Privacy Notice

Information Regarding Data Protection on the SupplyOn-websites

Version 4.1 from Feb. 19, 2025

1. Name and Contact Details of the Controller

SupplyOn AG
Ludwigstrasse 49
85399 Hallbergmoos
Telephone: +49 811 99997 0
E-Mail: datenschutz@supplyon.com

2. Contact Details for the Controller’s Data Protection Officer

Data Protection Officer for SupplyOn is
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
Telephone: +49 931 304976 0
E-Mail: datenschutz@supplyon.com

3. Purposes of Processing & Legal Basis

i. Collection and Processing of Your Personal Data

In general, you can visit our site without providing any personal data. Personal data is only collected and further processed if you provide it, for example when contacting us via email, filling out a web form, logging in or registering for a training course, webinar or event. This personal data will of course be kept confidential. Processing is strictly limited to the purpose for which you provided the data. The legal basis for the legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

If you decide to become our contractual partner, we will collect, process and use your personal data within the framework of the contractual relationship on the basis of Art. 6 para. 1 lit. b GDPR. You will be informed by us -upon conclusion of the contract- regarding the purposes, scope of the collection, processing and use of your data.

ii. Usage Data

When you visit our website, the web servers of our providers store the following data: the IP address of your internet service provider or proxies, the session cookies, the web browser used, the website you are visiting from, the pages you visit on our site, the date and time of access, the amount of data transferred and the access status (e.g. page found/not found).

This information is mandatory for the technical transmission of the website and for secure server operations. This data is only evaluated for operational and statistical purposes. Such evaluations allow us to operate our websites safely and to optimize them for your needs. A personalized evaluation or passing on of the data to third parties, for commercial or non-commercial purposes, does not take place. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

We erase the usage data as soon as it is no longer required for processing or use of the website.

iii. Technically required cookies

When using our Internet presence and in other web-based offers we use session cookies to identify your user session. Cookies are small text files that are stored locally in the cache of the visitor’s Internet browser. This gives your browser a unique identifier which enables bidirectional communication between your browser and our application. The session cookies mentioned here are required for use. We do not use these required cookies for analysis, tracking or advertising purposes. Sometimes these cookies only contain information on certain settings and cannot be related to a specific person. They may also be necessary to enable user guidance, security and operation of the site.

You can set your browser settings so that it informs you about the placement of cookies. This provides you with transparent information on how cookies are used. It is possible to deactivate cookies in your browser settings. However, after deactivation, it is no longer possible to log in to the SupplyOn-Portal, register for or access trainings. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

You are responsible for deleting the cookies that have been transferred by your browser. You should configure your browser so that cookies are automatically deleted when you close your browser. Please note that the deletion of cookies when you close your browser may also include so-called opt-out cookies.

iv. Voluntary Cookies | Tracking

For a demand-oriented design when using our internet presence and in further web-based offers we use the web analysis tool “Matomo”. Matomo creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read out by us. In this way we are able to recognize recurring visitors and to count.

We use a consent management platform (consent or cookie banner) on our websites to help you manage your decision (consent granted or not granted). The processing in connection with the use of this consent management platform and the logging of the settings you have made is carried out on the basis of Art. 6 (1) point f GDPR, in our legitimate interest in presenting our content in line with your preferences and being able to demonstrate the consent(s) you have given. The settings you have made, the consent you have given and parts of your usage data are stored in a cookie. This means that it is retained for subsequent page requests and your consent can continue to be tracked. You can find more information on this under the heading “required cookies”.

