 Stuttgart, Germany, email: datenschutz@unit-4.com.

(2) We want to inform You,

  • as a visitor of our WEBSITE (cf. Sec. 3 to Sec. 5);
  • as our business partner or other person with whom we communicate in the course of our business activity (cf. Sec. 6);
  • as our job applicant (cf. Sec. 7)

in depth about the dissemination of your personal data within the scope of our duties to provide information (cf. Sec. 2). In addition, we want to inform you about the accompanying protection measures, which we have also taken in technical and organisational respects with regard to our WEBSITE (Sec. 8) and about your rights concerning the processing of the personal data relating to You (Sec. 9).

2. General principles on the processing of your personal data

(1) Personal data is any and all information relating to an identified or identifiable natural person. Your personal data consequently includes all data, which can be attributed directly or indirectly to You as a person, such as your name, address, phone number or email address.

(2) Personal data are processed by US primarily only if and insofar as

  • You have consented to the data processing for one or more specific purposes (Art. 6 (1) sent. 1, lit. a) GDPR);
  • the processing is necessary for the performance of a contract to which You are a party or in order to take steps on your request prior to entering a contract (Art. 6 (1) sent. 1, lit. b) GDPR);
  • the processing is required for the compliance with a legal obligation that is incumbent on us (Art. 6 (1) sent. 1, lit. c) GDPR); or
  • the data protection is necessary for purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by Your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 (1) sent. 1, lit. f) GDPR).

(3) We explain in the following provisions of this Data Privacy Policy which of the legal bases listed in para. 2 or which other legal bases we take for the processing of your personal data in the individual case.

(4) We contract service providers for the processing of your data in some cases. These service providers have been carefully selected and contracted by us, they are bound by our instructions, and they are reviewed on a regular basis. Furthermore, we may transfer your personal data to third parties if signing contracts or similar services are offered by us jointly with partners. You will receive more information about this when you provide your personal data or in the following provisions of this Data Privacy Policy. We also inform You hereinbelow in this Data Privacy Policy of the consequences resulting when our service providers or partners maintain their registered offices in a state outside of the European Economic Area (EEA).

3.  Use of our WEBSITE for information

3.1 Log data

(1) Of your data, we gather such data in the context using our WEBSITE, which are transmitted automatically by your internet browser to our server. The following data are gathered in this process:

  • IP address of the requesting computer
  • Date and time of the retrieval
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the retrieval (concrete page)
  • Access status/HTTP status code
  • Respectively transferred data volume
  • Referrer website
  • Browser
  • Language and version of the browser software

(2) We require these data for technical reasons to facilitate your use and the functionality of our WEBSITE, in particular to display the WEBSITE and ensure the security and stability of the WEBSITE. These data are not linked to the personal data of an identifiable natural person. Our legitimate interest is a functioning website. The legal basis is Art. 6 (1) sent. 1, lit. f) GDPR.

(3) We will delete these data as soon as they are no longer needed to achieve the purpose for which they were gathered. Your data including your IP address will be stored for up to 14 days. Your IP address will be truncated by the last octet (unit) and, thus, it will be stored exclusively in anonymised form. The temporary storing of the IP address by our system is necessary to fix bugs on our WEBSITE and defend against threats.

3.2  Cookies

(1) We use cookies for our website. Cookies are small text files stored on your storage medium (e.g. hard drive, SSD), which is attributed to the browser You use, sending certain information to the party having set the cookie (who is us in this case). A cookie cannot execute any programs or transfer malware to your computer on its own.

(2) Our WEBSITE uses persistent cookies. Persistent cookies are deleted automatically after a prescribed period, which can differ depending on the cookie.

(3) If personal data are processed by individual cookies, the processing takes place in accordance with Art. 6 (1) sent. 1, lit. f) GDPR for the protection of our legitimate interests in the best possible functionality of our WEBSITE.

(4) You can prevent the storing of the Cookies by means of a corresponding setting of your browser software; however, we point out that you might not be able to use all functions of our WEBSITE to the full extent in that case.

4.  Contact/feedback

(1) If You contact us, for example, to give us your feedback, the contact details You indicate (e.g. first and last name, email address, phone number) will be processed for responding to your enquiries and/or suggestions sent by email.

(2) The legal basis for the processing of the data is Art. 6 (1) sent. 1, lit. f) GDPR.

(3) Unless legal retention periods are opposed to a deletion of your personal data, we will delete them as soon as they are no longer needed to achieve the purpose for which they were gathered.

(4) Enquiries from businesses (B2B) are furthermore subject to the additional information for business partners under Sec. 6 and requests relating to job applications are subject to the information contained in Sec. 7 of this Data Privacy Policy.

