We are the Unily Group which is a group of companies with our UK head office at First Floor, The Granary Abbey Mill Business Park, Lower Eashing, Godalming, Surrey, GU7 2QW. The relevant members of the Unily Group are listed in the section named “Unily Group” below .
When we use the terms “Unily Group”, or “we”, “us” or “our” throughout this Privacy Notice they refer to the relevant Unily Group entity, as applicable.
The Unily Group is made up of: (1) Unily Group Limited (company number 08804209) whose registered address is at First Floor, The Granary Abbey Mill Business Park, Lower Eashing, Godalming, Surrey, GU7 2QW; (2) Unily Limited whose registered address is at The Granary, Abbey Mill Business Park, Eashing, Surrey, GU7 2QW; (3) Unily Inc. whose registered office is at 31 Bond Street, New York, NY, 10012; and (4) Unily Australia Pty Ltd whose registered address is at PO BOX 7165, Toowoon Bay NSW 2261. This list may be updated if there are changes to the Unily Group.
This notice informs you about how Unily Group collects and processes your personal information when you visit our website, or when you engage with us as an existing or potential supplier or customer. It also applies when we use and share data related to our business contacts. It's important to read this notice carefully to understand how Unily Group may use your personal information and your rights regarding it.
This Privacy Notice does not apply when we process personal data as a service provider or processor on behalf of our customers. Our customers are the controllers of the personal data of their staff in this case, including when we offer the Unily platform to our customers as a service. You should contact the controller directly for privacy information in this instance.
If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead. We do not knowingly collect personal data relating to children.
The categories of personal data about you that we may collect, use, store, share and transfer are:
This includes personal data which relates to your identity, such as your first name, middle name, last name, username or similar identifier, job title and your contact details such as your billing address, delivery address, email address and telephone numbers;
This includes personal data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests;
Information technology data
Economic and financial data
This includes personal data which relates to your finances, such as your bank account and payment card details and information which we collect from you for the purposes of the prevention of fraud;
This includes personal data which relates to the transactions you have conducted with us, such as details about payments to and from you, details of subscriptions to our services or publications and other details of products and services you have purchased from us;
This includes personal data which is gathered using our CCTV, by any photographers appointed by us or through other recording systems in the form of images, video footage and sound recordings that is taken at any of our locations (including at any of our events) or virtually (e.g. during phone calls and online meetings) and; otherwise by us for promotional purposes (such as for the purposes of promoting our future events via our website);
This includes personal data which is gathered for health and safety purposes including any accident report or claim. We treat this data as sensitive information and will only collect it if you consent and the information is reasonably necessary for one or more of our functions or activities; and
Market research data
This includes personal data which is gathered for the purposes of market research.
We may also create personal data about you, for example, if you contact us by telephone to make a complaint, for example about our services, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
In addition, in rare circumstances we may obtain certain special categories of your data (“Special Categories of Data”), and this Privacy Notice specifically sets out how we may process these types of personal data. The Special Categories of Data are: (i) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and (ii) the processing of genetic data, biometric data for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We treat this data as sensitive information and will only collect it if you consent and the information is reasonably necessary for one or more of our functions or activities.
We obtain your personal data from the following sources:
Directly from you, either in person (at our locations, at our events or otherwise), via our website, apps or by telephone or via hand held PDAs. This could include personal data which you provide when you:
Automated technologies, such as CCTV or other recording systems, cookies, server logs and other similar technologies. We may automatically collect Information Technology Data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. We may also receive Information Technology Data about you if you visit other websites or apps employing our cookies.
Publicly available sources
Where we are relying on a basis other than consent we may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data:
Purposes for which we process your personal data
Categories of personal data
The basis on which we can do this (this is what the law allows)
To register you as a new customer and process your order.
The processing is necessary
In order to perform our contractual obligations to you. This would include:
The processing is necessary
In order to comply with our own legal obligations, e.g. health and safety legislation, or to assist in an investigation (e.g. from the police).
The processing is necessary
In order to use your personal data in life or death situations and there is no time to gain your consent (e.g. in the event of an accident or illness or injury or some other related emergency or to record any accident or injury or other incident you may suffer when visiting any of our locations or we have to give your personal details to medical personnel).
