Privacy Policy
The protection of your personal data is very important to Unidy GmbH (“Unidy,” “we,” and “us”). We process personal data only in accordance with the legal regulations, particularly the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
It is important to us to inform you about which personal data is collected and how it is used when
- using our website www.unidy.io (“Website”) (Sections 2, 5-8),
- contacting us via email and contact form (Section 3),
- applying to us (Section 10), and
- visiting our LinkedIn company page (Section 11).
This Privacy Policy also contains information about recipients of personal data within the EEA and in third countries (Section 12), the deletion of your personal data and retention periods (Section 14), your rights as a data subject (Section 15), and automated decision-making (Section 16). The use of contact data published within the scope of the imprint obligation by third parties for the transmission of unsolicited advertising and information materials is hereby expressly prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.
1. Controller and Data Protection Officer
The controller for data processing within the meaning of the EU General Data Protection Regulation (GDPR) is:
Unidy GmbH,
Spitaler Str. 10,
20095 Hamburg
Our Data Protection Officer Dr. Anna-Kristina Roschek can be reached at [email protected].
2. Access to the Website
When you access our website, we collect personal data to enable your use (usage data). This includes your IP address and data about the beginning, end, and subject of your use of the website. It also includes technical data transmitted by your browser such as browser type/version, the previously visited website (referrer URL), screen resolution, operating system, and possibly device information (e.g., device type), etc.
These automatically transmitted personal data are processed in particular for the following purposes:
- Ensuring a smooth connection setup of the website,
- Ensuring smooth use of our website, and
- Ensuring system security and stability.
Providing these data is neither legally nor contractually required. However, without the IP address and the cookie ID, the use and functionality of our website cannot be ensured. Furthermore, certain services may not be available or only available to a limited extent.
In general, these data are deleted as soon as they are no longer required for the purpose for which they were collected. In some cases, this is the case after the respective session ends. However, if there are specific indications of unlawful use, we reserve the right to review the server log files retrospectively through our hosting provider. For the operation and maintenance of our website, we use technical service providers who act as our processors in accordance with Art. 28 GDPR.
The processing related to the technical provision of our website is based on our legitimate interest in providing and tailoring our website to your needs in accordance with Art. 6(1)(f) GDPR.
3. Contacting via Email and Contact Form
When you contact us by email or via the contact form, the data you provide, including your contact details, will be stored by us to process your inquiry or to be available for follow-up questions. This information helps us to specify your request and to process your concern more efficiently. The legal basis is either the fulfillment of a contractual obligation or our legitimate interest in providing a contact form (Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR). You are neither obligated to contact us via the contact form nor to provide personal data. If you do not provide your personal data, we may not be able to process your request. Otherwise, there will be no consequences for you.
4. reCAPTCHA
To protect your inquiries via contact form, we use the reCAPTCHA service of Google. The query is used to distinguish whether the input is made by a human or abusively by automated, machine processing. The query includes the transmission of the IP address and, if necessary, further data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and further used there. However, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and shortened there. Google LLC is certified under the EU-US Data Privacy Framework (see Section 12).
On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other data from Google. For these data, the differing data protection provisions of Google apply.
5. Cookies and Web Analytics
Our website uses cookies. These are small text files that your web browser stores on your device. Cookies help make our offer more user-friendly, effective, and secure. Some cookies are so-called "session cookies." Such cookies are automatically deleted after the end of the browser session. Other cookies remain on your device until you delete them. These cookies help us recognize you when you return to our website. With a modern web browser, you can monitor, restrict, or prevent the setting of cookies. Many web browsers can be configured to automatically delete cookies when the program is closed. Disabling cookies may result in limited functionality of our website.
There are cookies that are strictly necessary to ensure the technical functionality of the website. The legal basis for the use of technically necessary cookies is our legitimate interest in providing our website according to Art. 6(1)(f) GDPR.
Other cookies can be used for web analytics. They can be combined with further information about your activities on our website and processed in pseudonymized user profiles. This helps us analyze web traffic and improve our website to better meet users' needs. We use this information only for statistical evaluations. The legal basis for the use of other cookies and web analytics is your consent according to Art. 6(1)(a) GDPR. Concerning the USA, we currently only use providers certified under the EU-US Data Privacy Framework (see also Section 12).
