Déclaration de confidentialité

We are delighted that you have chosen to visit our website and would like to thank you for your interest in our company and services. The protection of your privacy when you use our Website is important to us. Concerning the processing of your personal data and your rights as a data subject in the context of using of our website

uma-pen.com

(hereinafter also referred to as "website")

We,

uma Schreibgeräte

Ullmann GmbH

Fritz-Ullmann-Weg 3

D-77716 Fischerbach

Legal

(in the following also "we" or "uma")

as data controller and service provider at the same time, would like to inform you in the following.

We process your personal data exclusively within the framework of the legal provisions of European Union data protection law, and, in particular, the EU General Data Protection Regulation (hereinafter "GDPR") and supplementary to the Federal Data Protection Act (hereinafter "BDSG") as well as further data protection laws (hereinafter "data protection laws").

If you would like to take a look at the GDPR yourself, you can find it on the Internet under: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

This Privacy Policy only applies to the website available under the domain uma.com including all subdomains. The information below does not apply to other uma websites or third-party websites to which this website links. The terms used such as “personal data” or its "processing") correspond to the terms in Art. 4 GDPR.

 

1. Object of data protection and legal bases

The object of data protection is personal data. Personal data is any type of information that relates to an identified or identifiable natural person (what is referred to as a "data subject"). Your personal data therefore includes all data that allows your person to be identified, such as your name, address, telephone number or email address. Personal data also includes information that stems from the use of our website, such as the beginning and end or your IP address and its scope of use.

We only process your data if a legal regulation exists that permits its application. We base our processing of your data on the following legal bases, among others:

· Consent (Art. 6 (1) (1) (a) GDPR): We will only process certain data based on the express and voluntary consent that you have previously given. You have the right to revoke your consent at any time for the future.

· Fulfilling a contract or implementing pre-contractual measures (Art. 6 (1) (1) (b) GDPR): We require certain data from you, in particular for you to enter into or execute your contractual relationship with uma.

· Fulfilling a legal obligation (Art. 6 (1) (1) (c) GDPR): We also process your personal data to fulfil legal obligations, such as complying with regulatory requirements or commercial and tax retention requirements.

· Protecting legitimate interests (Art. 6 (1) (1) (f) GDPR): uma processes certain data in order to protect its interests or those of third parties. However, this only applies in individual cases when your interests do not predominate.

Please note that this is not a complete or exhaustive list of possible legal bases, but only contains examples whose intention to make the legal bases under data protection law more transparent. Please refer to the comments below the paragraphs in the following for more information on the legal basis for individual instances of data processing of our website.

2. Server log data

You can visit the section of our website, which is open to the public without registering in advance, without providing any information about yourself. The following information about your access to our website can be stored by you visiting it:

· IP address of the querying end device,

· The pages and files called up,

· The http response code,

· The size of the pages and files accessed in bytes,

· The website from where you visited our website (referring URL),

· The date time and time zone of the server request,

· Browser type/version,

· The operating system installed on the end device requesting access.

We process this data on the basis of Art. 6 (1) (1) (f) GDPR in order to stage the website, safeguard its technical operation and secure our IT systems. In doing so, we pursue our interest of enabling and permanently maintaining the use of our website and its technical functionality. This data is processed automatically when you visit our website. You cannot use our website without providing it. We do not use this data to draw conclusions about your identity.

The data we collect automatically is usually deleted after 7 days, unless we need it for longer for the aforementioned purposes in exceptional cases. We delete the data immediately after the purpose has been fulfilled in such cases.

You cannot object to the collection and storage of your server log data, since this data is essential for the smooth operation of our website.

3. Communication over the contact form or by email

If you communicate with us over the contact form or by email, the collection, processing and use of your the contact details (such as your name, email address) you provide voluntarily is only appropriate when it is used to record and, if necessary, answer your enquiry/ies, as well as for technical administration. The data you provide over our contact forms is encrypted during transmission using Transport Layer Security (TLS), widely known under its previous name of Secure Socket Layer (SSL).

Data that is transmitted in the context of communication over our contact form or by email is processed on the basis of Art. 6 (1) (1) (b) GDPR when it comes to entering into a contractual relationship, or on the basis of Art. 6 (1) (1) (f) GDPR. In the latter case, we have a legitimate interest in processing contact enquiries sent to us voluntarily.

We delete the data you provide as soon as the purpose for its collection ceases to exist, subject to the fulfilment of ongoing legal retention requirements.

