Unamo | Privacy Policy

PRIVACY POLICY

The following terms and conditions govern all use of the Positionly Inc. offering Unamo website and all content, services and products available at or through the website. The Website is owned and operated by Positionly Inc. (Positionly). The Website is offered subject to Your acceptance without modification of all of the terms and conditions contained herein and all other operating rules, policies (including, without limitation, Positionly's Privacy Policy) and procedures that may be published from time to time on this Site by Positionly (collectively, the Agreement).

Please read this Agreement carefully before accessing or using the Website. By accessing or using any part of the web site, You agree to become bound by the terms and conditions of this agreement. If You do not agree to all the terms and conditions of this agreement, then You may not access the Website or use any services. If these terms and conditions are considered an offer by Positionly, acceptance is expressly limited to these terms. The Website is available only to individuals who are at least 13 years old.

Your Unamo Account and Site. If You create an account on the Website, You are responsible for maintaining the security of Your account and its content, and You are fully responsible for all activities that occur under the account and any other actions taken in connection with the Website. You must not describe or assign content to Your account in a misleading or unlawful manner, including in a manner intended to trade on the name or reputation of others, and Positionly may change or remove any description or keyword that it considers inappropriate or unlawful, or otherwise likely to cause Positionly liability. You must immediately notify Positionly of any unauthorized uses of Your account or any other breaches of security. Positionly will not be liable for any acts or omissions by You, including any damages of any kind incurred as a result of such acts or omissions.

We may occasionally communicate with you regarding our products, services, news and events. You have the option to not receive this information. We provide an opt-out function within all email communications of this nature, or will cease to communicate with you for this purpose if you contact us and tell us not to communicate this information to you. The only kind of these communications that you may not 'opt-out' of are those required to communicate announcements related to the Services, including information specific to your account, planned Services suspensions and outages. We will attempt to minimize this type of communication to you.

PRIVACY AND PERSONAL DATA PROTECTION POLICY

The Policy relates strictly to the necessity to meet the new requirements for data processing as set out in the EU regulations governing personal data protection, namely the General Data Protection Regulation 2016/679 - GDPR (hereinafter: Regulation).
Positionly Inc. a Delaware Corporation, 555 California Street, Suite 4925, San Francisco, CA 94104, which provides the services of Unamo, is the controller of your personal data processed for the purposes identified below, unless another entity is indicated in a written agreement or in terms and conditions of the service (in which case the personal data protection rules apply accordingly).
If solutions of search for information in publicly available network resources are offered, which do not entail permanent archiving in case of downloading or recording of data by the CLIENT if this may involve personal data processing, the CLIENT becomes the controller of such data and shall be obliged to comply with the legal obligation to inform and to secure such data in an appropriate manner, and if any personal data are processed by the CLIENT using the tools offered by Positionly Inc., it shall be the processor and shall process the data according to the rules defined in the processing agreement or, if such an agreement is not concluded with respect to the service, according to the processing rules provided in the attachment to this Policy.
The data controller has appointed a Data Protection Coordinator (hereinafter: "Coordinator"). You may contact the Coordinator in all matters related to your personal data processing, and whenever in doubt as to your rights. The Coordinator is obliged to keep secret and confidential the tasks it performs, pursuant to the laws of the EU or national legislation.

Data Protection Coordinator's e-mail: privacy@unamo.com
The data controller assures that it shall process your personal data for specified, explicit and legitimate purposes and shall not process it in a way which is non-compliant with those purposes. The purpose of data processing is the reason for which we process your personal data. If the data controller wants to process your personal data for any purposes other than indicated below, you shall be informed separately about such a new purpose. The below table presents the purposes for data processing.