We use the web analysis tool “Matomo” to design our websites to meet your needs. Matomo creates user profiles based on pseudonyms. To do this, permanent cookies are stored on your end device and read by us. This enables us to recognize returning visitors and count them as such. The data processing is carried out on the basis of your consent, provided that you have given your consent via our banner. You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner. The cookies that have been set will generally be deleted or no longer processed after you have withdrawn your consent. The data processing is carried out on the basis of your consent in accordance with Article 6 (1) (1) (a) GDPR, provided that you have given it via our consent banner. If we use voluntary cookies and similar techniques in the context of integrating the Matomo service, this is done in accordance with § 25 para. 1 TDDDG (formerly TDDSG). Your consent is voluntary and can be freely withdrawn at any time with effect for the future. Without your explicit consent, SupplyOn only uses technically necessary cookies. With your consent, we also use cookies for marketing and statistical purposes.

You can download and manage a list of all cookies here.

You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings.

v. Contact forms

You have the option of contacting us using various contact forms on our website https://www.supplyon.com/. To use a contact form, we require the data marked as mandatory fields in the respective case. The following information may be requested (not exhaustive):

– First name
– Last name
– Title
– Academic title
– Job title
– Department / function
– Company
– E-mail address
– Telephone number
– Region (place of work)
– Comment (your message to us)
– Event-relevant information

Which personal data in particular may be collected as mandatory information depends on the respective context of your request, e.g. contact request, demo request, whitepaper, events etc. and is marked in the corresponding contact form.

We use your personal data in principle for the purpose of contract initiation with you on the basis of Art. 6 para. 1 sentence 1 lit. b) or f) GDPR, to answer your request and to get in contact with you. Our legitimate interest is answering your questions in the context of a possible contract initiation for the commissioning of our services. If we wish to use your personal data for other purposes in addition to this, we collect your data from the outset on the basis of your voluntary consent in accordance with Art. 6 (1) a), 7 GDPR.

Your data will be processed to answer your specific request. We will delete your data if it is no longer required and there are no legal obligations to retain it. Insofar as your data transmitted via the contact form is processed on the basis of Art. 6 (1) point f GDPR, you may object to the processing at any time. In addition, you can revoke your consent to the processing of the voluntary information at any time. To do so, please contact the e-mail address given in the imprint.

Your data will be stored in our CRM system, which is managed by a US service provider, for the duration of the processing of your request. We have, of course, ensured an appropriate level of data protection with this service provider through contractual safeguards.

In addition to the contact forms on our website, you also have the option of contacting us via third-party providers, such as LinkedIn (Leadgen Forms or Livestorm). In these cases, you authorize the transfer of your personal data by the third-party provider on the basis of your voluntary consent in accordance with Art. 6 (1) a), 7 GDPR. In the respective contact form, you will find a reference to our data protection information, which is decisive for further processing from the time we receive your data. Until your personal data is transferred to us, the data protection information of the respective responsible party applies.

vi. Newsletter

Within the scope of our SupplyOn-Services, we offer you the possibility to be informed about SupplyOn news. If you have given us permission to send you information about SupplyOn’s news via e-mail, your data will be processed on the basis of Art. 6 para. 1 sent. 1 lit. a GDPR. Furthermore, on this same basis, with your consent, we can trace whether you have opened the e-mail containing our newsletter (email tracking). As a user of SupplyOn-Services, you can revoke your consent at any time by editing the data protection settings in your user profile, although this does not affect the legality of any processing which took place prior to the revocation of your consent. Alternatively, you can revoke your consent by sending an e-mail to datenschutz@supplyon.com or by clicking on the appropriate link at the end of the e-mail. If consent is revoked, we will discontinue processing the concerned data.

vii. Support Form

We require the following information in order to use our support form:

1. First and last name
2. Your company
3. Your customer, who you collaborate with via SupplyOn
4. Email address and telephone number
5. Subject area and priority of your request
6. Support Center
7. Your message (support request)
8. optional file attachments you would like to send us in connection with your support request (e.g. screenshots)

Your data will be processed in the relevant ticket system. The ticket systems used are managed by our service providers, who work for us according to instructions within the framework of commissioned data processing to process your inquiry. Contractual safeguards are in place with our service providers to ensure that appropriate security measures and an appropriate level of data protection is in place. We use your data exclusively for the processing of your inquiry. The legal basis for the processing of your personal data within this framework can be found in Art. 6 para. 1 lit. f GDPR.

viii. Share Function in the SupplyOn Corporate Blog

In order to protect your personal data, we do not integrate any social plugins directly into our website. When you access our websites, no data is transmitted to social media services such as Facebook, Twitter, XING or Google+. Therefore, it is not possible for third parties to create a profile.

