Privacy information Unifits

 

We provide the Unifits website and the test portal at the web address www.unifits.com. We process personal data in connection with the website and the test portal.
The protection of personal data is an important concern for us. We process personal data only in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (DS-GVO) and the Federal Data Protection Act (BDSG).

 

A. Person responsible for data processing
Name and contact details of the responsible person

UNIFITS GmbH, Austria
Straniakstraße 4
5020 Salzburg
Österreich

T — +43 (0) 662 8729 3280
F — +43 (0) 662 8729 3289
E-Mail: office@unifits.com

 

II. Contact details of the data protection officer of the controller

Walter Schmölzer
Jahnstraße 11
5020 Salzburg
Österreich

E-Mail: office@unifits.com

 

B. Information on the processing of personal data

I. Use of the website

1 .Server log data

When using the website, certain information is sent to the server of our website by the browser used on your end device for technical reasons. This data is stored and processed on our server.

(i) We process the data mentioned below for the purpose of providing the content of the Website that you have accessed, ensuring the security of the IT infrastructure used, troubleshooting, enabling and facilitating searches on the Website and managing cookies.

(ii) The data processed are:

▪ HTTP data

HTTP data is protocol data that is technically generated when the website is called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also accrue on servers of service providers (e.g. when retrieving third-party content).

▪ Search function data

This is data that you enter in the search functions of our website: This includes all information that you enter as search terms in the respective search form of the website.

▪ Cookie setting data

This includes the data that you provide to manage the cookie settings for this website and data that is assigned to your terminal device when using the cookie settings management function: This includes your consents, your objections (opt-out) and, if applicable, your individual selection for the use of cookies on your end device.

▪ Error data

These are error messages from the server and individual applications that are stored.

(iii) The legal basis for the processing is our legitimate interest pursuant to Article 6(1)(f) DS-GVO. Our legitimate interest is the provision of the content and search functions of the website accessed by the user and the management of the cookie settings made by the user and also to ensure the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and evidential documentation of faults (e.g. DDoS attacks).

(iv) The data is actively provided by the user or automatically provided by the user’s browser.

(v) Recipients of personal data are IT service providers (e.g. hosting) that we use as part of the order processing agreement. These include Sentry (error analysis) and Akamai (content delivery). When using the service providers, data may be transferred to third countries outside the EU. The data transfer takes place based on Art. 6 para. 1 letter f, 49 para. 1 p. 1 letter d DS-GVO is mandatory to ensure the security of our website and your user data.

(vi) Unless a security-relevant event occurs (e.g., a DDoS attack), data will be stored for up to 14 days in server log files in a form that allows the identification of the data subjects. In case of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully resolved. Search data is automatically deleted after 24 hours at the latest. Cookie management data is deleted after 6 months.

(vii) It is not possible to use the website without disclosing personal data such as the IP address. Communication via the website without disclosing data is technically not possible.

(viii) No automated decision making takes place.

 

2. reCAPTCHA v3

We use the reCAPTCHA v3 service from Google on our website. This is an automated test to check whether individual website visitors are people or an automated program (bot or malware). For this purpose, reCAPTCHA v3 analyzes the behavior of website visitors based on different interaction patterns with the website and related parameters (e.g. dwell time, mouse movements made). The reCAPTCHA v3 analyses are performed exclusively by Google and run entirely in the background. You will not be additionally made aware that this analysis is taking place.

By integrating reCAPTCHA v3, we enable Google to collect personal data on our website. The collection and processing of personal data takes place exclusively in the area of responsibility of Google. We have no knowledge of the details of the processing of personal data in the area of responsibility of Google. Information about the processing of personal data by Google can be found in Google’s data policy: https://policies.google.com/privacy?hl=de.

Google provides us with the analysis result created on base of this data (humans or automated program) only in aggregated, anonymized form. We cannot assign the information provided to us to any natural person.

The data controller of the reCAPTCHA v3 tool is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

(i) The purpose of integrating reCAPTCHA v3 is to enable Google to collect and process user data on our website to ensure the security of our website and users. The further purposes of the processing by Google are determined solely by Google (https://policies.google.com/privacy?hl=de).

(ii) We allow Google to collect HTTP data and usage data. We receive reCAPTCHA v3 analytics data from Google:

▪ HTTP data

HTTP data is log data that is technically generated when the website is called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also accrue on servers of service providers (e.g. when retrieving third-party content).

▪ Usage data

Usage data is data about your human interaction with the website and the associated parameters such as clicks on ads, mouse movements made or the time spent on the website.

▪ reCAPTCHA v3 Analysis data

The reCAPTCHA v3 analysis data is the evaluation of the data processed by Google as to whether the respective website visitor is a human or an automated program. This is completely anonymized analysis data. Google also shows us the number of requests to our site, the reCAPTCHA score distribution, the top 10 actions on our website and the top 10 actions with suspicious traffic.

