General Data Protection Regulation
Our handling of your data and your rights
Information on the collection of personal data according to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
1. Who is responsible for the data protection, and whom can I contact?
We are the responsible controller:
- Steinbeis Papier GmbH, Stadtstraße 20, 25348 Glückstadt, Germany
- T: +49 4124 911
Our data protection officer:
- Mr Jörg Hagen, address as above
- Jhcon Datenschutzberatung, Königstraße 50a, 30175 Hanover, Germany
2. What sources and data do we use?
We process personal data which we have received from you within the scope of employment and over the course of the existing employment relationship. The following personal data are essentially processed:
- Basic employee data (e.g. name, address, email address, phone number)
- Payment data (e.g. salary, tax information such as tax bracket, information about social security and medical insurance)
- Information about your career path to date, your development during your employment and qualifications
- Planning data
- Access and time code data
- IT use and access data
- Company department
- Company contact data
- Company incident reports if necessary
- Information about physical limitations if necessary
- Health data in part within the scope of company integration management
- Application documents
- Information about qualifications and further trainings as well as performance assessments within the scope of human resource management
- Footage from the use of video surveillance systems
3. For what purpose do we process your data, and on what legal basis is this performed?
For the most part, your personal data are processed at Steinbeis Papier GmbH in our company for human resources administration in connection with your employment contract (Article 6, Paragraph 1, b) of the GDPR) and for the purposes of personnel administration, employment and management on the basis of Article 88 of the GDPR or Section 26 of the German Federal Data Protection Act (BDSG) and on agreements made with the company. This includes the processing of personal data to perform the application process.
To fulfil legal regulations such as the legally mandatory provision of data to the social security and pension insurance representatives, to guarantee occupational safety, to guarantee legal working hours, etc., your personal data is processed according to Article 6, Paragraph 1, c) of the GDPR.
Some personal data is processed, depending on the purpose of use within the required scope, for the handling of secure and proper business operations as part of our company and for the communication and processing of business relationships with our suppliers and customers in the legitimate interest of our company and in consideration of personal rights according to Article 6, Paragraph 1, f) of the GDPR.
To make our production processes demonstrably safe, to prevent property damage and theft and to allow these to be documented in the event of damage, we operate a labelled video surveillance system. This data collection is based on Article 6, Paragraph 1, f) of the GDPR.
Should your consent for the processing of your personal data according to Article 6, Paragraph 1, a) of the GDPR be necessary, your consent will be collected separately.
Our work agreements contain additional provisions on the secure handling of your personal data.
4. Who receives your data?
We do not share your data with unauthorized third parties without your knowledge. However, within the scope personnel management, proper business operations and for the communication and processing of business relationships with our suppliers and customers to the required extent, we or you share data with the following entities:
- Works council
- Public offices
- Social security representatives
- Occupational insurance associations
- Credit institutes (e.g. banks)
- Contractual partners as suppliers or for customer orders
- External contractors according to Article 28 of the GDPR
- Joint controllers according to Article 26 of the GDPR
5. Are your data transferred to a third country or international organisations?
The transfer of your data to a third country or international organisations is not planned.
6. How long do we store your data?
The personal data provided by you will be stored for the intended purposes listed under Clause 3 for as long as is needed for their fulfilment. The storage of your personal data is normally based on the regulations of the German Civil Code (BGB), the German Commercial Code (HGB) and the German Text Code (AO). These data will therefore be deleted after the legal retention periods expire. Insofar as data are not affected by these, they will be deleted when their intended purpose ceases to exist.
Application documents are deleted at the latest when the objection period as stated in the German General Equal Treatment Act has expired. Applications are only stored longer if you have agreed to this.
Video surveillance data are deleted after seven days.
7. What other data protection rights do you have?
- Right of access by the data subject to their stored personal data (Article 15 of the GDPR)
- Right to rectification if the data contains an error, is outdated or not correct in any other way (Article 16 of the GDPR)
- Right to erasure (right to be forgotten) if the storage is unlawful, the purpose of the processing has terminated and the storage is no longer required, or you have withdrawn your consent to process certain personal data (Article 17 of the GDPR)
- Right to restriction of processing if one of the circumstances listed under Article 18, Paragraph 1, a) to b) of the GDPR is provided
- Right to portability of the personal data made available and pertaining to you (Article 20 of the GDPR)
- The right to withdraw your consent at any time, whereby the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7, Paragraph 3 of the GDPR)
The right to lodge a complaint with the competent data protection supervisory authority exists at all times. To do so, please contact the data protection officer for the Federal State of Schleswig-Holstein, Holstenstraße 98, 24103 Kiel
8. What rights of objection do you have?
Other consent to processing which is based on a legitimate interest in the meaning of Article 6, Paragraph 1, f) of the GDPR can be withdrawn, stating the reasons for your withdrawal, according to Article 21 of the GDPR at any time for reasons arising out of a special situation for you.
If you provide legitimate grounds for objection, your personal data will basically no longer be processed for the respective purposes and deleted, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
For such issues, please contact Steinbeis Papier GmbH at the address provided above.
9. Is the provision of personal data legally or contractually required or mandatory?
Your data is absolutely necessary for the performance of the labour contract, for the fulfilment of legal requirements and for the performance of the employment relationship. Without your data, the employment relationship cannot be properly processed, which can lead to a cancellation of the work contract or non-performance of payment.
As of November 2020