Information Regarding Data Protection for Users of SupplyOn-Services
This CHINESE APPENDIX forms part of the general “Privacy Notice – Information Regarding Data Protection for Users of SupplyOn-Services” (“General Privacy Notice”) and applies to individuals who reside in Mainland China. This CHINESE APPENDIX sets out the additional information that we are required to provide to you under Chinese law, in particular under the Personal Information Protection Law (PIPL). This CHINESE APPENDIX should be read alongside the aforementioned General Privacy Notice and terms used in this CHINESE APPENDIX have the same meaning given in the aforementioned General Privacy Notice, unless otherwise stated.
1. Purposes, categories, legal basis of personal data processing
A) For SupplyOn’s own purposes
The legal basis for subscribing to newsletters or receiving invitations to surveys lies in Art. 13 (1) PIPL. By actively sending us your personal data, you understand and agree that your personal data will be processed for the purpose for which the personal data is sent. You can revoke your consent anytime by managing the Privacy Settings after logging in to the SupplyOn-Portal via the menu options Administration –> My User –> Privacy Settings.
B) Processing on behalf of a buyer
As a user of SupplyOn-Services, you can either work for a buyer or for a supplier. Your personal data as a user is processed on behalf of a buyer in order to enable you to use the SupplyOn-Services as Software-as-a-Service (SaaS). This includes in particular the rollout of the SupplyOn-Services, the operation of the SupplyOn-Services as well as training and support when using the SupplyOn-Services.
In this case, the buyer is responsible for the processing of your personal data. SupplyOn only processes your personal data on behalf of the buyer in accordance with the conditions laid out in a commissioned data processing agreement pursuant to Art. 21 PIPL.
2. Sensitive personal data
Sensitive personal data is data that once leaked or illegally used will easily lead to infringement of personal dignity or endanger personal or property security, such as biometrical data, religion, special identity, medical and health data, financial account data, location tracking data and personal data related to children under 14 years old.
SupplyOn does not usually process sensitive personal data. However, if we process your sensitive personal data on an exceptional basis, we will only do this if it is strictly necessary for a pre-defined purpose. If sensitive personal data is processed based on consent, we will ask for you consent separately. For children under 14 years old, we will obtain consent from the legal guardian of the children.
3. Providing personal data to a third party
SupplyOn engages service providers to process personal data on our behalf. These service providers are contractually obligated to only process personal data in accordance with the instructions of SupplyOn. Obligations of the services providers, as well as the scope, purpose and type of the commissioned data processing will be laid down in a data processing agreement.
Beyond the aforementioned scope, SupplyOn will only disclose your personal data to a third party, if such data disclosure is necessary to fulfil our contractual obligation towards you or if you have directed us to do so. In addition, SupplyOn may be instructed by a buyer to disclose your personal data to a third party, if your personal data is processed by SupplyOn on behalf of the buyer. In this case, the buyer is the one who is responsible for the data disclosure to the third party. Usually, the legal basis for such data disclosure is the performance of the respective contract.
Your personal data will only be disclosed within the contractually agreed scope. We will not publicly disclose your personal data.
4. Cross-border data processing
Due to business operation purposes, your personal data might be processed outside of China. In so far as the cross-border data transfer rules laid down in the applicable Chinese data protection regulations apply, we will make sure that the data is transferred in accordance with such applicable rules.
5. Measures to protect your personal data
The measures we have taken to protect your personal data as well as the certificates we have received for our data security standards can be found under https://www.supplyon.com/en/data-security/.
6. Rights of the data subject and how to exercise your right
Under the PIPL, you have the right to be informed about the personal data concerning you. You may also request access to and a copy of the personal data processed concerning you.
You also have the right to have incorrect or incomplete data corrected or completed. In addition, you may request the deletion of your personal data, e.g. if such data is no longer required for the purposes pursued or the consent for the data processing is revoked. You also have the right to limit the processing or ask us to transfer your personal data to other data controllers.