(iii) The legal basis for enabling Google to collect personal data via our website is our legitimate interest pursuant to Article 6(1)(f) DS-GVO. Our legitimate interest is to protect our website and our customers from automated attacks by bots and malware.

(iv) The data is automatically provided by the user’s browser and generated independently by Google. We do not know whether Google uses other data sources.

(v) The recipient of the data collected via our website is Google Ireland Limited as the controller of the collection and processing of personal data. It cannot be ruled out that Google Ireland Limited will transfer personal data to the USA. As the independent data controller, Google Ireland Limited bears the responsibility for ensuring appropriate data protection guarantees for the

Data transfer. Regardless of this, we assume that such data transfer is justified based on Art. 6 (1) f, 49 (1) p. 1 d DS-GVO to ensure the protection of our website and your user data.

(vi) We do not collect or store this data independently. The collection and processing of this data is the responsibility of Google. According to Google, the individual reCAPTCHA v3 tokens are automatically deleted after 2 minutes. We have no knowledge of further details regarding the storage period.

(vii) Without disclosing personal data, the analysis of whether you as a website visitor are a person or a bot or malicious software is not possible by reCAPTCHA v3. Communication via the website without disclosing data is technically not possible.

(viii) The check by Google reCAPTCHA v3 is fully automatic and may in exceptional cases result in you not being able to register online. However, you have the option of contacting us by telephone at any time at +49 89 43 77 77 97 10.

 

3. Data transfer to third countries outside the EU (e.g. USA)

(i) We transfer your data to third countries outside the EU (e.g. USA) as part of certain analysis tools as described in this privacy policy. You will find a note in the corresponding declaration of an analytics tool.

(ii) The data transfer takes place based of your express consent pursuant to Art. 6 (1) a, 49 (1) p. 1 a DS-GVO, unless other legal bases are named in the descriptions of the individual tools.

(iii) There is no data protection adequacy decision on the part of the European Commission for the USA and many other countries outside the EU. In addition, there are no appropriate safeguards for these countries under the requirements of the GDPR. Legal enforcement may not be promising. There is a risk for you that government agencies may access personal data without us and/or you knowing about it. This may already happen during the transfer as such.

(iv) You can revoke your consent at any time, with effect for the future. To do so, please use the opt-out link of the respective tool or deactivate the sliders in the cookie dashboard.

 

4. Hosting

We use the web hosting provider Raidboxes for our website. The service provider is the German company Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany.

You can learn more about the data processed using Raidboxes in the privacy policy at https://raidboxes.io/legal/privacy/.

 

II. Lead generation & sales

2. Newsletter and personalization

(i) If you subscribe to our newsletter, we process your data for the purpose of sending you the newsletter with which we present interesting offers and provide you with comprehensive information about our products, services and the company. The newsletter is tailored to your interests based on your behavior.

(ii) The processed data are the name and email address of the newsletter subscribers as well as the time of registration and registration confirmation (double opt-in) and the IP addresses at the time of registration and registration confirmation. For personalizing the newsletter, we process the following data: Your interactions in the with the Unifits website or the test portal and interactions in the context of the newsletter (click behavior – opening the newsletter, products called up from newsletters as well as comparable information).

(iii) The legal basis for the processing of data for newsletters is your consent (Article 6(1)(a) DS-GVO). You have the right to revoke your consent at any time. Your revocation will not affect the lawfulness of the processing of your personal data until the revocation. You can declare the revocation by clicking on the link provided in each newsletter email, by email to office@unitifs.com or by sending a message to the contact details provided in the imprint.

(iv) The data is actively provided by the newsletter subscriber.

(v) We use service providers by way of order processing in the provision of services, in particular for the provision, maintenance and care of IT systems.

(vi) The deletion of personal data takes place upon unsubscription from the newsletter after 30 days at the latest. The IP address is deleted 14 days after collection.

(vii) Without providing your data, the newsletter cannot be sent to you.

(viii) No automated decision making takes place.

 

III. Cookies

We use cookies in connection with the site and the offers provided on the site. Cookies are small text files that can be stored in the browser on the user’s terminal device when visiting a website. If the website is called up again with the same end device, the information stored in the cookies can be read and processed. In doing so, we use processing and storage functions of the browser of your end device and collect information from the memory of the browser of your end device.

In the structure of our privacy information, we distinguish between technically necessary cookies, statistics cookies and marketing cookies.

There are several ways to distinguish cookies:

▪ On the one hand, the distinction between first- and third-party cookies, depending on where a cookie comes from:

First-party cookies are cookies that are set and accessed by the operator of the website as the controller or by a processor commissioned by the operator. Third-party cookies are cookies that are set and accessed by controllers other than the operator of the website who are not acting as processors on behalf of the operator of the website.

