Diese Datenschutzerklärung ist auch in deutscher Sprache verfügbar.

Privacy Notice for Employees Including Temporary Agency Workers

The protection of your personal data which we collect and process as a provider of staffing services is a key concern for us, Robert Half Deutschland GmbH & Co. KG (“Robert Half” or “we”/“us”). We wish to ensure that all our employees including temporary agency workers employed with us know how we process their personal data and can be assured that their privacy and their rights are respected at all times. This privacy notice is intended exclusively for our internal employees and temporary agency workers. It is designed to provide transparent information about how our company processes personal data and to comply with legal data protection requirements. We wish to provide you with an overview of how we process your personal data and the rights you have regarding your personal data.
Data controller Robert Half Deutschland GmbH & Co. KG Mainzer Landstraße 50 60325 Frankfurt am Main [email protected] Data protection officer Olga Stepanova, lawyer C/O bytelaw Koch Stepanova Veeck Partnerschaft von Rechtsanwälten mbB Bockenheimer Landstraße 51-53 60325 Frankfurt am Main [email protected]
We manage the personal data required for the purposes of performing your employment contract in a digital personnel file. Your personnel file is accessible only to a restricted group of individuals in our HR department who will only share information contained therein with other departments such as the Accounting department where mandatory and only to the extent necessary and permitted by law. Categories of personal data processed: Master data (first name, last name, previous names (if any), date of birth, gender); personal and business contact details (email address, telephone number, postal address); CV data (education and training, other skills and qualifications, professional background); salary and remuneration data (salary, bonuses, special payments, other individual remuneration and expenses); bank account details (account holder, IBAN, BIC, bank name); work permit (where required or prescribed by law); tax and social security data (social security number, tax ID, church tax details); career data (appraisals, promotions); working time data (agreed working hours and hours worked, absences and reasons); participation in mandatory trainings; labour law documents (reprimands, warnings, terminations); emergency contact details (name and contact details of an emergency contact); photos and videos (on an entirely voluntary basis and only if you have given your consent). Purpose of processing: HR management and organisation. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide the personal data indicated above where this is necessary and not indicated as voluntary, because processing it is necessary for the purposes of performing the employment contract with you and for complying with our legal requirements as an employer. Legal basis: We process this data for the purposes of performing the employment contract according to Article 6(1)(b) GDPR and for complying with our legal obligations according to Article 6(1)(c) GDPR in conjunction with social and tax law provisions. We collect your consent with regard to the recording of photos and videos and the creation of an emergency contact in accordance with Article 6(1)(a) GDPR. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship. If the employment relationship ends, we restrict their processing to the purpose of fulfilling our retention obligations.  The personal data that we process based on your consent will be processed only until you withdraw your consent or the employment relationship ends, whichever occurs first. Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU Right to withdraw consent: If you have given your consent to data processing, you can revoke it at any time in accordance with Art. 7 GDPR. To do so, please contact: privacy-emea@roberthalf.net. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
In addition to the salary you receive for the work you do, you may also receive bonuses or special payments. We will also reimburse you for any expenses you may have incurred, as long as these have been approved on a case-by-case basis or in accordance with our policies. We need to process your personal data for the purposes of making the respective calculations and payments. Categories of personal data processed: Salary and remuneration data (salary, bonuses, special payments, other individual remuneration and expenses); bank account details (account holder, IBAN, BIC, bank name); work permit (where required); tax and social security data (social security number, tax ID, church tax details); working time data (agreed working hours and hours worked, any relevant prolonged absences that have an impact on remuneration). Purpose of processing: Calculating and paying your salary as well as any additional remuneration. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide the personal data indicated above because processing it is necessary for the purposes of performing the employment contract with you and for complying with our legal requirements as an employer. Legal basis: We process this data for the purposes of performing the employment contract according to Article 6(1)(b) GDPR; and for complying with our legal obligations according to Article 6(1)(c) GDPR in conjunction with social and tax law provisions. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship. If the employment relationship ends, we restrict their processing to the purpose of fulfilling our retention obligations.  Recipient category: Software provider, cloud storage provider, payment service provider, authorities, commercial auditors Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
Irrespective of our policy to facilitate flexible working hours and any arrangements included in your employment contract, we are legally required to track working time. We therefore need to process your personal data. Categories of personal data processed: Master data (first name, last name); business contact details (email address); working time data (Start, end and duration of daily working hours, break times, any relevant prolonged absences that have an impact on remuneration). Purpose of processing: Providing and performing working time tracking. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide the personal data indicated above because processing it is necessary for the purposes of performing the employment contract with you and for complying with our legal requirements as an employer. Legal basis: We process this data based on our legal obligation according to Article 6(1)(c) GDPR in conjunction with Section 3 of the Occupational Health and Safety Act (ArbSchG), Section 16 of the Working Time Act (ArbZG) and Section 17 of the Minimum Wage Act (MiLoG). Duration of data retention: We will retain this data for the duration of recording and monitoring it and for another two years thereafter as legally required. Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
