Privacy Policy
Privacy Policy
This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the scope of providing our services as well as within our online offering and the associated websites, features, and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering"). With regard to the terminology used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Unitz IT GmbH
Michiganseestr. 3, 10319, Berlin
Managing Directors: Ngoc Hoang Pham
https://www.unitz.app/datenschutz/
Types of processed data
- Inventory data (e.g., personal master data, names, addresses)
- Contact data (e.g., email, phone numbers)
- Content data (e.g., text inputs, photographs, videos)
- Usage data (e.g., visited websites, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Categories of data subjects
Visitors and users of the online offering (hereinafter also collectively referred to as "users").
Purpose of processing
- Providing the online offering, its functions, and content
- Responding to contact inquiries and communicating with users
- Security measures
- Reach measurement/marketing
Terminology Used
-
"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more specific factors expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
-
"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
-
"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
-
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
-
The term "controller" refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
-
"Processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Relevant Legal Bases
In accordance with Article 13 of the GDPR, we inform you of the legal bases of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the EEA, the following applies if the legal basis is not mentioned in the privacy policy:
- The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR;
- The legal basis for processing for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract is Article 6(1)(b) GDPR;
- The legal basis for processing for compliance with a legal obligation is Article 6(1)(c) GDPR;
- The legal basis for processing for the protection of vital interests of the data subject or of another natural person is Article 6(1)(d) GDPR;
- The legal basis for processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) GDPR;
- The legal basis for processing for the purposes of the legitimate interests pursued by the controller or by a third party is Article 6(1)(f) GDPR.
- The legitimate interests pursued by the controller or by a third party may include processing for direct marketing purposes.
Security Measures
In accordance with legal requirements and considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, disclosure, ensuring availability, and separation thereof.
Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data, and response to data breaches. Additionally, we consider the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.
Collaboration with Data Processors, Joint Controllers, and Third Parties
If, in the course of our processing, we disclose data to other individuals and companies (data processors, joint controllers, or third parties), transmit it to them, or otherwise grant them access to the data, we do so only on the basis of a legal permission (e.g., if transferring data to third parties such as payment service providers is necessary for contract fulfillment), if users have consented, if a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).
If we disclose data to other companies within our corporate group, transmit it to them, or otherwise grant them access, this is done particularly for administrative purposes as a legitimate interest and furthermore based on a legal basis corresponding to legal requirements.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation) or if this occurs in the context of using third-party services or disclosing or transferring data to other individuals or companies, this is done only if necessary to fulfill our contractual obligations, based on your consent, on a legal obligation, or on the basis of our legitimate interests.
Subject to explicit consent or contractually required transfers, we process or allow data to be processed only in third countries with a recognized level of data protection, including those certified under the "Privacy Shield" framework, or based on special guarantees such as contractual obligations through so-called standard data protection clauses of the EU Commission, the existence of certifications, or binding corporate rules (Articles 44 to 49 GDPR, information page of the EU Commission).
Rights of Data Subjects
-
Right to Information: You have the right to request confirmation of whether relevant data is being processed and to receive information about this data and further information and copies of the data in accordance with legal requirements.
-
Right to Rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the correction of incorrect data concerning you.
-
Right to Erasure and Restriction of Processing: You have the right, in accordance with legal requirements, to demand that relevant data be deleted immediately or, alternatively, to demand that processing of the data be restricted.
-
Right to Data Portability: You have the right, in accordance with legal requirements, to receive the data concerning you that you have provided to us in a structured, common, and machine-readable format or to request its transmission to another controller.
-
Right to Lodge a Complaint with a Supervisory Authority: You also have the right, in accordance with legal requirements, to lodge a complaint with the competent supervisory authority.
-
Right to Withdraw Consent: You have the right to withdraw consent given for the future at any time.
-
Right to Object: You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling to the extent that it is related to such direct marketing.
Cookies and Right to Object to Direct Advertising
"Cookies" refer to small files stored on users' computers. Different information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering.
Temporary cookies, or "session cookies" or "transient cookies," are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie can, for example, store the contents of a shopping cart in an online shop or a login status.
"Permanent" or "persistent" cookies are cookies that remain stored even after the browser is closed. For example, the login status can be stored if users visit the site again after several days. Similarly, the interests of users can be stored in such a cookie, which are used for audience measurement or marketing purposes.
"Third-party cookies" are cookies offered by providers other than the responsible party operating the online offering (otherwise, if they are only its cookies, they are called "first-party cookies").
We may use temporary and permanent cookies and provide information about this in our privacy policy.
If we ask users for consent to use cookies (e.g., as part of a cookie consent), the legal basis for this processing is Art. 6(1)(a) GDPR. Otherwise, the personal cookies of users are processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR) or, if the use of cookies is necessary for the performance of our contractually related services, pursuant to Art. 6(1)(b) GDPR, or if the use of cookies is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, pursuant to Art. 6(1)(e) GDPR.
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. The exclusion of cookies can lead to functional limitations of this online offering.
A general objection to the use of cookies for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that not all functions of this online offering may then be used.