▪ In addition, a distinction can be made between transient and persistent cookies, depending on the validity period:

Transient cookies (session cookies) are cookies that are automatically deleted when you close your browser. Persistent cookies are cookies that remain stored on your terminal device for a certain period after you close your browser.

▪ Furthermore, a distinction can be made between cookies that do not require consent and those that do:

Depending on their function and purpose, the user’s consent may be required for the use of certain cookies. In this respect, cookies can be differentiated according to whether the user’s consent is required for their use.

The granting of your consent takes place by means of a so-called “cookie banner”:

When you access our website, we display a so-called “cookie banner”. In our cookie banner, you can declare your consent to the use of all cookies requiring consent on this website by pressing the “Accept” button. Without such consent, the cookies requiring consent will not be activated. By pressing the “Decline” button, you can also completely reject the use of cookies that require consent. This decision will be stored in a cookie. Alternatively, you have the option of accessing our “Cookie Dashboard” by clicking on the “Individual Settings” button. In the cookie dashboard, you can make an individual selection of cookies and customize them later. We store your cookie settings in the form of a cookie on your end device to determine whether you have already made cookie settings when you return to the website.

Cookies required for the function of the website cannot be disabled via the cookie management function of this website. However, you can generally disable these cookies in your browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. You can find more detailed information on this at http://www.allaboutcookies.org/ge/cookies-verwalten/, for example. However, we would like to point out that some functions of the website may not work or no longer work properly if you generally disable cookies in your browser.

 

1. Technically necessary cookies

a) Google Tag Manager

We use the Google Tag Manager (hereinafter: “Google Tag Manager”) on our website. The Google Tag Manager allows us to manage cookies and control their play out. We can thereby implement, for example, your consent, a revocation of consent or an opt-out. The Google Tag Manager does not set its own cookies and does not process any data stored in cookies.

(i) The purpose of the data processing is to control the playing of cookies on our website, as well as to ensure the security of the application.

(ii) The data processed are:

▪ HTTP data

HTTP data is log data that is technically generated when the website is called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

(iii) The legal basis for the processing is our legitimate interest under Article 6(1)(f) DS-GVO in the simple and reliable control of cookies.

(iv) The data is automatically provided by the user’s browser.

(v) The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland as our processor. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 (1) a, 49 (1) p. 1 a DSGVO. Corresponding information on the risks of such data transfers and revocation options can be found under B. I. 3. We have integrated the Tag Manager on our website in such a way that only a reference to an empty Tag Manager container is initiated without your consent. In this process, no personal data is transmitted to Google (only standard HTTP request logs, no IP address or other user-specific data that would allow you to be identified). The reading of the container and thus an exchange of personal data with Google only takes place once you have given your consent.

(vi) Server log data is deleted when it is no longer necessary for the purposes of the processing.

(vii) It is not possible to use the website without disclosing personal data such as the IP address. Communication via the website without disclosing data is technically not possible.

(viii) No automated decision making takes place.

 

b) Consent Manager

This website uses a Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie preferences.

Borlabs Cookie does not collect any personal data.

The borlabs-cookie cookie stores the consent you have given when you entered the website. If you wish to revoke these consents, simply delete the cookie from your browser. If you re-enter/reload the website, you will be asked again for your cookie consent.

Cookie Preferences

 

2. Statistics cookies

a) Google Analytics & Google Analytics 4

If you have given your consent to this, we use the web analysis tool Google Analytics & Google Analytics 4 (hereinafter: “Google Analytics”) on our website. With help of Google Analytics, we can examine the user behavior of visitors to our website in pseudonymized and anonymized form.

You can deactivate data processing by Google Analytics at any time in our “Cookie Dashboard”. Alternatively, you can install a browser plug-in from Google that prevents data collection by Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can prohibit the storage of cookies in the settings of your browser.

(i) The purpose of the data processing is to increase the efficiency of our use of resources for our web offering and our advertising measures, the yield of our services and the satisfaction of our visitors and (potential) customers by (usage-based) optimization of our web offering by measuring the use of our web offering and (usage-based) optimization of our advertising measures by measuring the success of the advertising media we use in our web offering (advertising media success control). We have also activated Google Signals. This setting only affects users who have activated “personalized ads” in their Google account. This allows us to track on an aggregate level how lead generation occurred for users across devices and use this information to play ads across devices. It also allows us to better target marketing campaigns to users who are likely to be interested in our campaigns based on interests and demographic information (provided you have also enabled “Marketing” in the cookie dashboard). We cannot draw any conclusions about the behavior of a specific person. For more information about Google Signals, please visit:

https://support.google.com/analytics/answer/7532985?hl=de#signedin

(ii) The data processed are:

▪ Google Analytics HTTP data

This is log data that is technically generated when using the Google Analytics web analysis tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

▪ Google Analytics end device data

Data generated by the Google Analytics web analysis tool and assigned to your terminal device: This includes a unique ID for (re)recognizing returning visitors (so-called “Client ID”) as well as certain technical parameters for controlling data collection for web analytics. In addition, a so-called “user ID” is stored for logged-in customers so that we can analyze how our website is used across devices (mobile web, desktop, etc.).

