UNIC RN
Privacy Policy
EU (2000/31/EC)
DE "§ 5 TMG", "§ 55 Abs. 2 RStV"
CA (CASL)
RO 365/2002
USA (CalOPPA)
UNICORN STC takes the protection of personal data very seriously. We want you to know when we store which data and how we use it. As a private company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the supplementary regulations of the Federal Data Protection Act (BDSG-new).
1. Responsible person
The person responsible in accordance with Art. 4 Para. 7 GDPR and other national data protection laws of the member states of the European Union as well as other data protection regulations is
2. Data protection officer
3. Definitions
In our data protection declaration we use terms that are used and defined in the GDPR. So that you know what this means, we would like to explain the most important terms.
3.1 Personal Data
Personal data is any information that relates to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or one or more special characteristics , which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
3.2 Processing
Processing is any operation or series of operations carried out on personal data, whether or not by automated means. This basically includes any handling of personal data such as collecting, storing, changing, using, transmitting, distributing, deleting or destroying, etc.
3.3 Person responsible
The person responsible is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. The person responsible must ensure the admissibility of data processing by using technical and organizational measures that are regularly checked.
3.4 Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
3.5 Processor
A processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the controller.
3.6 Recipients
The recipient is a natural or legal person, public authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
3.7 Third Party
Third party is a natural or legal person, authority, institution or other body, other than the data subject, the person responsible, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.
3.8 Consent
Consent is an expression of self-determination under data protection law. It is the voluntary, specific, informed and unambiguous expression of will in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that he or she consents to the processing of personal data concerning him or her. Consent given can be revoked at any time.
4. General information on data processing
4.1 Scope of processing of personal data
In principle, we only process your personal data to the extent that this is necessary to provide our online offers, content and services. The collection and use of your personal data usually only takes place with your consent or if the processing of the data is permitted by legal regulations.
4.2 Legal basis for processing personal data
In data protection, the so-called ban with reservation of permission applies. Accordingly, the processing of personal data is fundamentally unlawful unless the data subject has consented or it is legitimized by a legally regulated reason for permission. We are obliged to inform you about the legal basis for data processing.
If we obtain your consent for the processing of personal data, Art. 6 Para. 1 lit. a GDPR serves as the legal basis.
For processing operations that are necessary to fulfill a contract concluded between you and us or to carry out pre-contractual measures, Art. 6 Para. 1 lit. b GDPR serves as the legal basis.
If the processing of personal data is necessary to fulfill a legal obligation to which we are subject, such as statutory retention and storage obligations, Article 6 (1) (c) GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR is the legal basis.
If the processing is necessary to protect our or a third party's legitimate interests and your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, the processing of personal data is legitimized by Article 6 Paragraph 1 Letter f of the GDPR.
If cookies or cookie-like technologies are used as part of data processing, information is stored in the end user's end device or access to information already stored in the end user's end device is carried out in accordance with Section 25 Paragraph 1 TTDSG in conjunction with Article 6 Paragraph. 1 lit. a GDPR and further data processing in accordance with Article 6 Paragraph 1 GDPR.
If the use of cookies is absolutely necessary, this is carried out on the basis of Section 25 Paragraph 2 TTDSG and further data processing in accordance with Article 6 Paragraph 1 GDPR.
4.3 Transfer of personal data to third parties and processors
In principle, we do not pass on any personal data to third parties without your express consent. If, as part of the processing, we nevertheless disclose your data to third parties, transmit it to them or otherwise grant them access to the data, this will also be done exclusively on the basis of one of the legal bases mentioned. We transmit data e.g. B. to payment service providers if this is necessary to fulfill the contract. If we are obliged to do so by law or court order, we must transmit your data to authorized bodies.
We sometimes use carefully selected external service providers to process your data. If data is passed on to service providers as part of so-called order processing, this is done on the basis of Art. 28 GDPR. Our processors are carefully selected, are bound by our instructions and are regularly checked by us. We only commission processors who offer sufficient guarantees that appropriate technical and organizational measures are taken so that processing is carried out in accordance with the requirements of the GDPR and BDSG-new and ensures the protection of your rights.
