Information on the collection of personal data according to the GDPR for workers
The EU data protection basic regulation obliges us to provide you with comprehensive information on the processing of your personal data in connection with your employment with the company. In accordance with this obligation, we inform you of the following:
I. Data Processor
Hotel Fischerwiege GmbH & Co. KG
Schifferberg 9a, 18347 Baltic resort Ahrenshoop
Phone: 038220 / 606-0
Fax: 038220 / 606-301
e-mail: info[at]hotel-fischerwiege.de
ECOVIS Grieger Mallison Lawyers PartG mbB
Attorney Axel Keller / Attorney Susann Harder
At Campus 1 – 11, 18182 Rostock-Bentwisch
Phone: 0381 – 649 210
E-mail: dsb-north[at]ecovis.com
web: www.ecovis.com/datenschutzberater
II. processing frame
II.1 Categories of personal data processed
Within the framework of employee administration, we process the following data or categories of data:
General data:
- Identification data (name data, name at birth and date and place of birth)
- Nationality
- Address data
- Contact details
- Bank details
- Insurance
- Pensions/pensions
- Professional activities
- Details about business trips / journeys
- Complaints / Incidents
- Marriage Partnerships
- Family / members of the household
- Home address
- Present job
- Image recording data
- wage and salary data
- Holiday dates
- User data
- Participation data (E-Learning)
- Personal tax identification data
- Accidents at work
- Use of media and communication tools
- School career
- Professional Qualification
- Work experience
- Recruitment / termination of employment
- Financing of training courses
- Professional development
- Attendance / Discipline
- Additional trainings
- Additional services
- Donations
- Work organisation
- Functional description
- Professional assessments
- Corporate Security
- Legal data
- Political affiliations
- Social security number
II.2 Source of personal data
We collect your data in principle in direct contact with you. However, within the framework of employee administration, we also receive data from third parties. In these cases, we collect data from public authorities, as far as this is required by law.
II.3 Duration of data storage
The personal data collected by us will be stored in accordance with our deletion concept until the expiry of the statutory storage obligation and deleted thereafter, unless the obligation to store the data for a longer period of time exists under Article 6 Paragraph 1 S. 1 lit. c DSGVO due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to storage beyond this in accordance with Article 6 Paragraph 1 S. 1 lit. a DSGVO.
Subject to such storage obligations, data will be deleted when the purpose for which it was collected no longer applies.
II.4 Processing purposes
The purposes of processing your data are:
- the settlement of wages and salaries including expense accounts
- the recording of working hours, holidays and absences, for example to manage a working time account and absence planning
- the personnel file management for the administration of the employees of our company the recording and proof of the implementation of training and other measures, in particular in the areas of occupational safety and health, fire protection, data protection, money laundering, hygiene and similar areas
- the verification of access and entry authorisation
- the organisation and management of company cars, including the documentation of driver’s logbooks and the administration of administrative, fines and criminal cases
- the presentation of our company and its employees for marketing purposes in print and electronic media
II.5 Legal basis for the processing
We only process your data if there is a legal basis for this. According to Art. 6 para. 1 DSGVO, this is the case if at least one of the following conditions is fulfilled
- You have given us your consent to process your personal data for one or more specific purposes;
- the processing is necessary for the performance of a contract to which you are party or for the implementation of pre-contractual measures taken at your request;
- processing is necessary for the performance of a legal obligation to which we are subject;
- the processing is necessary to protect your vital interests or those of another natural person
- the processing is necessary to protect our legitimate interests, except where such interests are overridden by your interests or by fundamental rights and freedoms that require the protection of personal data. This must be taken into account in particular if you are not yet of age.
II.6 Legitimate interests within the meaning of Article 6 paragraph
For example, our legitimate interests – or those of a third party – may be
- the existence of a legal relationship between us;
- the prevention of fraud;
- measures to ensure and improve the security of IT systems;
- measures to protect our company from illegal activities and
- internal administrative purposes, in particular the exchange of data within our group of companies
II.7 Legal or contractual obligation to provide the data
An obligation to provide data may arise
- in the cases of No. 2.5 lit. b. result from a contract which you have concluded with us and for the fulfilment of which the data collection serves the purpose of data collection;
- in the cases of no. 2.5 lit. c., from the legal regulations applicable to us or – pursuant to Art. 6 paras. 2 and 3 DSGVO – from Union law or the law of the member states of the European Union;
- in the cases of No. 2.5 lit. d. and e., result from general assistance or contractual accessory obligations which are not specifically tailored to data collection, such as the provisions on failure to provide assistance in Article 323c of the German Criminal Code.
