Privacy policy for employees (incl. applicants)

Information on data processing

Before joining our company, your personal data shall be processed by us exclusively for the purpose of establishing a contractual relationship to the extent necessary.
During the period of your employment and beyond, we shall process your personal data in order to execute and/or end the contractual relationship.
After the respective objective has been achieved, your data shall be deleted under observance of the statutory periods of retention, usually 6/10 years or 30 years and more with respect to different data categories such as occupational retirement provision.

Legal basis for processing

The legal basis for processing your personal data includes in particular:

  1. 6 (1) lit. a on the basis of consent given by you whereby, in principle, none is required in order to conclude a contract or proceed with an existing contract,
  2. 6 (1) lit. b to establish, execute and end a contractual relationship,
  3. 6 (1) lit. c to fulfil a legal obligation,
  4. 6 (1) lit. d to preserve a legitimate interest

Our legitimate interests in this regard include e.g. the:

  • Implementation of electronic access controls,
  • Optimization of personnel planning,
  • Safeguarding of compliance with safety regulations, requirements, industry standards and contractual obligations,
  • Establishment, exercise or defense of legal claims,
  • Avoidance of prejudice and/or liability of the company through corresponding measures.

Data collected by third parties

We use the ELSTAM procedure to collect data for payroll, provided to us by financial administration, to ensure correct settlement processes.
This affects the data for payroll accounting specified below in particular.

Types of data processed by us

The following personal data is processed:

  • Applicant data; name, date of birth, CV, nationality/work permit, etc. for selection and recruitment procedures, onboarding and offboarding management;
  • Private contact data; address, telephone number, email (for the purpose of making contact);
  • Business contact details;g. telephone number, email, place of work, job title, photo (if applicable);
  • Identification/payment details; identity card details, place of birth, civil status, tax ID number, health insurance membership, income tax bracket, allowances, denomination for church tax, account number (for the purpose of payroll accounting and for the fulfilment of social insurance, tax and statutory obligations);
  • Health data, e.g. in the context of payroll accounting, for the purpose of settling accounts with health insurance funds or professional associations or in the context of statutory obligations as an employer, such as e.g. operational integration management or fulfilment of duties in the protection of the severely handicapped or in the context of operational self-regulation, such as e.g. occupational safety or occupational investigations;
  • Time recording and access data, vacation time, working time accounts, shift plans (if applicable), closing times or access protocols, etc.;
  • Data in the context of staff screening (e.g. clearance certificate, reliability check);
  • Data for suitability and performance/behavioral monitoring; information on training and further education, data for the purpose of measuring goal attainment, e.g. for variable salary components;
  • Other data in personnel management: ownership of driving license, attachment of salary

Recipient categories

  • Banking service providers, (if applicable) service providers for calculating pension provisions
  • Service providers for settling remuneration (tax consultants), auditors
  • Sickness insurance organizations, social insurance agencies, accident insurance institutions, other insurance companies
  • Authorities such as e.g. financial authorities, social security funds, employment agencies, (if applicable) security, health and other authorities
  • Company medical services
  • Legally affiliated companies (group companies) with joint controllership:
    the important contents of task regulation in relation to the rights of those affected can be requested at the address below,
    pursuant to Art. 26(3) of the GDPR, however, these rights can be claimed by affected parties in all companies involved.
  • Business partners and customers (business contact details)

We do not use the personal data provided by you to make automated decisions relevant to you.