If your personal data is processed based on our legitimate interests, you can object its storage at any time. In this case, we will no longer process your data unless we can demonstrate a legitimate interest for doing so or we are otherwise legally obliged to store it. Please contact us in writing, by fax or by email to exercise your right to object to its storage.

Please note, however, that when communicating over the contact form, we cannot guarantee end-to-end data security and that communication by email does not take place over a secure data connection. You should therefore refrain from sending confidential information such as bank or credit card details etc over the contact form of by email. To send confidential information, we recommend that you use a secure means of transfer, such as the postal service.

4. Newsletter

You only need to provide your email address to subscribe to our newsletter. This usually includes your name and email address. If necessary, you can also provide further voluntary information, such as your country. By providing this information, you make it easier for us to select and design the newsletter in such a way that is interesting for you.

We use the double opt-in procedure to send the newsletter, i.e. we only send you a newsletter by email if you expressly confirm to us beforehand that we should activate the newsletter service. We then send you a notification email and ask you to confirm that you would like to receive our newsletter by clicking on a link in the email. On completing this separate double opt-in procedure, you have given your consent to receive the newsletter.

We only send our newsletters once you have subscribed accordingly, i.e. with your consent based on Art. 6 (1) (a) GDPR. We reserve the express right to resort to other legal bases. Insofar as the contents of a newsletter are specifically described when a user subscribes to it, they are binding with regard to the scope of the consent granted by the user. In all other cases, our newsletter contains information about our products, offers, promotions and our company.

You can withdraw your consent at any time if you no longer wish to receive newsletters from us later. A message in text form (e.g. email, letter) to the aforementioned contact details or to datenschutz@uma-pen.com suffices to withdraw your consent. You will also find an unsubscribe link in every newsletter.

5. Cookies

 

 

 

6. myUMA merchant account

As a merchant or contact person at a merchant, uma can provide you with an online merchant account for the myUMA portal following internal verification. You can use your account to view and download additional information about our products, set up myConfigurator and manage your master/contact data.

We store the following during registration and when renewing your registration for the myUMA portal and in the context of using our service offering:

· Email address,

· Username,

· Password,

The data is stored for the purpose of implementing our contractual relationship with you as a merchant on the basis of Art. 6 (1) (1) (b) GDPR, or on the basis of our legitimate interests in supporting our merchants and their contact persons with service offering in accordance with Art. 6 (1) (1) (f) GDPR. This data is only disclosed to third parties if necessary for executing the contract or pursuing legal claims or if there is a legal obligation to do so.

Merchant accounts are not public and cannot be indexed by search engines. If you have requested the deletion of your merchant account, relevant data will be deleted or blocked immediately, subject to whether its needs to be retained for commercial or tax law reasons. You can have your merchant account deleted at any time by sending a message to datenschutz@uma.com. You will no longer be able to use our servicing offer in this case, however.

With the "stay logged in" function, we want to make your visit to our myUMA portal as pleasant as possible. This function enables you to use our myUMA portal without having to log in again each time. For security reasons, however, you will be asked to re-enter your password, for example, if you want to change personal data or make a booking. We recommend that you do not use this function if several users used your device. We would like to point out that the "Stay logged in" function is not available if you use the browser setting that automatically deletes stored cookies after each session or if you have disabled "Additional first-party cookies" (see Sec. 5 (b)).

You myConfigurator as a merchant under your own responsibility. UMA is only a data processor in this respect. You can find details of this in the corresponding section on the myUMA portal.

7. Google Analytics

If you have consented to it, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses third-party cookies to identify preferences and the frequency with which certain areas of our website are used. The information generated by the cookie on how you use our website (including your truncated IP address) is usually transferred to a server from Google in the USA and stored there. The data processing takes place on the basis of your consent (Art. 6 (1) (a) GDPR). The US parent company of Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European data protection law (see www.privacyshield.gov/participant?id=a2zt000000001L5AAI).

Commissioned by us and on the basis of a contract, Google uses this information to evaluate how you use our website in order to compile reports on your website activity, provide them to us and render further website and internet-related services to us.

We only use Google Analytics with activated IP anonymisation. This means that the user's IP address is truncated by Google, if it is located within the member states of the European Union /EU) or other parties to the agreement on the European Economic Area (EEA). Only in exceptional cases is the full IP address transferred to a Google server in the US and truncated there. The IP address transmitted by your browser is not merged with other data from Google.

The data is deleted as soon as it is no longer required for our collection purposes. In our case, this is usually the case after 14 months.

