The protection of your personal data is of particular concern to us. We therefore process your personal data ("data" for short) exclusively on the basis of the statutory provisions. With this privacy policy, we wish to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Articles 13 and 14 of the European General Data Protection Regulation (EU GDPR).
1. who is responsible for data processing and who can you contact?
Responsible is
Gebauer & Griller
Kabelwerke Gesellschaft m.b.H.
Muthgasse 36
1190 Vienna, Austria
Tel: +43 1 360 20 -0
ggwien@gg-group.com
The company data protection officer is
Nico Becker
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
E-mail: anfragen@projekt29.de
Phone: 0941-2986930
2. which data is processed and from which sources does this data originate?
We process your personal data as
Personal data includes the following
• Master data (such as gender, first and last name, name affixes, date of birth, place and country of birth, nationality(ies), marital status, work permit and residence permit, if applicable)
• Business email addresses
• Contact details (private address, (mobile) telephone number, e-mail address)
• Where applicable, special categories of personal data within the meaning of Art. 9 GDPR (e.g. information on ethnic origin, religion and/or health)
• Tax identification number and tax class
• Social security data for proper accounting (including membership certificate/number of health insurance fund, pension insurance number, secondary employment)
• Information on special personal circumstances (e.g. health restrictions, relevant previous convictions and, if applicable, certificate of good conduct)
• Information on education (highest general school-leaving qualification, highest vocational training qualification)
• Information on the transfer of the remuneration (name of the financial institution, IBAN, BIC)
• Qualifications with corresponding references or certificates
• Application documents
• Salary data
• the log data generated when using the IT systems
• Time recording data
• Holiday periods
• Periods of incapacity for work
• Severe disability / equalisation
• Data from a BEM procedure
• Image data (photo or video) possibly in connection with master data, metadata (date, time, location of recording), etc.
3. for what purposes and on what legal basis is the data processed?
For the purpose of contract initiation and contractual relationship with you as a supplier or your organisational representatives or authorised representatives, your personal data will be processed based on the following legal bases:
- for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):
We process personal data of employees for the purpose of fulfilling contractual obligations and pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR.
If you work for us
as an employee, the processing of personal data is necessary in the context of the employment relationship in accordance with Art. 6 para. 1 lit. b GDPR. This includes the processing and transmission of data for wage, salary and payroll accounting and compliance with recording, information and reporting obligations, insofar as this is required by law, collective bargaining standards or contractual obligations, including automatically created and archived text documents (such as correspondence) in these matters.
- for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR):
The processing of your data is necessary for the purpose of fulfilling various legal obligations:
o regulatory requirements or due to the law
o tax and corporate law regulations (e.g. German Fiscal Code), the Financial Markets Money Laundering Act (FM-GwG)
o Sanctions checks (financial sanctions / embargoes - comparison against the so-called "terror lists" or "sanctions lists" to ensure that no funds or other economic resources are made available for terrorist purposes).
o the provision of information to authorities or courts
o Recording/reporting obligations, internal auditing measures, management of internal complaints/claims
o Administration and implementation of mandatory training courses
o Legal requirements in accordance with Article 32 GDPR (ensuring information security).
- to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR):
Furthermore, personal data may also be processed - after a corresponding balancing of interests - to protect our legitimate interests or the legitimate interests of third parties in accordance with Art. 6 para. 1 lit. f GDPR, including the assertion, exercise or defence of legal claims. This is necessary in particular for the following purposes
o Preparation of personnel-specific statistics
o reporting, conducting employee surveys and risk management within the company,
o business management,
o Further development of processes, services and products
o To prevent and investigate criminal offences, in particular to identify indications that may point to insurance abuse or fraud
o Training and information programme
o Ensuring IT security and IT operations, including
o Logging of connection data, electronic means of communication (telephone calls, e-mails, websites accessed).
• on the basis of your consent (Art. 6 para. 1 lit. a GDPR):
We also process personal data on the basis of existing consent in accordance with Art. 6 para. 1 lit a GDPR of the data subjects. In the context of employees, we may use your profile picture and other image and video material for internal and marketing purposes if you consent to this processing. You can withdraw your consent at any time. The revocation does not affect the legality of the processing carried out on the basis of your consent until the revocation.
4. processing of personal data for advertising purposes
You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.
Subject to the legal requirements of Section 7 (3) UWG, we are authorised to use the email address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, each e-mail always contains an unsubscribe link.
5 Who receives my data?
The confidentiality of your personal data is important to us. Your personal data will only be passed on if this is necessary to fulfil pre-contractual, contractual or legal obligations, to protect our overriding interest or that of a third party, or if we have your consent to do so.
If necessary, your personal data will be passed on to the following categories of recipients, but only to the extent necessary in each case:
• Processors (Art. 4 (8) GDPR) - e.g. IT service providers, personnel management, etc.
• Legal and other authorised representatives such as lawyers
• Tax consultant
• Auditor
• Banks, credit institutions
• Tax office
• Customers or other parties with whom we maintain business relationships (business mail only)
• Health insurance companies
• Pension funds
6 How long will my data be stored?
Your employer will delete personal data as soon as it is no longer required for the above-mentioned purposes. After termination of the employment relationship, the personal data that your employer is legally obliged to retain will continue to be stored. This regularly results from legal obligations to provide evidence and retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods are up to ten years. In addition, personal data may be stored for the period during which claims can be asserted against the employer (statutory limitation period of three or up to thirty years).
7. is personal data transferred to a third country?
The transfer of personal data to an EU third country is of course permitted. We have no plans to transfer data outside the EU or the EEA. Within the scope of the contractual relationship - in particular in the event of a claim and for the assertion, exercise and defence of any legal claims - it is necessary for us to transfer your personal data to recipients in third countries to the extent necessary. These are countries outside the EU or the EEA. In all other cases, data is transferred on the basis of an adequacy decision (Art. 45 GDPR), suitable guarantees (such as standard data protection clauses) within the meaning of Art. 46 GDPR or binding internal data protection regulations (Binding Corporate Rules of a group of companies). In any case, insurers may transfer personal data to recipients in third countries in individual cases in accordance with Art. 49 GDPR. This is done in particular for the fulfilment of the respective insurance contract (lit. b) or for the assertion or defence of legal claims (lit. e).
8 What data protection rights do I have?
You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to access:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.
Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.
Right to restriction of processing:
You can request that we restrict the processing of your data if
-you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
-The processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,
-we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
-you have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that
-we process this data on the basis of a consent given and revocable by you or for the fulfilment of a contract between us, and
-this processing is carried out using automated procedures.
If technically feasible, you can request that we transfer your data directly to another controller.
Right of objection:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.
Right of appeal:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. am I obliged to provide data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.