Information on the use of your data in the employment relationship
1 Version history
| Version | Date | Comment |
|---|---|---|
| 1.0 | 23.03.2018 | Creation |
| 1.1 | 07.05.2018 | Review and revision by company lawyer |
| 1.2 | 13.01.2021 | Revision CI and change of address |
With this notice, we inform you about the processing of personal data by GUS ERP GmbH and the rights to which you are entitled under data protection law.
2 Person responsible for data processing
GUS ERP GmbH
Josef-Lammerting-Allee 20-22, 50933 Cologne
Tel: 0221/376 59 0
E-mail: info@gus-group.com
You can reach our data protection officer by mail at the above data with the addition - data protection officer - or by e-mail at: datenschutz@gus-group.com
3 Source and types of personal data
As an IT service provider in the B2B sector, we strive to minimize the processing of personal data. When we process personal data, we do so in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable laws.
We process the personal data provided to us by employees and applicants for employment in our company. In addition, we process - insofar as necessary for the establishment or implementation of an employment relationship - personal data that we obtain from publicly accessible sources (e.g. Internet, press, debtor directories) or that are transmitted to us by other third parties (e.g. credit agencies).
Relevant personal data are personal details (title, name, address and other contact data such as e-mail address, telephone numbers), legitimation, authentication and log data (e.g. passwords for access to IT systems, EDP log files, log files) and data on the role and function of the data subject in the company. Furthermore, we also process special categories of personal data (e.g. religious affiliation, health data, family circumstances) insofar as this is necessary to fulfill obligations under labor, tax and social law in the performance of the employment relationship.
4 Purposes and legal bases of data processing
We process personal data for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination or for the exercise or fulfillment of the rights and obligations of the employees' interest representation resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement). For the purpose of uncovering criminal offenses, we only process personal data of employees if factual indications to be documented justify the suspicion that the data subject has committed a criminal offense in the employment relationship, the processing is necessary for the purpose of uncovering the offense and the interest of the employee worthy of protection in the exclusion of the processing does not prevail, in particular the type and extent are not disproportionate with regard to the reason.
The legal basis for this processing of personal data for the purposes of initiating and executing contracts is Art. 6 (1) b) DSGVO and Section 26 BDSG.
5 Categories of recipients of the personal data
External contractors and service providers:
When establishing and implementing the employment relationship, we sometimes use external contractors and service providers, e.g. tax advisors, auditors, Datev, recruitment agencies.
You can request an overview of the contractors and service providers we use with whom we have more than temporary business relationships by contacting the data protection officer using the contact details above.
Other recipients:
In addition, we may transfer personal data to other recipients, such as authorities for the fulfillment of statutory notification obligations (e.g., social insurance carriers, employment agency, tax authorities or law enforcement agencies).
6 Duration of data storage
We store personal data for as long as they are required for the above purposes. Subsequently, they will be deleted in accordance with our document retention policy, unless we have
(a) are obliged to store data for a longer period of time pursuant to Art. 6 (1) sentence 1 lit c) DSGVO due to storage and verification obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Money Laundering Act or other legal obligations;
(b) need the data to preserve evidence under the statutory limitation provisions; or
(c) have the consent of the data subject pursuant to Art. 6 (1) sentence 1 lit a) DSGVO to longer processing.
7 Data subject rights
Every data subject has the right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR and the right to erasure pursuant to Art. 17 GDPR if the data has been collected unlawfully or is inaccurate. The data subject may also have a right to restriction of processing under Art. 18 GDPR if the accuracy of the data is in doubt or the data may not be erased. Finally, every data subject has the right to object under Art. 21 DSGVO and the right to data portability under Art. 20 DSGVO.
With regard to the right of information and the right of deletion, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).
The data subject may revoke consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to May 25, 2018. The revocation is only effective for the future. Processing that took place before the revocation is not affected.
8 Right of objection
The data subject has the right to object to the processing of his or her personal data if grounds arise from his or her particular situation which argue against data processing based on Art. 6 (1) f) DSGVO (data processing based on a balance of interests).
In the event of the objection, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.
9 Right of appeal
Every data subject has the possibility to address a complaint to the above-mentioned data protection officer or to a data protection supervisory authority. The data protection supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Kavalleriestraße 2 - 4
40213 Düsseldorf
10 Data transfer to a third country
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other data protection guarantees that are sufficient and adequate under the GDPR (e.g., binding corporate data protection rules, EU standard contractual clauses) are in place.