Privacy Policy and Notice

This Privacy Policy is effective as of 1 January 2022.

This Privacy Policy explains how Unibio A/S and its affiliated companies (“Unibio”, “we”, “our”) process personal data about you on our websites or other sites that display this Privacy Policy. This Privacy Statement will also apply to information gathered from you visiting our facilities.

 Specific provisions

In specific situations other provisions apply or supplement this Privacy Policy:

• when using our websites, the Policy on Cookies supplements the Privacy Policy;

Protecting your personal data

With offices and operations throughout the world, personal data will be transferred or be accessible internationally throughout Unibio’s global business. Any such transfers throughout Unibio’s global business takes place in accordance with the applicable data privacy laws.

Types of personal data that we process, purpose and the legal basis

Potential investors

If you are a potential investor in Unibio, we process personal data about you in order to send requested investment information regarding Unibio or Uniprotein® cf. Article 6 (1) (b) of the GDPR prior to entering into a contract, where we process:

1. Business contact information (e.g. name, address, e-mail and phone number)
2. Company details
3. Position
4. Interest in specific investments
5. Banking Information
6. Information on purchases

Should you decide not to provide the required information, you may not be allowed access to the relevant information. For instance, we need your contact information in order to be able to respond to an inquiry from you.

Collaboration partner or potential collaboration partner

If you are a collaboration partner or a potential collaboration partner, we generally process your personal data in order to perform our duties under the contract or prior to entering into a contract, cf. Article 6 (1) (b) of the GDPR, where we process:

1. Business contact information (e.g. name, address, email and phone number)
2. Company details
3. CV
4. Position
5. Interest in specific investments
6. Banking Information
7. Information on scope of collaboration

Persons subject to KYC

If our interaction with you are subject to KYC obligations we process the legally required information under applicable legislation, cf. Article 6 (1) (c) of the GDPR, where we process:

1. Payment information
2. Tax information
3. Passport or drivers license (or other government approved identification)

Unsolicited applicants and applicants for open positions
If you are an unsolicited applicant or an applicant for an open position, we process the personal data, which you have provided in your application, cf. Article 6 (1) (f) of the GDPR, including:

1. Contact information
2. Professional CV
3. Educational background
4. Work background
5. Personal interest
6. Information you provide to us during any interviews
7. Information about you, which is publicly available e.g. through LinkedIn or other social media platforms in some cases. We will only reach out to your references with your consent.

Unibio customers (excluding consumers)

If you are a customer to Unibio, we process information about you in order to fulfil the agreement between the parties, e.g. the administration of the agreement, payment, delivery of goods and services etc., cf. Article 6 (1) (b) of the GDPR, where we process:

1. Business contact information (e.g. name, address, email and phone number)
2. Job title
3. Information on purchases

Unibio is also legally required to document and process the personal data in financial transactions when fulfilling our agreement, e.g. when paying or receiving payment for delivery of goods and services etc., cf. Article 6 (1) (c) of the GDPR.

Supplier to Unibio

If you are a supplier to Unibio, we process information about you in order to fulfil the agreement between the parties, e.g. the administration of the agreement, payment, delivery of goods and services etc., cf. Article 6 (1) (b) of the GDPR, where we process:

1. Business contact information (e.g. name, address, email and phone number)
2. Job title
3. Banking Information
4. Information on purchases

Unibio is also legally required to document and process the personal data in financial transactions when fulfilling our agreement, e.g. when paying or receiving payment for delivery of goods and services etc., cf. Article 6 (1) (c) of the GDPR.

Consultants to Unibio

If you are a consultant to Unibio, we process information about you in order to fulfil the agreement between the parties, e.g. the administration of the agreement, payment and services etc., cf. Article 6 (1) (b) of the GDPR, where we process:

1. Business contact information (e.g. name, address, email and phone number)
2. Professional CV and job title
3. Date of birth and other personal data as relevant
4. Banking Information
5. Information relating to the consultancy tasks

Unibio is also legally required to document and process the personal data in financial transactions when fulfilling our agreement, e.g. when paying for delivery of consultancy services etc., cf. Article 6 (1) (c) of the GDPR.

Guests at our facilities

If you visit our facilities, we process information about you in order to identify you and to inform you about applicable visitor rules, where our legitimate interest in correctly identifying you and providing you with visitor instructions overrides your interest in the information not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

1. Contact information (e.g. name, address, email and phone number)
2. Other visitor information

Business administration

If you contact us, we process information about you in order to document quality and compliance (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations) where our legitimate interest in improving our legal position overrides your interest in the information not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

1. Contact information (e.g. name, address, email and phone number)
2. Other applicable information

Understanding our customers, consumers and suppliers

We also make analyses in order to optimize our products, marketing, website, sales and to know more about our customers’ preferences in relation to Unibio’s products and maintaining a CRM database. We do this by making analyses of our databases with information about e.g. website use, customer preferences, purchase history, sales and by sending questionnaires where our legitimate interest in processing the personal data overrides your interest in the data not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

1. Information from our customer databases
2. Cookies as laid out in our Cookie Policy
3. User behaviour and logs from our websites and databases
4. The answers you provide regarding suggestions and preferences in the questionnaire

When you are marketed to

If you sign up for direct marketing, e.g. emails, text and social messaging, you consent to us sending you our newsletters, cf. Article 6 (1) (a) of the GDPR, where we process:

1. Contact information (e.g. name, address, email and phone number)
2. Content and your choices in relation to newsletters – contact forms and content, etc.