Absences, whether planned or unplanned, may occur and we respect this. These absences have to be notified and processed in line with our internal policies to allow us to maintain our business operations, plan capacity and comply with legal requirements. Categories of personal data processed: Master data (first name, last name); absence data (absence, reason, duration). Purpose of processing: Maintaining our business operations, planning capacity and complying with legal requirements. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide the personal data indicated above because processing it is necessary for the purposes of performing the employment contract with you and for complying with our legal requirements as an employer. Legal basis: We process this data for the purposes of performing the employment contract according to Article 6(1)(b) GDPR; for complying with our legal obligations according to Article 6(1)(c) GDPR in conjunction with § 7 BurlG; and because this is necessary for the purposes of our legitimate interests according to Article 6(1)(f) GDPR in maintaining our business operations and planning capacity. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship. If the employment relationship ends, we restrict their processing to the purpose of fulfilling our retention obligations.  Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
For some countries, personal data about you may be necessary in addition to that required for booking accommodation and transportation options. We will also require your bank account details if you would like us to reimburse you for expenses you may have incurred. Categories of personal data processed: Master data (first name, last name, date of birth, gender); business contact details (email address, telephone number, postal address); remuneration data (expenses); bank account details (account holder, IBAN, BIC, bank name); identity card data (details of your identity card or passport, where required for bookings and certifications); driving licence data (details of your driving licence for vehicle bookings for you as the driver); travel data (dates, place, accommodation, transportation); emergency contact details (contact details of a person who can be contacted in an emergency). Purpose of processing: Booking and managing business trips, obtaining legally required documents, checking and reimbursing any expenses incurred. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide the personal data indicated above because processing it is necessary for the purposes of performing the employment contract with you and for complying with our legal requirements as an employer. Legal basis: We process this data for the purposes of performing the employment contract with you according to Article 6(1)(b) GDPR. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship. If the employment relationship ends, we restrict their processing to the purpose of fulfilling our retention obligations.  Recipient category: Software provider, cloud storage provider, travel agencies, transport service provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
We are legally required to regularly train our employees on subjects such as occupational health and safety, data protection and fire safety awareness. Participation in these trainings is mandatory and we will document your participation. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number); participation data (time of participation, successful completion of training). Purpose of processing: Providing, performing and monitoring participation in mandatory trainings. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide the personal data indicated above because processing it is necessary for the purposes of complying with our legal obligations. Legal basis: We process this data based on our legal obligation according to Article 6(1)(c) GDPR in conjunction with the provisions of § 12 ArbSchG and Article 32 GDPR. Duration of data retention: We will retain this data for the duration of your participation in the training and also until expiry of the legal retention periods required under occupational health and safety regulations. Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
Promoting our employees’ development and career is a key concern for us. To this end we regularly conduct performance appraisals with you, ask you about your development needs, provide you with further education and training at our cost and support you with your career. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number); career data (current position, performance appraisals, needs and goals, participation in trainings and associated certificates). Purpose of processing: Appraising and managing your performance and supporting you in your career development. Data source: We will collect this data directly from you. Obligation to provide data: You are under no legal or contractual obligation to provide this data. Please note that we may not be able to or not fully support you with your career if you do not provide some or all of this data. Legal basis: We process this data because this is necessary for the purposes of our legitimate interests in developing our employees in accordance with Article 6(1)(f) GDPR. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship. If the employment relationship ends, we restrict their processing to the purpose of fulfilling our retention obligations.  Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
Appreciating and celebrating the performance and achievements of our employees is important to us. This is why we would like to share information about special milestones and promotions with our team to express our appreciation for the hard work and the commitment. Categories of personal data processed: Master data (first name, last name); career data (anniversary, promotions); reward data (information on the reward chosen or awarded on the occasion of the anniversary where such reward is foreseen according to corporate policy). Purpose of processing: Strengthening employee loyalty. Data source: We will collect this data directly from you. Obligation to provide data: You are under no legal or contractual obligation to provide this data. Legal basis: We process this data because this is necessary for the purposes of our legitimate interests according to Article 6(1)(f) GDPR. Our legitimate interests in processing this data lie in expressing our recognition and appreciation of your performance, strengthening employee loyalty and transparently communicating our appreciation of your achievements to all our staff. Duration of data retention: We will retain this data for anniversary and promotion communication purposes only temporarily until we communicate your achievements. Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
