Privacy Notice

A. Information on data privacy on the SupplyOn websites

It goes without saying that SupplyOn takes the protection of your personal data seriously. We want you to feel safe when visiting our website or using our services. In addition to these notes on data protection on the SupplyOn website, you will find all further information on data protection in accordance with Art. 13 and 14 of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-neu) in section B.

I. Collection and processing of your personal data
You can usually visit our site without needing to provide personal data. We collect personal data only if you furnish it of your own accord, e.g. if you contact us by e-mail or when you log in or enroll for a training course. It goes without saying that we treat this personal information confidentially. It is processed solely for the intended purpose. If you decide to become a contractual partner of ours, we collect, process and use your personal data as part of the contractual relationship. We inform you of the purposes for and extent to which we collect, process and use your data when the contract is concluded.

II. Usage data
When visiting our website, the web servers of our provider store the following information: the IP address of your Internet service provider or proxies, the session cookie, the Web browser used, the Internet site you visit us from, the pages you visit on our site, the date and time you access them, the data volume transferred and the access status (e.g. page found/not found).

This information is vital to enable technical transfer of the Internet site and secure server operation. This data is only evaluated for operational and statistical purposes. Such analyses allow us to operate our websites securely and adapt them optimally to your needs. A personalized analysis of the data is not conducted, nor is the data disclosed to third parties, either for commercial or non-commercial purposes.

We erase the data on usage as soon as processing or use of it is no longer necessary for utilization of the Internet site.  

III. Cookies
When you log in to the SupplyOn portal, register or enroll for a training course, we use session cookies to identify your user session. Cookies are small text files that are stored in the visitor’s local browser cache. As a result of their use, your browser is assigned a unique ID that enables bidirectional communication between it and our application.

You can configure your browser so that it informs you of the placement of cookies. This ensures that the use of cookies is transparent for you. You can disable acceptance of cookies in your browser settings. However, if you do so you will no longer be able to log in to the SupplyOn portal, register or enroll for training courses.

Deleting the cookies stored in the browser is the user’s responsibility. You should configure the browser so that the cookies are automatically deleted when you close the browser. Please note that deleting cookies when closing your browser may also include so-called opt-out cookies.

IV. Contact form
We require the following information from you when you use our contact form:
1. Company
2. First name, last name, title and function
3. E-mail address and telephone number
4. Areas of interest
5. Comment (Your request to us)

We also collect some of this data if you wish to gain access to certain content that we only make available to a known group of users.

Your information will be stored in our CRM system, which is maintained by a US service provider, for processing your request. We have ensured an appropriate level of data protection with this service provider through contractual safeguards. We will use your information solely to send you the requested information and to process your request.

V. Support forms
To use the support forms we need the following information from you:

1. First name, last name
2. Company
3. Your customer you are collaborating with using SupplyOn
4. E-mail address and telephone number
5. Subject area and priority of your request
6. Support Center
7. Your Message(Your request to us)
8. Optional file attachments which you would like to send us in context with your support request (e.g. Screenshots)

Your data will be processed in the relevant ticket system. The ticket systems used here are managed by our service providers, who work for us in the context of commissioned processing to process your request. We have of course agreed appropriate security measures with our service providers via contractual guarantees and have ensured an appropriate level of data protection. We use your data exclusively for the processing of your request.

VI. Share-Function in the SupplyOn Corporate Blog
For data protection reasons, we do not integrate social plug-ins directly into our website. When you visit our pages, no data is therefore transmitted to social media services such as Facebook, Twitter, XING or Google+. Profiling by third parties is hence excluded.

However, you still have the option of simply sharing posts from our corporate blog in social media such as Facebook, Twitter, XING or Google+. When using the share button, only a link is sent to the selected social media platform. To share it with your network, you must be logged in to the corresponding social media service.

VII. Right to information
If you have any questions regarding data protection, you can contact our data protection office anytime at datenschutz@supplyon.com or by letter with the recipient “attn. data protection officer” writing to the address included in our legal notice.

Upon request, we will inform you in writing in accordance with the applicable law whether and if so which personal data about you is stored with us. In addition, we refer to the information on your rights as per Art. 13 and 14 GDPR. You can find them here .

B. Information on data protection

SupplyOn processes personal data of SupplyOn customers and interested parties in two different scenarios:

A) For SupplyOn’s own purposes in order to advertise or sell SupplyOn products.