When you visit our website, the user is informed about the use of cookies for analytical purposes by displaying a corresponding banner and is asked for their consent to process the personal data used in this context. In this context, there is also a reference to this privacy policy. Only if you agree to the setting of all cookies used by us will we set other, non-essential cookies. Before you give your consent, only technically necessary cookies are set.
In addition to our cookie banner, you can restrict your consent to the setting of cookies in content, either wholly or partially, by configuring your browser settings accordingly and deactivating the setting of cookies wholly or partially. You can also install a plugin in your browser to protect your privacy, which offers the possibility of preventing web analytics - e.g., AdBlock, Ghostery, or NoScript (note the data protection notices of the respective plugin provider). Furthermore, some web analytics providers are members of industry associations through whose websites you can centrally prevent usage-based online advertising and web analytics by the respective members. Below you will find the websites of these associations for a convenient cross-provider prevention of web analytics. This way, you can also prevent the formation of pseudonymous user profiles.
- “European Interactive Digital Advertising Alliance“ (EDAA): https://www.youronlinechoices.com/de/praferenzmanagement/
- “Digital Advertising Alliance“ (DAA): www.aboutads.info/choices/
- “Network Advertising Initiative“ (NAI): http://optout.networkadvertising.org/?c=1
Cookie/Provider | Purpose | Link to Provider's Privacy Policy/Prevent Processing | Retention Period |
---|---|---|---|
Google Analytics: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | Web analytics, interest-based advertising | https://policies.google.com/privacy Prevent Processing: Via browser plugin (see Add-On) and further information in Section 6 | 14 months |
If you do not consent to the use of cookies or delete cookies from your device, this may limit your ability to use the website or certain functionalities. Detailed information about the individual cookies used on our website can be found in the following table.
6. Web Analytics with Google Analytics
Web analytics (also called "reach measurement") is used to evaluate the visitor flows on our website and can include behaviors, interests, or demographic information about visitors, such as metadata, age, or gender, as pseudonymous values. With the help of reach analysis, we can see, for example, when our site is visited and which content is used most frequently. We can also understand which areas need optimization. Due to our holistic marketing strategy, we have chosen Google Analytics for reach measurement and web analytics, which acts as our processor in accordance with legal requirements. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: policies.google.com/privacy. Google LLC is certified under the Data Privacy Framework (see Section 12).
For the purposes of reach measurement and web analytics, anonymous usage profiles are generally created and stored in a file (so-called "cookies") or similar procedures with the same purpose are used. The stored/evaluated information and content can include, for example, viewed content, visited websites, and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times.
The IP addresses of the users are also stored. To protect users, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address), whereby the IP address is shortened by Google within the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Generally, no unique user data (such as email addresses or names) are stored in the context of web analysis and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.
The data collection for web analytics is based on your consent according to Art. 6(1)(a) GDPR, which you can revoke at any time with effect for the future. For this purpose, use, for example, the contact details provided in this privacy policy. See also Section 5 for preventing processing by Google, especially the information in the table. Alternatively, you can revoke your consent by clicking the "Revoke Google Analytics" button. In this case, we set a technically necessary cookie that recognizes your revocation of consent when you visit our website.
7. Hubspot
This website uses the software HubSpot from the US-based software company of the same name with a branch in Ireland, HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is a software solution for managing and implementing inbound marketing. The stored information is stored on HubSpot servers. They can be used by us to contact visitors to our website and to determine which services of our company are of interest to you. For more information, see the terms of use and privacy policy of HubSpot Inc. at Hubspot Legal and Hubspot Pricacy Policy. We need HubSpot for efficient and quick processing of user inquiries. The basis for data processing is Art. 6(1)(f) GDPR, which allows data processing to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not outweigh this.
HubSpot uses cookies. HubSpot collects and stores usage data in pseudonymous profiles to enable interest-based advertising. HubSpot also evaluates information collected on our behalf so that we can generate reports on visits and visited pages. You can disable the storage of data by HubSpot in cookies and the associated recording of your user behavior by preventing the storage of cookies at any time through your browser settings and/or deleting existing cookies. You can also disable the setting of cookies by HubSpot via the following link "Remove HubSpot Cookie." The legal basis for setting cookies by HubSpot is Art. 6(1)(a) GDPR.