5.  External links

(1) We have integrated links on our WEBSITE referring to the internet appearances of third parties. This Data Privacy Policy does not determine the processing of personal data on such third-party websites. We recommend that You read the data privacy statements on the external websites to which we link and which you visit.

(2) Our WEBSITE also refers by links to external map contents of Google Maps by the provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) and to external videos of YouTube, a service provided by Google. By clicking on the respective link, You will be forwarded to the external map content or the external video. Thus, we do not transfer your data to Google. We are not responsible for the further processing of your data by Google. You can find information on the purpose and scope of the data gathering and the data gathering by Google in the data privacy policy of Google. You can also find more information there about your rights and configuration options in this respect for the protection of your data privacy: http://www.google.de/intl/de/policies/privacy.

6.  Business relationship

(1) If you are a business partner of ours (e.g. customer or supplier), we also process, besides the information about your business, information about your person (e.g. contact details) or further persons at your business. Your personal data are essentially recorded directly by you yourself (e.g. by placing orders) or in the course of handling by us, insofar as this is necessary for the execution of the business relationship. A change of contact partners on your end can subsequently also cause the further gathering of personal data relating to employees of your business.

(2) Their data will be stored and processed electronically primarily for the purpose of performing the contract concluded between us and You. We can contact You by using the data recorded of You for the purpose of communication in the context of the performance of the contract (e.g. offers, orders, order confirmations, delivery slips and/or invoices). This can also take place using postal address(es), email address(es) or phone and fax number(s). The technical and substantive provisions of the contracts, in particular its content, specifications and prices, can be performed with the stored data. The legal basis for this is Art. 6 (1) sent. 1, lit. b) GDPR.

(3) We can also send information and messages relating to your business relationship with us to You, using the contact details You have given us, and offer You the opportunity to initiate new business transactions. The legal basis for this is Art. 6 (1) sent. 1, lit. f) GDPR. If we receive a response from you regarding these messages, aiming at concluding a contract with us, the additional legal basis for the processing of your data is Art. 6 (1) sent. 1, lit. b) GDPR.

(4) In some cases, we contract service providers for the processing of your data, who need your data to fulfil our contractual and legal obligations or who may process your data based on our legitimate interest. These service providers have been carefully selected and contracted by us, they are bound by our instructions, and they are reviewed on a regular basis. By the way, your data will only be transferred to third parties if this is required for the performance of the contract or if You expressly agree to the transfer. The legal basis for this is Art. 6 (1) sent. 1, lit. b) GDPR or Art. 6 (1) sent. 1, lit. a) GDPR in the case of your consent.

(5) We generally do not transfer your personal data to states outside of the European Union or the European Economic Area (third countries) or to international organisations. It can occur, however, that in the context of obligations resulting from contracts between us and You, as our business partner, data must be transferred to a third country. Such a transfer will be done only after a close check and evaluation and only if the special conditions of Art. 44 seqq. GDPR are fulfilled (e.g. ruling of appropriateness by the EU Commission, standard data protection clauses, binding internal data protection rules, derogations for specific situations under At. 49 GDPR).

(6) Unless legal or contractual retention periods are opposed to a deletion of your personal data, we will delete them as soon as they are no longer needed to achieve the purpose for which they were gathered. This is normally the case if a business relationship with You or your business no longer exists and if no further communication can be expected.

(7) If You are already a customer with us, we can set up a customer account for you on request. In order to set up a customer account, it is required that you inform us of your email address and telephone number. We will store all further data You indicate in the customer account for later queries and orders.

7.  Job application

(1) If you are applying for a job at our agency, we will process the personal data that You send to us by email, for example. We do not need information from you, which cannot be utilised pursuant to the Equal Treatment Act (e.g. race, ethnic origin, religion or ideology, age, sexual orientation). Please also do not transfer any information relating to pregnancy, political ideologies, philosophical or religious beliefs and membership in a labour union to us.

(2) The processing of your personal data takes place exclusively for the purposes of staffing jobs at our agency. Your personal data will not be transferred, unless you have given us your explicit consent for this. However, it can occur in certain cases that personal data must be transferred to external entities such as public institutions (authorities and offices, etc.) or external service providers or other recipients.

(3) The primary legal basis for the processing of your personal data is Art. 88 (1) GDPR in conjunction with Sec. 28 (1) BDSG [Federal Data Protection Act] and, if applicable, Art. 6 (1) sent. 1, lit. b) GDPR.

(4) If we do not have a job for You, we will delete your data at the latest 3 months following the end of the application process, unless You give us your consent that we may store your job applicant data for a longer period.

8.  Data security

(1) We will take technical and organisational security measures, in order to protect your personal data arising or gathered, in particular from accidental or intentional manipulations, loss, destruction or attacks by unauthorised persons. Our security measures are being improved continuously according to technological progress.

