Effective from September 21, 2021
Unimarket Holdings Ltd and its related companies (hereafter referred to as “Unimarket”) are committed to protecting and respecting your privacy and complying with applicable privacy and data protection legislation.
“Personal information” is information about an identifiable individual (a natural person) and includes personal data, personally identifiable information and equivalent information under applicable privacy and data protection laws.
This policy does not limit or exclude any of your rights under applicable privacy and data protection laws.
- Who we are
- When we collect personal information
- Types of personal information we collect and process
- How we process personal information
- How we use personal information
- How long we keep personal information
- Your rights with respect to your personal information
- Do we share your personal information?
- International transfers of personal information
- Protecting your personal information
- GDPR Addendum
- Lawful basis for processing
- Your rights
- International transfers of personal data
Who we are
Unimarket makes procurement simple with an easy-to-use cloud-based solution (“Unimarket Solution”) that connects an extensive catalog-driven supplier marketplace with purchasing, invoice management, and card payment functions—all in one integrated platform.
Our global headquarters is located in Auckland, New Zealand. The registered address of our global headquarters is 9 Hargreaves Street, Auckland 1011. We also have a presence in the United States and Australia.
Our Privacy and Data Protection Officer can be contacted by email at email@example.com.
Users of the Unimarket Solution may also collect and/or provide us with data, including personal information, when using the Unimarket Solution (“Customer Data”). Our customers and their users determine what and how they collect, use, disclose and transfer personal information that is Customer Data. This means that our customers’ and their users’ collection and use of that personal information is governed by our customers’ privacy policies and practices, not ours.
For the purposes of the European Union General Data Protection Regulation (“GDPR”) and the equivalent laws of the United Kingdom (“UK GDPR”), our customers are the data controller when storing or otherwise processing that Customer Data and we are the data processor. For the purposes of the California Consumer Privacy Act, we are a service provider to our customers. For the purposes of the New Zealand Privacy Act 2020, we are our customers’ agent.
We only process personal information that forms part of Customer Data as authorized by our customers in our agreements with our customers (“Customer Agreements”) and, except as otherwise required by law, we do not use or disclose personal information that is Customer Data other than to provide the Unimarket Solution to our customers.
Unless required otherwise under applicable law, if we receive any request or enquiry relating to personal information that is Customer Data, we will forward this request to our relevant customer.
When we collect personal information
We collect your personal information when:
- You visit our website.
- You are using the Unimarket Solution or our other products or services.
- You interact with us in person, through correspondence, by phone, by social media, or through our website.
- Your personal information is shared with us by other legitimate sources, such as third-party data aggregators, recruitment agencies or websites, our resellers and our marketing and sales partners.
Types of personal information we collect and process
We collect and process personal information such as your name, phone number, email address, job role, and country. In addition, we collect and process your company’s name and contact information.
When you use the Unimarket Solution, we collect metadata relating to your use of the Unimarket Solution, including IP address, standard web log data, sign-on and other usage data, and other statistical data.
We may also collect other personal information about you through any responses you make to questions we ask you, and any feedback, comments and questions received from you in communication and activities such as meetings, phone calls, documents, and emails.
If you apply for or accept a job at Unimarket, we collect and process the information you provide during the application and acceptance process. This may include special categories of personal information, such as unique identifiers or sensitive personal information.
How we process personal information
We process personal information in both electronic and paper form.
How we use personal information
We may use your personal information for the following purposes:
- To verify your identity.
- To provide you with the Unimarket Solution and any other product or service that you have asked us to provide to you.
- To send you marketing communications that you have requested. These may include information about the Unimarket Solution and our other products and services, featured content (blogs, e-books, whitepapers, etc), events, activities, and promotions of our partners’ products and services. This communication is subscription based and you may update your subscription preferences at any time.
- To send you information about the Unimarket Solution and any other products and services you have purchased from us.
- To perform direct sales activities.
- To provide you with content and venue details on a webinar or event you signed up for.
- To reply to a ‘Contact me’, ‘Book a demo’, or other web form you have completed on our website (for example, to download a whitepaper).
- To follow up on incoming requests (customer support, emails, chats, or phone calls).
- To provide you with access and services related to trialing the Unimarket Solution or one of our other products or services.
