UMS - Logo

Privacy policy

With the following information, we would like to provide you with an overview of how we handle the data that we collect from you in connection with the use of our services and that we record when you visit our websites www.ums-gmbh.com and umsacademy.com. We would also like to inform you about your data protection rights. Which data is processed in detail and how it is used depends on the services used in each case.

1. Controller, Art. 4 No. 7 GDPR

The controller for the processing of your data within the meaning of Art. 4 No. 7 of the Data Protection Regulation (GDPR) is the

UMS Consulting GmbH & Co KG
Hanauer Landstrasse 291 B
60314 Frankfurt am Main (Germany)

2. What is "personal data"?

Personal data is information about you that allows conclusions to be drawn about your identity, e.g. your name, address or telephone number. Information that does not allow conclusions to be drawn about a specific or identifiable person is not included.

3. Scope of data collection, processing and use

a) On our Websites

aa) When you visit our websites for purely informational purposes, i.e. if you do not log in, place orders or otherwise transmit information to us, we collect the data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  • IP address of the requesting computer
  • Date and time of the request
  • Access method/function requested by the requesting computer
  • Input values transmitted by the requesting computer
  • Access status of the web server (file transferred, file not found, command not executed etc.)
  • Name of the requested file
  • URL from which the file was requested/the desired function was initiated (referrer URL)
  • Browser type and version
  • Operating system used

bb) Contacting us
You can contact us using the contact form on our website or simply by e-mail. We need a name with which we can address you and an e-mail address in order to be able to reply to you. You can give us further information voluntarily to facilitate communication. 

cc) Customer Log-In/Library
For our customers we provide a log-in on our website, where they can access their account. There they can access their learning content (e-learning) and certificates and use the library. User name and password are sent to the customer by e-mail. 

dd) Cookies
Our website uses so-called cookies. These serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses.

When you visit our website for the first time, you will be informed about the use of cookies by a so-called cookie banner, which opens at the bottom of the website. Essential cookies, which are necessary for the secure operation of the website, are activated by default. You can view these essential cookies and further information under "individual data protection settings" and "cookie information". You can also activate additional cookies to further improve the functionality of our website and services for you. To do this, you must switch on the cookies displayed in the cookie banner, e.g. for statistics and marketing. By doing so, you give your consent that the activated cookies may collect personal data and that we may process this data. Information on the scope and purpose of the processing can also be found in the "Cookie information".  You can revoke your consent to processing by the cookies you have activated at any time by calling up the cookie banner again and switching off the cookies there. No more data will then be collected via the cookies that have been switched off. The lawfulness of the data processing until the deactivation remains unaffected by this. You must save the cookie setting so that this setting is retained when you visit the website again and does not have to be made again. You can "delete" the setting by reloading the page. Please note that if you do not activate certain cookies, you may not be able to use all the functions of our websites.

ee) Orders in the online shop
You can book seminars and trainings as well as other events via our online shop. In addition to the company name, we require the surname and first name of the person who triggers the booking and whom we can subsequently contact. We also ask for a mail address to facilitate correspondence. This does not have to be a personalised mail address. You can also use the general company address if receipt is ensured there. We store the data you provide and use it for processing and further handling of your order. 

Within the scope of payment processing via the payment methods offered in the shop, personal data may also be collected and processed. However, the processing does not take place by us, but exclusively at and by the respective payment service provider as the responsible party. Information on the scope and purpose of the processing in this regard can be found in the data protection information of the respective payment service provider.

Please also note that some products (e.g. books) cannot be ordered via our shop, but you will be redirected to the shop of a third-party provider (e.g. springer.com). There, the privacy policy of the shop operator applies. 
 

b) Other processing of data 

We collect and store personal data when you send us enquiries by telephone or post, request quotations, place orders, register for our events and in the context of the establishment and processing of contractual relationships. In addition to company data (company, address, contact details), we also collect and store the personal data of individual entrepreneurs, registered event participants, applicants and contact persons in the companies of our contractual partners.

4. Purpose of processing and legal basis

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a) For the fulfilment of contractual obligations (Art. 6 para. 1 b GDPR)
The processing of data takes place for the provision of our contractual services or for the implementation of pre-contractual measures, which take place upon your request.

b) Within the framework of the balancing of interests (Art. 6 para. 1 f GDPR) 
Beyond the use for the actual fulfilment of the contract, it may be necessary to process your data for the protection of legitimate interests of us or third parties, e.g.

