Privacy Policy for applicants

Privacy Notice for Employees and Other Similarly Affected Parties ¹

With the following information, we would like to give you an overview of how we process your personal data and what rights you have under data protection law. Which data is processed, and how it is used, depends largely on the requested or agreed components of your employment (employment contract with an employee; service or work contract with an external contractor) and any additional services/benefits. Therefore, not all parts of this information will apply to you.

Who is responsible for data processing and who can I contact?

Responsible body:

freshcells systems engineering GmbH
Burghofstraße 40
40223 Dusseldorf, Germany
+49 (0) 211 933 01 10
eva.piasetzky@freshcells.de

You can reach our data protection officer at:

freshcells systems engineering GmbH
Burghofstraße 40
40223 Dusseldorf, Germany

or by email: datenschutz@freshcells.de.

What sources and data do we use?

We process personal data that we have received or acquired from our employees or other similarly affected parties in the course of their employment. In addition, and to the extent this is necessary for the employment, we process personal data that we obtain from publicly accessible sources (e.g. press, Internet) or that are legitimately transmitted to us by third parties (e.g. evidence of criminal acts).

Relevant personal data is personal information (name, address and other contact data, date and place of birth and nationality), family information (e.g. marital status, information about your children), religious affiliation, health data (if relevant for the employment relationship, e.g. in the case of a severe disability), identification data (e.g. ID card information, tax identification number and information about qualifications and previous employers. In addition, this may also include data relating to the fulfilment of our contractual obligations (e.g. account data, salary payments), information about your financial situation (e.g. loan liabilities, attachment of wages, company pension schemes) and other data comparable to the aforementioned categories.

What do we process your data for (purpose of processing) and what is the legal basis for such processing?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG)

a. to fulfil contractual obligations (Article 6 para. 1 letter b GDPR in conjunction with Article 88 GDPR and Article 26 para. 1 clause 1 BDSG)

We process data to establish, implement or terminate the employment relationship within the framework of the contract with you or to implement pre-contractual measures, which are carried out on request. If you make use of additional services (e.g. JobRad, company car, job ticket), your data will be processed to fulfil these additional services as far as this is necessary.

b. as part of the balancing of interests (Article 6 para. 1 letter f GDPR in conjunction with Article 88 GDPR and Article 26 para. 1 BDSG)

If necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples:

1. Measures for personnel development planning
2. Measures to be taken in the event of organisational changes
3. Assertion of legal claims and defence in legal disputes
4. Ensuring IT security and IT operations
5. Prevention and investigation of criminal offences or serious breaches of duty
6. Measures for building and plant security, e.g. access controls
7. Measures to secure domestic authority

c. based on your consent (Article 6 para. 1 letter a GDPR in conjunction with Article 88 GDPR and Article 26 para. 2 BDSG)

If you have given us your consent to process personal data for certain purposes (e.g. disclosing documents to affiliated companies, publishing photos on the website, extended storage of application documents), the legality of this processing is given on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. The revocation of consent only takes effect for the future and does not affect the legality of the data processed before the time of revocation.

d. on the basis of statutory or legal requirements (Article 6 para. 1 letter c GDPR and Article 88 GDPR and Article 26 BDSG) or when it is in the public interest (Article 6 para. 1 letter e GDPR).

As a company, we are also subject to various legal obligations, i.e. legal requirements (e.g. social security law, occupational safety, tax laws).

Who receives my data?

Within the company, any departments or individuals that need your data in order to fulfil our contractual and legal obligations, e.g. superiors, HR managers, are given access to your data. Service providers and vicarious agents appointed by us may also receive data for these purposes. These are companies in the categories of payroll, training providers, IT services, logistics, printing services and telecommunications.

With regard to the transfer of data to recipients outside our company, please note that as an employer, we only pass on necessary personal data in compliance with the applicable data protection regulations. We may only disclose information about our employees if this is required by law, if the person concerned has consented to the disclosure or if we are otherwise authorised to do so. Under these conditions, recipients of personal data can be, for example:

1. Social insurance agencies
2. Health insurance companies
3. Pension funds
4. Tax authorities
5. Employer's liability insurance associations
6. Public authorities and institutions (e.g. tax authorities, law enforcement agencies) in the event of a legal or official obligation
7. Credit and financial service institutions or similar institutions to which we transfer personal data for the purpose of the contractual relationship (e.g. for salary payments)
8. Auditing firms and wage tax inspectors
9. Service providers that we use within the framework of contract processing relationships

Further data recipients can be those for which you have given us your consent for data transfer or to which we are authorised to transfer personal data on the basis of a weighing of interests.