4.4. Data transfer to third countries
The GDPR guarantees an equally high level of data protection within the European Union. When selecting our service providers and cooperation partners, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we process data outside the European Union or the European economic area processed as part of the use of third-party services.
We only allow your data to be processed in a third country if the special requirements of Art. 44 ff. GDPR are met. As a rule, we will ask for your consent in accordance with Art. 49 GDPR. Alternatively, the processing of your data can take place on the basis of special guarantees, such as the determination of a data protection level that corresponds to the EU, which is officially recognized by the EU Commission, the Data Privacy Framework (DPF) or compliance with officially recognized special contractual obligations, so-called “standard contractual clauses”. .
4.5 Deletion of data and storage period
As soon as the purpose for storage no longer applies, we will delete or block your personal data. However, storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other regulations to which we are subject. This concerns e.g. B. Data that must be retained for commercial or tax reasons, such as invoice data for subscriptions. Your data will be blocked or deleted when a storage period prescribed by these regulations expires, unless there is a need for further storage of the data to conclude or fulfill a contract.
4.6 Existence of automated decision making
We do not use automatic decision-making or profiling.
5. Rights of those affected
If your personal data is processed, you are the data subject within the meaning of the GDPR. You have the following rights towards us as the person responsible:
5.1 Right to revoke a declaration of consent under data protection law
If the processing of personal data is based on consent given, you have the right to revoke this consent at any time. The revocation does not affect the lawfulness of the processing carried out based on the consent up to the revocation.
5.2 Right to information
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you can request information about the following information:
the processing purposes;
the categories of personal data
being processed;
the recipients or categories of recipients
to whom the personal data has been or will be disclosed, whereby
in connection with the transfer to a third country or to an
international organization you also have the right to be informed
about the appropriate guarantees in accordance with Art. 46 GDPR
to become;
if possible, the planned period for which the
personal data will be stored or, if this is not possible, the
criteria for determining that period;
the existence of a
right to rectification or deletion of personal data concerning you
or to restriction of processing by us or a right to object to such
processing;
the existence of a right to lodge a complaint
with a supervisory authority;
if the personal data is not
collected from you, all available information about the origin of
the data;
the existence of automated decision-making,
including profiling, in accordance with Article 22 paragraphs 1
and 4 GDPR and - at least in these cases - meaningful information
about the logic involved and the scope and intended effects of
such processing for the data subject.
We will provide you
with a copy of the personal data that is the subject of processing
within one month of receiving your request for information. We may
charge a reasonable fee based on administrative costs for any
additional copies you request. If you submit the application
electronically, we will provide you with the information in a
commonly used electronic format unless you indicate otherwise.
5.3 Right to rectification
You have the right to request that we correct your personal data immediately if it is inaccurate. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary statement.
5.4 Right to deletion (“right to be forgotten”)
You have the right to request that we delete personal data relating to you immediately and we are obliged to delete personal data without delay if one of the following reasons applies:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent to this processing and there is no other
legal basis for the processing.
You object to the processing
and there are no overriding legitimate reasons for the processing,
or you object to the processing.
The personal data was
processed unlawfully.
The deletion of personal data is
necessary to fulfill a legal obligation under Union law or the law
of the member states.
The personal data was collected in
relation to information society services offered in accordance
with Article 8 Para. 1 GDPR.
If we have made the personal
data concerning you public and we are obliged to delete it, we
will take appropriate measures, including technical measures, to
inform those responsible for data processing who process the
personal data, taking into account the available technology and
the implementation costs that you have requested that you delete
all links to this personal data or copies or replications of this
personal data.
The right to deletion (“right to be forgotten”) does not apply if processing is necessary:
to exercise the right to freedom of expression and information;
to
comply with a legal obligation that requires processing under the
law of the Union or Member States to which we are subject, or to
carry out a task carried out in the public interest or in the
exercise of official authority vested in us;
for reasons of
public interest in the field of public health in accordance with
Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3
GDPR;
for archiving purposes in the public interest,
scientific or historical research purposes or for statistical
purposes in accordance with Article 89 (1) GDPR, insofar as the
right to erasure is likely to make the achievement of the
objectives of this processing impossible or seriously impaired,
or
to assert, exercise or defend legal claims.
