for our website www.ums-gmbh.com
The following information is intended as an overview of how we process your data that we collect when you use our services and when you visit our website www.ums-gmbh.com. We also want to make you aware of your data privacy rights. The specific data collected, and how it is used, depends on your choice of services.
1. 'Controller', Art. 4 Item 7 EU GDPR
The controller responsible for processing your data as defined in Article 4 Item 7 of the EU General Data Protection Regulation (EU GDPR) is
UMS Consulting GmbH & Co. KG
Hanauer Landstraße 291 B
D-60314 Frankfurt am Main (Germany)
2. What is 'personal data'?
'Personal data' means any information about you through which you can be identified, e.g., your name, address, or telephone number. Information that does not relate to a directly or indirectly identified or identifiable person is not classed as personal data.
3. Scope of data collection, processing, and use
a) On our website
aa) When you visit our website purely to research information, i.e., you do not log in or transfer information to us in any way, we only collect the data that your browser sends to our servers. When you request to view our website we collect the following data, which we require for technical reasons to be able to display the website to you and to ensure its stability and security:
bb) Contacting us
You can contact us by e-mail or using our contact form. We process the data that you share with us in order to respond to your inquiry.
cc) Client login
We provide a login function for clients on our website, which we occasionally use to deliver specific information. Clients can request that we send their user name and password by post or e-mail. This access data is stored separately from the client data to ensure that any access is anonymous.
You can configure your browser settings to prevent cookies being stored and, e. g., opt to reject third-party cookies or all cookies. Please note that if you deactivate cookies you might not be able to use all the functions of this website.
b) Other data processing
We collect and store personal data when you send us an inquiry, request a quote or proposal, submit an order, or register for our events, as well as in the course of substantiating and dealing with contractual relationships. Alongside information about the respective company (name, address, contact details) we also collect and store personal data shared with us by individual enterprises, registered event attendees, job applicants, and contact persons at our contract partners' companies.
4. Purpose of processing and legal basis
We process personal data in accordance with the provisions set out in the EU General Data Protection Regulation (EU DGPR) and the German Federal Data Protection Act (BDSG).
a) For the performance of a contract (Art. 6 Para. 1b EU GDPR)
Data is processed for the purpose of performing our contractual services or in order to take steps at your request prior to entering into a contract.
b) For the purposes of legitimate interests (Art. 6 Para. 1F EU GDPR)
Aside from the use of data for the performance of a contract, it can also be necessary to process your data for the purposes of the legitimate interests pursued us or by a third party, e.g.
c) Because you have given consent (Art. 6 Para. 1a EU GDPR)
Certain activities and purposes require that we ask for your consent (e.g., sending event updates or our newsletter). Your data is only processed to the extent that you have explicitly given your consent. You can withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
a) Data that we collect on our website is not shared with third parties.
b) Recipients of your data can include subcontractors that, in individual cases, run trainings or other events on our behalf. They receive, e.g., lists of participants' names.
c) In the course of certifications, personal data is transferred to the relevant certifying body.
d) Data is transferred to public authorities where we are obliged do to so in accordance with the law or pursuant to an official action.
6. Transfers of data to third countries
We typically do not transfer any personal data to recipients located outside the EU/EEA. However, data may potentially be transferred to a third country, for example, when we perform services in a third country and commission a local subcontractor that requires this information in order to perform their contract. Even in this case, data is only ever transferred in accordance with Art. 44 ff. EU DGPR.
7. Storage and retention
We generally only store your data for as long as it takes for us to fulfill our contractual and statutory obligations. Data that is no longer required for that purpose is regularly deleted.
Log data for our website (server log files) is stored for a period of three 3 months and then automatically deleted.
Data collected through session cookies is automatically deleted when you end your session on our website.
Data that you share with us in relation to an inquiry is stored for a period of 3 months following completion of the inquiry (e.g., sending information material, callback) to allow us to respond to any follow-up questions. If there is no further contact the data will be deleted at the latest after 3 months.
Data is not deleted
Where no deletion takes place pursuant to the above provision, the data is locked. We carry out regular reviews to check whether data needs to be retained, at least every 2 years.
8. Security of your data
We take all appropriate technical and organizational measures to protect your data. Third parties that process your data on our behalf, or that come into contact with your data, provide a written undertaking, in accordance with the statutory provisions, of their compliance with data protection regulations. All of our employees have a duty to maintain data confidentiality.
9. Your data privacy rights
As a 'data subject' you have the right to
The right of access/information and right of erasure are subject to the limitations set out in §§34 and 35 BDSG (New). You also have the right to complain to the responsible data protection authority (Art. 77 EU DGPR in conjunction with §19 BDSG (New)).
10. Obligation to supply data
You are not legally obliged to provide us with data. However, if you send us an inquiry or want to work with us, it will be necessary for you to share the data that is required in order to respond to your inquiry and/or perform our contract. The specific data required will vary depending on the service we will be performing for you.
To respond to an inquiry, for example, we need an e-mail address or telephone number (if you would like a callback). To register for our events you need to tell us the names of the people wishing to attend. This also applies to certifications. As part of our training and consulting contracts, we typically need your company information, as well as the name of a contact person and details of how to reach them at your company.
Without this essential data it is not possible to use our services, and we cannot enter into a contract with you.
11. Automated decision making and profiling
No automated decision making and/or profiling takes place as defined in Art. 22 Items 1 and 4 EU DGPR.
12. Data protection officer
If you have any questions or feedback about data protection and privacy, you can e-mail us at firstname.lastname@example.org.
V 1.0 Frankfurt am Main, May 2018