With the following information, we would like to provide you with an overview of how we handle the data that we collect from you in connection with the use of our services and that we record when you visit our websites www.ums-gmbh.com and umsacademy.com. We would also like to inform you about your data protection rights. Which data is processed in detail and how it is used depends on the services used in each case.
1. Controller, Art. 4 No. 7 GDPR
The controller for the processing of your data within the meaning of Art. 4 No. 7 of the Data Protection Regulation (GDPR) is the
UMS Consulting GmbH & Co KG
Hanauer Landstrasse 291 B
60314 Frankfurt am Main (Germany)
2. What is "personal data"?
Personal data is information about you that allows conclusions to be drawn about your identity, e.g. your name, address or telephone number. Information that does not allow conclusions to be drawn about a specific or identifiable person is not included.
3. Scope and Purpose of data collection, processing and use
a) On our Websites
aa) When you visit our websites for purely informational purposes, i.e. if you do not log in, place orders or otherwise transmit information to us, we collect the data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
bb) Contacting us
You can contact us using the contact form on our website or simply by e-mail. We need a name with which we can address you and an e-mail address in order to be able to reply to you. You can give us further information voluntarily to facilitate communication.
cc) Customer Log-In/Library
For our customers we provide a log-in on our website, where they can access their account. There they can access their learning content (e-learning) and certificates and use the library. User name and password are sent to the customer by e-mail.
ee) Orders in the online shop
You can book seminars and trainings as well as other events via our online shop. In addition to the company name, we require the surname and first name of the person who triggers the booking and whom we can subsequently contact. We also ask for a mail address to facilitate correspondence. This does not have to be a personalised mail address. You can also use the general company address if receipt is ensured there. We store the data you provide and use it for processing and further handling of your order.
Within the scope of payment processing via the payment methods offered in the shop, personal data may also be collected and processed. However, the processing does not take place by us, but exclusively at and by the respective payment service provider as the responsible party. Information on the scope and purpose of the processing in this regard can be found in the data protection information of the respective payment service provider.
b) Job Applications
aa) Application request
If you send us a job application request, we store and use your email address and - if given - your name to respond to your request. When you send us a job application with application documents, we collect and store the following data:
Your data is processed for the purpose of handling your application for the decision on the establishment of an employment relationship. The legal basis for the processing is Section 26 (1) BDSG (German Federal Data Protection Act – Bundesdatenschutzgesetz).
bb) Job Applicant pool
It may happen that we are unable to offer you a position at the moment, but that your application is eligible for later job postings. In this case, we will store your data in our job applicant database. However, we only do this if you have given us your express consent beforehand. In this case, the processing is based on your consent in accordance with Art. 6 para. 1 a) GDPR. You can revoke your consent at any time. The revocation does not affect the lawfulness of the processing prior to receipt of the revocation.
c) Other processing of data
We collect and store personal data when you send us enquiries by telephone or post, request quotations, place orders, register for our events and in the context of the establishment and processing of contractual relationships. In addition to company data (company, address, contact details), we also collect and store the personal data of individual entrepreneurs, registered event participants, applicants and contact persons in the companies of our contractual partners.
4. Purpose of processing and legal basis
We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
a) For the fulfilment of contractual obligations (Art. 6 para. 1 b GDPR)
The processing of data takes place for the provision of our contractual services or for the implementation of pre-contractual measures, which take place upon your request.
b) Within the framework of the balancing of interests (Art. 6 para. 1 f GDPR)
Beyond the use for the actual fulfilment of the contract, it may be necessary to process your data for the protection of legitimate interests of us or third parties, e.g.
c) Based on your consent (Art. 6 para. 1 a GDPR)
require your consent for certain purposes (e.g. sending event notices or our newsletter; activation of non-essential cookies, transfer of job applicant data to the job applicant pool). In this respect, processing only takes place if you have expressly given your consent. You can revoke your consent at any time. The revocation does not affect the lawfulness of the processing prior to receipt of the revocation.
5.Recipients of the data
a) Data that we automatically collect on our Internet pages (see above 3 a) aa)) are not transmitted to third parties.
b) Recipients of your data may be subcontractors who, in individual cases, conduct trainings or other events on our behalf. These are sent, for example, lists with the names of the participants as well as the name and contact details of a contact person.
c) In the context of certifications, personal data are sent to the responsible certification companies.
d) Data will be sent to public authorities if we are obliged to do so due to a legal regulation or official measure.
e) With your consent, we transmit data to companies in our group of companies.
f) Applicant data is generally not transferred to third parties outside our company . If a transfer to third parties is possible by way of exception (for example, because we can offer you an alternative position in the company of a cooperation partner), we will obtain your consent beforehand.
6. Transfer of data to a third country
As a rule, we do not transfer personal data to recipients based outside the EU and the EEA. However, a transfer to a third country may be possible, for example, if we provide services in a third country and commission a local subcontractor who requires this data to perform the services. In this case, however, the data will only be transferred in accordance with Art. 44 et seq. GDPR.
7. Duration and Storage
We generally store your data for as long as the storage is required for the fulfilment of contractual and legal obligations. If the data is no longer required for this purpose, it is regularly deleted.
Log data of our website (server log files) are stored for a period of 3 months and then automatically deleted.
Data collected via cookies are stored for the duration specified in the "cookie information" and then automatically deleted.
Data that you provide to us in connection with enquiries will be stored for a period of 3 months after the enquiry has been dealt with (e.g. dispatch of information material, call-back) in order to be able to answer further enquiries. If there is no further contact, the data will be deleted after 3 months at the latest.
We store job applicant data for up to 6 months after your job has been rejected. If consent has been given, we store the job applicant data in our applicant pool for up to one year. If you revoke your consent before then, your data will be deleted after receipt of the revocation.
Deletion shall not take place insofar as
8. Security of your data
We take all appropriate technical and organisational measures to ensure the protection of your data. Third parties who process your data on our behalf or who may come into contact with it are obliged in writing to comply with data protection regulations in accordance with legal requirements. Our employees are all bound to data secrecy.
9. Your data protection rights
As a "data subject" you have the right to
With regard to the right to information and the right of deletion, the restrictions according to §§ 34 and 35 BDSG apply.
You also have the right to complain to our data protection officer (see section 12 below) or to the competent data protection authority (Art. 77 GDPR in conjunction with Section 19 BDSG).
Right of objection
If we process your data to protect legitimate interests (see above), you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
10. Obligation to provide data
You are not legally obliged to provide us with data. However, if you send us enquiries or want to commission us, it is necessary that you provide us with the data that is required to answer the enquiry or to provide our services. Which data is required in detail depends on the respective service that we are to provide for you.
For an enquiry, for example, we need a name to address you and an email address or telephone number (if you would like to be called back). To register for our events, you must provide us with the name of the participant(s). This also applies to certifications. In the context of training or consultancy contracts, we usually need the name of a contact person in your company and their contact details in addition to your company data.
If you would like to apply for a job to us, we need your surname, first name and an email address or telephone number so we can contact you. We can only consider job applications that include a current home address and the usual proof of education and work experience (e.g. certificates, CV). Without this data, it is unfortunately not possible to process your job application
Without the required data, it is not possible to use our services and we cannot conclude a contract with you.
11. Automated decision making and profiling
Automated decision-making and/or profiling within the meaning of Art. 22 (1) and (4) GDPR do not take place.
12. Data protection officer
If you have any questions or comments on the subject of data protection, please send us an e-mail to firstname.lastname@example.org.
V 1.2 Frankfurt am Main in Februar 2023