Skip to main content

Data privacy statement

General Privacy of OMS Group e.V.

  1. Name and Contact Information of the Data Controller

The data controller within the meaning of Article 4 No. 7 of the European General Data Protection Regulation (GDPR) is:

OMS-Group e. V.
c/o figawa Service GmbH
Mevissenstr. 1, 50668 Cologne
Germany
Phone: +49 221 27079922
Email: office@oms-group.org

OMS-Group e.V. is not required to appoint a data protection officer.

The contact person for data protection inquiries at OMS-Group e.V. is Ms. Mommertz-Alderath, who can be reached at the above address or email.

  1. Derfinitions

To aid in understanding our privacy policy, we provide explanations of the terms used from the GDPR.

  • Personal Data (Article 4 No. 1 GDPR)

Personal data includes all information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or specific characteristics that reflect physical, physiological, genetic, mental, economic, cultural, or social identity.

  • Data Subject (Article 4 No. 1 GDPR)

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

  • Processing (Article 4 No. 2 GDPR)

Processing means any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, restriction, erasure, or destruction..

  • Restriction of Processing (Article 4 No. 3 GDPR)

Restriction of processing is marking stored personal data to limit its future processing.

  • Profiling (Article 4 No. 4 GDPR)

Profiling involves any automated processing of personal data intended to evaluate certain personal aspects of a natural person, particularly to analyze or predict aspects concerning performance, economic status, health, personal preferences, interests, reliability, behavior, location, or movement.

  • Pseudonymization (Article 4 No. 5 GDPR)

Pseudonymization is processing personal data such that it can no longer be attributed to a specific data subject without additional information, provided that such additional information is stored separately and subject to technical and organizational measures to ensure the data is not associated with an identified or identifiable natural person.

  • Controller (Article 4 No. 7 GDPR)

The controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union law or the law of Member States, the controller or specific criteria for its designation may be provided for by Union law or by the law of the Member States.

  • Processor (Article 4 No. 9 GDPR)

A recipient is a natural or legal person, authority, agency, or other body to whom personal data is disclosed, regardless of whether it is a third party.

  • Recipient (Article 4 No. 9 GDPR)

A recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, regardless of whether they are considered a third party. However, public authorities that may receive personal data in the context of a specific investigative mandate under Union law or the law of Member States are not considered recipients.

  • Third Party (Article 4 No. 10 GDPR)

A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data.

  • Consent (Article 4 No. 11 GDPR)

Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, through a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

  1. Processing of Personal Data by OMS Group e.V
  • When Visiting the Website

When accessing our website https://oms-group.org, information is automatically sent from the browser on your device to our website’s server. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of acceess,
  • Name and URL of the accessed file,
  • Website from which access occurs (referrer URL),
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

The collected data are processed by us for the following purposes:

  • ensuring a smooth connection to the website,
  • ensuring convenient use of our website,
  • evaluating system security and stability,
  • additional administrative purposes.

The legal basis for data processing is Article 6(1) sentence 1 lit. f GDPR. Our legitimate interest arises from the purposes listed above for data collection. Under no circumstances do we use the collected data to draw conclusions about your identity.

  • When Using Our Contact Form

For questions or concerns of any kind, we offer you the option to contact us through a form provided on our website. A valid email address is required so that we know who the inquiry is from and can respond to it. Additional information can be provided voluntarily. Required fields are marked with an asterisk.

The processing of the data you provide to us for the purpose of contacting us is based on Article 6(1) sentence 1 lit. a GDPR, with your consent expressed by completing the form. Alternatively, it is based on Article 6(1) sentence 1 lit. b GDPR if your inquiry is related to the performance of an existing contract or the initiation of a new contract with us.

The personal data collected for the use of the contact form will be automatically deleted after your inquiry has been addressed, unless we are legally required to retain it.

We protect our contact form from spam and bot attacks using the hCaptcha service provided by Intuition Machines, Inc. (“IMI”), based in the USA. To verify that user actions on our website (such as submitting a registration or contact form) meet our security requirements, hCaptcha analyzes visitor behavior on our website based on various characteristics. This analysis starts automatically when visiting the contact page on our website with hCaptcha enabled. hCaptcha evaluates various data for the analysis (e.g., IP address, duration of visit, or mouse movements). The data collected during this analysis is transferred to IMI. Obtaining consent under § 25 TTDSG is not required, as hCaptcha only processes data from visitors using our contact form, and using this service is necessary to protect the site. The legal basis for integrating hCaptcha under GDPR is our legitimate interest in protecting our website from spam and bot attacks, as per Article 6(1) lit. f GDPR, which also serves the interests of our users. The transfer of user data to IMI, based in the USA, is based on the European Standard Contractual Clauses. According to IMI, it complies with the EU-U.S. Data Privacy Framework, for which an adequacy decision by the European Union exists. More information is available at https://www.hcaptcha.com/privacy.

  • Bei When Contacting Us via Telephone

If you contact us by telephone, you will speak with our employees or with employees of figawa Service GmbH, whom we have engaged. They will either arrange a meeting with you, forward your call to us, or record your contact information and details of your inquiry so we can return your call.

Employees of figawa Service GmbH, as well as our own, are contractually obligated to maintain the confidentiality of all data obtained in this manner and to delete it once it is no longer necessary for the administrative process described.

