We are very pleased about your interest in our company. Generally, the web pages of UMB AG may be used without declaring any personal data. However, if a user wishes to utilize particular UMB services through our website, processing of personal data might be necessary. Processing of personal data, such as name, address, e-mail address, or phone number will at any time be undertaken in compliance with the General Data Protection Regulation (GDPR) and in compliance with country-specific data protection regulations applicable to UMB AG.
The aim of this privacy statement is to make data subjects aware of their data protection rights. As the responsible entity for processing (data controller) UMB AG has implemented numerous technical and organizational measures to protect personal data processed through this website as comprehensively as possible.
Terms used in this privacy statement are consistent with the EU-GDPR definitions.
Name and address of the entity responsible for processing
The responsible entity within the meaning of the General Data Protection Regulation, other applicable data protection laws of EU member states, as well as other data protection rules and regulations is:
Name and address of the data protection officer
Any data subject may directly contact our data protection officer with questions or suggestions regarding data protection.
Collecting general data and information
When accessed by a person or an automated system the UMB AG website collects various general data and information. Such general data and information will be stored in the server’s log files. The following information may be collected:
browser types and versions used,
the operating system of the accessing system,
the website from which the accessing system arrives on our website,
the webpages visited by a accessing system on our website,
date and time of the access to our website,
an internet protocol address (IP address),
the internet service provider of the accessing system as well as other similar data and
information for the prevention of attacks on our information technology systems.
When utilizing such general data and information, UMB will not trace them to any data subject. Instead, such information is needed to
correctly render the contents on our website,
optimize the contents on our website,
ensure the permanent operability of our information technology systems and technical viability of our website,
provide the necessary data to law enforcement in case of a cyberattack.
Such anonymously collected data and information is statistically analyzed by UMB and evaluated with the aim to increase data protection and data security in our company as well as, ultimately, to ensure the best possible level of protection for any personal data processed by us. Anonymous data in the server log files is stored separately from any personal data declared by data subjects. Such data will generally not be given to third parties except if a legal obligation arises or if it serves law enforcement purposes.
Registering on our website
The data subject has the option to register on our website by declaring certain personal data. The type of personal data transferred to us is determined by the input screen used. Personal information entered by the data subject is collected and stored exclusively for internal use at UMB AG and for our own purpose. UMB AG may forward such data to an order processor, such as a parcel service. Such a processor will also use the personal data in question exclusively for internal purposes associated with UMB.
Registering a data subject who voluntarily discloses personal data allows us to offer particular contents or services to such a person, which, due to their nature, can only be provided to registered users. At any time, registered individuals have the option to alter or completely erase personal data entered at registration from our files.
On request of a data subject UMB AG will provide information regarding stored personal data concerning that individual. UMB AG will also, on request or notification of a data subject, rectify or erase personal data but for any statutory storage obligations.
Subscribing to our newsletter
On UMB AG’s website, users are given the option of subscribing to the newsletter of our company. The type of personal data transferred to us when ordering the newsletter is determined by the input screen used. UMB AG informs customers and business partners periodically by means of a newsletter about the offers of the company. The newsletter can generally only be received by a data subject if
the data subject has a valid e-mail address and
the data subject has registered to receive the newsletter.
When registering for the newsletter, we will also store the IP address assigned by the internet service provider to the computer system used for registering by the data subject at registering time as well as date and time of the registration. It is necessary to record such data to be able, at a later point in time, to trace possible misuse of the e-mail address of a data subject and thus to legally protect UMB AG.
Newsletter subscribers may also be contacted by e-mail if it is necessary for the operation of the newsletter service or a related registration, for example, in case of changes to the newsletter service or to technical settings. Personal data recorded in connection with the newsletter service will not be given to third parties.
The subscription to our newsletter may be terminated by the data subject at any time. Consent for processing of personal data given by the data subject to receive the newsletter may be withdrawn at any time. Every newsletter contains a link for the purpose of withdrawing such consent. Cancelling the newsletter subscription may also be done directly on our website or by notifying us in other ways.
Contacting us through our website
UMB AG’s website contains information to enable the quick establishment of contact and direct communication with our company, including a general address for so-called electronic mail (e-mail). If a data subject approaches us by e-mail or a contact form, personal data transmitted by such an individual will be automatically stored. Such personal data, voluntarily shared by a data subject, will be stored for the purpose of processing or contacting the data subject and will not be given to third parties.
Routine deletion and blocking of personal data
Personal data of a data subject will only be processed and stored by UMB AG for the duration necessary to achieve the aim of the storage purpose or as long as provided for by rules and regulations UMB AG is subjected to. If the storage purpose no longer applies or a statutory storage period expires, personal data in question will be routinely blocked or deleted according to statutory requirements.
