Privacy Notice

Privacy Policy

Umfotec Acoustic Solutions GmbH processes your personal data in accordance with applicable data protection laws, in particular the General Data Protection Regulation (“GDPR”), as described in this Privacy Policy.

1) Controller

Controller for the website (www.umfotec.com) is:

Umfotec Acoustic Solutions GmbH

Speckweg 2

37154 Northeim

Germany

Phone: +49 (0)5551 9868-0

E-mail: info@umfotec.de

(hereinafter “UMFOTEC”, or “we”).

2)  Data Protection Officer of UMFOTEC

You can reach our data protection officer at Dr. Hufenbach & Partner GmbH & Co. KG, Düstere-Eichen-Weg 50, 37073 Göttingen;

Phone: +49 551-383310; E-mail: dsb@hufenbach.de

3) Processing operations:

3.1) Processing for prior to entering into or for the performance of a contract between you and UMFOTEC

In the context of contractual relationships and pre-contractual measures, we process your personal data as follows.

3.1.1) Categories of personal data

Relevant personal data that we process are:

- Master data (name, address and other contact details)

- Communication data (e.g. telephone number, e-mail address)

- Contract master data (contractual relationship, product or contract interest)

- Contractual billing and payment data

- Information provided by third parties, e.g. credit agencies, or from public directories

3.1.2) Purposes and legal basis of the processing

We process your personal data mentioned under 3.1.1) for processing an inquiry or performance of a contract (provision of deliveries and services).

The processing of your personal data is therefore based on Art. 6(1)(b) of the GDPR (performance of a contract or prior to entering into a contract).

3.1.3) Sources

We only process personal data that we receive directly from you or from another person (e.g. a colleague) in the course of your inquiry or a contractual relationship. In case of processing personal data from a third source, we will name the source accordingly in individual cases.

In addition, where this is necessary, we will process personal data that we receive lawfully from other third parties (e.g. from courts, authorities, offices, or insurance companies).

3.1.4) Recipients of personal data

We transfer your personal data to contractual partners within the scope of our contractual relationship towards you as well as to service providers we use as processors in connection with the provision of our own services to you. Generally, we do not intend to transfer personal data to a third country, but we may do so in individual cases in order to perform our contract (Art. 49 para. 1 lit. b GDPR).

3.1.5) Retention periods

The data will be stored at least for the duration of the relevant business relationship (e.g. to answer your inquiry / for the duration of the contractual relationship). In most cases we are bound by statutory retention periods (such as six years with regard to commercial letters according to Sec. 257(1)(2) of the German Commercial Code (Handelsgesetzbuch), Sec. 147(3)(1)(4a) para. 3 p.1 no. 4a of the German Fiscal Code (Abgabenordnung)). After an applicable maximum storage period has expired, your personal data will be deleted unless there is another important reason for further storage.

3.2) Processing of personal data when visiting our website

3.2.1) Categories of personal data

When you visit our website, personal data is collected which your browser transmits to our servers (server log files). These are the following personal data:

- IP address,

- date and time of the request,

- host name of the accessing computer,

- Referrer URL,

- browser type and version,

- your operating system.

Information about cookies and cookie-settings can be found [here].

3.2.2) Purposes and legal basis of the processing

This personal data is collected so that we can display the website to you, to ensure its stability and security and to make the website more user-friendly and effective.

This processing is based on Art. 6(1)(f) of the GDPR (legitimate interest – ensuring the stability and security of our website).

3.2.3) Retention periods

We regularly delete personal data regarding the use of our website after 30 days (eventually other periods may apply for cookies, see above).

3.3) Contact form

You can contact us through our website, e.g. by using our contact form. Both customers and non-customers can contact us and may refer to already existing contractual relationships, as well as to our products and manufacturing processes in general or otherwise. In this context, we collect the personal data requested for the purposes as described above under point 3.1).

4) Rights of data subjects

You have the right request access to personal data concerning you that we process and the right to rectification, erasure of personal data and restriction of such processing. You also have the right to object to processing as well as the right to data portability.

Where you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or when we process that personal data for the establishment, exercise or defence of legal claims. Where you object to the processing of your personal data for direct marketing purposes, we may no longer process your personal data for these purposes without restriction.

The objection must be sent in writing or by e-mail to datenschutzrechte@umfotec.de.

4.1) Withdrawal of consent

Where you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. You have the right to withdraw your granted consent at any time. However, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

4.2) Right of complaint

You have the right to lodge a complaint with a supervisory authority. Our competent supervisory authority is the “Landesbeauftragter für den Datenschutz Niedersachsen” in Prinzenstraße 5, 30159 Hannover, telephone: +49 511 120-4500. Alternatively, you can also contact your competent supervisory authority at your place of residence or workplace.

4.3) Reasons for the collection and provision of data

Within the scope of our business relationship, you only need to provide us with the personal data that is necessary for the performance of this legal transaction. When the necessary personal data is not made available, a business relationship with us is not possible or only possible to a limited extent. The same applies to the processing of your inquiries and communication via our contact form.

4.4) Miscellaneous

We do not apply automated decision-making. Likewise, we do not process your personal data in order to assess and evaluate certain personal aspects (profiling).

5) Online-based Audio and Video Conferences (Conference tools)

Data processing

We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.
Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6 para. 1 lit. f GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.
Duration of storage

Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.
Conference tools used

We employ the following conference tools:

Webex

We use Webex. The provider of this service is the Webex Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany.

It cannot be ruled out that data processed via Webex will be transferred to third-party countries (e.g. USA). Webex has Binding Corporate Rules (BCR) which have been approved by the Dutch, Polish, Spanish, and other relevant European Data Protection Authorities. These are binding corporate rules that legitimize the transfer of data within the company to third countries outside the EU and EEA:

https://www.cisco.com/c/de_de/about/trust-center/data-protection-and-privacy-policy.html

For details on data processing, please refer to Webex’s privacy policy: https://www.cisco.com/c/de_de/about/legal/privacy-full.html.

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement.

6) Plug-ins and Tools

YouTube
This website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit a page on this website into which a YouTube has been embedded, a connection with YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited.
Furthermore, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest. If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google web fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6 Sect. 1 lit. f GDPR. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6 Sect. 1 lit. a GDPR. This declaration of consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission.

Details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/

https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Date: October 2021