However, you still have the opportunity to easily share articles from our corporate blog through social media outlets such as Facebook, Twitter, XING or Google+. The Share button sends a link to the selected social media platform. To share it with your network, you must be signed in to the appropriate social media service.

ix. Integrated Videos

On some pages of our website we embed YouTube videos that are not are stored on our servers. In this way the call of our web pages with embedded videos does not automatically cause content of the third parties to be loaded, we will show only local data in a first step stored preview images of the videos. This gives the third party provider no information. Only after a click on the preview image, contents of the third party reloaded. Through this the third party provider receives the information that you have downloaded our page and the technically required information in this context usage data. We have referred to the further data processing by the Third party providers have no influence. By clicking on the preview picture you give us the consent to reload contents of the third party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, if you have given your consent by clicking on the preview picture have. Please note that the embedding of many videos leads to your data is processed outside the EU or the EEA. In some countries there is a risk that the authorities will access the data on security and safety measures monitoring purposes without informing you about this or have the right to appeal. Provided that we have suppliers in unsafe third countries and you agree, the transmission will take place in an insecure Third country on the basis of Art. 49 para. 1 lit. a GDPR. If you are a thumbnail, the contents of the third-party provider are immediately displayed in the reloaded. If you do not wish such reloading on other sites, please do not click on the thumbnails anymore.

4. Recipients of Personal Data and Service Providers Outside of the EU/EEA

Your personal data as a visitor to our website may be passed on to service providers. These service providers will either act under strict instructions within the framework of a commissioned data processing agreement pursuant to Art. 28 GDPR or we will transmit your personal data on the legal basis of Art. 6 para. 1 GDPR. Insofar as the service providers providing support have their headquarters outside the EU/EEA, we have ensured the legality of the data transfer by means of suitable guarantees (e.g. by means of corresponding EU standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR).

5. Criteria for the Erasure of Data

We delete your personal data, obtained during your visit to our website, when the basis for processing no longer applies. You can find more details regarding this under the above-mentioned purposes.

6. Existing Rights: Access, Rectification, Erasure, Restriction, Objection, Data Portability, Complaint to a Supervisory Authority

Data subjects have the right to be informed by the controller about the personal data concerning them and to have incorrect data corrected or deleted, if one of the reasons stated in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. They have also the right to limit the processing if one of the conditions mentioned in Art. 18 GDPR is present and in the cases of Art. 20 GDPR the right to transfer data. If data is collected on the basis of Art. 6 para. 1 lit. e (data processing for the fulfilment of official tasks or the protection of the public interest) or lit. f (data processing to pursue legitimate interests), the data subject has the right to object to the processing at any time for reasons arising from his/her particular situation. We will then no longer process the personal data unless there are verifiable compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend a legal claim.

Furthermore, any data subject shall have the right to complain to a supervisory authority if he or she considers that the processing of data concerning him or her is in breach of data protection provisions. In particular, the right of appeal may be exercised before a supervisory authority in the Member State in which the data subject is residing or in which the alleged infringement took place. The competent supervisory authority for SupplyOn is the Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Germany.

7. Consequences of Not Providing Personal Data

The disclosure of your personal data is neither required by law, nor by contract, nor is it necessary to conclude a contract. As a user of the SupplyOn-Websites, you are not obliged to provide your personal data. The consequence of not providing your personal data could be that certain content and services on the SupplyOn-websites cannot be used and the convenience of using the SupplyOn-websites may be limited.