Purpose	Explanation	Legal basis	Duration of processing (when your data will be erased)
Creating a website account	In this case your data will be processed to the extent necessary for you to create your account with www.unamo.com or another website managed by UNAMO and use the account in order to, without limitation, verify the accuracy of data and review the transactions made. The account creation is automated. Accounts may be created by each user, without preliminary verification.	Article 6(1b) of the GDPR and Article 22(2a) of the GDPR	For the duration of the account service, provided that where no account is eventually created, or the account is removed, the data shall be archived and shall not be used for any purpose other than exercise, defense or establishment of mutual claims.
Conclusion of a service agreement	Regardless of whether you created an account with www.Unamo.com or are an non-registered user, you may order UNAMO services. The personal data collected during the order placement procedure shall be processed so as to complete the service. The agreement may also be concluded by contacting a seller using the phone number provided.	Article 6 (1b) of the GDPR and Article 22 (2a) of the GDPR	For the duration of the service and until mutual claims are barred by limitation, provided that if no agreement is made and no services are provided according to the Agreement or agreed conditions or after the service provision is completed, the data shall be archived and shall not be used for any purpose other than exercise, defense or establishment of mutual claims.
Performance of the agreement	Regardless of whether you created an account or are an non-registered user, you may order a service, the personal data collected during the order placement procedure shall be processed so as to perform the agreement.	Article 6 (1b) of the GDPR and Article 22 (2a) of the GDPR	For the duration of the service and until mutual claims are barred by limitation, provided that if no agreement is made and no services are provided, the data shall be archived and shall not be used for any purpose other than exercise, defense or establishment of mutual claims.
For the purpose of marketing UNAMO services.	If the marketing is made by mailing, you will be requested to provide separate consent. This purpose may also be accomplished by displaying a personalised advertisement based on profiling. According to the GDPR, profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;	Article 6(1f) of the GDPR	Until an objection is lodged, and after the objection, exclusively for the purpose of defense against claims (throughout the period of limitation of claims for infringement of personal rights).
To perform the obligations imposed by the public law (such as tax obligations) in connection with conclusion of an agreement or provision of a service.	This consists of performance of the obligations imposed on the Data Controller by the law.	Article 6(1c) of the GDPR	Until the obligations imposed by the public law (such as tax obligations) are barred by limitation.
To ensure website security.	This consists of prevention of unauthorised access to electronic communication networks and dissemination of malicious codes, discontinuing 'denial of service' attacks, and counteracting damage to computer systems and electronic communication systems.	Article 6(1f) of the GDPR	Until an effective objection is lodged (see below), or until mutual claims are barred by limitation, e.g. claims related to breach of website security rules -> whichever is earlier.
For statistical analysis, including financial analysis, with the results thereof being used to improve the quality of the services provided by the Data Controller.	The analysis is made manually. The purpose of the analysis is to identify transactions which infringe the agreement (with no intention to pay) in order for the Data Controller to assert its rights.	Article 6(1f) of the GDPR	Until an effective objection is lodged or until mutual claims are barred by limitation, e.g. claims related to breach of website security rules -> whichever is earlier.
For the purpose of sending the newsletter.	In this case you shall be asked for additional consent and for your email address.	Article 6(1a) of the GDPR	Until the consent is withdrawn, and after the withdrawal exclusively for the purpose of defense against claims (throughout the period of limitation of claims for infringement of personal rights).
In order to display web push notifications.	In this case you shall be asked for additional consent. Web push consist of a question appearing in the browser address asking whether the user agrees to receive web push notifications. The user may accept or block the notifications. The contents of a notification is created by the browser with no possibility to interfere	Article 6(1a) of the GDPR	Until the consent is withdrawn, and after the withdrawal exclusively for the purpose of defense against claims (throughout the period of limitation of claims for infringement of personal rights).
To identify geolocation for the purpose of presenting personalized advertising.	In this case you shall be asked for additional consent.	Article 6(1a) of the GDPR	Until the consent is withdrawn, and after the withdrawal exclusively for the purpose of defense against claims (throughout the period of limitation of claims for infringement of personal rights).
To perform the obligations related to exercise of the rights specified in the GDPR.	In this case, the data shall be processed solely to the extent required to identify and verify the requester's identity.	Article 6(1c) of the GDPR	For the purpose of defense against claims throughout the period of limitation of claims for infringement of personal rights.
For exercise, establishment and defense of claims related to: - performance of a service - compliance with the obligations resulting from the GDPR (to prove compliance with the regulation)	In this case, the data shall be processed solely to the extent required for the establishment, exercise or defence of claims.	Article 6(1f) of the GDPR	Throughout the limitation period, both for the claims against the Data Controller and claims to be exercised by the Data Controller.

