Our primary objective is to process the personal data of users only to the extent necessary for maintaining a functional website and providing our contents and services. User consent typically forms the basis for processing personal data, with exceptions arising from cases where legal regulations permit or mandate data processing.

DEFINITIONS

For the purposes of this Privacy Policy:

1. “Account” means a unique account created for You to access our Service or parts of our Service.
2. “Company” (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to YUNI. For the purpose of the GDPR, the Company is the Data Controller.
3. “Country” refers to India.
4. “Data Controller”, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
5. “Device” means any device that can access the Service such as a computer, a cell phone or a digital tablet.
6. “Personal Data” is any information that relates to an identified or identifiable individual. For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
7. “Service” refers to the Website.
8. “Service Provider” means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
9. “Usage Data” refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
10. “You” means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

COLLECTING AND USING YOUR PERSONAL DATA

Types of Data Collected

1. Personal Data: While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to: Email address, First name and last name, Phone number, Address, State, Province, ZIP/Postal code, City, Usage Data.
2. Usage Data: Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
3. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

LEGAL BASIS FOR PERSONAL DATA PROCESSING:

When obtaining the data subject’s consent for processing personal data, the legal basis is provided by Article 6 (1) sentence 1 lit. a of the EU General Data Protection Regulation (GDPR). Processing personal data essential for contractual obligations falls under the legal basis of Art. 6 (1) p. 1 lit. b GDPR. This also extends to processing operations necessary for pre-contractual measures initiated at the data subject’s request. Compliance with a legal obligation defines the legal basis under Article 6 (1) sentence 1 lit. c of the GDPR, while vital interests of the data subject or another individual invoke Art. 6 (1) sentence 1 lit. d GDPR. In cases where processing is essential to protect a legitimate interest of our company or a third party, and the interests of the data subject do not outweigh this, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis.

DATA DELETION AND STORAGE PERIOD:

Personal data of the data subject will be promptly deleted or blocked when the storage purpose is fulfilled. Storage may continue based on EU regulations, national laws, or other provisions that our company, as the data controller, is subject to (e.g., 10 years in accordance with § 256 HGB or equivalent). Data will be blocked or deleted upon the expiration of storage periods outlined by the aforementioned standards unless continued storage is necessary for contract conclusion or fulfillment.

DEFINITION OF “PERSONAL DATA” UNDER THE GDPR

Personal data refers to mean data that relates to an identified or identifiable natural person (aka “data subject”). An identifiable data subject is someone who can be identified, directly or indirectly, such as by reference to an identifier like a name, email id, phone number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Importantly, this is a very broad definition and can encompass data like IP addresses of a user’s personal device, their device ID, or their phone number. It does not matter that the identifier could change (e.g., that the user could change their phone number or device ID).

RIGHTS OF DATA SUBJECTS

Right of Information: If your personal data is being processed, you, as a data subject under the GDPR, have the right to request confirmation from the controller. In the event of processing, you are entitled to obtain specific information, including the purposes, categories of data, recipients, planned storage duration, and details regarding your rights such as rectification, erasure, and objection. Furthermore, you can inquire about the existence of automated decision-making, including profiling.

Right of Rectification: You hold the right to request rectification or completion of your personal data if inaccuracies or incompleteness are identified. The controller is obligated to promptly rectify such data.

Right to Restrict Processing: Under certain conditions, you can request the restriction of processing of your personal data. This includes instances where data accuracy is contested, processing is deemed unlawful, or the controller no longer needs the data but you require it for legal claims.

Right of Deletion: You may request the deletion of your personal data, and the controller is obliged to comply without undue delay. Grounds for deletion include data no longer being necessary, withdrawal of consent, or unlawful processing. In cases where the controller has made personal data public and is obligated to erase it, reasonable steps will be taken to inform other controllers processing this data.

Right to be Informed: If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obligated to inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the data controller.

Right of Data Portability: You have the right to receive your personal data, provided to the controller, in a structured, commonly used, and machine-readable format. This data can be transmitted to another controller without hindrance from the initial controller, under certain conditions. This right does not apply to data processing necessary for public interest tasks.

Right of Objection: At any time, based on reasons arising from your particular situation, you have the right to object to the processing of personal data concerning you. This applies to processing carried out on the basis of legitimate interests or for direct marketing purposes.

Right to Revoke Consent: You retain the right to revoke your declaration of consent under data protection law at any time. The revocation does not affect the lawfulness of the processing carried out based on the consent until the revocation.

Automated Decisions and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, unless it is necessary for the performance of a contract, authorized by law, or done with your explicit consent. Safeguards are in place to protect your rights and freedoms.

Right to Lodge a Complaint: In addition to other remedies, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data relating to you infringes the GDPR. The supervisory authority will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy.

DETAILS ON DATA PROCESSING

Type of Data Collected: Website Provision and Log File Creation

Description and Scope of Data Processing: Upon accessing our website, our system automatically gathers data and information from the computer system of the accessing user. The collected data includes information about the browser type and version, user operating system, internet service provider, IP address, date and time of access, as well as the websites through which the user’s system reached ours and the subsequent sites accessed. This data is stored in our system’s log files, independent of other personal user data.

Purpose of Data Processing::Temporary storage of the IP address is essential for delivering the website to the user’s computer, requiring the IP address to be stored for the duration of the session. Log file storage aims to ensure website functionality, with no data evaluation for marketing purposes occurring within this context. These purposes constitute our legitimate interest in data processing as per Art. 6 (1) of GDPR.

Duration of Storage: Data is deleted once its retention is no longer necessary for the intended purpose. Personal data from contact form inputs and email correspondence is deleted upon conclusion of the respective conversation, indicating a conclusive resolution of the matter. Additional personal data collected during the sending process is deleted no later than 45 days afterward.

Objection and Removal Possibility: Users can revoke their consent to personal data processing at any time. When contacting us via email, users can object to their personal data’s storage, resulting in the discontinuation of the conversation. The data is exclusively used for conversation processing and is deleted afterward.

Type of Data Collected: Enquiry via Email and Enquiry Form

Scope of Personal Data Processing: Our website offers an Enquiry form for electronic submissions. If an applicant chooses this method, the provided data, including title, first name, surname, telephone/mobile number, email address, Corporate details like Company Name, Address etc. Alternatively, Enquiry sent via email entail the collection of the sender’s email address and the data within the email. Upon Enquiry submission, an email confirming receipt is sent, and the data is used exclusively for Enquiry processing. No third-party disclosure occurs.

Purpose of Data Processing: Processing data from the Enquiry form is solely for application processing purposes. In the case of email contact, this aligns with the necessary legitimate interest in data processing. Other personal data processed during submission aims to prevent application form misuse and safeguard our information technology systems.

Duration of Storage: Upon completing the Enquiry process, data is stored for a maximum of six months, ensuring deletion afterward. If a legal obligation exists, data storage aligns with applicable provisions.