The processing is necessary
In order to manage our relationship with you including:
The processing is necessary:
In order to administer, protect, and maintain Unily's business and website, deal with any misuse of our services, and comply with our security policies, including but not limited to troubleshooting, security testing and investigating, detecting, and preventing suspicious activity, fraud, and cybercrime that may affect Unily or its services.
The processing is necessary:
In order to make suggestions and recommendations to you about our services or upcoming events that may be of interest to you, deliver relevant website and app content and advertisements to you and to measure or understand the effectiveness of our advertising.
For internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, products/services, marketing, customer relationships and experiences.
The processing is necessary for our legitimate interests in defining types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
To communicate with you and other existing or potential customers about, and administer participation in, special events, programs, promotions, any prize draws or competitions.
The processing is necessary for our legitimate interests to promote our business.
To set strictly necessary and optional cookies, web beacons, pixels, and other tracking technologies on our website and in our marketing emails, as set out in our Cookie Notice.
Information and Technology Data;
To sell, make ready for sale or dispose of our business, in whole or in part including to any potential buyer or their advisers, or in relation to any refinancing.
The processing is necessary for our legitimate interests in the sale or disposal of our business or assets and in the context of a business reorganisation or group restructuring exercise
The processing is necessary for our legitimate interests in protecting our business and property and recovering debts owed to us.
We would like to use your personal data for a variety of different purposes. For some of these purposes it is appropriate for us to obtain your prior consent. This may include where your personal data is sensitive information or where, with your permission, we record phone calls and online meetings that take place with our customers and business contacts for purposes including analytics, quality control, internal coaching, and record-keeping. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way. Where we rely on consent, you may at any time withdraw the specific consent you give to our processing your personal data by contacting us at any time using the contact details set out here or following the instructions provided in the applicable consent request form.
In Australia, for sensitive information, consent is not required where the information is required or authorised by or under an Australian law or a court/tribunal order; or collection is permissible as a where a permitted general or health situation exists (as those terms are defined in the Australian Privacy Act).
Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes.
We may disclose your personal data to:
If you provide personal data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Notice.
You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual's right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us by contacting your relevant internal point of contact or by using the details available here. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
As our business operates globally, your personal data will routinely be shared within the Unily Group outside of the UK and EEA, including in the USA and Australia. We have an intra-group data transfer agreement in place which regulates cross-border transfers of your personal data within the Unily Group.
We may also use international suppliers and service providers (the categories of which are available under 'Who receives your personal data'), whose personnel or systems may be located outside of the UK and EEA, resulting in the transfer of your personal data to third countries. In these cases, we will take steps to ensure that your personal data receives an adequate level of protection, such as entering into appropriate data transfer agreements incorporating standard contractual clauses or an alternative mechanism for the transfer of data as approved by the information Commissioner’s Office (“ICO”) and/or European Commission or other applicable regulators or legislators. For transfers of personal data between the UK and EEA, we rely on mutual adequacy decisions.
have a right to request a copy of any data transfer agreement under which your personal data is transferred, or to otherwise have access to the safeguards used by contacting us. Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity.
We may retain your personal data for a period of time consistent with the original purpose of collection (see "how we use your personal data") or as long as required to fulfil our legal obligations. We determine the appropriate retention period for personal data on the basis of the amount, nature, and sensitivity of the personal data being processed, the potential risk of harm from unauthorised use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your personal data will be deleted.
For more information on data retention periods, please contact us by using the "how to contact us" information below.
In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.
It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data is that we may not be able to perform to the level you expect under any contract with you. An example of this would be where we are unable to provide you with essential information around the service we offer you or confirmation of event registration as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so. Please see our terms and conditions for further details.
Subject to applicable data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (as set out in "Where we may rely on consent"), you may have a number of rights in connection with the processing of your personal data, including:
If you would like to exercise any of the rights set out above, please contact us using the details set out below in "How to contact us"
Each of the Unily Group controls personal data about our business contacts. This means that they are each responsible for ensuring that the personal data is used fairly and lawfully. The group companies often act jointly with one or more of the other group companies when making decisions about your personal data. In particular, they make joint decisions when sharing personal data with each other.