If your personal data is processed with your consent, you may withdraw the consent at any time. The consent can be withdrawn at the Data Controller's registered office or through an email: Data Protection Coordinator: privacy@Unamo.com. The Controller shall, to the extent this is technically viable, facilitate withdrawal of the consent with respect to email marketing, by providing an unsubscribe link in each marketing email.
Withdrawal of the consent shall not affect the lawfulness of processing based on consent before its withdrawal. If the consent is withdrawn, the Controller shall determine whether there still are grounds for data processing. In this case, continued processing will be possible for the purpose of defense against claims (e.g. by demonstrating that the right to withdraw the consent was effected) and only to the extent necessary for this purpose.
Remember that each time the personal data are processed under Article 6(1f) of the GDPR (see above), i.e. on grounds of the legitimate interests of the Data Controller, you are, nevertheless, entitled to object to the processing of your personal data relating to your particular situation. After the objection is made, the Data Controller shall no longer process the personal data, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Please note that when the personal data are processed based on Article 6(1f) of the GDPR (see above) for the purpose of marketing the UNAMO services, the objection needs not be made on grounds relating to particular situation of the data subject, and after the objection is lodged, the Data Controller shall no longer process the personal data under Article 6(1f) of the GDPR for the purpose of marketing the UNAMO services to the extent such data were processed for this purpose.

The objection can be lodged as follows: at the Data Controller's registered office or through email: Data Protection Coordinator: privacy@Unamo.com

In addition to the right to withdraw the consent and to object, you are also entitled to access the data, which includes the right to obtain a copy, the right to data portability, the right to rectification and erasure, to limitation of processing, and the right not to be subject to a decision based on automated processing only, including profiling, which produces legal effects or similarly significantly affects you.

The rights can be exercised as follows: at the Data Controller's registered office or using the relevant form available online at www.unamo.com (Contact Section).

You may also remove your account at any time after logging or by submitting a request at the Data Controller's registered office or using the relevant form available at www.Unamo.com (Contact Section).

You have a right to lodge a complaint with the Supervisory Authority (Inspector General for Personal Data Proteciton - GIODO, or its legal successor - PUODO).

We will obtain the personal data directly from you (through the account, during the transaction process, etc.). The data can be obtained from other sources solely for the purpose of performance of the service. This involves information from entities which provide the services ordered by you, and where the information needs to be disclosed to third parties - the scope of the data will include only the information necessary to confirm that payment for an order has been made.
Personal data is always provided on a voluntary basis, but its provision is necessary to accomplish the above purposes.
Personal data processed for the purpose of performance of a service is disclosed to entities which provide the service to the user as selected by the user (which also includes their subcontractors). Regardless of the purpose for which the personal data are processed, access to your data will be provided only to authorised employees and subcontractors of the Data Controller, with whom the Data Controller concluded the relevant data processing agreements (for details - contact your Data Protection Controller).

RULES FOR PROCESSING BY POSITIONLY INC. OF THE PERSONAL DATA PROVIDED IN CONNECTION WITH THE USE OF THE TOOLS OFFERED BY POSITIONLY

As 25 May 2018 marks the effective date of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal EU L 119 of 5.4.2016) (hereinafter GDPR), the parties hereby establish the rules for processing of the personal data provided by the Client, with respect to which no separate processing agreement was concluded.

1. The Parties agree that the CLIENT, acting as the personal data controller, entrusts to POSITIONLY INC., in pursuance of Article 28 of the GDP, the processing of personal data, subject to the rules, for the purpose and to the extent required for due performance of the agreements binding the Parties or the services ordered, wherever entrusting of the personal data proves necessary.

2. POSITIONLY INC. may process the personal data in electronic and paper format. The processing may take the form of collection, recording, storage, transmission, erasure.

3. In addition to measures intended to achieve the purpose provided for in the agreement, POSITIONLY INC. is obliged to keep secret the personal data, any materials, documents obtained in connection with the services provided, and ways to secure them also after its termination.

4. The obligation regarding the confidentiality of the information, shall not apply to a situation where the obligation to disclose the information to third parties results from legal regulations and the parties demand disclosure thereof from POSITIONLY INC. POSITIONLY INC. shall promptly notify the Client about the aforesaid demand, unless such notification is prohibited by current laws or by decision of the authority requesting access to the Information. Such notification should be made, whenever possible, before the Information is provided or disclosed to a party authorised to demand its disclosure.

5. The Parties agree to treat as confidential and to keep secret all the information obtained in connection with performance of the agreement, relating to both: personal data protection and business secret. The confidentiality obligation shall apply to all employees and consultants of the Parties who have access to the confidential information both during the performance of the agreement and after its termination.

6. The Parties shall not disclose the confidential information to any person, except for those employees and consultants to whom such information proves necessary, and except for entities which will be authorised by law.

