UMS - Logo

Privacy policy

for our website

The following information is intended as an overview of how we process your data that we collect when you use our services and when you visit our website We also want to make you aware of your data privacy rights. The specific data collected, and how it is used, depends on your choice of services.

1. 'Controller', Art. 4 Item 7 EU GDPR

The controller responsible for processing your data as defined in Article 4 Item 7 of the EU General Data Protection Regulation (EU GDPR) is

UMS Consulting GmbH & Co. KG
Hanauer Landstraße 291 B
D-60314 Frankfurt am Main (Germany)

2. What is 'personal data'?

'Personal data' means any information about you through which you can be identified, e.g., your name, address, or telephone number. Information that does not relate to a directly or indirectly identified or identifiable person is not classed as personal data.

3. Scope of data collection, processing, and use

a) On our website

aa) When you visit our website purely to research information, i.e., you do not log in or transfer information to us in any way, we only collect the data that your browser sends to our servers. When you request to view our website we collect the following data, which we require for technical reasons to be able to display the website to you and to ensure its stability and security:

  • IP address of the computer making the request
  • Date and time of the request
  • Access method/function preferred by the computer making the request
  • Input values transmitted by the computer making the request
  • Web server access status (transmit file, file not found, command not executed, etc.)
  • Name of the file requested
  • URL from which the file was requested/the desired function was triggered (referrer URL)
  • Browser type and version
  • Operating system used

bb) Contacting us
You can contact us by e-mail or using our contact form. We process the data that you share with us in order to respond to your inquiry.

cc) Client login
We provide a login function for clients on our website, which we occasionally use to deliver specific information. Clients can request that we send their user name and password by post or e-mail. This access data is stored separately from the client data to ensure that any access is anonymous.

dd) Cookies
Our websites use cookies. These cookies help make our websites more user-friendly, more effective, and more secure. Cookies are small text files that are saved to your computer by your browser. Any cookies that we use are session cookies. These are automatically deleted when you end your session on our website. Cookies do not cause any damage to your computer and do not contain viruses.

You can configure your browser settings to prevent cookies being stored and, e. g., opt to reject third-party cookies or all cookies. Please note that if you deactivate cookies you might not be able to use all the functions of this website.

b) Other data processing

We collect and store personal data when you send us an inquiry, request a quote or proposal, submit an order, or register for our events, as well as in the course of substantiating and dealing with contractual relationships. Alongside information about the respective company (name, address, contact details) we also collect and store personal data shared with us by individual enterprises, registered event attendees, job applicants, and contact persons at our contract partners' companies.

4. Purpose of processing and legal basis

We process personal data in accordance with the provisions set out in the EU General Data Protection Regulation (EU DGPR) and the German Federal Data Protection Act (BDSG).

a) For the performance of a contract (Art. 6 Para. 1b EU GDPR)
Data is processed for the purpose of performing our contractual services or in order to take steps at your request prior to entering into a contract.

b) For the purposes of legitimate interests (Art. 6 Para. 1F EU GDPR)
Aside from the use of data for the performance of a contract, it can also be necessary to process your data for the purposes of the legitimate interests pursued us or by a third party, e.g.

  • To guarantee the IT security of our website
  • To compile access statistics without reference to any person and for the purposes of identifying and tracking, by persons expressly authorized to do so, of unauthorized access attempts and accesses to the web server
  • To exercise legal claims and to defend ourselves in the event of legal disputes.

c) Because you have given consent (Art. 6 Para. 1a EU GDPR)
Certain activities and purposes require that we ask for your consent (e.g., sending event updates or our newsletter). Your data is only processed to the extent that you have explicitly given your consent. You can withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

5. Recipients

a) Data that we collect on our website is not shared with third parties.

b) Recipients of your data can include subcontractors that, in individual cases, run trainings or other events on our behalf. They receive, e.g., lists of participants' names.

c) In the course of certifications, personal data is transferred to the relevant certifying body.

d) Data is transferred to public authorities where we are obliged do to so in accordance with the law or pursuant to an official action.

6. Transfers of data to third countries

We typically do not transfer any personal data to recipients located outside the EU/EEA. However, data may potentially be transferred to a third country, for example, when we perform services in a third country and commission a local subcontractor that requires this information in order to perform their contract. Even in this case, data is only ever transferred in accordance with Art. 44 ff. EU DGPR.

7. Storage and retention

We generally only store your data for as long as it takes for us to fulfill our contractual and statutory obligations. Data that is no longer required for that purpose is regularly deleted.

Log data for our website (server log files) is stored for a period of three 3 months and then automatically deleted.

Data collected through session cookies is automatically deleted when you end your session on our website.

Data that you share with us in relation to an inquiry is stored for a period of 3 months following completion of the inquiry (e.g., sending information material, callback) to allow us to respond to any follow-up questions. If there is no further contact the data will be deleted at the latest after 3 months.

Data is not deleted

  • where said deletion would violate our statutory obligations to retain data under commercial and tax law,
  • where data must be retained as evidence of claims arising from the contractual relationship, in accordance with the standard limitation period (3 years, §195 German Civil Code).

Where no deletion takes place pursuant to the above provision, the data is locked. We carry out regular reviews to check whether data needs to be retained, at least every 2 years.

8. Security of your data

We take all appropriate technical and organizational measures to protect your data. Third parties that process your data on our behalf, or that come into contact with your data, provide a written undertaking, in accordance with the statutory provisions, of their compliance with data protection regulations. All of our employees have a duty to maintain data confidentiality.

9. Your data privacy rights

As a 'data subject' you have the right to

  • access/information in accordance with Art. 15 EU DGPR
  • rectification in accordance with Art. 16 EU DGPR
  • erasure in accordance with Art. 17 EU DGPR
  • restriction of processing in accordance with Art. 18 EU DGPR
  • object as set out in Art. 21 EU DGPR, and
  • data portability in accordance with Art. 20 EU DGPR.

The right of access/information and right of erasure are subject to the limitations set out in §§34 and 35 BDSG (New). You also have the right to complain to the responsible data protection authority (Art. 77 EU DGPR in conjunction with §19 BDSG (New)).

10. Obligation to supply data

You are not legally obliged to provide us with data. However, if you send us an inquiry or want to work with us, it will be necessary for you to share the data that is required in order to respond to your inquiry and/or perform our contract. The specific data required will vary depending on the service we will be performing for you.

To respond to an inquiry, for example, we need an e-mail address or telephone number (if you would like a callback). To register for our events you need to tell us the names of the people wishing to attend. This also applies to certifications. As part of our training and consulting contracts, we typically need your company information, as well as the name of a contact person and details of how to reach them at your company.

Without this essential data it is not possible to use our services, and we cannot enter into a contract with you.

11. Automated decision making and profiling

No automated decision making and/or profiling takes place as defined in Art. 22 Items 1 and 4 EU DGPR.

12. Data protection officer

If you have any questions or feedback about data protection and privacy, you can e-mail us at

13. Changes to the privacy policy

We reserve the right to modify the provisions in our privacy policy from time to time. Previous versions of the privacy policy can be requested by e-mailing the above address.

V 1.0 Frankfurt am Main, May 2018