Our members of staff work across the Unily Group so, where our group companies make decisions jointly, those members of staff will ensure that each company involved complies with data protection rules. We have an intra-group data sharing agreement in place to cover this arrangement. We also have designated one point of contact should you have any questions or wish to exercise any of your rights in respect of your personal data, as set out below.
We have appointed a Data Protection Officer to oversee Unily’s data protection compliance. To exercise any of your rights regarding your personal data, or if you have questions regarding this Privacy Notice or our privacy practices, please contact our Data Protection Officer at firstname.lastname@example.org.
If you wish to opt out at any time from receiving marketing correspondence from us or to alter your marketing preferences you can do so by clicking on the “unsubscribe” link located on the bottom of Unily marketing emails, or by contacting email@example.com.
We have appointed EU Rep as our Representative under Article 27 of the EU General Data Protection Regulation (“EU GDPR”). All EU GDPR queries from EU Data Subjects or Data Protection authorities should be submitted to eurep.ie via their dedicated form. BizLegal Limited trading as EU Rep have their registered office at 27 Cork Road, Midleton Co. Cork, Ireland. Company number 635921
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority.
If you reside in the United Kingdom, the independent UK Supervisory Authority is the Information Commissioner’s Office. You may raise a complaint by visiting their website here.
If you reside in a country that is a member of the European Union or that is in the EEA, you may find the contact details for your appropriate data protection authority on the following website.
Unily Group has adopted this section to comply with the additional state-specific privacy disclosures required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively “CCPA”) and the Virginia Consumer Data Protection Act (“VCDPA”).
The CCPA applies solely to residents of the State of California and the VCDPA applies solely to the residents of the State of Virginia (collectively “Consumers”).
Certain exceptions and limitations may apply to a Consumer’s rights and Unily Group’s obligations under the CCPA and VCDPA.
Personal information collected
Unily Group has collected the following categories of personal information from Consumers within the last twelve (12) months:
Sources for the consumer personal information we collect
We collect the personal information described above from the following sources:
Use of consumer personal information
Depending on your interactions with Unily Group, we may use or disclose the CA Personal Information we collect about you for one or more of the following business purposes:
We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without notifying you.
Disclosing personal information
Unily Group may have disclosed personal information for a business purpose to the following categories of third parties:
No sale of personal information
Unily Group do not sell or share any personal information of consumers, as those terms are defined under the CPRA.
CPRA Sensitive Personal Information Disclosure
The categories of data that we collect and disclose for a business purpose may include “sensitive personal information” as defined under the CPRA. We do not use or disclose sensitive personal information for any purpose not expressly permitted by the CPRA.
CPRA Retention Disclosure
We keep your personal information to enable your continued use of Unily’s services, for as long as it is required in order to fulfil the relevant purposes described in this Unily Privacy Notice, as permitted or as may be required by law, or as otherwise communicated to you.
CPRA Non-Discrimination Statement
We will not discriminate against any consumer for exercising their rights under the CPRA.
VCDPA De-identified Data Disclosure
Unily Group may use de-identified data in some instances. Unily Group either maintains such data without attempting to re-identify it or treats such data as personal data subject to applicable law.
Your rights and choices
The CCPA and VCDPA provides consumers with certain rights regarding their personal information. The following paragraphs describe your CCPA and VCDPA rights and explain how to exercise those rights.
Submit a consumer privacy request
To exercise any of the above rights, you or your authorized agent may submit a privacy request to Unily Group by email at firstname.lastname@example.org. Prior to responding to your request, we will need to verify your identity and the identity of your authorized agent, if applicable. If we are unable to verify your identity through reasonable means and with the information you provide, we may ask follow-up questions.
Other California privacy rights
California Civil Code sections 1798.83-1798.84 (the Shine the Light Act) entitles California residents to request disclosure regarding personal information sharing with affiliates and/or third parties for marketing purposes. If you are a California resident and you would like to request a copy of this notice, please contact us at email@example.com with the subject line “Request for California Privacy Information.”
This Privacy Notice may be updated from time to time so please check it regularly. This version of our Privacy Notice was published in October 2023 and is the most recent version.