5.5 Right
to restrict processing
You have the right to request that we restrict the processing of your personal data if one of the following conditions applies:
You contest the accuracy of the personal data concerning you for a
period enabling us to verify the accuracy of the personal data;
the
processing is unlawful and you request the restriction of the use
of the personal data instead of deletion;
we no longer need
the personal data for the purposes of processing, but you need it
to assert, exercise or defend legal claims, or
You have
objected to the processing until it is clear whether our
legitimate reasons outweigh your reasons.
If processing has
been restricted in accordance with the above conditions, these
personal data - apart from their storage - will only be used with
your consent or to assert, exercise or defend legal claims or to
protect the rights of another natural or legal person or for
reasons of important importance processed for the public interest
of the Union or a member state.
If the restriction on processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.
5.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and is carried out using automated procedures.
When exercising your right to data portability, you can request that the personal data be transmitted directly from us to another person responsible, to the extent that this is technically feasible. Exercising the right to data portability does not affect the right to deletion (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task entrusted to us, which is in the public interest or in the exercise of official authority.
5.7 Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR. This also applies to profiling based on these provisions. We then do not process the personal data more, unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct advertising purposes, the personal data will no longer be processed for these purposes.
In connection with the use of information society services, notwithstanding the ePrivacy Directive, you may exercise your right to object through automated procedures using technical specifications.
5.8 Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
is necessary for the conclusion or performance of a contract
between you and us,
is permitted by the laws of the Union or
the member states to which we are subject and these laws contain
appropriate measures to safeguard your rights and freedoms and
your legitimate interests or
with your express consent.
We
take appropriate measures to protect your rights and freedoms as
well as your legitimate interests, which include at least the
right to obtain human intervention on the part of the controller,
to express one's own point of view and to challenge the
decision.
5.9 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged violation, if you believe that the processing of personal data concerning you violates the GDPR violates.
6. Use of our online offerings
In principle, you can use our online offering without disclosing your identity. In this section we will explain to you when and in what context we process data when using our online offerings, which offers from service providers and cooperation partners we have implemented, how they work and what happens to your data.
6.1 Data collection when you visit our websites
If you use our websites purely for information purposes, i.e. you do not register, enter into a contract with us or otherwise disclose information to us, we only collect the personal data that your browser transmits to our servers. When you access our websites, we collect the following data that is technically necessary for us to be able to display our websites to you and to ensure stability and security.
IP address of the user
Date and time of the request
Content
of the request (specific page)
Access status/HTTP status
code
amount of data transferred in each case
Website
from which the request comes
User's operating system
Language
and version of the browser software.
The collection of data
is necessary to display the websites and the storage of the data
in log files is necessary for the operation of our websites and
maintaining IT security.
This data is temporarily stored in the log files of our system for a maximum period of ninety days. Storage beyond this is possible, but in this case the IP addresses are shortened so that it is no longer possible to assign the calling client and the data is anonymized.
The storage of information in the end user's device or access to information takes place in accordance with Section 25 Paragraph 2 TTDSG. Data processing is carried out on the basis of our legal obligation to ensure IT security in accordance with Article 6 Paragraph 1 Letter c) in conjunction with Article 32 GDPR.
6.2 Registration function / customer account
You can optionally create user accounts for our online offerings
in order to use certain content and services of our online
offerings.
Which personal data is transmitted to us and
stored depends on the respective input mask and the information
provided during registration. The data entered during registration
will be used for the purposes of using our offers. You have the
option of changing your user account at any time to terminate. In
this case, your data will be deleted unless we are obliged to
retain it for commercial or tax reasons.
If the registration serves to fulfill a contract to which you are a party or to carry out pre-contractual measures, the legal basis for the processing of the data is Article 6 (1) (b) GDPR.