Your data will be stored by HubSpot in Europe. However, HubSpot uses sub-processors in the USA, including HubSpot Inc. It cannot be ruled out that these may have access to data, particularly for support purposes. In the case of access from third countries, this involves data transfers within the meaning of the GDPR. HubSpot, Inc. is certified under the Data Privacy Framework (see Section 12).
8. Data Processing in Contract Conclusion and Performance
To conclude or perform contracts with you, we process personal data concerning you to the extent necessary for the performance of the contract with you. For this purpose, providing your personal data is required. You are not obligated to provide your personal data, but if you do not provide it, the establishment and performance of the contractual relationship may not be possible or only possible to a limited extent. Otherwise, there will be no consequences for you. The legal basis for this is Art. 6(1)(b) GDPR. The purpose of the processing is the establishment and performance of the contractual relationship with you.
If your data is processed during the conclusion of a contract as an employee of a customer, service provider, or other business partner, the legal basis in this case is our legitimate interest in establishing and performing the contractual relationship (Art. 6(1)(f) GDPR).
9. Data Processing in the Application Process
During the application process, whether the application is online, by email, or by mail, we process your personal data.
If you apply for an open position or submit an unsolicited application, you voluntarily provide personal data and information (first name, last name, email address, phone number, and any attachments such as CV, cover letter, etc.).
The legal basis for processing your personal data is Art. 6(1)(b) and (f) GDPR. The processing is for the purpose of contacting you and evaluating your suitability for the position you are applying for, and is therefore in our legitimate interest according to Art. 6(1)(f) GDPR. The processing of your data also serves the initiation and establishment of our employment relationship (Art. 6(1)(b) GDPR).
Applying to us is not possible without providing personal data. You are not obligated to apply to us or to provide personal data. If you do not provide personal data, you may not be able to use the functionalities of the online application or we may not be able to consider your application. Otherwise, there will be no consequences for you.
The storage of personal data is generally only for the purpose of filling the vacant position for which you applied. Additionally, we will store your data for 180 days after the end of the application process to answer any questions related to your application and possible rejection. If necessary, we will ask you if we may store your data longer to identify other interesting positions for you. The further processing of your data is based on your consent according to Art. 6(1)(a) GDPR. You can revoke your consent at any time, for example, using the contact details provided in Section 1, and object to the storage of your data.
10. Joint Responsibility with LinkedIn
We maintain a company page on the professional network LinkedIn. As the operator of these pages, we are jointly responsible with the operator of the professional network LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (“LinkedIn”) for the collection (but not for further processing) of data from visitors to our company pages within the meaning of the General Data Protection Regulation (GDPR).
The collected data include:
- Information on the types of content that visitors view or interact with, or the actions they take, as well as
- Information about the devices used by visitors (e.g., IP addresses, operating system, browser type, language settings, cookie data)
Social networks also collect and use information to provide analytics services, called "Page Insights," to page operators, helping them gain insights into how people interact with their pages and the content associated with them. We have entered into a specific agreement with LinkedIn: Page Insights Joint Controller Addendum. This particularly regulates which security measures the operator must observe and includes the operator's commitment to fulfill data subject rights (i.e., users can, for example, directly address information requests or deletion requests to the operator of the social network).
The rights of visitors (in particular, to information, deletion, objection, and complaints to the supervisory authority) are not restricted by the agreements with LinkedIn. You can exercise your rights (information, correction, deletion, restriction of processing, data portability, objection, and complaint) both against us and LinkedIn.
Purposes of processing: contact requests and communication, tracking (e.g., interest-/behavior-based profiling, use of cookies), remarketing, reach measurement (e.g., access statistics, recognition of recurring visitors). Legal basis: The legal basis for data processing is our legitimate interest in the most comprehensive online presence possible for our offer and our company and the ability to communicate with you via social networks (Art. 6(1)(f) GDPR). Data subjects: Website visitors, visitors to our company page on LinkedIn. It is possible that some of the collected information may also be processed outside the European Union in the USA. The LinkedIn Corporation is currently not certified under the Data Privacy Framework. Data transfers are based on EU Standard Contractual Clauses. LinkedIn and its affiliated companies are thus contractually obligated to process data in compliance with data protection regulations.
