Data protection information for employees
Your employer must process personal data in connection with your employment. The handling of these so-called "personal data" is regulated by special legal regulations. These provisions include in particular the EU General Data Protection Directive ("GDPR") and Bundesdatenschutzgesetz ("BDSG").
Fels attaches great importance to the responsible handling of your personal data. In this data protection information we explain to you which information (including personal data) is processed in connection with your employment relationship.
In particular, we will inform you about the following aspects:
- which company is responsible for processing your personal data so that you know who to contact if you have any questions;
- that we process for your employment both data that you have provided in connection with your employment and data that arises in the course of your employment with us;
- that we process your personal data for certain specified purposes and on the basis of legal regulations;
- that certain personal data must be processed by us, because without this data we cannot carry out the employment relationship with you
- that we need to transfer certain personal data from you to other places or possibly also to other countries and what precautions we take to protect your data;
- how long we store your personal data; and
- what rights you have with regard to your personal data.
1. Who is responsible for the processing of personal data?
The company of the Fels Group with which you have concluded your employment contract or the company shown on your remuneration statement or which is responsible for the payment of company pension benefits ("Contractual Employer") is the data protection officer responsible for the processing of personal data. You will find the contact details of your contractual employer in your employment contract or as an impression in your payroll document. Insofar as "we" or "us" are mentioned in this data protection information, this refers in each case to your contractual employer.
The data protection officer for Fels is also available at firstname.lastname@example.org .
2. Which data do we process?
The performance of your employment relationship requires the processing of personal data:
We process certain general data in relation to your person and your employment relationship with us, collectively "basic data". Basic data include
- any information you have provided or requested during the application process (e.g. name, address, telephone number, e-mail address, date of birth, marital status, nationality, religion, details of your education and professional background);
- the data that we have collected in connection with your employment with us (such as in particular the details of the employment contract concluded with you and information on your organisational integration into our company); and
- the data required for payroll, company pension accounting, or for participation in an employee participation program.
We process personal data collected in the course of your employment other than by merely updating your basic data and that we refer to as "performance data". Performance data include
- information about the work performed by you, such as attendance and absence times and any evaluations of your contractual performance;
- information about the services we provide, such as salary payments made to you and the granting of other benefits;
- information that you provide to us in the course of your employment - either actively or at our request;
- personal data that we receive from you or third parties (in particular government agencies such as social security institutions or (tax) authorities) in the course of your employment. These include, for example, indications of illness-related disability, pregnancy or the birth of a child, any disability, marriage or civil partnership; and
- personal data required in the form of permanent account management , e.g. to document entitlements to company pension benefits or participation in employee participation programs.
We process personal data collected in the course of your employment due to your use of our company infrastructure. Usage data include
- information about your use of the company's IT infrastructure (such as your business e-mail account and Internet access or other applications, programs and end devices made available to you);
- information about your use of other operational infrastructure such as (time stamps or other time recording systems); and
- data from the SAP SuccessFactors training tool
The aforementioned categories of data may include special categories of personal data, in particular health data (e.g., the information on your inability to work due to illness).
3. For which purposes and on which legal basis do we process your personal data?
The processing of the master, process and usage data takes place for the execution of the existing employment relationship with you on the basis of article 6 paragraph 1 b) DSGVO and § 26 paragraph 1 BDSG.
We may also process master data, history and usage data to fulfil legal obligations to which we are subject; this is based on article 6 paragraph 1 c) GDPR. These legal obligations include in particular the notifications to social insurance carriers and (tax) authorities required of us.
If necessary, we process your data beyond the execution of the employment relationship and the fulfilment of legal obligations also for the protection of our legitimate interests or the interests of third parties; this is done on the basis of article 6 paragraph 1 f) GDPR. Our legitimate interests include Group-wide processes for internal administration of employee data
- the assertion of legal claims and defence in legal disputes;
- the prevention and investigation of criminal offences;
- Ensuring the security of the IT systems we use;
- the guarantee of building and plant safety.
Insofar as the categories of data mentioned under item II contain special types of personal data (such as health data), we process them for the purposes of our obligations under labour law and social security law to the extent provided for by law; this is based on Article 9 paragraph 2 b) GDPR.
