Information on the collection of personal data according to the GDPR for workers

The EU data protection basic regulation obliges us to provide you with comprehensive information on the processing of your personal data in connection with your employment with the company. In accordance with this obligation, we inform you of the following:

I. Data Processor

II. processing frame

II.1 Categories of personal data processed

Within the framework of employee administration, we process the following data or categories of data:

General data:

II.2 Source of personal data

We collect your data in principle in direct contact with you. However, within the framework of employee administration, we also receive data from third parties. In these cases, we collect data from public authorities, as far as this is required by law.

II.3 Duration of data storage

The personal data collected by us will be stored in accordance with our deletion concept until the expiry of the statutory storage obligation and deleted thereafter, unless the obligation to store the data for a longer period of time exists under Article 6 Paragraph 1 S. 1 lit. c DSGVO due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to storage beyond this in accordance with Article 6 Paragraph 1 S. 1 lit. a DSGVO.

Subject to such storage obligations, data will be deleted when the purpose for which it was collected no longer applies.

II.4 Processing purposes

The purposes of processing your data are:

II.5 Legal basis for the processing

We only process your data if there is a legal basis for this. According to Art. 6 para. 1 DSGVO, this is the case if at least one of the following conditions is fulfilled

1. You have given us your consent to process your personal data for one or more specific purposes;
2. the processing is necessary for the performance of a contract to which you are party or for the implementation of pre-contractual measures taken at your request;
3. processing is necessary for the performance of a legal obligation to which we are subject;
4. the processing is necessary to protect your vital interests or those of another natural person
5. the processing is necessary to protect our legitimate interests, except where such interests are overridden by your interests or by fundamental rights and freedoms that require the protection of personal data. This must be taken into account in particular if you are not yet of age.

II.6 Legitimate interests within the meaning of Article 6 paragraph

For example, our legitimate interests – or those of a third party – may be

1. the existence of a legal relationship between us;
2. the prevention of fraud;
3. measures to ensure and improve the security of IT systems;
4. measures to protect our company from illegal activities and
5. internal administrative purposes, in particular the exchange of data within our group of companies

II.7 Legal or contractual obligation to provide the data

An obligation to provide data may arise

1. in the cases of No. 2.5 lit. b. result from a contract which you have concluded with us and for the fulfilment of which the data collection serves the purpose of data collection;
2. in the cases of no. 2.5 lit. c., from the legal regulations applicable to us or – pursuant to Art. 6 paras. 2 and 3 DSGVO – from Union law or the law of the member states of the European Union;
3. in the cases of No. 2.5 lit. d. and e., result from general assistance or contractual accessory obligations which are not specifically tailored to data collection, such as the provisions on failure to provide assistance in Article 323c of the German Criminal Code.

This may include in particular the following data or categories of data:

• School career
• Professional Qualification
• Work experience
• Additional trainings
• Additional services
• Donations
• Wages / Salary / Remuneration

II.8 Need to provide data for the conclusion of a contract

In particular, the data referred to in point II.7 above are mandatory for the conclusion of an employment contract or the establishment of any other employment relationship.

II.9 Other obligation to provide the data

The other data or types of data are collected by us within the scope of ensuring proper business operations. The obligation to provide this data results from the existing employment contract with you, possibly supplemented by corresponding service or work instructions.

With regard to some data, for example on industrial accidents, there are also legal obligations to provide the data.

II.10 Possible consequences of not providing the data

If there is an obligation to provide your data in accordance with section 2.7, this is a prerequisite for the conclusion or continuation of a working, service or other employment relationship.

If the obligation to provide data results from the employment contract between us or from a legal order, this can also be enforced in court. Under certain circumstances, a violation may even be punishable by law or subject to a fine. False statements can also result in consequences under labour law.

II.11 Existence of automated decision making (including profiling)

We do not use automated performance monitoring or evaluation systems.

III. onward transmission and international procurement

III.1 Recipients or categories of recipients of personal data

The data collected by us will also be passed on to third parties in compliance with the statutory provisions. These are in particular:

Other external service providers may include, for example, those in the areas of maintenance and servicing of IT systems or the company website or marketing. As a rule, these are contract processors within the meaning of Art. 4 No. 10 DSGVO, so that the processing of data by them does not constitute a transfer within the meaning of Art. 4 No. 2 DSGVO.

Some clients require us to name the employees we employ within the scope of a specific order. In these cases, we will in particular transmit the following data or categories of data:

• Name
• Contact details
• Professional Qualification
• Attendance data

III.2 Intention of the controller to transfer personal data to a third country or an international organisation

Such transmission is not intended.

III.3 Existence or absence of a Commission adequacy decision

Does not apply.

III.4 Reference to appropriate or adequate safeguards

Not applicable

IV. Your rights

IV.1 As a data subject, you have various rights under the basic data protection regulation.

These are:

• the right to information about the data we have stored about you (Art. 15 DSGVO)
• the right to correct incorrect data (Art. 16 DPA)
• the right to delete the data if there is no legal basis for further storage (Art. 17 DSGVO)
• the right to limit the processing of data to specific purposes (Art. 18 DPA)
• the right to data transferability (Art. 20 DSGVO) and
• the right to object to the processing of your data (Art. 21 DSGVO).

If the processing of your data is based on consent (see point 2.5 letter a), you have the right to revoke the consent you have given at any time. The lawfulness of the processing carried out on the basis of the consent granted until the revocation is not affected by the revocation.

In addition, pursuant to Art. 77 DSGVO, you have the right to appeal to a supervisory authority if you believe that the processing of data concerning you is in breach of data protection provisions. The supervisory authority responsible for us is:

The State Commissioner for Data Protection
and freedom of information Mecklenburg-Vorpommern
Schwerin Castle, Lennéstrasse 1,
19053 SchwerinTelephone: +49 385 59494 0
Fax: +49 385 59494 58
eMail: info@datenschutz-mv.de
web: www.datenschutz-mv.de; www.informationsfreiheit-mv.de
https://www.datenschutz-mv.de/kontakt/kontaktformular/

IV.1 Your right to contact our data protection officer

Finally, you have the right to contact our data protection officer at any time. He is obliged to maintain secrecy with regard to your enquiry as far as the processing of your data is concerned.

You can reach our data protection officer at the contact details given in section I.3.

Status: May 2018