Open today,
10 am to 6 pm
Open today, 10 am to 6 pm

Data protection for employees

Information about the processing of your personal data in the employment relationship

Transparency and trustworthy handling of your personal data is an important basis for good cooperation. We therefore inform you about how we process your data and how you can exercise the rights to which you are entitled under the General Data Protection Regulation. The following information provides you with an overview of the collection and processing of your personal data in connection with your work in our company. The information may vary depending on the job position.

1. Who is responsible for data processing?

Person responsible is:

Bahnprojekt Stuttgart-Ulm e.V.
Bernhard Bauer (Chairman of the Association)
Am Schlossgarten 26/1, 70173 Stuttgart
Tel (0711) 184 217 - 0
Email: hallo@its-projekt.de

2. How can you contact the data protection officer?

You can reach our data protection officer at:

Bahnprojekt Stuttgart-Ulm e.V.
Data Protection Officer
Am Schlossgarten 26/1, 70173 Stuttgart
Email: datenschutz@its-projekt.de

3. Which of your personal data do we use?

We process your personal data insofar as this is necessary for the performance and termination of the employment relationship.

Data for general personnel matters:
Name, address, date and place of birth, nationality, religious affiliation, health insurance, marital status, salary, driver's license check, travel data (travel bookings and invoices), business contact details, function and position in the company

Data on your working hours:
Time sheets, absences, days absent, vacation days

Data about your health
Severely disabled status, certificate of incapacity for work, information from the BEM procedure, aptitude tests (suitable, not suitable, conditionally/restrictedly suitable)

Data on your qualification:
Curriculum vitae, references, certificates, further training, proof of training participation, performance appraisals

Data when using Internet and communication technology systems:
Passwords (encrypted), logins, log data, billing and connection data when using a company cell phone
Other data, photos, video recordings, access data

This is data that may arise regularly during your work in our company. The data concerned may vary depending on your personal situation and your area of work.

4. What are the sources of the data?

We process personal data that we receive from you as part of the application process, when you are hired and during your employment.

5. for what purposes do we process your data and on what legal basis?

We process your personal data in particular in compliance with the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG) as well as all other applicable laws.

5.1 Data processing for the purposes of the employment relationship (Section 26 (1) sentence 1 BDSG in conjunction with Art 88 GDPR)
Personal data of employees may be processed if this is necessary for the performance and termination of the employment relationship.

We process your data for the following purposes:

  • Organization of business processes, personnel planning
  • Payroll accounting
  • Working time recording
  • Further training and promotion
  • Occupational safety and compliance with the employer's duty of care
  • Regular assessments of suitability, aptitude and professional performance
  • Settlement of the employment relationship
  • Detection of criminal offenses in the employment relationship in the event of concrete suspicion (Section 26 (1) sentence 2 BDSG in conjunction with Art 88 GDPR)

5.2 Data processing on the basis of your consent (Art. 6 para. 1 lit. a GDPR, Section 26 para. 2 BDSG)
If you have given us your voluntary consent to the collection, processing or transmission of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases, we process your personal data on the basis of your consent:

  • Image material (photos and video) for the intranet, company newspaper and advertising material
  • Private Internet and e-mail use
  • Implementation of a BEM procedure

5.3 For the fulfillment of legal obligations (Art.6 para.1 c GDPR) or in the public interest (Art.6 para.1 e GDPR)
As a company, we are subject to various legal obligations. The processing of personal data may be necessary to fulfill these obligations.

  • To comply with statutory retention periods, in particular according to AO and HGB
  • To comply with the employer's reporting obligations (e.g. § 2, 3 NachwG)

5.4 On the basis of the legitimate interest of the controller (Art. 6 para. 1 lit. f GDPR)
In certain cases, we process your data to protect a legitimate interest of us or a third party:

  • Group-wide directory of contact data
  • As part of access control to safeguard domiciliary rights and building security
  • Ensuring IT security
  • Carrying out company medical fitness examinations
  • Data comparison with EU anti-terror lists in accordance with Regulations (EC) No. 2580/2001 and 881/2002 for the purpose of combating terrorism and/or as part of AEO certification (Authorized Economic Operator). As a company, we are obliged by EU law to cooperate in the fight against terrorism. No funds may be made available to persons and organizations on the terror lists (prohibition on making funds available). For the AEO certificate as an „Authorized Economic Operator“, we are also obliged to carry out a comparison.

6. Who will your data be passed on to?

Your data is mainly processed by our HR department and the department responsible for the respective processing purpose. In some cases, however, other internal and external departments are also involved in the processing of your data.

Internal positions:

  • Human Resources
  • Financial accounting
  • Head of department
  • IT

External service providers:

  • IT service providers (e.g. maintenance service providers, hosting service providers)
  • Service provider for payroll accounting
  • Service provider for file and data destruction
  • Consulting company
  • Telecommunications service provider

Public bodies and authorities:

  • Tax authorities
  • Social insurance carrier
  • Health insurance companies
  • Chamber of Crafts
  • Federal Employment Agency
  • Integration Office
  • Investigating authorities

7. Is your data transferred to countries outside the European Union (so-called third countries)?

A transfer to a third country is not intended.

8. How long will your data be stored?

If necessary, your data will be stored for the duration of the employment relationship. Data for which the specific purpose of processing no longer applies will be deleted by us or anonymized for statistical evaluations. We only store personal data on working hours and absences for as long as this is relevant for the purposes of payroll accounting or a BEM procedure. After that, we only store the data anonymously for statistical purposes. If storage of the data is no longer necessary for the fulfillment of contractual or legal obligations, your data will be deleted unless further processing is necessary for the following purposes:

  • Fulfillment of retention obligations under commercial and tax law. These include retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods are up to 10 years.
  • Preservation of evidence within the scope of the statutory statute of limitations.
  • According to the statute of limitations provisions of the German Civil Code (BGB), these limitation periods can be up to 30 years in some cases; the regular limitation period is three years.

9. What rights do you have in connection with the processing of your data?

Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply.

9.1 Right of objection
What right do you have in case of data processing based on your legitimate or public interest?

In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 e GDPR (data processing in the public interest) or on Article 6 para. 1 letter f GDPR (data processing to safeguard a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

9.2 Revocation of consent
You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future.

9.3 Right to information
You can request information about whether we have stored personal data about you. If you wish, we will tell you what data is involved, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have in relation to this data.

9.4 Further rights
In addition, you have the right to correct incorrect data or to have your data deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict the processing. You may also request that we provide any personal data you have provided to us in a structured, commonly used and machine-readable format either to you or to a person or company of your choice.

In addition, there is a right of appeal to the competent data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG).

9.5 Exercising your rights
To exercise your rights, you can contact the controller or the data protection officer using the contact details provided. We will process your requests promptly and in accordance with the legal requirements and inform you of the measures we have taken.

10. Is there an obligation to provide your personal data?

In order to enter into an employment relationship, you must provide us with the personal data that is necessary for the performance of the employment relationship or that we are required to collect by law. If you do not provide us with this data, it will not be possible for us to carry out the employment relationship.

11. Changes to this information

If there is a significant change in the purpose or manner of processing your personal data, we will update this information in a timely manner and provide timely notice of the changes.