We have introduced corporate health management to maintain and improve our employees’ well-being and health. This includes providing free seminars, trainings and live dialogues with experts as well as contact with our occupational health doctor, computer glasses, height-adjustable desks in the offices or other workplace equipment that is medically advisable or necessary, or the employee assistance programme that you may use to talk to experts on a great variety of topics confidentially and free of charge. Our corporate health management relies on third-party providers. That way you can communicate with them confidentially without us knowing that you made use of these services or gaining knowledge of the content discussed. Only when we hold special trainings or provide workplace equipment do we need to process your personal data to be able to do so. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number, office affiliation); health data (need for computer glasses or other workplace equipment – only that you need them, not including any test results or other details). Purpose of processing: Providing corporate health management and maintaining and improving our employees’ well-being and health. Data source: We will collect this data directly from you. Obligation to provide data: You are under no legal or contractual obligation to provide this data. Please note that you may not be able to use all services offered through our corporate health management if you do not provide some or all of this data. Legal basis: We process this data because this is necessary for execution employment contract according to Article 6(1)(b) GDPR and, as regards the provision of computer glasses and other workplace equipment necessary for health reasons, according to Article 9(2)(b) GDPR in conjunction with Section 3 ArbSchG. Duration of data retention: We will retain this data for the duration of your use of the respective offer for which we process personal data about you and restrict data processing after termination of the programme to the purpose of fulfilling retention obligations. Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
It is our duty as an employer to establish corporate integration management (CIM) according to Section 167 Social Code Book IX (SGB IX). Participation in this programme is voluntary for our employees and will take place only with the prior consent of the data subject. Where sensitive personal data is deemed helpful in the course of the programme and is to be processed, this data will only be processed with the data subject’s express prior consent. The persons responsible for corporate integration management have signed a non-disclosure statement obliging them to maintain strict confidentiality. If you are eligible to participate in corporate integration management, we will inform you again in detail before you participate. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number, office affiliation); health data as applicable (diagnoses, medical opinions and recommendations, medical findings, interview transcripts, therapy recommendations and therapy reports, personal assessments by the persons involved). Purpose of processing: Providing and performing corporate integration management. Data source: We will collect this data directly from you and, provided you have given your consent and instructed us to do so, from other persons involved in your specific CIM, provided that you have released such persons from their duty of confidentiality. Obligation to provide data: You are under no legal or contractual obligation to provide this data. Please note that the results of your corporate integration management may be negatively affected if you do not provide some or all of this data. Legal basis: We process this data for the creation and dispatch of a BEM invitation based on Article 6(1)(c) in conjunction with § 167(2) SGB IX and based on Article 9(2)(b) in conjunction with Article 88 GDPR, Section 26(3) BDSG.  The BEM is carried out after consent has been granted on the basis of Article 6(1)(b) in conjunction with Article 9(2)(a) GDPR. Duration of data retention: The data for the creation and dispatch of the BEM invitation is stored for 3 years for verification purposes, starting with the dispatch. The data collected during the BEM will be stored for the duration of the BEM procedure and deleted immediately after the withdrawal of consent or the termination of the BEM, provided that there are no retention obligations that require us to store the data beyond this period. Recipient category: None Recipient locations: - Guarantees for transfers to third countries: -
We offer our employees the possibility to participate in our company pension scheme. To participate in our company pension scheme, your personal data will have to be processed. We provide our company pension scheme through an insurance broker and an insurer who will collect your personal data from you without us gaining access to it. If you decide to participate, they will provide you with a dedicated privacy notice containing additional information. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number, office affiliation); participation data (participation in company pension scheme). Purpose of processing: Providing our company pension scheme. Data source: This data will be collected directly from you. Obligation to provide data: You are under no legal or contractual obligation to provide this data. Please note that you will not be able to participate in our company pension scheme if you do not provide some or all of this data. Legal basis: We process this data for the implementation of pre-contractual measures pursuant to Article 6(1)(b) GDPR by passing on the relevant data to the insurance broker at the employee's request. Duration of data retention: We will retain this data for as long as you participate in our company pension scheme and limited to the fulfilment of our retention obligations. Recipient category: Software provider, cloud storage provider, insurance agencies, insurances Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