As part of the use of our registration and login functions and the use of the user account, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests and serves to protect against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation. The legal basis for this recording and storage is Article 6 Paragraph 1 Letter c GDPR. The IP addresses will be anonymized or deleted after ninety days at the latest.
6.3 Contact forms and email contact
On our online offerings you will find contact forms and email links (mailto) that can be used for electronic contact. In this way, we fulfill, among other things, the legal requirement to enable rapid electronic contact with us in accordance with Article 6 (1) (c) GDPR. If your request relates to the fulfillment of a contract or the implementation of pre-contractual measures, processing will take place in accordance with Article 6 (1) (b) GDPR. Otherwise, the processing is based on our legitimate interest in effectively processing the inquiries addressed to us in accordance with Article 6 (1) (f) GDPR. The personal data transmitted in the course of your respective request will only be processed for a specific purpose. We delete the requests if they are no longer necessary and no legal archiving obligations apply.
6.4 User comments and contributions
As a registered user, you have the opportunity to leave comments on individual content of our online offerings and posts in our forum. We will then record your IP addresses and the time of publication on the basis of the user agreement in accordance with Art. 6 Para. 1 lit. b. Save GDPR for seven days. This is done for security reasons if the rights of third parties are violated in comments and posts or illegal content is left (insults, slander, hateful content, etc.) as well as for IT security reasons.
Remember that comments and posts as well as the username are accessible to everyone. You should carefully check your contributions before publishing them to ensure that they do not contain information that is not intended for the public. You must expect that your contributions will be recorded in search engines and will be accessible even without specifically calling up our website.
6.5 Newsletters
In some areas of our online offerings, we offer you the opportunity to subscribe to one of our free email newsletters. We only send these newsletters with your consent or based on legal permission. When you register for a newsletter, the data from the input mask (name and email address) is transmitted to us and stored for as long as the subscription to the newsletter is active.
Your consent will be obtained for the processing of this data for the purpose of sending newsletters and reference will be made to this data protection declaration. We use the so-called double opt-in procedure for the registration process. Once you have registered, you will receive an email in which you must click on a link to confirm your registration. This is how we prevent unauthorized third parties from logging in using your email address. We record the registration process in order to be able to provide evidence of the process in accordance with legal requirements. The IP address of the accessing device, the date and time of registration are stored. The data you provide will be stored for as long as your subscription to the newsletter is active. You can cancel the subscription at any time. For this purpose, there is a corresponding unsubscribe link in every newsletter. This also makes it possible to revoke your consent. The legal basis for the processing of your data if you have given your consent to receive newsletters is Article 6 (1) (a) GDPR.
If you purchase goods or services on our online offerings and provide your email address, we reserve the right to use this to send newsletters with direct advertising for our own similar goods or services. This serves to protect our legitimate interests in advertising to our users, which predominate in the context of a balancing of interests. You can object to the data at any time by sending a message to the above-mentioned contact options or using the unsubscribe link in the advertising email, without incurring any costs other than the transmission costs according to the basic tariffs. If the newsletter is sent due to the sale of goods or services, this is done on the basis of Section 7 Paragraph 3 UWG.
6.6 Social media buttons
Social networks process your users’ personal data extensively. When you visit our profiles, your IP address and other information about the devices you use are processed, which enables the IP addresses to be assigned to individual users. We cannot influence this data processing. We would like to point out that you use our social network profiles and their functions at your own risk. Details on data processing can be found in the operator's data protection declaration.
6.7 External links
Our online offering contains links to other websites. We have no influence on whether their operators comply with data protection regulations.
7. Use of cookies
When you use our websites, cookies are stored on your device. These are small text files that are sent from a website to the user's browser and saved by it. Different information can be stored in cookies, which can be read by the entity that sets the cookie. They usually contain a characteristic character string (ID) that allows the browser to be uniquely identified when the website is accessed again or a page is changed.
