Privacy Notice

Information Regarding Data Protection on the SupplyOn-websites

Version 2.0 from Nov. 16, 2018

 

1. Name and Contact Details of the Controller

SupplyOn AG
Ludwigstrasse 49
85399 Hallbergmoos
Telephone: +49 811 99997 0
E-Mail: datenschutz@supplyon.com

 

2. Contact Details for the Controller’s Data Protection Officer

Data Protection Officer for SupplyOn is
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
Telephone: +49 931 304976 0
E-Mail: datenschutz@supplyon.com

 

3. Purposes of Processing & Legal Basis

i. Collection and Processing of Your Personal Data
In general, you can visit our site without providing any personal data. Personal data is only collected and further processed if you provide it, for example when contacting us via email, filling out a web form, logging in or registering for a training course, webinar or event. This personal data will of course be kept confidential. Processing is strictly limited to the purpose for which you provided the data. The legal basis for the legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

If you decide to become our contractual partner, we will collect, process and use your personal data within the framework of the contractual relationship on the basis of Art. 6 para. 1 lit. b GDPR. You will be informed by us -upon conclusion of the contract- regarding the purposes, scope of the collection, processing and use of your data.

 

ii. Usage Data
When you visit our website, the web servers of our providers store the following data: the IP address of your internet service provider or proxies, the session cookies, the web browser used, the website you are visiting from, the pages you visit on our site, the date and time of access, the amount of data transferred and the access status (e.g. page found/not found).

This information is mandatory for the technical transmission of the website and for secure server operations. This data is only evaluated for operational and statistical purposes. Such evaluations allow us to operate our websites safely and to optimize them for your needs. A personalized evaluation or passing on of the data to third parties, for commercial or non-commercial purposes, does not take place. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

We erase the usage data as soon as it is no longer required for processing or use of the website.

 

iii. Cookies

We use session cookies to identify your user session when you use SupplyOn-Services, our website or when registering for or accessing a training session. Cookies are small text files that are stored locally in the cache of the visitor’s Internet browser. This gives your browser a unique identifier which enables bidirectional communication between your browser and our application.

You can set your browser settings so that it informs you about the placement of cookies. This provides you with transparent information on how cookies are used. It is possible to deactivate cookies in your browser settings. However, after deactivation, it is no longer possible to log in to the SupplyOn-Portal, register for or access trainings. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

You are responsible for deleting the cookies that have been transferred by your browser. You should configure your browser so that cookies are automatically deleted when you close your browser. Please note that the deletion of cookies when you close your browser may also include so-called opt-out cookies.

 

iv. Contact Form
The following information is required for the use of our contact form:

1. Company
2. First and last name, title and function
3. Email address and telephone number
4. Area of interest
5. Comment (your request/inquiry)

Some of this data is also collected in order to provide you with access to certain content which we only make available to a known group of users.

In order to process your inquiry, your data is stored in our CRM system, which is managed by a US service provider. An appropriate level of data protection is ensured through contractual safeguards with this service provider. We use your data exclusively to send you the requested information and to process your inquiry. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

 

v. Newsletter
Within the scope of our SupplyOn-Services, we offer you the possibility to be informed about SupplyOn news. If you have given us permission to send you information about SupplyOn’s news via e-mail, your data will be processed on the basis of Art. 6 para. 1 sent. 1 lit. a GDPR. Furthermore, on this same basis, with your consent, we can trace whether you have opened the e-mail containing our newsletter (email tracking). As a user of SupplyOn-Services, you can revoke your consent at any time by editing the data protection settings in your user profile, although this does not affect the legality of any processing which took place prior to the revocation of your consent. Alternatively, you can revoke your consent by sending an e-mail to datenschutz@supplyon.com  or by clicking on the appropriate link at the end of the e-mail. If consent is revoked, we will discontinue processing the concerned data.

 

vi. Support Forms
We require the following information in order to use our support forms:

1. First and last name
2. Your company
3. Your customer, who you collaborate with via SupplyOn
4. Email address and telephone number
5. Subject area and priority of your request
6. Support Center
7. Your message (support request)
8. optional file attachments you would like to send us in connection with your support request (e.g. screenshots)

Your data will be processed in the relevant ticket system. The ticket systems used are managed by our service providers, who work for us according to instructions within the framework of commissioned data processing to process your inquiry. Contractual safeguards are in place with our service providers to ensure that appropriate security measures and an appropriate level of data protection is in place. We use your data exclusively for the processing of your inquiry. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

 

vii. Share Function in the SupplyOn Corporate Blog
In order to protect your personal data, we do not integrate any social plugins directly into our website. When you access our websites, no data is transmitted to social media services such as Facebook, Twitter, XING or Google+. Therefore, it is not possible for third parties to create a profile.

However, you still have the opportunity to easily share articles from our corporate blog through social media outlets such as Facebook, Twitter, XING or Google+. The Share button sends a link to the selected social media platform. To share it with your network, you must be signed in to the appropriate social media service.

 

viii. Integrated Videos
We embed YouTube videos on some pages of our website. A visit to these pages causes YouTube content to be downloaded. In this context, YouTube also receives your IP address, which is necessary to access the content. We have no influence on the further processing of your personal data by YouTube. However, while embedding the videos, we did take care to activate the extended data protection mode offered by YouTube.

 

4. Recipients of Personal Data and Service Providers Outside of the EU/EEA

Your personal data as a visitor to our website may be passed on to service providers. These service providers will either act under strict instructions within the framework of a commissioned data processing agreement pursuant to Art. 28 GDPR or we will transmit your personal data on the legal basis of Art. 6 para. 1 GDPR. Insofar as the service providers providing support have their headquarters outside the EU/EEA, we have ensured the legality of the data transfer by means of suitable guarantees (e.g. by means of corresponding EU standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR).

 

5. Criteria for the Erasure of Data

We delete your personal data, obtained during your visit to our website, when the basis for processing no longer applies. You can find more details regarding this under the above-mentioned purposes.

 

6. Existing Rights: Access, Rectification, Erasure, Restriction, Objection, Data Portability, Complaint to a Supervisory Authority

Data subjects have the right to be informed by the controller about the personal data concerning them and to have incorrect data corrected or deleted, if one of the reasons stated in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. They have also the right to limit the processing if one of the conditions mentioned in Art. 18 GDPR is present and in the cases of Art. 20 GDPR the right to transfer data. If data is collected on the basis of Art. 6 para. 1 lit. e (data processing for the fulfilment of official tasks or the protection of the public interest) or lit. f (data processing to pursue legitimate interests), the data subject has the right to object to the processing at any time for reasons arising from his/her particular situation. We will then no longer process the personal data unless there are verifiable compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend a legal claim.

Furthermore, any data subject shall have the right to complain to a supervisory authority if he or she considers that the processing of data concerning him or her is in breach of data protection provisions. In particular, the right of appeal may be exercised before a supervisory authority in the Member State in which the data subject is residing or in which the alleged infringement took place. The competent supervisory authority for SupplyOn is the Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Germany.

 

7. Consequences of Not Providing Personal Data

The disclosure of your personal data is neither required by law, nor by contract, nor is it necessary to conclude a contract. As a user of the SupplyOn-Websites, you are not obliged to provide your personal data. The consequence of not providing your personal data could be that certain content and services on the SupplyOn-websites cannot be used and the convenience of using the SupplyOn-websites may be limited.

 

download as PDF