according to Art. 13, 14 of the General Data Protection Regulation (GDPR)
Data protection is a key concern for us. The following describes how we process your data and sets out your rights.
Who is responsible for processing your data, and who you can consult for assistance?
B+B Thermo-Technik GmbH
D – 78166 Donaueschingen, Germany
Contact details of the Data Protection Officer
D – 71272 Renningen, Germany
Purposes of processing data and legal basis
We process your personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations. Our contract documents, forms, consents and other information provided to you (such as on our website or in our terms and conditions) contain more details and set out additional purposes of processing.
Consent (Art. 6 (1) lit. a GDPR)
If you have given us a consent to process personal data, it forms the legal basis for the processing detailed in the specific statement of consent. You can revoke your consent at any time with effect for the future.
Fulfilment of legal obligations (Art. 6 (1) lit. b GDPR)
We will process your personal data on the basis of our contracts of employment with you. We require the data in order to maintain the employment relationship.
Fulfilment of legal obligations (Art. 6 (1) lit. c GDPR)
We will process your personal data where necessary in order to fulfil legal obligations. We will also process your data where appropriate for identity checking, to cross-check against European and international anti-terror lists, to comply with controlling and reporting obligations under tax law, for data archiving for the purposes of data protection and security, as well as for auditing by tax authorities and other regulatory bodies. It may also be necessary to disclose your personal data in the course of regulatory or court proceedings for the purposes of evidence gathering, criminal investigations or the assertion of claims under civil law.
Categories of personal data which we process
We process the following data:
- Name, first name
- Contact details (e.g. e-mail address, postal address, telephone number)
- Complete application documents (e.g. CVs, certificates, references)
- Social security data (e.g. date of birth, place of birth, birth name, social security number, health insurance fund, DEÜV data, marital status)
- Tax office data (e.g. tax reference number, religion)
- Pay data (e.g. salary, wage, working time, time off sick, holiday entitlement, bank details)
Who will receive your data?
We will forward your personal data within our organisation to the departments which need it in order to fulfil our contractual and legal obligations and to preserve our legitimate interests.
The following parties may additionally be provided with your data:
- Data processors contracted by us (Art. 28 GDPR), contractors providing ancillary services and other data controllers under the terms of the GDPR, in particular in the fields of IT, logistics, courier and printing services, external data centres, IT applications support/maintenance, archiving, document processing, bookkeeping and financial controlling, data destruction, purchasing/procurement, customer relationship management, lettershops, marketing, call centres, website management, financial auditing, banking
- Public agencies and institutions where we are subject to legal or regulatory obligations to provide information, report or pass on data, or where passing on data is in the public interest
- Agencies, organisations and institutions pursuant to our legitimate interests or those of third parties (e.g. to public authorities, credit agencies, collection agencies, legal advisors, courts of law, expert auditors and regulatory bodies)
- Other parties to which we transfer data based on your consent
Transfer of your data to a third country or an international organisation
Your data will not be processed outside the EU or the EEA.
How long will we store your data for?
We will process your personal data to the extent necessary for the duration of our employment relationship.
We are additionally subject to duties of retention and documentation, including pursuant to legal requirements. The retention and documentation periods they stipulate extend up to 10 years beyond the end of the employment relationship.
Ultimately, retention periods are also decided in accordance with legal requirements including
sections 195 ff. of the German Civil Code (BGB). These are normally three years, though in some cases may also be up to 30 years.
To what extent will automated decision-making (including profiling) be employed in individual cases?
We employ no purely automated decision-making procedures under the terms of Article 22 GDPR. If we do employ such procedures in individual cases, we will notify you specially, where so required by law.
Your data protection rights
You have the right to information concerning your data according to Art. 15 GDPR, the right to rectification of your data according to Art. 16 GDPR, the right to erasure of your data according to Art. 17 GDPR, the right to restriction of processing of your data according to Art. 18 GDPR, and the right to data portability according to Art. 20 GDPR. You also have the right to submit a complaint to a data protection authority (Art. 77 GDPR). According to Art. 21 GDPR, you fundamentally have the right to object to the processing of your personal data by us. However, the said right to object applies only in special circumstances relating to your personal situation, and it may be that our rights are contrary to your right to object. If you wish to assert one of these rights, please contact our Data Protection Officer (datenschutz(at)hilt-evolution.com).
Extent of your obligations to provide your data to us
You need provide only the data necessary to initiate and execute an employment relationship with us, or data which we are legally obligated to collect. Without that data we will not normally be in a position to enter into a contract of employment with you. Where we request additional data from you, we will advise you in each specific case that it is provided on a voluntary basis.
Your right of complaint to the regulatory authority
You have the right to submit a complaint to a data protection authority (Art. 77 GDPR). The data protection authority to which we are subject is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit (The Data Protection and Freedom of Information Officer of the State of Baden-Württemberg)