- To provide access to our Customer Support teams.
- To perform contractual obligations and account management tasks such as purchase confirmation, license details, invoices, reminders, and similar. The contract may be with Unimarket directly or with a Unimarket partner.
- To improve the Unimarket Solution and any other products and services that we provide to you.
- To notify you about any disruptions to the Unimarket Solution or our other products and services (system messages).
- To contact you to conduct surveys about your opinion on the Unimarket Solution or our other products and services.
- To comply with relevant laws and regulations.
- To assess credit-worthiness, including to undertake credit checks of you (if necessary).
- To bill you and to collect money that you owe us, including authorizing and processing credit card transactions.
- To process a job application.
- To conduct research and statistical analysis (on an anonymized basis).
- To prevent potentially prohibited or illegal activities.
- To protect and/or enforce our legal rights and interests, including resolving disputes and defending any claim.
- For any other specific purpose which we notify you of at the time that your personal information is collected.
- For any other purpose authorized by you or relevant laws and regulations.
How long we keep personal information
We store personal information for as long as is necessary to fulfil the purpose for which the personal information was collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes.
This means that we may retain your personal information for a reasonable period of time after your last interaction with us. When the personal information that we have collected is no longer required, we will delete it in a secure manner.
Your rights with respect to your personal information
Subject to certain grounds for refusal under applicable law, you have the right to access your personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
Where you request a correction, if we think the correction is reasonable and we are reasonably able to change your personal information, we will make the correction. In all other cases, we will take reasonable steps to make a note of the personal information that was the subject of your correction request.
If you want to exercise either of the above rights, email us at firstname.lastname@example.org. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information to be corrected and the correction that you are requesting).
Subject to applicable law, we may charge you our reasonable costs of providing to you copies of your personal information or correcting that information.
In addition to the rights to access and correct your personal information, if you are based in the European Union (“EU”) or United Kingdom (“UK”), you have the additional rights set out in the GDPR Addendum at the end of this document.
We use functional, analytical and tracking cookies and similar technologies (e.g. web beacons, pixels, tags and device identifiers) to recognize you and/or your device(s) and collect information as you use our products and/or navigate the Unimarket website.
We use two types of cookies for two different purposes: (1) session cookies and (2) anonymous analytic cookies.
(1) Session cookies: This type of cookie is issued by our website and the Unimarket Solution to the user’s session each time they visit the website or login to the Unimarket Solution. These are required for the proper function of the website and the Unimarket Solution. They are used by the website and the Unimarket Solution to link the web browser with an active session on the website or the Unimarket Solution (as applicable).
(2) Anonymous analytics cookies: This type of cookie is not required by the website or the Unimarket Solution to function properly, so they can be disabled by the user through their web browser (but the user may experience some loss of functionality as a result). These are used to provide aggregated information about users.
The information we collect includes standard information such as:
- Browser type and browser language
- Operating system
- Referring page
- Path through site
- ISP domain
- Internet Protocol (“IP”) address
- Actions you take on our website or the Unimarket Solution (e.g. pages viewed and links clicked)
We use this information to:
- Provide certain features of our website, the Unimarket Solution and our other products and services.
- Make our website, the Unimarket Solution and our other products and services work more efficiently.
- Provide business and marketing information to Unimarket.
- Help us understand how people use our website, the Unimarket Solution and our other products and services.
- Detect and prevent security threats and abuse.
You can control cookies through your browser settings and other tools.
We use Google Analytics (for more information please see How Google uses information from sites or apps that use our services at https://policies.google.com/technologies/partner-sites).
Do we share your personal information?
We do not share, sell, rent, or trade your information with any third parties without your consent, except as described below:
- We may share your information with various third-party service providers for the purpose of enabling them to provide the Unimarket Solution and our other products and services to you on our behalf, or assisting us with our provision of the Unimarket Solution and our other products or services to you.
- We may share your information between the companies within our group.
- We may disclose your personal information if required by law or if we, as a company, reasonably believe that disclosure is necessary to protect our company’s rights and/or to comply with a judicial proceeding, court order or legal process.
- We may disclose your personal information to a credit reference agency for the purpose of credit checking you (if applicable).
- We may share anonymized statistical information with other third parties.