Will my data be transferred to third countries or international organisations?

Data will only be transferred to entities in countries outside the European Union (so-called third countries) if the legal requirements for such third-country transfers are fulfilled. According to Article 44 et seq. GDPR, a transfer to a third country may only occur if, among other things, an adequacy decision has been adopted by the European Commission, standard data protection clauses are used or you have given us your consent.

Specifically, the data is transferred to the USA and Russia in connection with the use of standard software and cooperation with contract processors. Legal basis is the adequacy decision "EU-U.S. Privacy Shield" or standard contractual clauses.

We can provide you with an overview of the recipients in third countries and a copy of the specifically agreed upon regulations to ensure the appropriate level of data protection. For this purpose, please use the contact details above.

How long will my data be stored?

We process and store your personal data for as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that employment is a continuing obligation that is intended to last for an extended period of time. If the data is no longer required for the fulfilment of contractual or legal obligations, it is deleted regularly, unless its – temporary – further processing is required for the following purposes:

1. Fulfilment of legal storage obligations, which can result e.g. from: German Social Security Code (SGB IV), German Commercial Code (HGB) and German General Tax Code (AO). The time limits for storage and documentation specified there are generally six to ten years.
2. Preservation of evidence within the framework of the legal statute of limitations. According to Articles 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.

If the data processing results from our legitimate interest or that of a third party, the personal data will be deleted as soon as this interest no longer exists. The above exceptions shall apply. The same applies to data processing based on consent given. As soon as you revoke this consent for the future, the personal data will be deleted unless one of the above-mentioned exceptions applies.

What data protection rights do I have?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions according to Articles 34 and 35 BDSG apply to the right to information and the right to erasure. You can usually exercise these rights yourself by contacting our HR managers or our data protection officer. Furthermore, you are also entitled to lodge a complaint with the State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia:

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
P.O. Box 20 04 44
40102 Dusseldorf, Germany
Phone: +49 (0) 211 38 424 0

Fax: +49 (0) 211 38 424 10
Email: poststelle@ldi.nrw.de

You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation will only take effect for the future. Processing that took place prior to the revocation is not affected.

Am I obligated to provide data?

Within the scope of the employment, you must provide any personal information we need to commence, perform and terminate the employment and to fulfil the contractual obligations associated therewith, as well as any information we are legally required to collect. Without this information, we usually will not be able to enter into, perform or terminate a contract with you.

In some cases, you may suffer disadvantages if you do not provide certain personal data, e.g. lack of work equipment for severely disabled persons, additional contribution to compulsory long-term care insurance in the event of childlessness. If you do not provide the necessary information and documents, this may prevent us from starting and realising your employment.

Is there automated decision making and if so, to what extent?

We generally do not use fully automated decision-making pursuant to Article 22 GDPR to establish, implement or terminate your employment. Should we use these procedures in individual cases, we will inform you about this and about your rights in this regard if we are legally required to do so.

Does profiling take place?

We do not use profiling or comparable measures to establish, implement or terminate employment.

Information about your right to object pursuant to Article 21 EU General Data Protection Regulation (GDPR)

Right to object in individual cases

For reasons arising from your particular situation, you have the right to object at any time to the processing of your personal data on the basis of Article 6 para. 1 letter e GDPR (data processing in the public interest) and Article 6 para. 1 letter f GDPR (data processing on the basis of a balancing of interests). This also applies to profiling based on this provision within the scope of Article 4 para. 4 GDPR.

If you file an objection, we will not continue to process your personal data, unless we can prove compelling grounds for the processing that outweigh your interests, rights and freedoms or if the processing serves to enforce, exercise or defend legal claims.

Recipient of an objection

You can address your informal objection by stating "Objection" as a subject and providing your name and address to:

freshcells systems engineering GmbH
Burghofstraße 40, 40223 Dusseldorf, Germany
Phone: +49 (0) 211 933 01 10
eva.piasetzky@freshcells.de