The objective of this policy is to set clear guidelines to the organization that comply to the new General Data Protection Regulation (GDPR; May 2018)
1. Privacy by design (policy statement):
UMS Group is a management consulting firm dealing with Energy & Utility companies as our main customers.
• By design we are only interested in information of client companies to evaluate the effectiveness and efficiency of their business performance as such we do not collect private and personal data of any kind, only business related information!
• We collect and store company contact details, e.g. address, to be able to inform our customers in general about business relevant items (e.g. new UMS employee or market trends ) and specifically to be able to send out documents (end reports etc.) for business purposes only.
• We collect, store and process market information from competitors and utility companies to follow, asses, learn about latest market developments to keep our knowledge up to date and relevant and to be able to develop new services for our clients.
• So by design we do not collect privacy sensitive personal data of individuals. Only exception on this rule is the privacy sensitive personal data of our employees that we must collect to be compliant to employments laws in Europe.
2. Information about the processing of personal data
Personal data means any information relating to you as identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The controller according to Article 4 (7) General Data Protection Regulation of the European Union (“GDPR”) of your personal data is UMS Group Europe, Amstel Business Park, Joop Geesinkweg 901 – 999, 1114 AB, Amsterdam, The Netherlands.
As UMS we do not collect and store any personal data of our clients we only keep record of business e-mail and business phone numbers of individuals all with the objective to establish business as usual communication. We do not want any privacy personal sensitive information of individuals.
Only privacy personal sensitive data of employees is collected and stored to comply with the Dutch employments laws.
3. Collection and use of your personal data on our website
When someone visits our website, we may collect the data that the browser transmits to our server. We collect the following data that is technically necessary to display the website and to ensure stability and security (legal basis is Art. 6 (1) 1 lit. f GDPR): IP-address, date and time of access, time zone difference to Greenwich Mean Time (GMT), content of access (specific site), access status/HTTP-status codes, volume of data transmitted, website from which the access takes place, browser, operating system and its surface and the language and the version of the browser software.
If someone registers with us or contact us by email, UMS will store the business related data sent to us (email-address, possibly name, telephone number and other contact information). UMS may ask to provide more information after registering to obtain additional services and information or to resolve complaints or concerns. The information that is provided to us may be used only for the following purposes:
- To provide information or services to you as requested by you.
- For internal review.
- To improve the content of the website.
- To customize the content and/or layout of the website for each individual user.
- To compile and disclose statistics about our users and their preferences. However, these statistics are anonymous and do not identify individual users.
UMS will never ask for privacy sensitive personal data. Only business relevant data to be able to explore and grow business relations.
UMS will not pass any of the business related data to any third party, without the consent of the sender. No promotional offers or advertising will appear on the UMS website, nor will your business related data ever be given, sold, or otherwise shared with third parties for advertising or marketing purposes.
4. Data Protection Officer
The biggest impact the new GDPR act has on UMS business operation is related to the obligation to report incidents related to personal privacy sensitive data. As such we have created a new process and appointed a data protection officer with responsibility to execute the process.