Further information on the handling of personal data can be found in LinkedIn's data protection information.
11. Data Transfers to Third Parties and Countries Outside the European Economic Area (EEA)
Your data will generally not be transferred to third parties unless we are legally obligated to do so, the data transfer is necessary for the execution of the contractual relationship, or you have expressly consented to the transfer of your data. If our service providers come into contact with your personal data, we ensure within the scope of order processing according to Art. 28 GDPR that they comply with the provisions of data protection laws in the same manner. Please also note the respective data protection notices of the providers.
We value processing your data within the European Union (EU)/European Economic Area (EEA). With the exception of the processing activities described in Sections 6 - 8 and 11, we do not transfer your data to recipients outside the EU or EEA. Most of the US service providers we use are certified under the Data Privacy Framework, which allows secure data transfer to US service providers. Whether the US service provider is certified under the Data Privacy Framework or not, we have indicated under the respective section. A complete list of companies certified under the Data Privacy Framework can be found at the following link.
If a provider is not certified under the EU-US Data Privacy Framework, we ensure that EU Standard Contractual Clauses are concluded with these US service providers, contractually obliging them to process data in compliance with data protection regulations. Data transfers from the EU/EEA to US service providers are subject to stricter US regulations for government surveillance programs due to Executive Order 14086, which was issued as a condition for the European Commission's adequacy decision on the EU-US Data Privacy Framework. If you have any questions about this, please contact our Data Protection Officer (see the contact details in Section 1).
12. Data Security
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security procedures are regularly reviewed and adapted to technological progress. To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" is appended to the address component http:// ("https://") or a green, closed padlock symbol is displayed in the browser. By clicking on the symbol, you can obtain information about the SSL certificate used. SSL encryption ensures the secure and complete transmission of your data.
13. Deletion
We delete your personal data as soon as it is no longer required for the purposes mentioned above, no overriding legitimate reasons for our processing exist, or if there is no other legal basis for the processing in case of an objection. In certain cases, e.g., if a legal retention period exists, your personal data will be initially blocked and deleted after the retention period expires. For more information on the retention of cookie data, please refer to the table in Section 5.
14. Your Rights
Data protection law grants you a number of rights concerning data that relates to you (so-called data subject rights). Generally, these are:
- The right to request information about the personal data stored about you (Art. 15 GDPR),
- The right to correct incorrect data (Art. 16 GDPR),
- The right to delete data that may no longer be stored (Art. 17 GDPR),
- The right to restrict processing in certain cases (Art. 18 GDPR),
- The right to data portability, i.e., the transfer of data you have provided in electronic form to you or a third party (Art. 20 GDPR), and
- The right to revoke any consent you may have given with effect for the future (Art. 7(3) GDPR).
Please note that if you revoke your consent, we will still retain your consent. This is because even after revocation and deletion of your personal data, we must be able to prove the consent. The legal basis for the (continued) retention of consent is Art. 6(1)(c) in conjunction with Art. 5(1)(a), (2), Art. 7(1) GDPR, and Art. 6(1)(f) GDPR. You can also object to the processing if it is based on legitimate interests (Art. 6(1)(f) GDPR) or Art. 6(1)(e) GDPR (Art. 21(1) GDPR) or for direct marketing purposes (Art. 21(2) GDPR), whereby you must provide a special reason, except in the case of direct marketing.
Whether and to what extent these rights exist in individual cases and what conditions apply is determined by the law, i.e., by the GDPR and the BDSG. You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us. If you have any questions or complaints about data protection at Unidy, we recommend that you first contact our Data Protection Officer (see the contact details in Section 1).
15. No Automated Individual Decision-Making
We do not use your personal data for automated individual decision-making within the meaning of Art. 22(1) GDPR.
16. Changes to Our Privacy Policy
We reserve the right to adapt this privacy policy to ensure that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your next visit.