To enable you to do the work agreed upon in your employment contract, we provide you with IT equipment such as a tablet, laptop, mobile phone and the respective accessories such as keyboard, mouse or monitors as required and in line with our internal policies. We will document the IT devices issued to you. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number, office affiliation); device data (device identification and further details regarding the IT devices provided). Purpose of processing: Providing work equipment. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide this data because processing it is necessary for the purposes of performing the employment contract. Legal basis: We process this data for the purposes of performing the employment contract according to Article 6(1)(b) GDPR and because this is necessary for the purposes of our legitimate interests according to Article 6(1)(f) GDPR in keeping an inventory of our IT equipment. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship and limited to the fulfilment of our retention obligations. Recipient category: None Recipient locations: - Guarantees for transfers to third countries: -
We have set up an IT Support team who will assist you in solving any small or large technical problems that may occur and restore the proper functioning of your systems and your ability to work. You may reach our IT Support via various channels. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number, office affiliation); device data (device identification and further details regarding the IT devices provided); communication data (problem descriptions and potential solutions). Purpose of processing: Providing and performing IT Support services. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide this data because processing it may be necessary for the purposes of maintaining your ability to work. Legal basis: We process this data for the purposes of performing the employment contract according to Article 6(1)(b) GDPR and because this is necessary for the purposes of our legitimate interests according to Article 6(1)(f) GDPR in ensuring the proper functioning of our IT. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship and limited to the fulfilment of our retention obligations. Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
To ensure the security of our IT systems, we use a variety of systems that enable us to detect and remedy any malfunctions and to prevent any attacks on our IT systems. For further information, please refer to the dedicated privacy notice regarding IT security provided on our intranet. Categories of personal data processed: Device data (device identification, device name, additional hardware details), technical data (IP address, network traffic, websites visited). Purpose of processing: Maintaining the security of our IT systems. Data source: We will collect this data directly from you. Obligation to provide data: You are required to provide this data because processing it may be necessary for ensuring the security of our IT systems and complying with legal requirements. As our employee you are contractually obligated to support us in this endeavour. Legal basis: We process this data to comply with our legal obligation to take appropriate measures to ensure data security according to Article 6(1)(c) GDPR in conjunction with Article 32 GDPR. Duration of data retention: If no malfunction or attack has been detected, your data will be retained for 30 days in the active system, for 90 days in aggregated form, thereafter for another 275 days in an archive and will then promptly be deleted. Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
The protection of personal data is a key concern for us as a staffing services company. We have therefore established a dedicated system of data protection management. Your support is required for the maintenance, updating and documentation of this. For example, you are the contact for systems and processes used or the person to be contacted in the event that data protection breaches are suspected. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number, office affiliation); communication data (reports, descriptions, detailed descriptions of individual processes). Purpose of processing: Establishing and maintaining an appropriate and functioning system of data protection management as well as taking employment law sanctions upon becoming aware of violations. Data source: We will collect this data directly from you. Obligation to provide data: Processing this data may be necessary to comply with our legal obligations as data controller. As our employee you are contractually obligated to support us in this endeavour. Legal basis: We process this data for the purposes of performing the employment contract according to Article 6(1)(b) GDPR and complying with our legal obligations pursuant to the GDPR, the BDSG and the Telecommunications and Telemedia Data Protection Act (TTDSG) according to Article 6(1)(c) GDPR in conjunction with Article 32 and Article 5(2) GDPR. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship and limited to the fulfilment of our retention obligations. Recipient category: Software provider, cloud storage provider, regulators (if required by law) Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
We regularly organise events/job fairs for interested candidates and employers or participate in such events/job fairs organised by third parties. Our employees may transmit your business contact details to candidates and clients in order to allow them to communicate with us following such events. Categories of personal data processed: Master data (first name, last name); business contact details (email address, telephone number, postal address). Purpose of processing: Managing the event; providing contact details to interested candidates and clients. Data source: We will collect this data directly from you. Obligation to provide data: You are under no legal or contractual obligation to provide this data, but the provisions of your employment contract may require that you provide your contact details to facilitate communication with you in the context of your work. Legal basis: We process this data for the purposes of performing the employment contract with you according to Article 6(1)(b) GDPR. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship and limited to the fulfilment of our retention obligations. Recipient category: Software provider, cloud storage provider, event organiser Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
