INFORMATION TO PERSONAL DATA
Art 13 General Data Protection Regulation (GDPR)
Data Controller
The website is published by EuroExpertise GmbH.
For further information, please refer to the Impressum.
Data Protection Officer
Please address any questions, suggestions, complaints or objections you may have regarding data protection to:
Data Protection Officer
EuroExpertise GmbH
Am Stift 4 – 6 | 44263 Dortmund
eMail: datenschutz@euroexpertise.eu
Legal Basis
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable laws.
If you have given us consent to process your personal data, the respective consent is the legal basis for the processing specified in that provision. You can revoke this consent at any time with effect for the future in accordance with Art. 21 GDPR. The revocation will only have effect for future processing.
We process your data to fulfil our contractual relationship with you. The purposes of data processing depend in detail on the specific product and the contractual documents.
We process your data to comply with a legal obligation to which we are subject as a controller.
We process your data to protect vital interests of the data subject or another natural person.
Additionally, processing may be performed on the basis of a balancing of interests in order to protect the legitimate interests of the controller or of third parties. Our interest in the individual processing results from the specific purposes and such as efficient task fulfillment, sales, avoidance of legal risks. As far as the specific purpose allows, we comply with the principle of data minimization and process your data in pseudonymized or anonymized manner.
GENERAL INFORMATION ABOUT DATA PROCESSING
Within the scope of our business relationship, you only have to provide the personal data that is required for the initiation, execution and termination of a business relationship or that we are legally obligated to collect.
Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to execute an existing contract and may have to terminate it.
Your data will only be transferred if permitted by a legal basis. Within our company, only those persons and departments (e.g. IT, Sales, HR, Marketing, Lecturer) will receive your personal data that require it to fulfill our contractual and legal obligations.
Furthermore, personal data may be transferred to recipients outside the company, insofar as this is necessary for the fulfillment of contractual and legal obligations as the responsible party, such as:
- Processors engaged by us (Art. 28 DSGVO) in particular for IT services and administration who process your data for us in accordance with instructions.
- Joint Controllers (Art. 26 DSGVO) as far as it is necessary for the fulfillment of the task.
- Public authorities and institutions (e.g. supervisory authorities, etc.).
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or other appropriate data protection safeguards (e.g. binding corporate data protection rules or EU standard contractual clauses (incl. transfer impact assessment)).
If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations resulting, among other things, from the German Commercial Code (HGB) or other legally prescribed periods.
DATA PROCESSING
– CONTACT FORM
We provide a contact form on our website that you can use to request information about our products or services or to contact us directly. We have marked the data that you are required to provide in order to respond to a request as mandatory fields. Information on other data fields are voluntary.
We need this information to process your request, to address you correctly and to send you a reply. In the case of specific inquiries, data processing is carried out to fulfill a contract or to initiate a contract. In the case of general inquiries, processing takes place on the basis of a balancing of interests.
Categories of personal data:
Mandatory fields:
– Email
– Message
Optinal:
– Company
– Company size
– Name
Origin of personal data:
Your personal data is collected directly from you.
Personal data is processed with your consent or on the basis of a legal permission.
Insofar as we obtain consent for processing operations of personal data, Art. 6 (1) a) EU General Data Protection Regulation (GDPR) is the legal basis for the processing. When processing personal data that is necessary for the fulfillment of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Independent of a possible revocation of your consent, we process and store your personal data as long as and insofar as it is necessary for the fulfillment of the specific purposes.
If your data is no longer required for the specified purposes, it will be deleted on a regular basis. This is done in consideration of existing legal retention periods as well as, among other things, obligations under the German Commercial Code (§ 89b HGB).
DATA PROCESSING
–Newsletter
–Newsletter
We use the submitted e-mail address exclusively for sending the newsletter.
Categories of personal data:
– e-mail address
Origin of personal data:
Your personal data is collected directly from you.
The provision of the e-mail address represents the legal basis on which we process the personal data (consent pursuant to Art. 6(1) lit (a) GDPR).
The data will be stored until cancellation, i.e. until you unsubscribe from the newsletter.
Revocation
The consent to send the newsletter can be revoked at any time. In each newsletter you will find a link to unsubscribe from the newsletter. The data provided will be deleted during this process.
DATA PROCESSING
– Shop
– Shop
We will use your personal data to accept and process orders, deliver products and services, handle payments, and communicate with you about orders, products, services, and promotional offers.
