Obligations to provide information pursuant to Art. 13 of the GDPR
The protection of your personal data is of utmost concern to us. We therefore process your personal data (“data” for short) exclusively on the basis of statutory provisions. This data protection statement is intended to provide you with comprehensive information about the processing of your data in our company and the claims and rights available to you within the meaning of Art. 13 of the European General Data Protection Regulation (EU GDPR).
1. Who is data controller and whom can you contact?
Name and address of data controller
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable within EU member states and other statutory provisions concerning data protection is the legal entity you apply or applied at.
Applicants of SSI Schäfer Automation GmbH (Germany) or SSI Schäfer IT Solutions GmbH (Germany) can contact the responsible Data Protection Officer at firstname.lastname@example.org.
Applicants of all other German entities of the SSI Schaefer group can contact the responsible Data Protection Officer at email@example.com
2. What data is processed and which sources does this data come from?
We process data that we receive from you in the course of initiating or executing a contract based on consent or within the context of your application or employment with us.
Personal data includes:
For applicants and employees, this includes, for example, first and last name, address, contact information (e-mail address, phone number, fax), date of birth, information from CV and employers’ references, bank details, religious affiliation and image recording.
In addition to this, we also process the following other personal data:
- Information about the nature and content of contract data,
- Information from your electronic correspondence with us (e.g. IP address, login details),
- other data that we received from you as part of the application procedure (e.g. in interviews),
- documentation of your declaration of consent to keep records of your application.
3. For what purposes and on what legal basis is data processed?
We process your data in compliance with the provisions of the General Data Protection Regulation (GDPR) and the national regulations governing data protection in their current respective form:
• to fulfill (pre-)contractual obligations (Art. 6 (1) b GDPR):
Your data will be processed online for contract execution or at one of our sites to execute the contract for your employment with our company. Data will be processed in particular upon initiation of business and implementation of the contracts with you.
• to fulfill legal obligations (Art. 6 (1) c GDPR):
Processing of your data is required for the purposes of fulfilling various legal obligations.
• for the protection of legitimate interests (Art. 6 (1) f GDPR):
Based on a balancing of interests, data may be processed beyond what is needed for actual fulfillment of the contract in order to protect our or third parties’ legitimate interests. For example, data is processed for the protection of legitimate interests in the following cases:
- in the context of prosecution
• if you have given consent (Art. 6 (1) a GDPR):
If you have given us consent to the processing of your data, such as to keep records of your application.
4. Processing of personal data for marketing purposes
You may object to the use of your personal data for marketing purposes at any time, overall or for individual measures, without incurring any costs other than the transmission costs at the basic rates.
Based on our legitimate interest (Art. 6 (1) f of the GDPR), we may use your e-mail address (which you provide to us when concluding the contract) for direct marketing of our own similar goods or services. You will receive these product recommendations regardless of whether you have subscribed to a newsletter.
If you do not want to receive any of these recommendations through e-mails from us, you can object to the use of your e-mail address for this purpose at any time without incurring costs other than the transmission costs at basic rates. Written communication is sufficient to do this. Each e-mail will also naturally include a link to unsubscribe.
5. Who receives my data?
If we use a service provider in the sense of a processor, we will still remain responsible for protecting your data. All processors will be bound by contract to treat your data confidentially and only process it within the context of rendering service. The processors we commission will receive your data where necessary to render the respective service. This includes, for example, IT service providers whom we need to operate and secure our IT systems, as well as commercial publishers and list brokers for in-house marketing campaigns.
Your data will be processed in our applicant database. The applicant database helps increase the quality of the existing applicant data (removes duplicates, marks applicants who have moved or are deceased, corrects addresses) and enhances it with data from public sources.
This data will be made available to the group companies where necessary for contract execution. Applicant data will be stored based on the company and separately, with our parent company acting as a service provider for the individual participating companies.
Authorities and courts in addition to external auditors may also receive your data if there is a statutory requirement or in the context of prosecution.
Furthermore, insurance companies, banks, credit agencies and service providers may receive your data for the purposes of initiating and implementing contracts.
6. How long is my data stored for?
We process your data until the end of the business relationship or until the statutory retention period expires - and until all legal disputes in which the data is needed as evidence are finalised.
7. Will personal data be transmitted to third countries?
We generally do not transmit any data to third countries. In isolated cases, data will be transmitted solely based on an adequacy decision of the European Commission, standard contract clauses, appropriate guarantees or your express consent.
8. What data protection rights do I have?
You have the right of access, rectification, erasure or restriction of processing of your stored data, the right to object to processing and data portability and the right to lodge a complaint pursuant to the requirements of the Data Protection Regulation.
Right of access:
You may obtain information from us about whether and to what extent we process your data.
Right of rectification:
If we process your data and it is incomplete or inaccurate, you may request that we rectify or complete it at any time.
Right of erasure:
You may request that we erase your data if it is being processed unlawfully or if processing disproportionately encroaches on your legitimate interest in protection. Please note that there may be reasons that bar immediate erasure, such as in the case of legal retention obligations.
Whether you exercise your right to erasure or not, we will erase your data promptly and completely as soon as there is no transactional or legal retention obligation barring this.
Right of restriction of processing
You may request the restriction of processing of your data if
- you contest the accuracy of the data, and for a period that enables us to verify the accuracy of the data.
- data is being processed unlawfully, but you oppose the erasure of the data and request the restriction of its use instead,
- we no longer need the data for the purposes of processing intended, but you require it for the establishment, exercise or defence of legal claims, or
- you have objected to processing of the data.
Right to data portability:
You may request that we give you your data that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us, where:
- we process this data based on revocable consent that you have granted us or to fulfill a contract concluded between us, and
- processing is carried out by automated means.
Where technically feasible, you may have your data transmitted directly from us to another controller.
Right to object:
Where we process your data based on legitimate interests, you may object to this data processing at any time; this also applies to profiling based on these provisions. We will no longer process your data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or for the establishment, exercise and defence of legal claims. You can object the processing of your data for direct marketing purposes at any time without stating reasons.
Right to lodge a complaint:
If you believe that we are in violation of national data protection regulations or European data protection law by processing your data, please contact us so that we can resolve your concerns. You naturally also have the right to contact the supervisory authority responsible for you.
If you wish to exercise one of the rights listed, please contact our data protection officer. We may request additional information to confirm your identity in case of doubt.
9. Am I obliged to provide data?
The processing of your data is required to conclude and fulfill the contract you have entered into with us. If you do not provide this data to us, we will generally have to refuse to conclude the contract or may no longer be able to implement an existing contract, and consequently have to terminate it. However, you are not obliged to consent to data processing for data that is not relevant or legally required for contractual fulfillment.
10. Encrypted Application
You may e-mail us your application documents in a password protected ZIP archive if you want to do so. Please tell us the password via telephone.