During your recruitment process, we ask you to set up a profile in our emergency and crisis alert system. We will use the information recorded in your profile to quickly reach and inform you in the event that an emergency or crisis has been identified, such as a fire in one of our office buildings or warnings of an attack and to ask for you well-being. This data will not be used for any other purposes. Categories of personal data processed: Master data (first name, last name); business and personal contact details (email addresses, telephone numbers); location data (office building you work in). Purpose of processing: Warning of any dangers that may arise and ensuring the well-being of the individual employee.. Data source: We will collect this data directly from you. Obligation to provide data: You are under no legal or contractual obligation to provide this data. Please note that your well-being is a key concern for us and that we will only be able to warn you of any dangers we become aware of if you provide this data. Legal basis: We process this data for your emergency alert and crisis situations under Article 6(1)(f) of the GDPR, which also constitutes our legitimate interest. Duration of data retention: We will retain this personal data about you for the duration of the employment relationship or until you exercise your right to object, whichever occurs first. Recipient category: Software provider, cloud storage provider Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
When we develop marketing activities, we may ask you to act as a promotional ambassador for our company. This may include using a photo of you together with a brief text for marketing purposes. This information may be published on different platforms including social media, professional networks or in print media such as flyers. It may also be used in internal mailings or on the intranet as a means to strengthen employee loyalty. You are entirely free to participate or not; there will be no consequences if you choose not to. Categories of personal data processed: Master data (first name, last name); publications (photo, a quote from you, your story, your answers to brief questions). Purpose of processing: In external communications, we process your data for marketing purposes, in internal communications to strengthen employee loyalty. Data source: We will collect this data directly from you. Obligation to provide data: You are under no legal or contractual obligation to provide this data, and there will be no consequences of any kind if you do not consent to the processing of your data. Legal basis: We process this data based on your consent to processing for a specific purpose according to Article 6(1)(a) and Article 7 GDPR. Duration of data retention: We will retain your data until you withdraw your consent. Please note that in the case of publication on the Internet, particularly on social media sites, your data will be accessible to everyone. It may be downloaded, reproduced and published elsewhere without us becoming aware of this or being able to prevent it. Recipient category: Software provider, cloud storage provider, marketing agencies, media news Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU Right to withdraw consent: If you have given your consent to data processing, you can revoke it at any time in accordance with Art. 7 GDPR. To do so, please contact: [email protected]. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
We will also process personal data to establish, exercise or defend legal claims where this is necessary. Categories of personal data processed: All relevant personal data on file with us regarding your person that is necessary for establishing, exercising or defending legal claims and that may be processed for this purpose in compliance with legal requirements, i.e. the use of which is not prohibited. Purpose of processing: Establishing, exercising or defending legal claims. Data source: We will collect this data directly from you. Obligation to provide data: You are under no legal or contractual obligation to provide this data. Legal basis: We process this data because this is necessary for the purposes of our legitimate interests according to Article 6(1)(f) GDPR. Our legitimate interests lie in establishing, exercising or defending legal claims. Duration of data retention: We will retain this data for as long as necessary for establishing, exercising or defending legal claims. This is typically the case until the expiration of the three-year statute of limitations period, commencing from the end of the year in which the contractual relationship terminated. Recipient category: Software provider, cloud storage provider, law firms, authorities, courts Recipient locations: EU and non-EU Guarantees for transfers to third countries: Standard contractual clauses of the EU
As a group of companies with global operations, we organise some activities centrally at our affiliates for certain regions or worldwide. In doing so, personal data may be transmitted to these affiliates to ensure efficient and consistent business processes as well as appropriate control of our business operations. As some of our divisions rely on matrix management, employees may be reporting to managers employed at other affiliates; this means that these managers may have knowledge of personal data to ensure effective management and organisation within the group. Where this is the case, these affiliates act as our data processors, processing your personal data according to our instructions. We also commission third-party service providers to act as data processors. These service providers include software providers, cloud providers, marketing agencies, financial services providers, subcontractors and technical support companies that are necessary for fulfilling our business purposes and that support us in improving the quality of our services and offering innovative solutions. We commission these service providers subject to a data processing agreement that obligates them to comply with data protection regulations and does not permit them to process personal data for their own purposes. Personal data may also be transmitted to independent data controllers such as tax advisers, law offices, courts or government agencies to the extent permitted or legally required to comply with statutory requirements, ensure compliance and establish, exercise or defend legal claims. When working with data processors and independent data controllers, we attach great importance to their compliance with the level of data protection required in the European Union. Where these business partners are not already subject to EU data protection law, they undertake to comply with EU data protection standards by signing the standard contractual clauses provided by the European Commission. These contractual arrangements ensure that the transfer of personal data to third parties outside the European Union or the European Economic Area complies with the strict requirements of EU data protection law. For further information on the transmission of your personal data, please refer to the individual purposes of processing described in this privacy notice.