▪ Google Analytics measurement data

Device-related raw data (so-called “dimensions” and “measured values”) that are collected and analyzed by the web analysis tool Google Analytics when using our web offer: This includes, above all, information about the sources through which visitors reach our web offer, information about the location, the browser used and the end device used, information about the use of the website (in particular page views, call frequency and dwell time on accessed pages) as well as information about the fulfillment of certain goals (in particular leads). The data is in each case assigned to the client ID assigned to your end device. As a result, this creates device-related usage profiles in which all device-related raw data is combined into one client ID. The data we collect using Google Analytics does not enable us to identify you directly on a personal level (i.e., by your civil name). We also do not combine the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.

▪ Google Analytics report data

Data included in aggregated segment- and device-related reports generated by the Google Analytics web analytics tool based on analysis of raw device-related data.

In Google Analytics, we have four reporting categories at our disposal: Target group (location, browser, devices used as well as other device-related data), acquisition (sources through which visitors arrive at the web offer), behavior (information on calling up content of the web offer, in particular pages called up on the website or test portal, visit time, bounce rate), conversions (information on pre-configured targets, in particular leads).

(iii) The legal basis for the processing is Article 6(1)(a) DS-GVO (consent).

(iv) The data is automatically provided by the user’s browser.

(v) Recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU as part of order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 (1) a, 49 (1) p. 1 a DSGVO. Corresponding information on the risks of such data transfers and revocation options can be found under B. I. 3.

(vi) On this website, so-called IP anonymization is activated for the use of the web analysis tool Google Analytics. This means that the IP address transmitted by the browser for technical reasons is anonymized by shortening (deletion of the last octet of the IPv4 address or the last 80 bits of the IPv6 address) before storage. We store the remaining log data for a period of 26 months.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. If the data is not provided, we will not be able to perform web analysis using Google Analytics.

(viii) No automated decision making takes place.

 

b) Google Optimize

If you have given your consent, we use the Google Optimize tool (hereinafter “Google Optimize”) on our website, which is based on Google Analytics. Google Optimize allows us to compare user behavior on different designs of our website (so-called A/B testing).

You can disable data processing by Google Optimize at any time in our “Cookie Dashboard”. Alternatively, you can install a browser plug-in from Google that prevents data collection by Google Analytics and thus also Google Optimize: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can prohibit the storage of cookies in the settings of your browser.

(i) The purpose of the data processing is to increase the efficiency of our use of resources for our web offering and advertising activities, the yield of our services and the satisfaction of our visitors and (potential) customers. Google Optimize enables the performance of different tests with options for targeting URL, specific audiences, Google Ads, behavior, specific geographic areas, JavaScript variables, custom cookies, custom JavaScript, search parameters, data layer variables and UTM parameters.

(ii) The data processed are:

▪ Google Optimize HTTP data

This is log data that is technically generated when the Google Optimize A/B testing tool used on the website is used via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

▪ Google Optimize end device data

Data generated by the A/B testing tool Google Optimize and assigned to your end device: This includes a unique ID for (re-)recognizing returning visitors (so-called “Client ID”).

▪ Google Analytics measurement data

Device-related raw data (so-called “dimensions” and “measured values”), which are collected and analyzed by the web analysis tool Google Analytics, on which Google Optimize is based, when using our website: This includes, above all, information about the sources through which visitors reach our web offer, information about the location, the browser and the end device used, information about the use of the website (in particular page views, call frequency and dwell time on accessed pages), as well as information about the fulfillment of certain goals (in particular lead generation). The data is assigned to the client ID assigned to your end device in each case. As a result, device-related usage profiles are created in which all device-related raw data are combined into one client ID. The data we collect using Google Analytics does not enable us to identify you directly on a personal level (i.e., by your civil name). We also do not combine the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.

▪ Google Optimize test results

Data contained in aggregated segment- and device-related test results generated by the Google Optimize A/B testing tool based on analysis of raw device-related data.

(iii) The legal basis for the processing is Article 6(1)(a) DS-GVO (consent).

(iv) The data is automatically provided by the user’s browser.

(v) Recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU as part of order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 (1) a, 49 (1) p. 1 a DSGVO. Corresponding information on the risks of such data transfers and revocation options can be found under B. I. 3.

(vi) On this website, so-called IP anonymization is activated for the use of the web analysis tool Google Analytics and also for Google Optimize. This means that the IP address transmitted by the browser for technical reasons is anonymized by shortening (deletion of the last octet of the IPv4 address or the last 80 bits of the IPv6 address) before storage. The cookies lose their validity after 90 days.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. In the event that the data is not provided, we will not be able to perform web analysis using Google Optimize.