7. POSITIONLY INC. agrees to process the personal data entrusted to it in compliance with this agreement, the GDPR, and other provisions of generally applicable laws which protect the rights of data subjects.

8. POSITIONLY INC. declares that it applies the security measures which meet the requirements of the GDPR. POSITIONLY INC. takes into account the state of technical knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risk to the rights and freedoms of natural persons, of varying likelihood and severity, and implements the adequate technical and organisational measures corresponding to that risk, including, without limitation, as the case may be:

a) personal data encryption;

b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring

e) the security of the processing.

9. POSITIONLY INC. shall process in particular the data of employees, partners, users, CLIENT's customers, entrusted to it under an agreement or as part of a service; the data will consist of first names, surnames, contact details (address, telephone number, email address), information included in users' advertisements, information specified in news and necessary to complete a service ordered by the Client. POSITIONLY INC. informs that the Client should inform its users about the identity of the data controller and of their rights - a template communication to be used by the Client will be provided by POSITIONLY INC. and it may be freely modified by the Client solely for the purpose of performance of the agreement or services provided to the Client by POSITIONLY INC.

10. The entrusted data do not include personal data which are necessary to be processed by POSITIONLY INC. in order to perform an agreement, establish mutual claims and comply with legal obligations.

11. POSITIONLY INC. undertakes to ensure confidentiality (referred to in Article 28(3b) of the Regulation) of the personal data processed by the persons authorised by it to process personal data for the purpose of completion of the agreement, both in the course of their employment and thereafter.

12. POSITIONLY INC. undertakes to authorise all employees, partners and persons engaged in data processing for the purpose of performance of this agreement.

13. After the data processing services have been completed, POSITIONLY INC. shall erase all personal data and remove the existing copies thereof, unless the laws of the EU or the laws of a Member State permit the storage of the personal data or the processing thereof is necessary to perform this agreement or to secure claims.

14. Whenever possible, POSITIONLY INC. shall assist the CLIENT to the required extent in complying with the obligation to respond to requests from data subjects and the obligations set out in Articles 32-36 of the Regulation with respect to the data it processes. The scope of exercise of the data subjects' rights shall account for the limitations in exercising the data subjects' rights resulting from the GDPR-implementing regulations applicable to POSITIONLY INC.

15. After a personal data breach is identified, POSITIONLY INC. shall, without undue delay, notify the Client thereof within 24 hours.

16. Pursuant to Article 28(3h) of the GDPR, the CLIENT has a right to audit in order to verify that the measures applied by POSITIONLY INC. in processing and safeguarding the personal data entrusted to it fulfil the provisions of this agreement. The CLIENT may exercise the right to audit during POSITIONLY INC.'s working time, subject to a minimum 7-day advance notice. POSITIONLY INC. undertakes to remove any non-compliance identified during the audit within the provided time limit which shall not be shorter than 7 days. The audit must not infringe the rules of protection of POSITIONLY INC's business secret.

17. POSITIONLY INC. shall provide access for the CLIENT to all information necessary to fulfil the obligations under Article 28 of the Regulation. POSITIONLY INC. shall promptly inform the controller if POSITIONLY INC. believes that an instruction given to it infringes this regulation or other EU laws or EU State's national legislation governing the data protection.

18. POSITIONLY INC. may (sub)contract the personal data under this agreement for further processing to subcontractors for the purpose of performance of this Agreement in connection with the services of: purchase of a license for professional software, personnel, accounting or IT outsourcing – POSITIONLY INC. shall provide access to the list of sub-processors at each request from the CLIENT.

19. Transfer of the personal data to a third country may be made at the CLIENT's request, unless such an obligation is imposed upon POSITIONLY INC. by the EU laws or the laws of a Member State, applicable to UNAMO, or results from an order placed.

20. POSITIONLY INC. shall be liable for making accessible or using the personal data in breach of this agreement, in particular for making the personal data entrusted for processing accessible to unauthorized parties.

21. POSITIONLY INC. undertakes to promptly inform the CLIENT about any proceedings, in particular administrative or court proceedings, pertaining to the processing by POSITIONLY INC. of the personal data defined in the agreement, about any data processing-related administrative decision or ruling addressed to POSITIONLY INC. and about any audits and inspections planned, if known, or performed with respect to the processing of the personal data.

22. The provisions concerning the personal data processing are in force throughout the effective term of the Main Agreement and throughout the period of completion of orders placed. These provisions shall be applicable to active Users starting on 25 May 2018.