Data protection information for employees
under Art. 13, 14 of the General Data Protection Regulation GDPRData protection is an important concern for us. We provide information below on how we process your data and what rights you have.
1. Who is responsible for data processing and who can you contact?Ernst Granzow GmbH & Co. KG
3. Processing purposes and legal basisYour personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. Our contractual documents, forms, declarations of consent and other information provided to you (e.g. on the website or in the terms and conditions) contain further details and supplements for processing purposes.
3.1Consent (Art. 6(1)(a) GDPR)If you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing indicated there.You can revoke your consent at any time with effect for the future.
3.2 Fulfilment of contractual obligations (Article 6(1)(b) GDPR)We process your personal data on the basis of our employment contracts with you. We need the data to maintain the employment relationship.
3.3 Fulfilment of legal obligations (Art. 6(1)(c) GDPR)We process your personal data if this is necessary to fulfil legal obligations. In addition, we process your data for identity verification, the fulfilment of tax monitoring and reporting obligations as well as the archiving of data for purposes of data protection and data security as well as for verification by tax and other authorities. In addition, the disclosure of personal data within the context of official/judicial measures may become necessary for the purposes of collecting evidence, bringing prosecutions or the enforcement of civil claims.
4. Categories of personal data processed by usThe following data is processed:
- Personal data (surname, first name, date and place of birth, nationality, marital status)
- Contact details (e.g. email address, address, telephone number)
- Complete application documents (e.g. CV, certificates, references)
- Social insurance data (such as date of birth, place of birth, name of birth, SI number, health insurance fund, DEUEV data, marital status, and so on)
- Payroll data (such as salary, wage, working time, sick leave, leave entitlement, bank data, and so on)
5. Who receives your data?We pass on your personal data within our company to those areas that require this data to fulfil contractual and legal obligations or to implement our legitimate interests. In addition, the following offices may receive your data:
- contract processors used by us (Art. 28 DS-GVO) especially in the area of IT services, logistics and printing services, external computer centres, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks and courier services.
- public authorities and institutions in the event of a legal or official obligation under which we are required to disclose, report or pass on data or the disclosure of data is in the public interest.
- bodies and institutions on the basis of our legitimate interest or the legitimate interest of the third party for the purposes stated in Section 3.5 (e.g. authorities, credit agencies, debt collection, lawyers, courts, experts, committees and supervisory bodies).
- other bodies for which you have given us your consent to the transmission of data.
6. Transfer of your data to a third country or an international organisationData processing outside the EU or the EEA does not take place and is not planned.
7. How long do we store your data?If necessary, we process your personal data for the duration of our employment relationship.
In addition, we are subject to various storage and documentation obligations arising, in particular, from the legal parameters. The retention and documentation periods specified there are up to ten years after the end of the employment relationship.
Ultimately, the storage period is also assessed under the statutory limitation periods, which, for example, under §§ 195 ff. of the Civil Code (BGB) can generally be three years, but in certain cases up to as many as thirty years.
8. To what extent is there automated decision making in individual cases (including profiling)?We do not use a purely automated decision-making procedure under Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.
9. Your privacy rightsYou have the right to information under Art. 15 GDPR, the right to correction under Art. 16 GDPR, the right to cancellation under Art. 17 GDPR, the right to limitation of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. In addition, you have a right of appeal to a data protection regulator (Art. 77 GDPR). In principle, you also have the right of objection to the processing of personal data in accordance with Article 21 GDPR. However, this right of objection only applies in the event of very special circumstances of your personal situation, whereby our company's rights may conflict with your right of objection.If you wish to assert any of these rights, please contact our data protection officer (firstname.lastname@example.org).
10. Scope of your obligations to provide us with your dataYou only need to provide those data which are required for the commencement and performance of an employment relationship with us or which we are legally required to collect. Without this information we will usually not be able to conclude an employment contract with you. If we request further data from you, you will be separately informed of the optional nature of the information.
11. Your right of appeal to the competent regulatorThey have a right of appeal to the data protection regulator (Art. 77 GDPR). The regulator responsible for us is: The State Commissioner for Data Protection and Freedom of Information
Königstrasse 10 a