(viii) No automated decision making takes place.

 

3. Marketing cookies

a) Facebook pixel

If you have given your consent here, we use the so-called “Facebook pixel”. Cookies of Facebook Ireland Limited, (“Facebook”) are used for this purpose. The “Facebook Pixel” enables Facebook, among other things, to collect information about activities of users of our website. By integrating the “Facebook Pixel”, we enable Facebook to collect personal data. The collection and processing of this data takes place after your consent, exclusively in the area of responsibility of Facebook.

We have no knowledge of the details of the processing of personal data in the area of responsibility of Facebook. Information about the processing of personal data by Facebook can be found in Facebook’s data policy: https://de-de.facebook.com/about/privacy/.

Facebook provides us with the evaluations or further information created based on the collected data only in aggregated, anonymized form. We cannot assign the information provided to us to any natural person. We also use a tool from Smartly.io. We use this to display targeted advertising to Facebook users. Smartly.io has no access to personal data and only evaluates aggregated data. Facebook decides independently which users correspond to the target group. You can turn data processing by Facebook on or off at any time in our “Cookie Dashboard”. Alternatively, you can disable Facebook Pixel for the browser you are currently using by deactivating the storage of cookies in your browser settings.

The data controller is Facebook Ireland Limited, Harbour, D2, 4 Grand Canal Quay, Square, Dublin, Ireland.

(i) The purpose of the Facebook Pixel is to enable Facebook to collect and process user data on our website. The purposes of the processing by Facebook are determined solely by Facebook (https://de-de.facebook.com/about/privacy/).

(ii) The data processed are, according to Facebook:

▪ Facebook Pixel HTTP data

Log data that is technically generated when the Facebook pixel used on the website is used via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

▪ Facebook Pixel endpoint data

Data that is assigned to your end device by the Facebook pixel: This includes a unique ID for (re)recognizing returning visitors.

▪ Facebook Pixel Event Data

Data that Facebook collects through the Facebook pixel by associating it with the unique visitor ID of the respective visitor contained in the Facebook pixel end device data: This includes actions that take place on the website (so-called “events”). These include, for example, registration, the addition of payment information (payment method), the initiation of a registration, the execution of searches, the viewing of content. This also includes information associated with the respective actions recorded (so-called “parameters”). This includes, for example, the value of transacted leads, product ID and the status of the user as a new, existing customer or as a guest.

▪ Facebook Pixel Analytics Data

Data generated by Facebook based on the information collected by the Facebook Pixel and associated with the unique visitor ID of the respective visitor contained in the Facebook Pixel endpoint data: This includes information about the effectiveness of Facebook ads and associations of users with audiences for Facebook ads. Facebook may generate other data based on the collected information for its own purposes or for the purposes of third parties. We have no knowledge of the details of the data generated by Facebook.

(iii) The legal basis for allowing Facebook to collect personal data via our website is Article 6(1)(a) DS-GVO (consent). We do not carry out any processing of personal data in our area of responsibility. We have no knowledge of the details of the processing of data in Facebook’s area of responsibility, in particular of the legal basis used by Facebook for the processing.

(iv) The Facebook Pixel analytics data is generated independently by Facebook. We do not know whether Facebook uses other data sources.

(v) The recipient of the data collected via our website is Facebook Ireland Limited as the controller of the collection and processing of personal data. It cannot be ruled out that Facebook Ireland Limited will transfer personal data to the USA. As the independent controller, Facebook Ireland Limited bears the responsibility for ensuring appropriate data protection guarantees for the data transfer. The data will only be transferred if you have given us your consent to do so in accordance with Art. 6 (1) a, 49 (1) p. 1 a DSGVO. Corresponding information on the risks of such data transfers and revocation options can be found under B. I. 3.

(vi) We do not collect or store this data ourselves. The collection and processing of this data is the responsibility of Facebook. We have no knowledge about the storage period.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. If the data is not provided, Facebook cannot offer the Facebook Pixel function.

(viii) We do not use automated decision-making in our area of responsibility. We have no knowledge of the details of the processing of data in the area of responsibility of Facebook, in particular of any automated decision-making.

 

b) Google Conversion (Ads tracking)

If you have given your consent to this, we use Google Conversion Tracking on our website. Google Conversion allows us to monitor the success of ads placed via Google.

You can control the data processing by Google Conversion by switching Google Conversion on or off for the browser you are currently using in our “Cookie Dashboard”. You can also download and install the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can disable Google Conversion for the browser you are currently using by deactivating the storage of cookies in your browser settings.