The legal basis for this is Article 6(1) sentence 1 lit. b GDPR if your inquiry is related to the performance of an existing contract or the initiation of a new contract with us, or Article 6(1) sentence 1 lit. f GDPR, as we generally have a legitimate interest in establishing contact options through us and third parties we engage.

  • When Subscribing to Our Newsletter

If you have expressly consented in accordance with Article 6(1) sentence 1 lit. a GDPR, we will use your email address to regularly send you our newsletter, keeping our members, customers, and business partners informed of news from OMS Group e.V.

We use the newsletter tool Brevo by Sendinblue GmbH to manage newsletter distribution. The transfer of your personal data to Sendinblue GmbH for this purpose is based on a data processing agreement in accordance with Article 28(3) GDPR, the contents of which can be viewed in the Brevo data processing agreement.

If you enter your email address into the Brevo signup form embedded on our website under the “News” category using an HTML snippet, you must give your consent by checking the box provided, in accordance with Article 6(1) sentence 1 lit. a GDPR. This consent includes agreeing to the Brevo Terms of Use and Privacy Policy, which provide further information on the purposes for which your personal data is processed when visiting Brevo’s website.

For newsletter subscription through the Brevo signup form, providing your email address and any other required fields marked with an asterisk is sufficient. During the registration process, a confirmation email is sent to the email address provided for newsletter delivery (known as the double opt-in procedure). This confirmation email is used to verify that the email address owner has authorized the receipt of the newsletter.

Unsubscribing from our newsletter is possible at any time by sending an email to office@oms-group.org or via the unsubscribe link provided at the end of each newsletter email.

  • When Registering on Our Website

You have the option to register on our website to access content and services that we offer exclusively to registered users. The specific personal data transmitted to us during registration are indicated in the input form. Required fields are marked with an asterisk. The personal data you provide in the input form are processed solely to provide the aforementioned content and services. Data will only be shared to the extent necessary to provide the service, such as sharing your address with a shipping provider for product delivery, or if there is a legal obligation to share it.

The legal basis is Article 6(1) sentence 1 lit. b GDPR, if the registration is for initiating a contract with us, or your explicit consent in accordance with Article 6(1) lit. a GDPR.

Additionally, we store the following data during registration:

  • the IP address assigned by your Internet Service Provider (ISP) to the computer system used at the time of registration,
  • date and time of registration,
  • browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

Processing this data is necessary to trace any potential misuse of an email address at a later date and serves as a safeguard for our legal interests. The legal basis for this is our legitimate interest in accordance with Article 6(1) lit. f GDPR.

  1. Transfer of Data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  • You have given your explicit consent according to Article 6(1) sentence 1 lit. a GDPR,
  • the transfer is necessary for the establishment, exercise, or defense of legal claims according to Article 6(1) sentence 1 lit. f GDPR, and there is no reason to assume you have an overriding legitimate interest in not having your data shared,
  • there is a legal obligation to disclose according to Article 6(1) sentence 1 lit. c GDPR, or
  • it is legally permissible and necessary for processing contractual relationships with you according to Article 6(1) sentence 1 lit. b GDPR.
  1. Cookies and Other Trackers

We do not use cookies or other trackers on our website. If you use our newsletter signup form, you will be redirected to a page hosted by Brevo. Information about which cookies and trackers Brevo uses on its website can be found in Section 6 of Brevo´s Privacy Policy, which references the Brevo Cookie Policy.

  1. Rights of Data Subjects

You have the right to:

  • request information in accordance with Article 15 GDPR regarding the personal data we process about you. Specifically, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of rights to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • request the rectification of inaccurate or incomplete personal data stored by us without delay, in accordance with Article 16 GDPR;
  • request the erasure of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • request the restriction of processing of your personal data in accordance with Article 18 GDPR if the accuracy of the data is contested by you, the processing is unlawful but you oppose its erasure, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or if you have objected to processing in accordance with Article 21 GDPR;
  • receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or request the transfer of this data to another controller, in accordance with Article 20 GDPR;
  • withdraw your consent at any time, as per Article 7(3) GDPR. This withdrawal means that we will no longer continue data processing based on that consent in the future; and
  • lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. You may typically contact the supervisory authority of your usual place of residence, workplace, or our association’s headquarters.
  1. Right to Object and Withdraw Consent

If your personal data is processed based on legitimate interests according to Article 6(1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided there are reasons relating to your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without the need for a specific situation.

To exercise your right to object under Article 21 GDPR or to withdraw consent under Article 7(3) GDPR, simply send an email to office@oms-group.org.

  1. Data Security

We use the widespread SSL (Secure Socket Layer) protocol during website visits, combined with the highest encryption level supported by your browser, usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can identify whether a page on our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

Additionally, we employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological advancements.

  1. Validity and Changes to This Privacy Policy

This privacy policy is currently valid as of October 2024. Due to the further development of our website and offerings or because of changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The latest version of the privacy policy can be accessed and printed at any time on our website at https://oms-group.org/footer/datenschutz.

The Standard for Remote Reading of Smart Meters

The Open Metering System is based on M-Bus. It is the only system definition across Europe which integrates all media (electricity, gas, heat and water incl. submetering) into one system. The OMS-Group e. V. is a nonprofit organization and interest group of meter manufacturers, utilities, meter operators, electronics manufacturers, communication firms, and IT companies.

© Open Metering System Group. All rights reserved. Webdesign 01 Werk.