(2) Our WEBSITE is encrypted by means of SSL technology to prevent access by unauthorised third parties. You can recognise the secure transmission by the protocol designation “https://” in the URL field.

9.  Your rights

(1) Regarding the processing of the personal data relating to you, you have the rights listed below under lit. a) to h) on the applicable legal conditions. For this, please contact our data protection officer. You can find the contact details in Sec. 1.

a)  Right to obtain confirmation

You can request a confirmation from us according to Art. 15 GDPR as to whether personal data relating to you is being processed by us. In that case, you have a right pursuant to Art. 15 (1) GDPR to be informed of the processing purposes, the categories of processed personal data, the recipients or categories of recipients to whom we have disclosed the personal data or to whom we will yet disclose them, the planned storage duration or criteria for the determination of the storage duration, the erasure of a right to correction or erasure of your personal data, and of the restriction of the processing or objection to the processing, the existence of a right to lodge complaint with a supervisory authority, the origin of data if we have not gathered the data from You, the existence of automated decision-making including profiling and, according to Art. 15 (2) GDPR, You have the right to be informed of the suitable guarantees according to Art. 46 GDPR in the context of the transmission of personal data to third countries.

b)  Right to correction

You can request the immediate correction and/or the completion of your personal data from us in consideration of the purposes of the processing, insofar as your data are incorrect or incomplete.

c)  Right to erasure

You can request us to perform the immediate erasure of your personal data if a reason for this pursuant to Art. 17 (1) lit. a) to f) GDPR is given. However, the right to erasure of your personal data does not apply, in particular, if their processing is required for the exercise of the right of free speech and information in order to comply with a legal obligation, or for reasons of public interest or for the establishment, exercise or defence of legal claims (Art. 17 (3) GDPR).

d)  Right to restrict the processing

You have the right to request that we restrict the processing of your personal data according to Art. 18 GDPR for a period enabling us r to verify the accuracy of the personal data, which is contested by you; if the processing is unlawful and You oppose the erasure of personal data and instead request the restriction of the use of your data; if You require your data for the establishment, exercise or defence of legal claims; or if you have objected to the processing, pending the verification whether our legitimate grounds are overriding yours.

e)  Right to information

In accordance with Art. 19 GDPR, we will inform all recipients to whom your personal data have been disclosed of any correction or erasure of your personal data or a restriction of their processing pursuant to Art. 16, Art. 17 (1) and Art. 18) GDPR, unless this proves to be impossible or involves disproportionate effort. You have the right according to Art. 19 sent. 2 GDPR against us to be informed of these recipients on request.

f)  Right to data portability

You have the right in accordance with Art. 20 GDPR to receive your personal data, which You have provided to us in a structured, common and machine-readable format and to transmit these data to another data controller, insofar as the further conditions of Art. 20 GDPR apply, in particular provided that this is technically feasible.

g)  Right to object

If we base the processing of your personal data on the legitimate interest pursuant to Art. 6 (1) sent. 1, lit. f) GDPR, you can object to the processing according to Art. 21 GDPR. This case applies when the processing is specifically not required for the performance of a contract with You, as explained by us in each of the prior offer descriptions. If you exercise such an objection, we ask for a statement of the reasons as to why your personal data should not be processed by us. In the event of your justified objection, we will check the facts and either cease processing the personal data in accordance with Art. 21 (1) sent. 2 GDPR or we will prove our compelling reasons for the processing, which are qualified for protection and override your interests, rights and freedoms. Further processing remains reserved in addition if the processing serves the purposes of the establishment, exercise or defence of legal claims.

Of course, You can object at any time to the processing of your personal data for the purposes of advertising and profiling pursuant to Art. 21 (2) GDPR, where this relates to direct advertising.

You can inform us or our data protection officer using the contact details indicated under Sec. 1.

h) Right to revoke the consent

You have the right according to Art. 7 (3) GDPR to revoke a consent, if any, which You may have given in accordance with data protection regulations, at any time with effect for the future. However, this will not affect the legitimacy of the processing, which has taken place based on your consent up until the date of the revocation.

(2) Should you believe that the processing of your data violates data protection regulations, You also have the right to lodge complaint with a supervisory authority in accordance with Art. 77 GDPR. Please contact a supervisory authority in the Member State of your residence, your place of work or the place of the potential violation.

10.  Changes to this Data Privacy Policy

We reserve the right to change this Data Privacy Policy at any time with effect for the future. Its respectively current version is available on our WEBSITE. Please visit the WEBSITE regularly and find the applicable Data Privacy Policy for your information.

Status: 20 October 2020