B) On behalf of the purchasing companies that use SupplyOn services to carry out processes with their suppliers.

After logging into the SupplyOn Portal, you can see which purchasing company is responsible in your case as follows:

  • If your company is registered with SupplyOn as a supplier, your responsible user administrator can use the menu item Administration > Connect > Connect Overview Customers see with which purchasing company your company cooperates via SupplyOn. You can determine your responsible user administrators via the menu item Administration > My-User-Administrators.
  • As a non-registered supplier, you can view the responsible purchasing company via the corresponding link to your business transaction, which you received from SupplyOn by e-mail.
  • If you are a user of SupplyOn services and are working for a purchasing company, this company is also responsible.

Alternatively, please send your request for the determination of the responsible purchasing company to datenschutz@supplyon.com. Please note that we will have to verify your identity and ask for further information in order to process the legitimacy of your request. However, we will never ask you for your user password.

The following information on the protection of the personal data processed in the following should therefore be understood in relation to the relevant scenario.

1. Name and contact details responsible

A) For SupplyOn’s own purposes

SupplyOn AG
Ludwigstrasse 49
85399 Hallbergmoos
Phone: +49 811 99997 0
E-Mail: datenschutz@supplyon.com

B) For processing on behalf of the purchasing companies

As a SupplyOn Services user, you work either for a purchasing company or for a supplier. A supplying company is always associated with at least one purchasing company at SupplyOn. In this case, the company responsible for processing your personal data is the purchasing company for which SupplyOn acts in accordance with instructions

2. Contact details Data protection officer of the responsible

A) For SupplyOn’s own purposes

Datenschutzbeauftragter von SupplyOn ist die
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
Phone: +49 931 304976 0
E-Mail: datenschutz@supplyon.com

B) For processing on behalf of the purchasing companies

As a SupplyOn Services user, you work either for a purchasing company or for a supplier. A supplier is always associated with at least one purchasing company at SupplyOn. The contact details of the data protection officer of the purchasing company, for which SupplyOn is acting on behalf of, will be sent to you on request to datenschutz@supplyon.com Alternatively, you are of course free to contact the purchasing company directly.

3. Purposes of processing & legal basis

In connection with the use of SupplyOn Services, personal data of users (data subjects within the meaning of the GDPR) are processed. Users of SupplyOn Services can be the following persons from the companies involved in the use of SupplyOn Services:

  • Contact persons of
    – purchasing companies,
    – suppliers,
    – Partners (Operations-partner and other partners) and
  • SupplyOn personell.

A) For SupplyOn’s own purposes

SupplyOn processes your personal data for its own purposes.

As a registered user, you have the option of being informed by SupplyOn about certain services (advertising), depending on your own main focus of interest. You decide voluntarily on the scope. The legal basis for this is express consent in accordance with Art. 6 para. 1 lit. a) and Art. 7 GDPR in conjunction with. Section 7 para. 2 German Act Against Unfair Competition (UWG). You can administer the settings yourself at any time and, if necessary, adjust or revoke consents already granted. You can view your personal services after logging into the SupplyOn portal via the menu item Administration > My User Account > Privacy settings.

As an employee of SupplyOn, we process your personal data in connection with the use of SupplyOn services for the purpose of performing the employment relationship on the basis of the legal basis of Art. 88 Para. 1 DSGVO in conjunction with. Section 26 (1) sentence 1 German Federal Data Protection Act (BDSG-neu).

B) For processing on behalf of the purchasing companies

Your personal data (including the usage data listed in section A, paragraph II) will be processed on behalf of a purchasing company to enable you to use SupplyOn Services as Software as a Service (SaaS). This includes in particular the rollout of SupplyOn Services, the operation of SupplyOn Services as well as training and support when using SupplyOn Services. SupplyOn processes your personal data on behalf of the purchasing companies in accordance with the conditions of commissioned processing pursuant to Art. 28 GDPR.

The use of SupplyOn Services itself finds its legal basis for you as a contact or employee of a purchasing company in Art. 88 Para. 1 GDPR in conjunction with. 26 Paragraph 1 Sentence 1 German Federal Data Protection Act (BDSG-neu) and serves in relation to your employer the fulfilment of the obligations from your respective employment relationship.