(i) The purpose of data processing by Google Conversion is to be able to track the reach of ads placed via Google. When you click on our ad placed via Google, Google stores a cookie for conversion tracking on your terminal device. If you then visit our website linked in the ad and the cookie has not yet expired, we can recognize that you clicked on the ad and were redirected to our website. We can only recognize clicks on our own ads, not possible clicks on ads from other customers of Google. Google uses the cookies, among other things, to bill us for the costs of the ads. We receive the evaluations and other information only in aggregated anonymous form and cannot assign the information to any natural person.

(ii) The data processed are:

▪ Google Ads HTTP data

This is log data that is technically generated when using the Google AdWords tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

▪ Usage data

Usage data includes clicks on ads, time spent on the website, and information about websites visited.

▪ Conversion event

The conversion event summarizes the results of the conversion.

(iii) The legal basis for the processing of personal data via our website by Google Conversion is Article 6(1)(a) DS-GVO (consent).

(iv) The Ads Conversion Data is automatically provided by the User’s browser.

(v) Recipients of the data in the context of order processing are Google Ireland Limited

(Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service provider based in the EU. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 (1) a, 49 (1) p. 1 a DSGVO. Corresponding information on the risks of such data transfers and revocation options can be found under B. I. 3.

(vi) The cookies lose their validity after 18 months at the latest, do not contain any personal data apart from the cookie ID and are not used for personal identification.

(vii) The provision of the data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. If the data is not provided, we will not be able to perform ad tracking.

(viii) No automated decision making takes place.

 

c) Google Remarketing (Google Ads)

If you have consented to this, we use the so-called Google Remarketing (Google Ads) on our website. For this purpose, we store in a cookie on your terminal device that you have viewed our website and certain products. This allows us to show you personalized advertising for our products on other websites in the Google advertising network.

You can control the data processing by Google by turning Google Remarketing on or off for the browser you are currently using in our “Cookie Dashboard”. You can also download and install the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can disable Google Remarketing for the browser you are currently using by deactivating the storage of cookies in your browser settings.

(i) The purpose of data processing by Google Remarketing is to display targeted advertising to users via Google’s advertising network for products in which they have shown interest on our website. We can only recognize clicks on our own ads, not any clicks on ads of other customers of Google. Google uses the cookies, among other things, to bill us for the cost of the ads. We receive the evaluations and other information only in aggregated anonymous form and cannot assign the information to any natural person. In addition, we can analyze via a so-called floodlight pixel whether and how often a person has seen the advertisement.

(ii) The data processed are:

▪ Google Remarketing HTTP data

This is log data that is technically generated when using the Google Remarketing tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

▪ Usage data

Usage data includes clicks on ads, time spent on the website, information about websites visited and how often a user has seen the ad.

(iii) The legal basis for the processing of personal data via our website by Google Remarketing is Article 6(1)(a) DS-GVO (consent).

(iv) The Google Remarketing Data is automatically provided by the user’s browser.

(v) Recipients of the data are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU as part of the order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent to do so in accordance with Art. 6 (1) a, 49 (1) p. 1 a DSGVO. Corresponding information on the risks of such data transfers and revocation options can be found under B. I. 3.

(vi) The cookies usually lose their validity after 30-90 days, at the latest after 18 months, do not contain any personal data apart from the cookie ID and are not used for personal identification.

(vii) The provision of the data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide this data. If the data is not provided, we will not be able to carry out remarketing.

(viii) No automated decision making takes place.

 

d) Microsoft Advertising Conversion Tracking (formerly Bing Conversion)

If you have given your consent for this, we allow Microsoft Ireland Operations Limited (“Microsoft”) to collect data via our website for so-called “Microsoft Advertising Conversion Tracking”. Microsoft Advertising Conversion Tracking is an analysis service provided by Microsoft. When you click on an ad placed via Microsoft Advertising, Microsoft stores a conversion tracking cookie on your terminal device. If you subsequently visit the website linked to in the ad and the cookie has not yet expired, Microsoft and the company that placed the ad can recognize that you clicked on the ad and were redirected to the page. Microsoft’s advertisers can only recognize clicks on their own ads, not any clicks on ads from other customers. Microsoft uses the cookies, among other things, to bill its customers for the cost of ads. We do not receive any information from Microsoft with which we can personally identify one of our customers.

The collection and processing of this data is the sole responsibility of Microsoft. Microsoft provides us with evaluations or further information based on the collected data only in aggregated, anonymized form. We cannot attribute the information provided to us to any natural person. We have no knowledge of the details of the processing of personal data in Microsoft’s area of responsibility. Information about the processing of personal data by Microsoft can be found in the Microsoft Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement.

You can control Microsoft’s data processing by turning Microsoft Advertising Conversion Tracking on or off for the browser you are currently using in our “Cookie Dashboard”. Alternatively, you can disable Microsoft Advertising Conversion Tracking for the browser you are currently using by disabling the storage of cookies in your browser settings.