The marketing in newsletters and on our websites, including social media, is adapted to your personal preferences based on our knowledge of you through profiling, cf. Article 6 (1) (f) of the GDPR, where we process:

1. Content of newsletters signed up to
2. Stated areas of interest
3. Cookies as laid out in our Cookie Policy
4. Information from your social media profiles
5. Information from our customer databases

Our legitimate interest in doing an automatic evaluation of your personal data in order to personalize the marketing presented to you overrides your interests and fundamental rights. We do not use automated decisions that have a legal effect or similarly significantly affect you.

Understanding our customers, partners, investors and suppliers

We also make analyses in order to optimize our products, marketing, website, sales and to know more about preferences in relation to our products and maintaining a CRM database. We do this by making analyses of our databases with information about e.g. website use, user preferences, purchase history, sales and by sending questionnaires where our legitimate interest in processing the personal data overrides your interest in the data not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

1. Information from our customer databases
2. Cookies as laid out in our Cookie Policy
3. User behaviour and logs from our websites and databases
4. The answers you provide regarding suggestions and preferences in the questionnaire

Compliance and security operations for all data subjects

We monitor user behaviour and have implemented security solutions on our website as well as in our solutions and on our premises, where our legitimate interest in anti-corruption, anti-fraud, anti-bribery, technical and physical security overrides your interest in the information not being processed, cf. Article 6 (1) (f) of the GDPR, where we process:

1. Contact information (e.g. name, address, email and phone number)
2. Cookies as laid out in our Cookie Policy
3. User behaviour and logs
4. Images captured by video surveillance in marked areas at Unibio premises

Transfer and protection of your personal data

As a global organization with offices and operations throughout the world, we will transfer personal data collected by us on an aggregated or individual level to various divisions, subsidiaries, joint ventures and affiliated companies of Unibio around the world located inside or outside the European Economic Area for the purposes stated above and in accordance with applicable laws, as well as to sub-contractors to Unibio (data processors) for storage and service purposes. Your personal data will not be disclosed to anyone outside Unibio unless permitted or required under applicable legislation and where necessary subject to appropriate written assurances from third parties who have access to your personal data, in which they must guarantee that they will protect the data with security measures designed to provide an adequate level of protection.

Unless you are otherwise notified, any transfers of your personal data from within the EEA to third parties outside the EEA will be based on an adequacy decision or are governed by Standard Contractual Clauses and/or Binding Corporate Rules. Any other, non-EEA originating, international transfers of your personal data, will take place in accordance with the appropriate international data transfer mechanisms and safeguards.

Ad hoc transfer of personal data may be subject to Article 49 (1) (a-e) of the GDPR.

You can always request a copy of the transfer agreements, which includes the transfer of personal data, by sending an email to unibio@unibiogroup.com.

Security measures

We choose to use suppliers that implement security in accordance with industry practices for good IT security, and we only use encrypted data communications when transferring sensitive and confidential personal data. We also maintain organizational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake. We store personal data on servers with limited access located in secured facilities, and our security measures are evaluated on an ongoing basis. The servers are protected by anti-virus software and firewalls, among other measures.

Personal data retention

Unibio stores your personal data for as long as it is necessary to fulfil one or more of the purposes of the processing mentioned above, unless Unibio is obliged under applicable law or is entitled to store the personal data for a longer period, more specifically:

• We retain your personal data as long as we have an ongoing relationship with you (in particular, if you have an account with us or have not withdrawn your marketing consent).
• We retain your personal data for as long as needed in order to comply with our global legal and contractual obligations.
• We may process and store your personal data for a longer period, if it is anonymized.

We will also retain your personal data where this is advisable to safeguard or improve our legal position (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations).

Data Subjects rights

You are entitled, in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law, to:

• Request access to the personal data we process about you: You have the right to ask us for information about or access to your personal data. There are some exemptions, which means you may not always receive all the data we process.
• Request rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
• Object to the processing of your personal data: this right entitles you to request that we no longer process your personal data. However, it only applies in certain circumstances, and we may not need to stop the processing of your personal data if we can give legitimate reasons to continue using your personal data.
• Request the erasure of your personal data: this right entitles you to request the erasure of your personal data in certain circumstances. If you make a request to this effect, we will without undue delay delete the personal data we have registered about you, unless we are entitled to keep processing the data on a different basis, for instance if such processing is necessary in order to be able to establish a legal claim.
• Request the restriction of the processing of your personal data: this right entitles you to request that we only process your personal data in limited circumstances, including with your consent.
• Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to us or request us to transmit such personal data to another data controller.
• Withdraw your consent: You can withdraw your consent at any time by opting out in the e-mail or contacting by us. If you withdraw your consent, we will cease to process your personal data, unless we are entitled or obligated to continue our processing or storage of your personal data on a different basis, including pursuant to the law. Withdrawing your consent does not affect the legality of the processing that took place prior to such revocation.
• File a complaint: You can always lodge a complaint with a data protection authority, for example the Danish Data Protection Agency.

Please note that certain personal data may be exempt from the above-mentioned rights pursuant to applicable data privacy or other laws and regulations.

Feel free to contact us if you disagree with the way in which we process your personal data or the purposes for which we process the information.

Contact information

Please contact unibio@unibiogroup.com – subject: Privacy Policy if you have a general question about how Unibio protects your personal data, if you wish to exercise your rights in relation to your rights or if you wish to make a complaint about how Unibio uses your personal data.