You can revoke any consent you may have given to the use of Google Analytics over the cookie settings on this website (see Sec. 5 above). Furthermore, you can also prevent the storage and use of cookies technically by making the appropriate settings in your browser or using browser add-ons. By downloading and installing the browser plugin available from the link below, you can also prevent the data the cookie generates on how you use our website (incl. your IP address) from being transferred to Google and Google further processing this datahttps://tools.google.com/dlpage/gaoptout?hl=en.

You can find further information about how Google uses the date and setting and opt-out options on the Google websites under the following links:

· https://policies.google.com/technologies/partner-sites?hl=en-GB ("How Google uses information from sites or apps that use our services"),

· https://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"),

· https://www.google.de/settings/ads ("Manage information that Google uses to show you advertisements").

8. Embedded Videos

Videos from YouTube can be embedded on this website. This service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"), which is a subsidiary of Google LLC., Amphitheatre Parkway, Mountain View, CA 94043, USA.

A connection to the servers from YouTube is established to play the videos. This results in certain information (e.g. your IP address) being transmitted to YouTube. YouTube may also set cookies on your device if you have consented to the use and storage of third-party cookies. We have no knowledge of the type and scope of the data collected by YouTube and have no influence on its use. By embedding the videos, YouTube can also receive the information that your browser has accessed the corresponding page on this website, even if you do not have a YouTube account or are not currently logged in to YouTube. Your data is processed on the basis of Article 6 (1) (f) GDPR, in order to enable you to use the aforementioned functions and to use certain content within the scope of our website. Furthermore, we also have a legitimate interest in using third-party content and services for the commercial operation and optimisation of our website.

Please refer to the privacy policy of YouTube under

· Privacy Policy from YouTube/Google: https://www.google.de/intl/de/policies/privacy/

If you do not want providers to associate your visit to this website with the user account you have with them, you should log out of the respective service before you visit our website. Even if you are not logged in to the provider, websites with active plug-ins can use cookies to send data to the provider, which allows the provider to create, for example, a pseudonymised user profile.

The videos from YouTube embedded on this website that are stored on http://www.youtube.com can be played directly from this website and are embedded in "extended data protection mode", which means that according to YouTube no data about you as a user is transmitted to YouTube if you do not play the videos.

You can prevent the storage of third-party cookies by making the appropriate settings in your browser or disabling them using browser add-ons such as "Adblock Plus" (https://adblockplus.org/de/) in combination with the "EasyPrivacy" list (https://easylist.to/ (see above Sec. 5); However, we would like to point out that this may limit your ability to use all of the features on this website.

9. Embedding services and content from third parties/Google Maps

We also use services from the following third-party providers on our website in order to integrate their content and services including maps (referred to hereinafter collectively "content"). Your data is processed on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) in the commercial operation and optimisation (in particular user-friendliness) of our website as well as safeguarding the security of our technical systems. The third-party providers of this content always receive knowledge of your IP address, since without it they would not be able to transfer the content to your device. This means that the IP address is needed to display the content. Third-party providers may also store cookies on your end device.

To display maps, we use the "Google Maps" service from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data to be processed may include IP addresses and location data specifically, which is not collected without your consent however (usually by making the appropriate device settings). Further information on the use of data by Google as well as on setting and opt-out options at Google can be found on the Google websites under the links below.

You can prevent the storage and use of cookies for the services listed by making the appropriate browser settings or using browser add-ons.

Further information on the use of data by Google as well as setting and opt-out options at Google can be found on the Google websites under the following links

· https://policies.google.com/technologies/partner-sites?hl=en-GB ("How Google uses information from sites or apps that use our services"),

· https://www.google.com/policies/technologies/ads ("Use of data for advertising purposes"),

· https://www.google.de/settings/ads ("Manage information that Google uses to show you advertisements").

10. Recipients of personal data

We will only disclose your personal data to external recipients if this is necessary for handling or processing your request, if we have your consent to do so or another legal permission exists.

External recipients can specifically include:

· Data processing companies: These are service providers that we use to provide services, for example in the areas of technical infrastructure and website maintenance. We carefully select and check data processing companies regularly to ensure that they preserve your privacy. These service providers may only use the data for the purposes we specify and in accordance with our instructions. We are authorised to use such processors in compliance with the legal requirements of Art. 28 GDPR.

· Public bodies: These are authorities, state institutions and other public legal bodies, e.g. supervisory authorities, courts, public prosecutors or tax authorities. Personal data is only transferred to such public bodies when compelling legal reasons exist to do so. The legal basis for such a transfer is formed by Art. 6 (1) (1) (c) GDPR.