The data controller is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

(i) The purpose of Microsoft Advertising Conversion Tracking is to enable Microsoft to collect and process user data on our website. The purposes of Microsoft’s processing are determined solely by Microsoft: https://privacy.microsoft.com/de-de/privacystatement.

(ii) The data processed are, according to Microsoft:

▪ Microsoft Advertising HTTP data

This is log data that is technically generated when the Microsoft Advertising tool used on the website is used via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

▪ Usage data

Usage data includes clicks on ads, time spent on the website, and information about websites visited.

▪ Conversion event

The conversion event summarizes the results of the conversion.

 

(iii) The legal basis for Microsoft enabling the collection of personal data via our website is Article 6(1)(a) DS-GVO (consent). We do not carry out any processing of personal data in our area of responsibility. We have no knowledge of the details of the processing of data in Microsoft’s area of responsibility, in particular of the legal basis used by Microsoft for the processing.

(iv) The conversion tracking data is generated independently by Microsoft. We do not know whether Microsoft uses other data sources.

(v) The recipient of the data is Microsoft Ireland Operations Limited as the controller of the collection and processing of personal data by Microsoft Advertising Conversion Tracking. It cannot be ruled out that Microsoft Ireland Operations Limited will transfer personal data to the USA. As an independent data controller, Microsoft Ireland Operations Limited has the responsibility to ensure appropriate

data protection law guarantees for the data transfer. The data will only be transferred if you have given us your consent to do so in accordance with Art. 6 (1) a, 49 (1) p. 1 a DSGVO. Corresponding information on the risks of such data transfers and revocation options can be found under B. I. 3.

(vi) The cookies lose their validity after 30 days, do not contain any personal data apart from the cookie ID, according to Microsoft, and are not used for personal identification. We do not collect or store this data ourselves. The collection and processing of this data is the responsibility of Microsoft.

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. In the event that the data is not provided, Microsoft will not be able to perform conversion tracking.

(viii) We do not use automated decision-making in our area of responsibility. We have no knowledge of the details of the processing of data in Microsoft’s area of responsibility, in particular of any automated decision-making.

 

d) LinkedIn Insight Tag

We use the conversion tracking tool LinkedIn Insight Tag on our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The company LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible for the data protection-relevant aspects in the European Economic Area (EEA), the EU and Switzerland.

LinkedIn also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

LinkedIn uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, LinkedIn undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about LinkedIn’s standard contractual clauses can be found at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs.

You can learn more about LinkedIn Insight-Tag at https://www.linkedin.com/help/linkedin/answer/a427660. You can also learn more about the data processed using LinkedIn Insight-Tag in the privacy policy at https://de.linkedin.com/legal/privacy-policy.

 

4. Cookie dashboard

The following settings are automatically saved as soon as you switch to another sub-website or simply continue surfing.

You can absolutely refuse the use of cookies and other technologies or make individual settings and revoke your consent at any time here: https://unifits.com/privacy-policy/

 

C. Information on rights of the data subjects

As a data subject, you have the following rights in relation to the processing of your personal data:

▪ Right of access (Article 15 DS-GVO)

▪ Right of rectification (Article 16 DS-GVO)

▪ Right to erasure (“right to be forgotten”) (Article 17 DS-GVO)

▪ Right to restrict processing (Article 18 DS-GVO)

▪ Right to data portability (Article 20 DS-GVO)

▪ Right to object (Article 21 DS-GVO)

▪ Right to withdraw consent (Article 7(3) DS-GVO)

▪ Right to complain to the supervisory authority (Article 77 DS-GVO)

 

To exercise your rights, you may contact us at the addresses listed in Section A.

contact information to us. You can read the full extent of your rights to the

text of the General Data Protection Regulation, which you can find at the following link

can access: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

 

For information on any specific modalities and mechanisms to facilitate the exercise of your rights, to exercise your rights to data portability and to object, please refer to the information on the processing of personal data in Section B of this Privacy Information, where applicable.

Below you will find more detailed information about the processing of your personal data.

 

I. Right to information

As a data subject, you have a right to information under the conditions of Article 15 DS-GVO.

This means that you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you also have a right of access to this personal data and to the information listed in Article 15(1) DS-GVO. This includes, for example, information about the purposes of processing, about the categories of personal data that are processed and about the recipients or categories of recipients to whom the personal data have been or will be disclosed (Article 15(1)(a), (b) and (c) DS-GVO).

 

II. Right to rectification

As a data subject, you have a right to rectification under the conditions of Article 16 DS-GVO.

This means that you have the right to demand that we correct any inaccurate personal data relating to you and complete any incomplete personal data without undue delay.

 

III. Right to erasure (“right to be forgotten”)

As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions of Article 17 DS-GVO.