  • Ensuring the IT security of our website
  • Assertion of legal claims and defence in legal disputes
     

c) Based on your consent (Art. 6 para. 1 a GDPR)
We require your consent for certain purposes (e.g. sending event notices or our newsletter; activating non-essential cookies). In this respect, processing only takes place if you have expressly given this consent. You can revoke your consent at any time. The revocation does not affect the lawfulness of the processing prior to receipt of the revocation.

5.Recipients of the data

a) Data that we automatically collect on our Internet pages (see above 3 a) aa)) are not transmitted to third parties.

b) Recipients of your data may be subcontractors who, in individual cases, conduct trainings or other events on our behalf. These are sent, for example, lists with the names of the participants as well as the name and contact details of a contact person.

c) In the context of certifications, personal data are sent to the responsible certification companies.

d) Data will be sent to public authorities if we are obliged to do so due to a legal regulation or official measure.

6. Transfer of data to a third country

As a rule, we do not transfer personal data to recipients based outside the EU and the EEA. However, a transfer to a third country may be possible, for example, if we provide services in a third country and commission a local subcontractor who requires this data to perform the services. In this case, however, the data will only be transferred in accordance with Art. 44 et seq. GDPR.

7. Duration and Storage

We generally store your data for as long as the storage is required for the fulfilment of contractual and legal obligations. If the data is no longer required for this purpose, it is regularly deleted.

Log data of our website (server log files) are stored for a period of 3 months and then automatically deleted.

Data collected via cookies are stored for the duration specified in the "cookie information" and then automatically deleted.

Data that you provide to us in connection with enquiries will be stored for a period of 3 months after the enquiry has been dealt with (e.g. dispatch of information material, call-back) in order to be able to answer further enquiries. If there is no further contact, the data will be deleted after 3 months at the latest.

We store job candidates data for up to 6 months after rejection. If consent has been given, we store the candidate data in our candidate pool for up to one year. 

Deletion shall not take place insofar as

  • commercial and tax law retention obligations conflict with this,
  • data must be preserved as proof of claims arising from the contractual relationship, within the regular limitation period (3 years, § 195 BGB). As far as a deletion according to the previous sentence does not take place, the data will be blocked. We review the necessity at regular intervals, but at least every 2 years.

8. Security of your data

We take all appropriate technical and organisational measures to ensure the protection of your data. Third parties who process your data on our behalf or who may come into contact with it are obliged in writing to comply with data protection regulations in accordance with legal requirements. Our employees are all bound to data secrecy.

9. Your data protection rights

As a "data subject" you have the right to

  • Information according to Art. 15 GDPR,
  • to rectification in accordance with Art. 16 GDPR
  • on deletion according to Art. 17 GDPR
  • to restriction of processing pursuant to Art. 18 GDPR
  • to data portability from Art. 20 GDPR..

With regard to the right to information and the right of deletion, the restrictions according to §§ 34 and 35 BDSG apply. 

You also have the right to complain to our data protection officer (see section 12 below) or to the competent data protection authority (Art. 77 GDPR in conjunction with Section 19 BDSG). 

Right of objection
If we process your data to protect legitimate interests (see above), you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

10. Obligation to provide data

You are not legally obliged to provide us with data. However, if you send us enquiries or want to commission us, it is necessary that you provide us with the data that is required to answer the enquiry or to provide our services. Which data is required in detail depends on the respective service that we are to provide for you.

For an enquiry, for example, we need a name to address you and an email address or telephone number (if you would like to be called back). To register for our events, you must provide us with the name of the participant(s). This also applies to certifications. In the context of training or consultancy contracts, we usually need the name of a contact person in your company and their contact details in addition to your company data.

Without the required data, it is not possible to use our services and we cannot conclude a contract with you.

11. Automated decision making and profiling

Automated decision-making and/or profiling within the meaning of Art. 22 (1) and (4) GDPR do not take place.

12. Data protection officer

If you have any questions or comments on the subject of data protection, please send us an e-mail to privacy@ums-gmbh.com.

13. Amendment of the privacy policy

We reserve the right to amend the provisions of our privacy policy from time to time. Older versions of the privacy policy can be requested from us via the above-mentioned e-mail address.

V 1.1 Frankfurt am Main in September 2021