If cookies are used, data processing is regularly based on your consent in accordance with Section 25 Paragraph 1 TTDSG in conjunction with Article 6 Paragraph 1 Letter a GDPR. If we consider the use of cookies to be absolutely necessary, this will be done on the basis of Section 25 Paragraph 2 No. 2 TTDSG. Further processing takes place in accordance with Art. 6 Para. 1 GDPR.
Unless absolutely necessary for operation, we offer you the opportunity to decide on the setting of cookies in the area of our offer as part of consent management (“cookie banner”) according to your specifications.
If you revoke your consent, you will be shown the selection page again the next time you access it. Revoking your consent has no influence on the admissibility of the data processing carried out up to the time of revocation.
8. External service providers
Our online offering is technically dependent on collaboration with external service providers. You can find an overview of these providers below.
8.1 WHOIS DIGITAL PTE. LTD. Privacy: https://shop.whois.com/support/legal.php
8.1.1. WEBFLOW Inc. Privacy: https://webflow.com/legal/privacy
8.1.1. SPLINE Inc. Privacy: https://splinetool.notion.site/Spline-Privacy-Policy-69eb8efed8fe44418afaafa3e2d8156d
9. Online offers on social media platforms
We offer online offerings on various social media platforms in
order to provide information there and to be able to get in touch
with you.
We have no influence on the processing of personal
data by the respective platform operator. As a rule, when you
visit our social media offerings, the platform operator stores
cookies in your browser in which your usage behavior and interests
are stored for market research and advertising purposes. The usage
profiles obtained in this way - usually across devices - are used
by the platform operators to show you personalized advertising.
Data processing may also affect people who are not registered as
users on the respective social media platform. Your data may be
processed outside the European Union, which may make it more
difficult to enforce your rights. However, when selecting such
social media platforms, we ensure that the operators undertake to
comply with EU data protection standards.
The processing of
your personal data when you visit one of our social media
offerings is based on our legitimate interests in a diverse
external representation of our company and the use of an effective
information option and communication with you. The legal basis for
this is the consent you have given to your platform operator in
accordance with Article 6 (1) (a) GDPR.
Detailed information
about data processing in connection with the use of our social
media offerings, objection options (opt-out) and the assertion of
information rights can be found in the data protection declaration
of the relevant platform operator.
9.1 Facebook
Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Ireland
Data processing is carried out on
a basis of an agreement on the joint processing of personal data
in accordance with Art. 26 GDPR.
Data protection declaration:
https://www.facebook.com/about/privacy/
Opt-Out:
https://www.facebook.com/settings?tab=ads
9.2 Google+/YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street,
Dublin 4, Ireland
Data protection declaration:
https://policies.google.com/privacy
Opt-Out:
https://adssettings.google.com/authenticated
9.3 Instagram
Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025,
USA
Data protection declaration:
http://instagram.com/about/legal/privacy
Opt-Out:
http://instagram.com/about/legal/privacy
9.4 Twitter
Provider: Twitter Inc., 1355 Market Street, Suite 900, San
Francisco, CA 94103, USA
Data protection declaration:
https://twitter.com/de/privacy
Opt-Out:
https://twitter.com/personalization
9.5 LinkedIn
Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin
2, Ireland
Data protection declaration:
https://www.linkedin.com/legal/privacy-policy
Opt-Out:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
9.6 Xing
Provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg,
Germany)
Data protection declaration:
https://privacy.xing.com/de/datenschutzerklaerung
Opt-Out:
https://privacy.xing.com/de/datenschutzerklaerung
9.7 Vimeo
Provider: Vimeo Inc., Legal Department, 555 West 18th Street New York, New York 10011, USA
Data protection declaration: https://vimeo.com/privacy
Opt-Out: We would like to point out that Vimeo can use Google Analytics and refer to the data protection declaration (https://policies.google.com/privacy) and the opt-out options for Google Analytics (http:// tools.google.com/dlpage/gaoptout?hl=de) or Google's settings for data use for marketing purposes (https://adssettings.google.com/).
10. Children
Our offer is generally aimed at adults. Persons under the age of 16 may not provide us with personal information without the consent of their parent or guardian.