This may include in particular the following data or categories of data:
- Identification data
- Address data
- Contact details
- Bank details
- Financial identification data
- Home address
- Holiday dates
- Social security number
- School career
- Professional Qualification
- Work experience
- Additional trainings
- Additional services
- Donations
- Wages / Salary / Remuneration
II.8 Need to provide data for the conclusion of a contract
In particular, the data referred to in point II.7 above are mandatory for the conclusion of an employment contract or the establishment of any other employment relationship.
II.9 Other obligation to provide the data
The other data or types of data are collected by us within the scope of ensuring proper business operations. The obligation to provide this data results from the existing employment contract with you, possibly supplemented by corresponding service or work instructions.
With regard to some data, for example on industrial accidents, there are also legal obligations to provide the data.
II.10 Possible consequences of not providing the data
If there is an obligation to provide your data in accordance with section 2.7, this is a prerequisite for the conclusion or continuation of a working, service or other employment relationship.
If the obligation to provide data results from the employment contract between us or from a legal order, this can also be enforced in court. Under certain circumstances, a violation may even be punishable by law or subject to a fine. False statements can also result in consequences under labour law.
II.11 Existence of automated decision making (including profiling)
We do not use automated performance monitoring or evaluation systems.
III. onward transmission and international procurement
III.1 Recipients or categories of recipients of personal data
The data collected by us will also be passed on to third parties in compliance with the statutory provisions. These are in particular:
Internal recipients:
- Management
- Head of Department
- Payroll Department
- IT Security
- Plant safety
- employment agency
External receiver:
- tax consultant
- Collection points, in particular health insurance companies
- Pension insurance
- Client
- Tax office
- other external service providers
Other external service providers may include, for example, those in the areas of maintenance and servicing of IT systems or the company website or marketing. As a rule, these are contract processors within the meaning of Art. 4 No. 10 DSGVO, so that the processing of data by them does not constitute a transfer within the meaning of Art. 4 No. 2 DSGVO.
Some clients require us to name the employees we employ within the scope of a specific order. In these cases, we will in particular transmit the following data or categories of data:
- Name
- Contact details
- Professional Qualification
- Attendance data
III.2 Intention of the controller to transfer personal data to a third country or an international organisation
Such transmission is not intended.
III.3 Existence or absence of a Commission adequacy decision
Does not apply.
III.4 Reference to appropriate or adequate safeguards
Not applicable
IV. Your rights
IV.1 As a data subject, you have various rights under the basic data protection regulation.
These are:
- the right to information about the data we have stored about you (Art. 15 DSGVO)
- the right to correct incorrect data (Art. 16 DPA)
- the right to delete the data if there is no legal basis for further storage (Art. 17 DSGVO)
- the right to limit the processing of data to specific purposes (Art. 18 DPA)
- the right to data transferability (Art. 20 DSGVO) and
- the right to object to the processing of your data (Art. 21 DSGVO).
If the processing of your data is based on consent (see point 2.5 letter a), you have the right to revoke the consent you have given at any time. The lawfulness of the processing carried out on the basis of the consent granted until the revocation is not affected by the revocation.
In addition, pursuant to Art. 77 DSGVO, you have the right to appeal to a supervisory authority if you believe that the processing of data concerning you is in breach of data protection provisions. The supervisory authority responsible for us is:
The State Commissioner for Data Protection
and freedom of information Mecklenburg-Vorpommern
Schwerin Castle, Lennéstrasse 1,
19053 SchwerinTelephone: +49 385 59494 0
Fax: +49 385 59494 58
eMail: info@datenschutz-mv.de
web: www.datenschutz-mv.de; www.informationsfreiheit-mv.de
https://www.datenschutz-mv.de/kontakt/kontaktformular/
IV.1 Your right to contact our data protection officer
Finally, you have the right to contact our data protection officer at any time. He is obliged to maintain secrecy with regard to your enquiry as far as the processing of your data is concerned.
You can reach our data protection officer at the contact details given in section I.3.
Status: May 2018