This means that you generally have the right to request that we delete personal data relating to you without undue delay, and we are obliged to delete personal data without undue delay if one of the reasons listed in Article 17(1) DS-GVO applies. This may be the case, for example, if personal data are no longer necessary for the purposes for which they were collected or otherwise processed (Article 17(1)(a) DS-GVO).

Where we have made the personal data public and we are obliged to erase it, we are also obliged to take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform other data controllers which process the personal data that a data subject has requested that they erase all links to or copies or replications of that personal data (Article 17(2) of the GDPR).

The right to erasure (“right to be forgotten”) does not exceptionally apply insofar as the processing is necessary for the reasons listed in Article 17(3) DS-GVO. This may be the case, for example, to the extent that processing is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims (Article 17(3)(a) and (e) of the GDPR).

 

IV. Right to restriction of processing

As a data subject, you have a right to restrict processing under the conditions of Article 18 of the General Data Protection Regulation.

This means that you have the right to demand that we restrict processing if one of the conditions listed in Article 18(1) DS-GVO applies. This may be the case, for example, if you dispute the accuracy of the personal data. In this case, the restriction of processing will take place for a period that allows us to verify the accuracy of the personal data (Article 18(1)(a) DS-GVO ).

Restriction means the marking of stored personal data with the aim of limiting their future processing (Article 4 number 3 DS-GVO ).

 

V. Right to data portability

As a data subject, you have a right to data portability under the conditions of Article 20 DS-GVO.

This means that, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out with help from automated procedures (Article 20(1) of the GDPR).

For information on whether processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, please refer to the information on the legal bases for processing in Section B of this Privacy Information.

When exercising your right to data portability, you also have, the right to obtain that the personal data be transferred directly from us to another controller, insofar as this is technically feasible (Article 20(2) DS-GVO).

 

VI. Right of objection

As a data subject, you have the right to object under the conditions of Article 21 DS-GVO.

We will expressly inform you as the data subject of your right to object at the latest at the time of the first communication with you.

Below you will find more detailed information on this:

 

1. right to object on grounds relating to the particular situation of the data subject.

As a data subject, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out based of Article 6(1)(e) or (f) of the DS-GVO; this also applies to profiling based on these provisions.

For information on whether processing is based on Article 6(1)(e) or (f) of the GDPR, please refer to the information on the legal bases for processing in Section B of this Privacy Information.

In the event of an objection on grounds relating to your particular situation, we shall no longer process the personal data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

 

2. right to object to direct marketing

If personal data is processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

For information on whether and to what extent personal data is processed to carry out direct marketing, please refer to the information on the purposes of processing in Section B of this Privacy Information.

In the event of an objection to processing for direct marketing purposes, we will no longer process the personal data concerned for these purposes.

 

VII. Right to revoke consent

If the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, you as the data subject have the right to withdraw your consent at any time pursuant to Article 7(3) of the GDPR. The revocation of consent does not affect the lawfulness of the processing carried out based of the consent until the revocation. We will inform you of this before you give your consent.

For information on whether processing is based on consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR, please refer to the information on the legal bases for processing in Section B of this Privacy Information.

 

VIII. Right to complain to a supervisory authority

As a data subject, you have the right to lodge a complaint with a supervisory authority under the conditions of Article 77 DS-GVO.

The supervisory authority responsible for us is:

Austrian authorithy for data security

Barichgasse 40-42, 1030 Wien, Österreich

Contact: +43 1 52 152-0, dsb@dsb.gv.at

 

D. Information on the technical terms of the General Data Protection Regulation used in this data protection information

The technical terms used in this data protection information have the underlying meaning in the GDPR.

For the full scope of the definitions of the General Data Protection Regulation, please refer to Article 4 of the GDPR, which can be found at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

More detailed information on the most important technical terms of the General Data Protection Regulation used in this data protection information is provided below:

[If the information is presented in multiple layers (“Layered Information”), the following information could be hidden on the first layer].

▪ “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

▪ “Data subject” means the identified or identifiable natural person to whom personal data relate;

▪ “Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

▪ “Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location;

Controller’ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;

▪ “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

▪ “Recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules pursuant to the purposes of the processing;

▪ “Third party” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor;

▪ “International organization” means an organization under international law and its subordinate bodies or any other body established by or based of an agreement concluded between two or more countries;

▪ “Third country” means a country that is not a member state of the European Union (“EU”) or the European Economic Area (“EEA”);

▪ “Special categories of personal data” means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data, or data concerning a natural person’s sex life or sexual orientation.

 

E. Status and amendment of this privacy information

This data protection information has the status May 20th, 2022.

Due to technical developments, changes in the function of the website and/or due to changes in legal and/or regulatory requirements, it may become necessary to adapt this data protection information. The current data protection information can be accessed at any time at https://unifits.com/de/datenschutz/.

Would you like to learn more about testing of ISO 20022 based systems? Let’s get in touch.


    Yes, I want a 30-day-free-trial