Categories of Personal Information:
– Master data (such as first name, last name, name affixes).
– Contact information (such as home address, email, phone number)
– payment information
– Bank details
Origin of personal data:
Your personal data is collected directly from you.
The order and the entry of the e-mail address constitute the legal basis on which we process the personal data (consent pursuant to Art. 6(1)(a) GDPR and performance of the contract pursuant to Art. 6(1)(b)) GDPR.
We will retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, such as for tax and accounting purposes.
DATA PROCESSING
– Applicants
– Applicants
Your data will be viewed by the Human Resources Department after we have received your application. Suitable applications are then forwarded internally to the supervisors of the departments affected. All employees involved in the application process are obliged to maintain the confidentiality of your personal data.
We collect and process your personal data only for the purpose of handling your application and for purposes arising from possible future employment with the data controller. There will be no transfer to third parties at any time.
Categories of personal data:
We collect the personal data provided by you on the include in particular but not limited to Master data (such as first name, last name, name affixes, nationality), Contact data (such as private address, e-mail, telephone number), Application documents such as certificates, curriculum vitae, cover letter, university degree, vocational training, submitted documents, etc., Copies of identity cards (as far as necessary for the fulfillment of the contract), This may also include special categories of personal data such as health data, Correspondence (e.g., correspondence with you).
Origin of personal data:
Your personal data is usually collected directly from you as part of the application/hiring process. In certain cases, your personal data may also be collected from other sources due to legal requirements. In addition, we may have received data from third parties (e.g. job placement agencies).
We process your personal data in compliance with the provisions of the GDPR, the BDSG and all other applicable laws.
Primarily, the data processing is used to establish the employment relationship. The primary legal basis for this is Art. 6 para. 1 lit a and b GDPR in conjunction with § 26 para. 1 BDSG.
Another legal basis is your consent pursuant to Section 51 BDSG, which you have impliedly given us by submitting your application.
In case we are unable to offer you any employment, we will store your applicant data for six months after completion of the application process for the purpose of answering any questions you may have in connection with your application. Exceptionally, the data will not be deleted if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage.
If your application documents are of longer-term interest to the the data controller, and there is only currently no suitable employment available at our company, we will request your consent to retain and store your data from the application for a period of up to two years. This will enable us to contact you in the event of future job offers, if necessary.
You can withdraw your application at any time and also revoke your consent to the processing and use of your personal data. If you wish to withdraw your consent, please contact our data protection officer using the contact details provided.
In this case, your application including the personal data contained will be deleted, and paper documents will be disposed of in accordance with data protection regulations, provided that there are no legal retention periods to the contrary. We are also prepared to return the application documents to you by mail, if you request this.
DATA PROCESSING
– Employees
– Employees
Within our company, only those persons and departments (e.g. specialized department, works council) receive your personal data that require them to fulfill our contractual and legal obligations.
In addition, in order to fulfill our contractual and legal obligations, we sometimes use various external service providers for processing as well as for support and maintenance purposes of our data processing systems and electronic communication systems. Contracts pursuant to Article 28 GDPR have been concluded with these.
In addition, we may transfer your personal data to other recipients outside the company, insofar as this is necessary for the fulfillment of contractual and legal obligations as an employer. These may be, for example:
- Authorities (e.g. pension insurance institutions, professional pension institutions, social insurance institutions, tax authorities, courts).
- Employee’s bank (SEPA payment institution)
- Health insurance funds
- Entities in order to be able to guarantee claims from the company pension scheme
- Entities in order to be able to pay out benefits affecting assets
- Third-party debtors in the case of wage and salary garnishments
- Insolvency administrators in the event of private insolvency
Categories of personal data:
The categories of personal data processed include, but are not limited to:
- Your master data (such as first name, last name, name affixes, nationality and personnel number),
- Contact data (such as private address, (mobile) phone number, e-mail address),
- log data generated during the use of the IT systems
Data from the application process (such as curriculum vitae, vocational training, university degree, certificates, testimonials, etc.) - Other data from the employment relationship (e.g. time recording data, vacation times, bank details, further training, educational leave, unpaid leave, employee interviews)
- Contractual arrangements (such as employment contract and any amendments, certificates, social data, social security number, pension insurance number, salary data as well as tax identification number, secondary activities (first aider, fire protection, safety officer, etc.), fringe benefits and allowances)
- Pay slips, income tax certificates, company pension plan, fringe benefits.