- We may disclose your personal information to any other person that we believe, on reasonable grounds, is authorized by you.
In the event that our business is sold or otherwise transferred to another party, we reserve the right, to the extent permitted by law, to transfer your personal (and non-personal) information to the relevant transferee
International transfers of personal information
Our third-party service providers and other companies within our group may be located outside of New Zealand (the country where our headquarters is located) and also outside of the country where you are located. This means that the personal information we collect may be transferred to, and stored in, a country outside of New Zealand and the country where you are located.
If you are based in the EU or UK, further information about our international transfers of personal information is set out in the GDPR Addendum at the end of this document.
Protecting your personal information
As required by applicable law, we will take steps to keep your personal information safe from loss, unauthorized activity, or other misuse. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks inherent in processing personal information.
You play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to the Unimarket Solution and our other products and services. You should not disclose your password to third parties. Please notify us immediately if there is any unauthorized use of your account or any other breach of security.
For the purposes of the GDPR and UK GDPR, our customers are the data controller when we are processing Customer Data. If we receive any data subject requests relating to Customer Data, such as requests to access personal data, we will forward these requests to the relevant customer.
The remainder of this GDPR Addendum does not apply to personal data that is Customer Data.
Lawful basis for processing
Our lawful basis for processing (as that term is defined in the GDPR and UK GDPR) personal data that we collect, use and disclose depends on the personal data collected and the context in which we collect it.
Generally, we collect personal data from you:
- Where we have your consent, or
- Where processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or
- Where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms).
Where we process personal data based on your consent, you may withdraw your consent at any time.
Despite the above, we may process your personal data where such processing is necessary for compliance with applicable laws.
If you have any question about the legal basis on which we process personal data or need further information, please contact us at email@example.com.
If you are located in the EU or the UK, your rights in relation to your personal data include:
- Right of access: If you ask us, we will confirm whether we are processing your personal data and provide you with a copy of that personal data.
- Right to rectification: If the personal data we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take reasonable steps to ensure inaccurate personal data is rectified. If we have shared your personal data with any third party, we will tell them about the rectification where possible.
- Right to erasure: When your personal data is no longer needed for the purposes for which you provided it, we will delete it. You may request that we delete your personal data and we will do so if deletion does not contravene any applicable law. If we have shared your personal data with any third party, we will take reasonable steps to inform those third parties that they must delete your personal data.
- Right to withdraw consent: If the basis of our processing of your personal data is consent, you can withdraw that consent at any time.
- Right to restrict processing: You may request that we restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with any third party, we will tell them about this request where possible.
- Right to object to processing: You may request that we stop processing your personal data at any time and we will do so to the extent required by the GDPR and/or UK GDPR (as applicable).
- Rights related to automated decision-making, including profiling: You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision-making is necessary for entering into, or the performance of, a contract with you, is authorized by applicable laws, or is based on your explicit consent. We do not carry out automated individual decision-making.
- Right to data portability: You may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.
- The right to complain to a supervisory authority: You can report any concern you have about our privacy practices to your local data protection authority.
Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at firstname.lastname@example.org. If you are not satisfied by the way we deal with your query, you may refer your query to your local data protection authority.
International transfers of personal data
If you are located in the EU or UK, your personal data may be transferred to New Zealand, Australia or the United States.
Under the GDPR, the transfer of personal data to a country outside of the European Economic Area (“EEA”) may take place where the European Commission has decided that the country ensures an adequate level of protection. Under the UK GDPR, the transfer of personal data to a country outside the UK may take place where the European Commission (as at 31 December 2020) or the UK government has decided that the country ensures an adequate level of protection.
Under both the GDPR and UK GDPR, in the absence of an adequacy decision, we may transfer personal data if other appropriate safeguards are in place.
New Zealand is recognized for the purposes of the GDPR and UK GDPR as a country that has an adequate level of data protection. Where we transfer personal data to New Zealand, we rely on this decision in transferring the personal data.
We only transfer personal data to Australia or the United States where approved transfer mechanisms are in place to protect your personal information (e.g. by entering into the European Commission’s Standard Contractual Clauses and, where necessary, implementing appropriate supplementary measures). For further information, please contact email@example.com.