· Non-public bodies: Service providers and auxiliary persons to whom data is transferred on the basis of a legal obligation or to protect legitimate interests, such as tax advisers and auditors. The transfer then takes place on the basis of Sec. 6 (1) (1) (c) and/or (f) GDPR.

11. Data processing in third countries

If we transfer your data to third countries outside the EU or EEA in accordance with the aforementioned statements, we will ensure that, apart from in legally permitted exceptional cases, the recipient either disposes of an adequate level of data protection or you consent to the data transfer. An appropriate level of data protection is guaranteed, for example, by EU-US Privacy Shield certification of the recipient, the conclusion of EU standard contractual clauses or the existence of binding corporate rules (BCR). Please contact us using the contact details under Sec. 14 to receive a copy of the specific guarantees for the transfer of your data to third countries.

12. Retention Period

We only store your personal data for as long as this is necessary for fulfilling the purposes or – in the case of consent – as long as you do not revoke your consent. In the case that you object, we will no longer process your personal data, unless its further processing is permitted under the relevant or even mandatory legal provisions (e.g. within the scope of retention obligations under commercial and tax law). We also delete your personal data if we are obliged to do so for legal reasons.

Please refer to the respective statements in the sections listed above for the remaining details concerning the storage period for your personal data.

13. Your Rights

You have numerous rights as the data subject affected by data processing. Your individual rights involve:

· Right to information (Art. 15 GDPR): You have the right to receive information about the personal data we store on you.

· Right to rectification and cancellation (Sec. 16 and Sec. 17 GDPR): You can request that we correct incorrect data and also delete your data insofar as the legal requirements are met for doing so.

· Right to restrict processing (Art. 18 GDPR): You can demand that we restrict the processing of your data provided that the legal requirements are met for doing so.

· Right to data portability (Art. 20 GDPR): If you have provided us with data on the basis of a contract or consent, you can, if the legal requirements are met, request that you receive the data you have provided in a structured and standard format or that we transfer it to another data controller.

· Right to object to data processing based on legitimate interests (Art. 21 GDPR): You have the right to object to use processing you data at any time for reasons arising from your particular situation, insofar as this is based on legitimate interests in terms of Art. 6 (1) (19 (f) GDPR. If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for continuing its processing that outweigh your rights.

· Opting out of cookies: You can also opt out of the use of cookies at any time. If you would like to opt out of the use of certain cookies, please take note of our statements under Sec. 5.

· Revoking your consent (Art. 7 GDPR): Insofar as you have granted us consent to process your data, you can revoke this at any time with effect for the future. The lawfulness of processing your data based on a previously granted consent remains unaffected until you revoke it.

· Right to appeal to a supervisory authority (Art. 77 DSGVO): You can also lodge a complaint with the relevant supervisory authority if you believe that processing your data violates applicable law. You can choose to contact the data protection authority responsible for where you are located, for your workplace location or the location when the suspected breach took place, or the data protection authority responsible for us. The supervisory authority responsible for data protection for us is the Baden-Württemberg State Commissioner for Data Protection (www.baden-wuerttemberg.datenschutz.de).

Our Data Protection Officer will be happy to assist you under the contact information detailed in Sec 14 if you have any questions regarding processing your personal data, your rights as a data subject and any consent that you may have granted. To exercise your rights as a data subject, please also contact our Data Protection Officer directly.

14. Our Data Protection Officer

We have appointed a Data Protection Officer. You can reach them as follows:

Michael Schöner

uma Schreibgeräte
Ullmann GmbH

Fritz-Ullmann-Weg 3

D-77716 Fischerbach

Phone: +49 (0)78 32 707-542

Fax: +49 (0)78 32 707-13

www.uma-pen.com

Email: datenschutz@uma-pen.com

15. Security

We undertake technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. These security measures are adapted in accordance with the current state of the art.

The personal data you transfer when you use our website its transmitted securely using encryption. We use the Transport Layer Security (TLS) encryption protocol - more widely known as Secure Sockets Layer (SSL) - for this purpose.

Our employees are obliged to maintain data secrecy.

16. Amendments

We need to amend the content of this Privacy Policy from time to time. We therefore reserve the right to do so at any time. If your consent is required to make an amendment, we will obtain it from you beforehand. We will also publish the amended version of the Privacy Policy here. You should therefore read our Privacy Policy again when you revisit our website.

Last updated: March 2020 (Version 1.1)