Data privacy statement

Data privacy statement for applicants and employees

Status 07/2023

 

The purpose of the following information is to explain why and how we handle your data:


1. Entity responsible for data processing

Technoform Insulation Solutions Tooling GmbH 
Otto-Hahn-Straße 14 
34123 Kassel

T +49 561 207538-0 
E privacy [dot] oisde2 [at] technoform [dot] com

If you have any questions regarding data protection, please feel free to contact us at any time using the above contact details.


2. Purpose and legal basis of data processing

We process your data in compliance with the EU General Data Protection Regulation 2016/679 (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)) and all other applicable legislation on data privacy.

2.1. Employment relationship

We store the information about our applicants and our staff that we require to manage human resources and carry out payroll accounting, i.e.:

  • master- and contact data
  • health data
  • wage data
  • social security data
  • personal circumstances
  • application data
  • contract data
  • working time data
  • training data
  • travel data

Your data is processed in compliance with Article 26 (1) (b) in combination with Article 88 of GDPR. We need access to the data required to administer employment relationship. In this case, data processing is carried out as defined by Article 6 (1) (c) of GDPR.

Furthermore, data processing may be necessary to ensure occupational safety, prevent breaches of obligations under employment contracts or implement company integration management. If you take advantage of a pension scheme offered by our company, data will also be processed for this purpose.

As a rule, employee data is stored for the duration of their contracts. Special regulations may apply to individual areas. We must take into account any statutory retention requirements that may exist.

Applicants' data is deleted six months after completion of the application process. In exceptional cases, we may store their data longer if applicants agree to this or if statutory retention periods make it necessary.

Unless there is a legal obligation to retain data, personal data can be deleted if further processing is no longer necessary for implementing or terminating employment contracts.

2.2. IT security

As part of our security procedures, we maintain various logs in our IT systems. These are used for troubleshooting, when necessary, and provide evidence of data collection, changes, and deletions. For this purpose, we log the following data:

  • device data
  • access data
  • user data

The legal basis for this is, on the one hand, the legitimate interests we may pursue to ensure operational security for our IT systems under Article 6 (1) (f) of the EU General Data Protection Regulation (GDPR) and, on the other hand, legal obligations in line with Article 6 (1) (c) of GDPR to ensure the integrity, confidentiality, and availability of data (accountability).

Log data for IT security is usually deleted within six months at the latest. Log data kept for accountability purposes is deleted as required by applicable laws. In justified cases of suspicion, data may also be retained until the facts of the matter have been clarified.

 

3. Recipients of personal data

We only disclose your data to third parties if necessary to fulfill the purpose. Furthermore, data may be passed on to public authorities and social security institutions following statutory provisions under Article 6 (1) (c) of GDPR. Likewise, data may be transmitted to insurer, third-party debtor, insolvency administrator, other companies of the technoform Group, customers, and other business partners to the extent necessary for operational purposes.

To handle our accounting, payroll accounting, to produce balance sheets, and other tax-related documents, we forward data to our external tax advisors to the extent that this is required for operational purposes. Under Art. 28 of GDPR, we may appoint processors who receive data from us or can access your data to complete their tasks.

In this context, data may be transferred outside the EU. In this case, we ensure that there is either an EU adequacy decision according to Art. 45 GDPR fo the destination country concerned or that we have a contract with the service providers in question based on standard data protection clauses. To know more on the subject, please go to:
https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en

 

4. Your rights

You have the following rights with respect to us with regard to your personal data:

 

5. Data Protection Supervisor

The external Data Protection Officer we have appointed is:

Stefan Pietsch

Available at:

Pietsch IT GmbH
Wilhelmshöher Strasse 1
34590 Wabern, Germany

T +49 5683-923440
E datenschutz [at] pietsch-it [dot] de
W www.pietsch-it.de

 

6. Updates and changes

This data privacy statement is currently valid (see status in the heading). Changes to the present document ma become nessessary due to further developments in our service or changes to the legal or regulatory requirements.