Insofar as we give you the opportunity to give your consent to the processing of personal data when establishing or in the course of your employment, we process the data covered by the consent for the purposes stated in the consent; this is done on the basis of Article 6 paragraph 1 a) GDPR. If the consent relates to the processing of special types of personal data (such as health data), processing is based on Article 9 paragraph 2 a) GDPR.
Please note that:
- the granting of consent to us is always voluntary and neither the granting nor the subsequent revocation of consent has negative consequences for the performance of your employment relationship;
- that the non-granting of a consent or its later revocation can nevertheless be connected with consequences, about which we inform you before granting the consent and
- that you can revoke your consent given to us at any time with effect for the future, e.g. by notifying us by post, fax or e-mail via one of the contact channels mentioned on the first page of this data protection information.
4. Are you obliged to provide data?
The provision of the master data, progress data and usage data mentioned under item II. is necessary for the conclusion of the employment contract and its execution between you and us, unless expressly stated otherwise by us when collecting this data. Without the provision of this data, we cannot conclude and execute an employment contract with you.
If we also collect personal data from you, we will inform you during the collection whether the provision of this information is required by law or contract or is necessary for the conclusion of a contract (in particular your employment contract). As a rule, we identify information that is provided voluntarily and is not based on any of the aforementioned obligations or is not required for the conclusion of a contract.
5. Who obtains or has access to your data?
Your personal data will be processed within our company. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. This includes in particular the HR department, your superiors and - in the case of data arising via the IT infrastructure - to a certain extent also the IT department. A role and authorization concept limits access within our company to those functions and to the extent necessary for the respective purpose of processing.
We may also transfer your personal data to third parties outside our company to the extent permitted by law. These external recipients may include in particular
- affiliated companies within the CRH Group to which we transmit personal data for internal administrative purposes;
- direct or indirect supervisors employed by another company within the Fels Group, insofar as this is necessary for the performance of the employment relationship with you;
- the service providers employed by us who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
- non-public and public authorities, insofar as we are obliged to transfer your personal data due to legal obligations,
- business partners, insofar as the transmission of personal data (e.g. your public contact data) is required for the performance of the employment relationship.
6. Do we use automated decision-making?
We do not use automated decision making (including profiling) in the sense of Article 22 GDPR when establishing or in the course of the employment relationship. If we should use such procedures in individual cases in the future, we will inform you separately to the extent provided by law.
7. Are data transferred to countries outside the EU / the EEA?
Your personal data will be processed within the EU or the European Economic Area; a transfer to other countries (so-called "third countries") is not planned.
If in individual cases (e.g. in the case of secondment) it is necessary to transfer personal data to recipients outside the European Union or the Agreement on the European Economic Area in order to carry out the employment relationship, we will provide you with the information required by law before such transfer.
8. How long are your data stored?
We store your personal data as long as we have a legitimate interest in this storage and your interests in the discontinuation of storage do not outweigh.
Even without a legitimate interest, we may continue to store the data if we are legally obliged to do so (e.g. to fulfil storage obligations). We also delete your personal data without your intervention as soon as their knowledge is no longer necessary to fulfil the purpose of the processing or storage is otherwise legally inadmissible.
As a rule, the master data and other personal data accrued in the course of the employment relationship are stored at least until the end of the employment relationship. The data will be deleted at the latest when they reach their purpose. This may only occur after termination of the employment relationship. The personal data that we have to store in order to fulfil our storage obligations will be stored until the end of the respective storage obligation. As far as we store personal data exclusively for the fulfilment of storage obligations, these are usually blocked, so that they can only be accessed if this is necessary with regard to the purpose of the storage obligation.
9. What are your rights as a data subject?
As a data subject, you may
- request access to your personal data, Article 15 GDPR;
- request the rectification of incorrect personal data, Article 16 GDPR;
- request the erasure of your personal data, Article 17 GDPR;
- request the restriction of the processing of your personal data, Article 18 GDPR;
- exercise your right to data portability, Article 20 GDPR;
- object the processing of your personal data, Article 21 GDPR.
To exercise these rights, you can register at any time - e.g. via a link in the chapter "Who is responsible for data processing?" of this data protection information - contact us.
If you have any questions about the processing of your data, you can also contact our data protection officer.
They are also entitled to lodge a complaint with a competent supervisory authority for data protection, Article 77 GDPR.