Rights of the data subject
Data subjects have the right to access their data (pursuant to Paragraph 15 of the EU GDPR), the right to rectify their data (pursuant to Paragraph 16 EU GDPR), the right to erasure of their data (pursuant to Paragraph 17 EU GDPR), the right to object (pursuant to Paragraph 21 EU GDPR), as well as the right to data portability (pursuant to Paragraph 20 EU GDPR). Data subjects also have a right to lodge a complaint (if applicable to them) to the responsible data protection regulatory agency (Paragraph 77 EU GDPR). Consent issued for the processing of personal data may be revoked at any time by a data subject. Such revocation shall only be effective in the future. Processes transacted before the written revocation shall not be affected.
Data protection in connection with job applications and application proceedings
UMB AG collects and processes personal data of job applicants to transact job application proceedings. Such transaction may also occur electronically, especially if the application documents have been transmitted to UMB electronically by the applicant, i.e., by e-mail or by a web form on our website. If UMB and a job applicant conclude a contract of employment, such transmitted data will be stored for the purpose of conducting the employment relationship according to statutory regulations. If no contract of employment results, application documents will automatically be deleted two months after the applicant has been informed regarding our decision, provided that no other rightful interests of UMB AG are affected by such a deletion.
We use HubSpot for our online marketing activities. This is an integrated software solution that enables us to cover various aspects of our online marketing.
These include, among others:
Content management (website and blog)
E-mail marketing (newsletters and automated mailings, e.g. for the provision of downloads)
Reporting (e.g. traffic sources, visits, etc. ...)
Contact management (e.g. user segmentation & CRM)
Landing pages and contact forms
Our registration service allows visitors to our website to learn more about our company and download content as well as provide their contact information and other demographic information.
This information as well as the contents of our website are stored on servers of our software partner HubSpot. We may use this information to contact visitors to our website and to determine which services of our company are of interest to them.
HubSpot is a US software company with a subsidiary in Ireland.
2nd Floor 30 North Wall Quay
Dublin 1, Ireland,
Phone: +353 1 5187500
HubSpot is certified in accordance with the Swiss-US Privacy Shield and is subject to TRUSTe's privacy seal.
Data protection regulations for the use of Facebook
There are components of Facebook integrated on UMB AG’s website. Facebook is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the processing of personal data.
Every time a data subject accesses a page of this website operated by UMB AG and containing a Facebook component (Facebook plug-in), the internet browser on the information technology system of the data subject will automatically be prompted by the specific Facebook component to download a rendering of this Facebook component from Facebook. Facebook will receive information regarding the pages visited by the data subject on our website through this technical procedure.
A list of all Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/?locale=en_EN
If the data subject is logged in at Facebook while accessing our website Facebook will identify any webpage (sub-page) of our website being accessed by the data subject during the entire duration of and each time when accessing our website. Such information will be collected by said Facebook components and assigned to the Facebook account of the data subject by Fa- cebook. If the data subject uses one of the Facebook buttons integrated on our website, e.g., the like button, or if the data subject publishes a comment, Facebook will assign such information to the personal Facebook user account of the data subject and store such personal data. Facebook will receive information regarding the data subject accessing our website through its Facebook component every time the data subject is logged in at Facebook at the same time as accessing our website; this will happen irrespective of the data subject clicking on a Facebook component. If the data subject does not want to enable the transfer of such data, such transfer can be prevented by logging out of the Facebook account before accessing our website.
Facebook’s published data policy accessible at
https://de-de.facebook.com/about/privacy/ provides information regarding the collection, processing, and use of personal data by Facebook. It also explains configuration options offered by Facebook to protect the privacy of data subjects. Applications for the prevention of a data transfer to Facebook are also available. Such applications may be used by a data subject to suppress data transmission to Facebook.
Data protection regulations for the use of LinkedIn
Every single time a data subject accesses a page of our website containing a LinkedIn component (LinkedIn plug-in), the internet browser on the information technology system of the data subject will automatically be prompted by the specific LinkedIn component to download a rendering of this LinkedIn component from LinkedIn. LinkedIn will receive information regarding the pages visited by the data subject on our website through this technical procedure. More information regarding the LinkedIn plug-ins may be accessed at developer.linkedin.com/plugins.
If the data subject is logged in at LinkedIn while accessing our website LinkedIn will identify any webpage (sub-page) of our website being accessed by the data subject during the entire duration of and each time when accessing our website. Such information will be collected by said LinkedIn components and assigned to the LinkedIn account of the data subject by LinkedIn. If the data subject uses one of the LinkedIn buttons integrated on our website, LinkedIn will assign such information to the personal LinkedIn user account of the data subject and store such personal data.