4. Recipients of data and integration of service providers outside the EU/EEA

A) For SupplyOn’s own purposes

Your personal data may be passed on to supporting service providers in connection with subscribing to certain SupplyOn services. These supporting service providers are either subject to strict instructions within the framework of commissioned processing and are obliged under data protection law via a corresponding contract for commissioned processing pursuant to Art. 28 GDPR or we transmit your personal data on the basis of a legal basis of Art. 6 Para. 1 GDPR. As far as the supporting service providers are based outside the EU/EEA, we have ensured the legality of data transmission by means of suitable guarantees (e.g. by means of a corresponding EU standard contract according to Art. 46 para. 2 lit. c GDPR).

B) For processing on behalf of the purchasing companies

In connection with the provision of SupplyOn services on behalf of a purchasing company (as a commissioned SaaS service), SupplyOn is the primary recipient of your personal data.

SupplyOn will not pass on your personal data to third parties without documented instructions from the purchasing company, unless there is a statutory obligation to do so in accordance with the relevant legal provisions.

Your personal data is passed on to external partners (operating partners and other subcontractors) depending on the scope of the SupplyOn SaaS service. These external partners support us in data processing within the framework of commissioned processing in accordance with strict instructions and are bound by data protection law by means of a corresponding contract for commissioned processing in accordance with Art. 28 GDPR. Where the external partners are based outside the EU/EEA, SupplyOn has ensured the legality of data transmission by means of suitable guarantees (e.g. by means of a corresponding EU standard contract in accordance with Art. 46 para. 2 lit. c GDPR). On request, we will be pleased to provide you with an overview of the external partners relevant to your case.

5. Criteria for the deletion of data

A) For SupplyOn’s own purposes

SupplyOn restricts the use of your personal data for the purpose of providing information about SupplyOn services as soon as you restrict or completely revoke your consent to the content of this information.

In addition, SupplyOn will delete your personal data for the purpose of providing information about SupplyOn services as soon as you are no longer registered as a user (e.g. termination of contract between SupplyOn and the company for which you work). This shall only apply if SupplyOn has no legal obligations to retain data in order to prevent such data from being deleted. In this case, the deletion is replaced by a restriction on the processing of your personal data.

B) For processing on behalf of the purchasing companies
SupplyOn deletes your personal data on the instructions of the purchasing company and upon termination of the contract between SupplyOn and the purchasing company or the corresponding supplying company, provided that SupplyOn has no legal obligation to retain the data. In this case, the deletion is replaced by a restriction on the processing of your personal data.

6. Existing rights: information, correction, deletion, restriction, objection, data portability, complaint to supervisory authority

Regardless of which company is responsible for data processing in detail (see section B, paragraph 1) you are entitled to various rights relating to data subjects, which we would like to explain to you below.

Data subjects have the right to obtain information from the data controller about personal data concerning them and to have inaccurate data corrected or deleted if one of the reasons stated in Art. 17 GDPR applies, e.g. if the data are no longer required for the purposes pursued. Furthermore, there is a right to limitation of processing if one of the conditions specified in Art. 18 GDPR applies and in the cases of Art. 20 GDPR the right to data transferability. If data is collected based on Art. 6 para. 1 lit. e (data processing for the fulfilment of official tasks or for the protection of the public interest) or lit. f (data processing for the protection of legitimate interests), the data subject is entitled to object to the processing at any time for reasons arising from his particular situation. We will then no longer process the personal data unless there are demonstrably compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

In addition, any data subject has the right of appeal to a supervisory authority if he or she considers that the processing of data concerning him or her is in breach of data protection legislation. The right of appeal may be exercised in particular before a supervisory authority in the Member State of residence of the person concerned or the place where the alleged infringement occurred. The supervisory authority responsible for SupplyOn in Bavaria is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht), Promenade 27 (Schloss), 91522 Ansbach, Germany.

Please contact the person responsible to exercise your rights. We would be pleased to support you! The necessary information to contact us can be found in section B, paragraph 2.

7. Consequence of not providing personal data

Regardless of which company is responsible for data processing in detail (see section B, paragraph 1):

The provision of your personal data is neither required by law nor by contract, nor for the conclusion of a contract. As a user of SupplyOn Services, you are not obliged to provide your personal data. The consequence of not providing your personal data would be that SupplyOn Services will not be activated for you and you will not be able to use them.