Skip to content

Privacy Notice

Information Regarding Data Protection on the SupplyOn-websites

Version 3.0 from Oct. 15, 2020

1. Name and Contact Details of the Controller

SupplyOn AG
Ludwigstrasse 49
85399 Hallbergmoos
Telephone: +49 811 99997 0

2. Contact Details for the Controller’s Data Protection Officer

Data Protection Officer for SupplyOn is
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
Telephone: +49 931 304976 0

3. Purposes of Processing & Legal Basis

i. Collection and Processing of Your Personal Data

In general, you can visit our site without providing any personal data. Personal data is only collected and further processed if you provide it, for example when contacting us via email, filling out a web form, logging in or registering for a training course, webinar or event. This personal data will of course be kept confidential. Processing is strictly limited to the purpose for which you provided the data. The legal basis for the legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

If you decide to become our contractual partner, we will collect, process and use your personal data within the framework of the contractual relationship on the basis of Art. 6 para. 1 lit. b GDPR. You will be informed by us -upon conclusion of the contract- regarding the purposes, scope of the collection, processing and use of your data.

ii. Usage Data

When you visit our website, the web servers of our providers store the following data: the IP address of your internet service provider or proxies, the session cookies, the web browser used, the website you are visiting from, the pages you visit on our site, the date and time of access, the amount of data transferred and the access status (e.g. page found/not found).

This information is mandatory for the technical transmission of the website and for secure server operations. This data is only evaluated for operational and statistical purposes. Such evaluations allow us to operate our websites safely and to optimize them for your needs. A personalized evaluation or passing on of the data to third parties, for commercial or non-commercial purposes, does not take place. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

We erase the usage data as soon as it is no longer required for processing or use of the website.

iii. Technically required cookies

When using our Internet presence and in other web-based offers we use session cookies to identify your user session. Cookies are small text files that are stored locally in the cache of the visitor’s Internet browser. This gives your browser a unique identifier which enables bidirectional communication between your browser and our application. The session cookies mentioned here are required for use. We do not use these required cookies for analysis, tracking or advertising purposes. Sometimes these cookies only contain information on certain settings and cannot be related to a specific person. They may also be necessary to enable user guidance, security and operation of the site.

You can set your browser settings so that it informs you about the placement of cookies. This provides you with transparent information on how cookies are used. It is possible to deactivate cookies in your browser settings. However, after deactivation, it is no longer possible to log in to the SupplyOn-Portal, register for or access trainings. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

You are responsible for deleting the cookies that have been transferred by your browser. You should configure your browser so that cookies are automatically deleted when you close your browser. Please note that the deletion of cookies when you close your browser may also include so-called opt-out cookies.

iv. Voluntary Cookies | Tracking

For a demand-oriented design when using our internet presence and in further web-based offers we use the web analysis tool “Matomo”. Matomo creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. In this way we are able to recognize recurring visitors and to count.

The data processing takes place on the basis of your consent according to Art. 6 para. 1 S. 1 lit. a GDPR, if you have given your consent via our banner have. Without your explicit consent, SupplyOn will only use technical necessary cookies. With your consent we also use Cookies for marketing and statistical purposes.

Here you can download a list of all and manage your cookies.

You can revoke your consent at any time. Please follow these instructions this link and make the appropriate settings via our banner.

v. Contact Form

The following information is required for the use of our contact form:

1. Company
2. First and last name, title and function
3. Email address and telephone number
4. Area of interest
5. Comment (your request/inquiry)

Some of this data is also collected in order to provide you with access to certain content which we only make available to a known group of users.

In order to process your inquiry, your data is stored in our CRM system, which is managed by a US service provider. An appropriate level of data protection is ensured through contractual safeguards with this service provider. We use your data exclusively to send you the requested information and to process your inquiry. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

vi. Newsletter

Within the scope of our SupplyOn-Services, we offer you the possibility to be informed about SupplyOn news. If you have given us permission to send you information about SupplyOn’s news via e-mail, your data will be processed on the basis of Art. 6 para. 1 sent. 1 lit. a GDPR. Furthermore, on this same basis, with your consent, we can trace whether you have opened the e-mail containing our newsletter (email tracking). As a user of SupplyOn-Services, you can revoke your consent at any time by editing the data protection settings in your user profile, although this does not affect the legality of any processing which took place prior to the revocation of your consent. Alternatively, you can revoke your consent by sending an e-mail to or by clicking on the appropriate link at the end of the e-mail. If consent is revoked, we will discontinue processing the concerned data.