LinkedIn will receive information regarding the data subject accessing our website through its LinkedIn component every time the data subject is logged in at LinkedIn and at the same time accessing our website; this will happen irrespective of the data subject clicking on a LinkedIn component. If the data subject does not want to enable the transfer of such data, such transfer can be prevented by logging out of the LinkedIn account before accessing our website.
At https://www.linkedin.com/psettings/guest-controls LinkedIn offers the option to cancel e-mail messages, text messages, and targeted adverts; it also allows the administration of advertising settings. LinkedIn utilizes partners, such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which are able to set cookies. Such cookies may be refused. LinkedIn’s applicable data protection regulations are accessible at https://www.linkedin.com/legal/privacy-policy LinkedIn’s cookie regulation is accessible at https://www.linkedin.com/legal/cookie-policy
Data protection regulations for the use of Xing
There are components of Xing integrated on UMB AG’s website. Xing is operated by XING SE, Dammtorstrasse 30, 20354 Hamburg, Deutschland.
Every time a data subject accesses a page of this website, operated by the entity responsible for processing and containing a Xing component (Xing plug-in), the internet browser on the information technology system of the data subject will automatically be prompted by the specific Xing component to download a rendering of this Xing component from Xing. Xing will receive information regarding the pages visited by the data subject on our website through this technical procedure. More information regarding the Xing plug-ins may be accessed at https://dev.xing.com/plugins
If the data subject is logged in at Xing while accessing our website Xing will identify any webpage (sub-page) of our website being accessed by the data subject during the entire duration of and each time when accessing our website. Such information will be collected by said Xing components and assigned to the Xing account of the data subject by LinkedIn. If the data subject uses one of the Xing buttons integrated on our website, e.g. the share button, Xing will assign such information to the personal Xing user account of the data subject and store such personal data.
Xing will receive information regarding the data subject accessing our website through its Xing component every time the data subject is logged in at Xing and at the same time accessing our website; this will happen irrespective of the data subject clicking on a Xing component. If the data subject does not want to enable the transfer of such data, such transfer can be prevented by logging out of the Xing account before accessing our website.
Xing’s published data policy accessible at https://www.xing.com/privacy provides information regarding the collection, processing, and use of personal data by Xing. Data protection information regarding the Xing share button can be found here: https://dev.xing.com/plugins/share_button/privacy_policy.
Legal framework for processing
Within the scope of the EU GDPR it is Article 6 1. (a) EU GDPR which provides the legal basis for our company when processing data for a specific purpose with user consent. If the processing of personal data is necessary to fulfill a contract with the data subject as a party of such a contract, e.g., in case of data processing required for the delivery of goods or another service or consideration, such processing is based on Article 6 1. (b) EU GDPR. The same applies to processing required for the performance of pre-contractual measures, such as inquiries regarding our products or services. If processing is necessary for UMB AG’s compliance with a legal obligation, e.g., to fulfill tax compliance obligations, such processing is based on Article 6 1. (c) EU GDPR. In rare cases, processing of personal data might become necessary to protect the vital interest of a data subject or another natural person. This could, for example, be the case if a visitor to our company was injured and it became necessary to forward his or her name, age, health insurance information or other vital data to a medical doctor, a hospital, or other third party. In such case, processing will be based on Article 6 1. (d) EU GDPR. Processing operations may also be based on Article 6 1. (f) EU GDPR. This article provides the legal basis for processing operations not covered by any of the provisions mentioned above if processing is necessary for the purposes of legitimate interests pursued by UMB AG or by a third party, except where such interests are overridden by the interests or fundamental rights and free- doms of the data subject.
Duration of storage of personal data
The duration of storage of personal data is based on the respective legal retention period. Upon expiry of such period all pertinent data will be routinely deleted, provided they are no longer necessary for contract performance or the initiation of a contract.
Statutory or contractual regulations for the provision of personal data; requirement for the conclusion of contract; obligation of the data subject to provide personal data; pos- sible consequences of non-provision
This is to inform you that the provision of personal data is sometimes legally required (e.g. through tax regulation) or that such provision may result from contractual rules (e.g. information about the contractual partner). Sometimes the provision of personal data by a data subject that subsequently needs to be processed by UMB AG might be required for the conclusion of a contract. The data subject is, for example, obligated to provide personal data to UMB AG for the purpose of concluding a contract with us. Non-provision of personal data would make it impossible to conclude a contract with the data subject.
Cham, May 23, 2018