- Health-related data (e.g. periods of incapacity to work, risk assessment, pregnancy, company reintegration management)
- Copies of ID cards (as far as necessary for the fulfillment of the contract).
- Correspondence (e.g. correspondence with you).
Origin of personal data:
As a general rule, your personal data is collected directly from you as part of the hiring process or during the employment relationship. In certain cases, your personal data may also be collected from other sources due to legal requirements. This includes, in particular, event-related queries of tax-relevant information at the responsible tax office as well as information about periods of disability at the respective health insurance company. In addition, we may have received data from third parties (e.g. job placement agencies).
We process your personal data in compliance with the provisions of the GDPR, the Federal Data Protection Act (BDSG) and all other relevant laws (e.g. Works Council Constitution Act (BetrVG), Working Hours Act (ArbZG), etc.).
Primarily, the data processing serves the purpose of establishing, implementing and terminating the employment relationship. The primary legal basis for this is Art. 6 (1) b) GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG).
In addition, collective agreements (group, general and company agreements as well as collective bargaining agreements) pursuant to Art. 6 Para. 1 b) in conjunction with Art. 88 Para. 1 GDPR in conjunction with § 26 Para. 4 BDSG as well as, if applicable, your separate consents pursuant to Art. 6 Para. 1 a), Art. 7 GDPR in conjunction with § 26 Para. 2 BDSG (e.g. in the case of video recordings) may be used as a data protection permission provision.
We also process your data in order to be able to fulfill our legal obligations as an employer, in particular in the area of tax and social security law. This is done on the basis of Art. 6 (1) c) GDPR in conjunction with. § SECTION 26 BDSG.
Where necessary, we also process your data on the basis of Art. 6 (1) f GDPR in order to protect legitimate interests of us or of third parties. This applies in particular to the investigation of criminal offences (legal basis Section 26 (1) sentence 2 BDSG) or within the Group for the purposes of Group management, internal communication and other administrative purposes.
Insofar as special categories of personal data are processed pursuant to Art. 9 (1) GDPR, this will serve the exercise of rights or the fulfillment of legal obligations arising from labor law, social security law and social protection within the framework of the employment relationship (e.g. disclosure of health data to the health insurance fund, recording of severe disability due to additional leave and determination of the severely disabled person’s levy). This is done on the basis of Art. 9 (2) b) GDPR in conjunction with Section 26 (3) BDSG. In addition, the processing of health data for the assessment of your ability to work pursuant to Art. 9 para. 2 h GDPR in conjunction with. § 22 para. 1 b) BDSG may be necessary. In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 (2) a of the GDPR in conjunction with Section 26 (2) of the BDSG (e.g., occupational health management).
We process your personal data as long as this is necessary for the establishment, implementation or termination of the employment relationship.
In addition, we are subject to various storage and documentation obligations, which result, for example, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage or documentation are two to ten years.
Finally, the storage period also depends on the statutory periods of limitation, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
Rights of the data subject
The right of access provides the data subject with a complete access to the data concerning him/her and to some other important criteria, such as the purposes of processing or the duration of retention.
The right of rectification includes the possibility for the data subject to have incorrect personal data concerning him corrected.
The right to erasure includes the possibility for the data subject to have data deleted from the data controller. This is only possible, however, if the personal data concerning him or her are no longer necessary, are being processed unlawfully, or if consent has been withdrawn in this regard.
The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data concerning him or her for the time being. Restriction occurs mainly in the review phase of other rights exercise by the data subject.
The right to data portability includes the possibility for the data subject to receive personal data concerning him or her from the controller in a common, machine-readable format in order to have it forwarded to another controller, if necessary. According to Art. 20 (3) sentence 2 DSGVO, this right is not available if the data processing is used for the fulfilment of public tasks.
The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data to the extent that it is justified by the fulfilment of public tasks or public as well as private interests.
Data Protection Authority
In case of breaches of data protection law, you have the right to lodge a complaint (Art. 77 GDPR) with the competent supervisory authority.
The competent supervisory authority for data protection issues is the State Data Protection Commissioner of the federal state in which our company is based.
Contact details can be taken from the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
All other data protection authorities in the respective EU member states can be found at the following link:
http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm