Data Privacy Information for Employees of Agrobs GmbH
In accordance with Articles 13, 14, 21 of the General Data Protection Regulation (GDPR)
This document provides you with information on how we process your personal data and what rights you have.
1. Who is responsible for data processing?
Agrobs GmbH
represented by
Florian Berger, Simon Berger in Angerbreite 27, 82541 Degerndorf, Germany
email: info@agrobs.de
Tel: +49 (0) 8171-9084-0
Our data protection officer can be reached at the address provided in the Legal Notice or by
email: datenschutz@agrobs.de
2. Purposes and legal basis for processing
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (FDPA) and all other relevant laws (BetrVG, ArbZG, etc.).
First and foremost, data processing serves in the establishment, execution and termination of the employment relationship. Its primary legal basis is Article 6 (1) (b) GDPR in connection with Section 26 (1) FDPA. In addition, your separate consent may be used as a data protection permission requirement in accordance with Article 6 (1) (a, 7) GDPR in connection with Section 26 (2) FDPA.
We also process your data to be able to fulfil our legal obligations as employer, particularly in the area of tax law and social insurance law. This is carried out on the basis of Article 6 (1) (c) GDPR in connection with Section 26 FDPA.
Where necessary, we also process your data on the basis of Article 6 (1) (f) GDPR in order to protect legitimate interests of us or of third parties (e.g. authorities). This applies in particular to the investigation of criminal offences (legal basis Section 26 (1) p. 2 FDPA), internal communication or other administrative purposes.
Insofar as special categories of personal data are processed pursuant to Article 9 (1) GDPR, this serves the exercise of rights or the fulfilment of legal obligations arising from labour law, social security law and social protection law within the framework of the employment relationship (e.g. the submission of health information to the health insurance provider, recording of severe disability to grant additional leave and determination of equalisation levy). This is carried out on the basis of Article 9 (2) (b) GDPR in connection with Section 26 (3) FDPA. In addition, the processing of health information may be necessary for the assessment of your ability to work in accordance with Article 9 (2) (h) in connection with Section 22 (1) (b) FDPA.
Furthermore, the processing of special categories of personal data may be based on consent according to Article 9 (2) (a) GDPR in connection with Section 26 (2) FDPA (e.g. occupational health management).
If we want to process your personal data for a purpose not mentioned above, we will inform you in advance.
2.1 Consent (Article 6 (1) (a) GDPR)
If you have given us your express consent for the processing of your data in certain cases, that consent is the legal basis for the processing referred to therein. You may withdraw consent at any time with future effect.
2.2 Execution of pre-contractual measures and fulfilment of contractual obligations (Article 6 (1) (b) GDPR)
We process your personal data for the execution of our contracts with you.
2.3 Fulfilment of legal obligations (Article 6 (1) (c) GDPR)
We process your personal data insofar as this is legally necessary for the fulfilment of retention obligations under commercial and tax law or otherwise on the basis of legal norms. (e.g. in accordance with the German Money Laundering Act).
2.4 Safeguarding the legitimate interests of us or of a third party (Article 6 (1) (f) GDPR)
We may also process your personal data on the basis of a weighing of interests for the safeguarding of legitimate interests of us or of a third party. This is carried out for the following purposes:
- Measures for personnel development planning
- Measures for organisational changes
- Assertion of legal claims and defence in legal disputes
- Assurance of IT security and IT operations in the company
- Prevention and investigation of criminal offences or serious breaches of duty (see also Section 26 (1) FDPA)
- Video surveillance to safeguard building security, to collect evidence in the event of robberies and fraud offences e.g. in branches (see also Section 4 FDPA)
- Measures for building and plant security (e.g. access control) - Measures for building security.
3. Categories of personal data which are processed by us and whence these come
Categories of processed personal data include in particular your master data (such as first name, last name, name suffix, nationality and personnel number), contact data (such as home address, (mobile) telephone number, email address), information regarding your qualifications, log data from the use of IT systems and other data from the employment relationship (e.g. time tracking data, periods of leave, periods of incapacity to work, skill data, criminal record if applicable, social data, bank details, social insurance number, pension insurance number, salary information and tax identification number). This may also include special categories of personal data such as health data.
This may also include data from the area of work safety, operational integration management and data on breaches of duty under the employment contract that have been subject to disciplinary action ("warnings").
In addition it may include information on your work performance and its evaluation, which is necessary for preparing assessments, for example.
If you use an occupational pension insurance offered by us, data from this area is also processed and passed on to the insurer if necessary.
Independent of this, there may always be constellations in which we process your personal data which, or the purpose of which, are not included here. In this case we shall then provide separate information on data privacy for you insofar as this is legally necessary, related to the respective occasion.
Your personal data is generally collected from you directly, as part of the hiring process or during the employment relationship. In certain constellations, due to legal provisions, your data is collected from other places as well. This includes specific queries for tax-relevant information from the competent tax office and information on periods of incapacity to work from the relevant health insurance provider. In addition we may also receive data from third parties (such as employment agencies).
4. Who receives your data?
Within the company, transmission of your personal data comes into consideration if, for example, a test for suitability and qualification is necessary.in connection with a job change. Or if you are or will be assigned a different or additional task in the company.
Furthermore, transfer to a works council representative may be made in connection with corporate co-determination.
In addition, we use the services of a tax advisor/payroll office to fulfil our contractual and legal obligations. More information can be obtained in the personnel office or from management. Personal data relevant for accounting is therefore also transferred there, processed and stored to the extent permitted by law.
Furthermore, we may transfer your personal data to other recipients outside of the company insofar as this is necessary for the fulfilment of our contractual and legal obligations as employer. These may include:
- Authorities (e.g. pension insurance institutions, professional pension institutions, social insurance institutions, tax authorities, courts of law)
- The employee’s bank (SEPA payment medium)
- Health insurance collection points
- Bodies in order to guarantee entitlements from the occupational pension scheme
- Bodies in order to pay out capital-accumulating benefits
- Third-party debtors in the case of wage and salary garnishments
- Insolvency administrators in the event of private insolvency
- Service providers that we use as part of order processing relationships (e.g. IT service providers, data destruction, printing services, etc.)
5. Place of data processing
The data is generally processed on dedicated IT systems on our premises. These IT systems can only be accessed by the administrators, HR department staff, and company management.
If employee data is processed by service providers, we ensure that this is carried out in accordance with legal data protection provisions. No employee data is processed outside of the European Union.
6. Transfer of your data to a recipient in a third country or to an international organisation
If we transfer personal data to service providers outside the European Economic Area (EEA), transfer is carried out only insofar as the third country has been confirmed by the EU Commission as having an adequate level of data protection or other adequate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) in place, unless a legal exception to the adherence of the data protection level exists (Article 49 GDPR), in particular your express consent under data protection law.
7. How long do we store your data?
Personal employee data is generally stored for the duration of the employment relationship. Special provisions may apply in individual areas. For example, warnings may be stored for shorter periods in employee files.
Any existing statutory retention obligations shall be taken into account by us. For example, there are legal retention obligations for payroll tax data, data concerning overtime and other area-specific rules stipulated in the German Commercial Code, the German Fiscal Code, and elsewhere. The storage periods are then up to ten years.
If no legal retention obligations exist, personal data may be deleted if its further processing is no longer necessary for the execution or termination of the employment relationship.
After termination of the employment relationship, data is stored until the expiry of any claims for damages by either party. A longer storage may be considered if this is also in your interest or if you have given your consent.
If you do not wish, for example, that we continue to store your personal data after the expiry of legal retention obligations, then please inform us of this when you leave our company. Please note that we will then no longer be able to assist you with documenting social security periods for the pension insurance at a later date.
At the end of a year we will generally check whether and to what extent employee data may be deleted due to a discontinuation of necessity.
Furthermore, it may happen that personal data is retained for the time in which claims against us can be made (legal statute of limitations from three to thirty years).
8. To what extent does automated individual decision-making occur (including profiling)?
We use no purely automated decision-making processes in accordance with Article 22 GDPR. If we use these processes in individual cases, we shall inform you of this separately.
9. Scope of your obligations to provide us with your data
As part of your employment, you must provide that personal data which is necessary for the establishment, execution and termination of the employment relationship and the fulfilment of the associated contractual obligations, or which we are legally obligated to collect. Without this data we will not be able to conclude an employment contract with you. Your failure to provide certain personal data may result in disadvantages such as lack of work aids for persons with disabilities, additional long-term care insurance contribution for childless persons.
10. Data subject rights
At the address provided above and under certain preconditions
- you may request information on your personal data that we have processed in accordance with Article 15 GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients where your data was or is disclosed, the planned storage duration, the existence of a right of rectification, deletion, and restriction of processing or objection, the existence of a right to appeal, the origin of your data, insofar as these were not collected by us, and on the existence of an automated decision-making process including profiling and, if applicable, meaningful information on their details.
- in accordance with Article 16 GDPR, to request the immediate rectification and completion of incorrect or incomplete personal data stored by us;
- in accordance with Article 17 GDPR, to request the deletion of your personal data stored by us, insofar as the processing is necessary for exercising the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- in accordance with Article 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you decline its deletion and we no longer require the data, you however require this for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Article 21 GDPR;
- in accordance with Article 20, to request the receipt of your personal data, which you have provided us, in structured, commonly-used and machine-readable format and to transmit this data to another data controller;
- In accordance with Article 7 (3) GDPR, to withdraw your consent at any time. The consequence of this is that we may no longer continue the data processing based on this consent for the future.
If you wish to assert one of these rights, please contact us or our data protection officer.
Information on your right to object in accordance with Article 21 GDPR
You have the right to object to the processing of your personal data which is carried out on the basis of Article 6 (1) (f) GDPR (data processing for the safeguarding of legitimate interests) or Article 6 (1) (e) GDPR (data processing carried out in the public interest).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves for the assertion, exercise or defence of legal claims.
Information on your right to withdraw in accordance with Article 7 (3) GDPR
Insofar as we carry out the processing of your personal data for certain purposes based on your consent, in accordance with Article 7 (3) GDPR you have the right to withdraw your consent at any time. After receipt of your withdrawal we will stop the processing of your data for the purposes for which you gave us your consent. The lawfulness of the processing prior to receipt of your revocation remains unaffected.
Please note that the withdrawal shall take effect for the future. Processing carried out before the withdrawal shall remain unaffected.
Objection to processing for direct marketing purposes
In the case of data processing for direct marketing, you have the right to object to the processing of your personal data for the purpose of such marketing at any time, as well as for profiling, insofar as it is connected to said direct marketing.
If you object to the processing for direct marketing, your personal data will no longer be processed for these purposes.
Objection can be made without formalities and should be sent to:
datenschutz@agrobs.de
11. Your right to appeal to the competent supervisory authority
You are entitled to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data infringes the GDPR (Article 77 GDPR). The competent supervisory authority for us is:
The Bavarian State Office for Data Protection, Promenade 18, 91522 Ansbach. Tel: +49 (0) 981 180093-0, email: poststelle@lda.bayern.de
As of August 2023