vii. Support Forms

We require the following information in order to use our support forms:

1. First and last name
2. Your company
3. Your customer, who you collaborate with via SupplyOn
4. Email address and telephone number
5. Subject area and priority of your request
6. Support Center
7. Your message (support request)
8. optional file attachments you would like to send us in connection with your support request (e.g. screenshots)

Your data will be processed in the relevant ticket system. The ticket systems used are managed by our service providers, who work for us according to instructions within the framework of commissioned data processing to process your inquiry. Contractual safeguards are in place with our service providers to ensure that appropriate security measures and an appropriate level of data protection is in place. We use your data exclusively for the processing of your inquiry. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

viii. Share Function in the SupplyOn Corporate Blog

In order to protect your personal data, we do not integrate any social plugins directly into our website. When you access our websites, no data is transmitted to social media services such as Facebook, Twitter, XING or Google+. Therefore, it is not possible for third parties to create a profile.

However, you still have the opportunity to easily share articles from our corporate blog through social media outlets such as Facebook, Twitter, XING or Google+. The Share button sends a link to the selected social media platform. To share it with your network, you must be signed in to the appropriate social media service.

ix. Integrated Videos

On some pages of our website we embed YouTube videos that are not are stored on our servers. In this way the call of our web pages with embedded videos does not automatically cause content of the third parties to be loaded, we will show only local data in a first step stored preview images of the videos. This gives the third party provider no information. Only after a click on the preview image, contents of the third party reloaded. Through this the third party provider receives the information that you have downloaded our page and the technically required information in this context usage data. We have referred to the further data processing by the Third party providers have no influence. By clicking on the preview picture you give us the consent to reload contents of the third party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, if you have given your consent by clicking on the preview picture have. Please note that the embedding of many videos leads to your data is processed outside the EU or the EEA. In some countries there is a risk that the authorities will access the data on security and safety measures monitoring purposes without informing you about this or have the right to appeal. Provided that we have suppliers in unsafe third countries and you agree, the transmission will take place in an insecure Third country on the basis of Art. 49 para. 1 lit. a GDPR. If you are a thumbnail, the contents of the third-party provider are immediately displayed in the reloaded. If you do not wish such reloading on other sites, please do not click on the thumbnails anymore.

4. Recipients of Personal Data and Service Providers Outside of the EU/EEA

Your personal data as a visitor to our website may be passed on to service providers. These service providers will either act under strict instructions within the framework of a commissioned data processing agreement pursuant to Art. 28 GDPR or we will transmit your personal data on the legal basis of Art. 6 para. 1 GDPR. Insofar as the service providers providing support have their headquarters outside the EU/EEA, we have ensured the legality of the data transfer by means of suitable guarantees (e.g. by means of corresponding EU standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR).

5. Criteria for the Erasure of Data

We delete your personal data, obtained during your visit to our website, when the basis for processing no longer applies. You can find more details regarding this under the above-mentioned purposes.

6. Existing Rights: Access, Rectification, Erasure, Restriction, Objection, Data Portability, Complaint to a Supervisory Authority

Data subjects have the right to be informed by the controller about the personal data concerning them and to have incorrect data corrected or deleted, if one of the reasons stated in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. They have also the right to limit the processing if one of the conditions mentioned in Art. 18 GDPR is present and in the cases of Art. 20 GDPR the right to transfer data. If data is collected on the basis of Art. 6 para. 1 lit. e (data processing for the fulfilment of official tasks or the protection of the public interest) or lit. f (data processing to pursue legitimate interests), the data subject has the right to object to the processing at any time for reasons arising from his/her particular situation. We will then no longer process the personal data unless there are verifiable compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend a legal claim.

Furthermore, any data subject shall have the right to complain to a supervisory authority if he or she considers that the processing of data concerning him or her is in breach of data protection provisions. In particular, the right of appeal may be exercised before a supervisory authority in the Member State in which the data subject is residing or in which the alleged infringement took place. The competent supervisory authority for SupplyOn is the Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Germany.

7. Consequences of Not Providing Personal Data

The disclosure of your personal data is neither required by law, nor by contract, nor is it necessary to conclude a contract. As a user of the SupplyOn-Websites, you are not obliged to provide your personal data. The consequence of not providing your personal data could be that certain content and services on the SupplyOn-websites cannot be used and the convenience of using the SupplyOn-websites may be limited.