We have taken appropriate technical and organisational security measures to protect your personal data from accidental loss, unauthorised processing or access as well as alteration or disclosure. Furthermore, we limit access to your personal data to those employees, representatives, contractors and other third parties who need it for business purposes and are legally authorised to use it. We have put in place procedures to deal with any suspected personal data breach and we will notify you and the competent supervisory authority of a breach where this is necessary and we are legally required to do so.
You have the right to request information on what personal data we process about you and how we process it at any time. Upon submitting such a data subject access request, you will also receive a copy of the personal data we hold on file about you. Where these copies also contain confidential information or personal data on other data subjects, we will either redact this information or we will inform you what personal data relating to you the copies contain and for which purposes.
Where your personal data on file with us is inaccurate or incomplete, you have the right to request the prompt rectification and/or completion of your personal data at any time.
You have the right to request erasure of your personal data by us at any time. We will promptly fulfil your request unless we are subject to legal obligations that do not allow us to erase your personal data at that point in time. This may for instance be the case if we are obliged to retain your data for a longer period of time for tax purposes. Should this be the case, we will inform you accordingly in response to your request for erasure, restrict the processing of your personal data for all other purposes except retention and will promptly delete your personal data upon expiry of legal retention periods without requiring any additional request on your part.
As an alternative to your right to be forgotten, you also have the right to request that we restrict the processing of your personal data if: you contest the accuracy of your personal data on file with us – until such time as we have been able to verify the accuracy of your data; our processing of your personal data is unlawful, but you oppose erasure of your data and request that we restrict its use instead; we no longer need your personal data, but you need this data for establishing, exercising or defending legal claims, or you have objected to the processing pursuant to Article 21 GDPR – pending verification of whether our legitimate interests override yours.
You have the right to object at any time pursuant to the provisions of Article 21 GDPR. You may at any time object, on grounds relating to your particular situation, to the processing of your personal data which we process based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on those provisions. You may infer from the descriptions of processing above whether our processing is based on Article 6(1)(e) or (f). 
Where we process your personal data based on your consent, you have the right to withdraw your consent at any time with future effect. The lawfulness of processing before your withdrawal will not be affected. 
In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. However, we do not currently use such methods.
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format where technically feasible. You also have the right to transmit this data to another data controller without hindrance on our part.
Irrespective of and in addition to the rights listed above, you have the right to file a complaint with the competent supervisory authority if you believe that the processing of your personal data violates the GDPR. The competent supervisory authority is: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit Gustav-Stresemann-Ring 1, 65189 Wiesbaden Postfach 31 63, 65021 Wiesbaden Telephone: +49 611 14080 Fax: +49 611 1408611 Email: [email protected] Website: https://datenschutz.hessen.de Before you contact the supervisory authority, we would ask you to give us the opportunity to discuss your concerns with you to find an easy and satisfactory solution for you. Please feel free to contact our data protection team by emailing [email protected] or our external data protection officer using the contact details shown at the beginning of this privacy notice.
This privacy policy was last updated on: 15th of March 2024 Due to changing business requirements, legal or regulatory requirements and technical developments, it may be necessary to amend this privacy policy. We will inform you of any significant changes to the privacy policy. You can access the latest version of the privacy policy at any time on this website.
Print this privacy statement using the print function in your browser or by pressing Ctrl+P on your keyboard.