Deletion of Data
The data processed by us will be deleted or its processing restricted in accordance with legal requirements. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing deletion.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Changes and Updates to the Privacy Policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation action (e.g., consent) or other individual notification.
Agency Services
We process the data of our customers within the framework of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.
In doing so, we process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., email, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., contract object, term), payment data (e.g., bank details, payment history), usage and metadata (e.g., within the scope of evaluating and measuring the success of marketing measures).
We generally do not process special categories of personal data, unless these are part of commissioned processing. The data subjects include our customers, interested parties, as well as their customers, users, website visitors, or employees, and third parties. The purpose of processing is to provide contractual services, billing, and our customer service.
The legal basis for processing is derived from Art. 6(1)(b) GDPR (contractual services), Art. 6(1)(f) GDPR (analysis, statistics, optimization, security measures). We process data that are necessary for the establishment and performance of contractual services and point out the necessity of their disclosure.
Disclosure to third parties only takes place if it is necessary within the framework of an order. When processing the data provided to us within the framework of an order, we act in accordance with the instructions of the client and the legal requirements of order processing pursuant to Art. 28 GDPR and do not process the data for any other purposes than those specified in the order.
We delete the data after the expiration of statutory warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiration (6 years, pursuant to § 257(1) HGB, 10 years, pursuant to § 147(1) AO). In the case of data disclosed to us within the scope of an order by the client, we delete the data in accordance with the specifications of the order, generally after the end of the order.
Administration, Financial Accounting, Office Organization, Contact Management
We process data within the scope of administrative tasks and organization of our business, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process within the scope of providing our contractual services. The processing bases are Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR.
Affected parties include customers, interested parties, business partners, and website visitors. The purpose and our interest in processing lie in administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks, and provision of our services.
The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned for these processing activities.
We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, organizers, and other business partners, e.g., for the purpose of later contact. We generally store this predominantly company-related data permanently.
Personnel Recruitment / Recruiting
The processing of the data you provide in the context of the application process is carried out to conduct the application process. Insofar as these are necessary for our decision to establish an employment relationship, the legal basis is Art. 88(1) GDPR in conjunction with § 26(1) BDSG.
Further data is voluntary and not required for an application. If you provide further information, the legal basis is your consent (Art. 6(1) S. 1 lit. a GDPR).
We pass on your data to the responsible employees of the HR department and to the other employees involved in your application process.
You can also send us your application via email to work@unitz.app.
If you have given us your consent to use your data for further application processes, we will only delete your data one year after receiving your application (Art. 6(1) S. 1 lit. a GDPR). Otherwise, we will delete your data at the latest 180 days after receiving your application.
Contact
When contacting us (e.g., via contact form, email, telephone, or via social media), the user's details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6(1) lit. b. (in the context of contractual/pre-contractual relationships), Art. 6(1) lit. f. (other inquiries) GDPR. User details may be stored in a customer relationship management system ("CRM system") or comparable request organization.
We delete the requests if they are no longer necessary. We review the necessity every two years; Furthermore, the statutory archiving obligations apply.
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google uses cookies. The information generated by the cookie about the use of the online offer by users is usually transferred to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering, and to provide us with further services associated with the use of this online offering and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
If we ask users for consent (e.g., as part of a cookie consent), the legal basis for this processing is Art. 6(1)(a) GDPR. Otherwise, the personal data of users is processed based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR).
Insofar as data is processed in the USA, we would like to point out that Google is certified under the Privacy Shield agreement and thereby assures compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Further information on data use by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
The personal data of users will be deleted or anonymized after 14 months.
Integration of Third-Party Services and Content
We base the integration of content or service offerings from third-party providers within our online offering on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always presupposes that the third-party providers of this content perceive the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to only use content whose respective providers use the IP address solely for the delivery of the content.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated.
The pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, visit time, as well as other information about the use of our online offering, as well as be linked to such information from other sources.
Youtube
We integrate the videos of the platform "YouTube" of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Google Maps
We integrate the maps of the service "Google Maps" of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include IP addresses and user location data, which, however, are not collected without their consent (usually carried out within the settings of their mobile devices). The data can be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Within our online offering, functions and content of the Twitter service, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be integrated. This may include content such as images, videos, or texts and buttons with which users can share content from this online offering within Twitter. If users are members of the Twitter platform, Twitter can assign the call of the above-mentioned content and functions to the profiles of the users there. Twitter is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
Within our online offering, functions and content of the Xing service, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, may be integrated. This may include content such as images, videos, or texts and buttons with which users can share content from this online offering within Xing. If users are members of the Xing platform, Xing can assign the call of the above-mentioned content and functions to the profiles of the users there.
Privacy Policy of Xing: https://privacy.xing.com/de/datenschutzerklaerung.
Within our online offering, functions and content of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated. This may include content such as images, videos, or texts and buttons with which users can share content from this online offering within LinkedIn. If users are members of the LinkedIn platform, LinkedIn can assign the call of the above-mentioned content and functions to the profiles of the users there. Privacy Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).
Privacy Policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.