For your convenience, we have provided a translation of this page. This translation is for informational purposes only, and the definitive version of this page is the German version.

Privacy Policy

We take the protection of your personal data very seriously. We always treat your personal data confidentially and in accordance with the statutory data protection regulations. Therefore, we would like to inform you here why we collect, use and process certain data from you and what rights you are entitled to.

Who is responsible for data processing and whom can I contact?

The responsible party is:

Martin Melzer
Tracking3.io
Schimmelstr. 17
06108 Halle (Saale), Germany
martin.melzer@tracking3.io

Data protection information for employees

  1. What sources and data do we use?

    1. We process personal data that we have received from you insofar as this is necessary for the purposes of recruitment, fulfilment of the employment contract and termination of the employment relationship. In addition, we process personal data of our employees and other comparably affected persons that regularly arise in the context of the employment relationship.

    2. The personal data we process include:

      • personal data (e.g. name and address and contact details and date and place of birth and nationality)
      • family data (e.g. marital status and details of children)
      • religious affiliation
      • health data (e.g. notifications of incapacity to work and others, if relevant to the employment relationship, e.g. in the case of severe disability)
      • Tax identification number
      • Information on qualifications and employee development (e.g. education, work experience, language skills and further training)
      • Information on the employment relationship (e.g. date of entry and job title)
      • data relevant to payroll tax from the fulfilment of contractual obligations (e.g. salary payment)
      • information on the financial situation of employees (e.g. credit liabilities and salary garnishments, if applicable)
      • Social security data
      • Data on retirement benefits or pension funds
      • Working time data (e.g. working time records and holiday and sickness and data related to business trips)
      • Entry data
      • Authorisation data (e.g. equipment access and authority access rights)
      • Image and sound data (e.g. badge photo and video and telephone recordings)
      • Employee evaluation data
      • log data of IT-based systems, if applicable
      • as well as other data comparable with the above categories.
  2. What do we process your data for (purpose of processing) and on what legal basis?

    1. We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):

    2. To fulfil contractual obligations (Section 26 BDSG).

      1. Data is processed for the purpose of establishing, implementing or terminating the employment relationship within the framework of the contract existing with you or for the purpose of implementing pre-contractual measures that are carried out upon request. If you make use of additional benefits (e.g. childcare subsidy, pension scheme), your data will be processed to fulfil these additional benefits, insofar as this is necessary.

    3. Within the framework of the balancing of interests (Art. 6 para. 1 f GDPR)

      1. Where necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us or third parties. Examples of such cases are:

        • Measures for personnel development planning
        • Measures for the protection of employees and customers as well as for the protection of the company's property
        • Video surveillance to protect the right of access to the premises and to detect criminal offences
        • Evaluation of work procedures for work control and improvement of processes (e.g. evaluations of the number of work records or processing time of services for customers)
        • Publication of official contact data on the intranet and internal telephone directory and on the website
        • Records of staff appraisals (e.g. documentation of set targets and achievement of targets).
    4. Based on your consent (Art. 6 para. 1 a GDPR in conjunction with Art. 88 GDPR and § 26 para. 2 BDSG)

      1. If you have given us consent to process your personal data, processing will only take place in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to 25 May 2018. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.

      2. This concerns:

        • Use and, if applicable, publication of employee pictures, e.g. on the website

    5. Due to legal requirements (Art. 6 para. 1 c GDPR as well as Art. 88 GDPR and § 26 BDSG).

      1. As a company, we are subject to various legal obligations, i.e. legal requirements (e.g. social security law, occupational health and safety, professional code of conduct for lawyers, tax laws, if applicable) as well as supervisory requirements (e.g. of the bar associations). The purposes of the processing include, among others, identity verification, the fulfilment of social security and tax law control, reporting or documentation obligations as well as the management of risks in the company.tion.

      2. Insofar as special categories of personal data are processed pursuant to Art. 9 (1) GDPR, this serves the exercise of rights or the fulfilment of legal obligations from labour law, social security law and social protection within the framework of the employment relationship (e.g. disclosure of health data to the health insurance fund, recording of severe disability due to additional leave and determination of the severe disability levy). This is done on the basis of Art. 9 para. 2 b GDPR in conjunction with. § Section 26 (3) BDSG. In addition, the processing of health data for the assessment of their ability to work pursuant to Art. 9 para. 2 h in conjunction with. § Section 22 (1) b BDSG. In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 para. 2 a GDPR in conjunction with. § Section 26 para. 2 BDSG new (e.g. operational integration management).

  3. Who receives my data?

    1. Within the company, access to your data is granted to those offices that need it to fulfil contractual, legal and supervisory obligations as well as to safeguard legitimate interests, e.g. the HR department, representatives of the severely disabled.

    2. Service providers and vicarious agents employed by us may also receive data for these purposes, insofar as they require the data to perform their respective services. These are, for example, companies in the categories of training providers and IT services. All service providers are contractually obliged to treat your data confidentially.

    3. With regard to the transfer of data to recipients outside our company, it should first be noted that as an employer we only pass on necessary personal data in compliance with the applicable data protection regulations. As a matter of principle, we may only disclose information about our employees if this is required by law, if you have consented to it or if we are otherwise authorised to disclose it.

    4. Under these conditions, recipients of personal data may be e.g:

      • Social security institutions
      • Health insurance companies
      • pension funds
      • Tax authorities
      • Employer's liability insurance associations
      • Public bodies and institutions (e.g. tax authorities and law enforcement agencies) if there is a legal or official obligation to do so
      • other companies for the processing of salary payments or comparable institutions to which we transmit personal data for the purpose of implementing the contractual relationship (e.g. for salary payments)
      • Auditors and payroll tax auditors
      • service providers within the framework of order processing relationships
    5. Other data recipients may be those bodies for which you have given us your consent to transfer data or to which we are authorised to transfer personal data on the basis of a balancing of interests.

  4. Is data transferred to a third country or to an international organization?

    1. As a rule, data is not transferred to countries outside the European Economic Area (so-called third countries). Nevertheless, data may be transferred to third countries in individual cases, insofar as:

      • it is required by law,
      • you have given us your consent or
      • this is legitimised by the legitimate interest under data protection law and no higher interests of the data subject worthy of protection conflict with this.
    2. Beyond that, we do not transfer personal data to entities in third countries or international organisations.

    3. However, we use service providers for certain tasks, most of which also use service providers that may have their registered office, parent company or data centres in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). If the Commission has not made such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards are in place (e.g. standard data protection clauses adopted by the EU Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available.

    4. We have concluded appropriate contracts with our service providers and have also contractually agreed that data protection guarantees must always be in place with their contractual partners as well, in compliance with the European level of data protection.

  5. How long will my data be stored?

    1. We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that the employment relationship is a continuing obligation that is intended to last for a longer period of time.

    2. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is necessary for the following purposes:

      • Fulfilment of legal obligations to retain data, which may result, for example, from: Social Security Code (SGB IV), Commercial Code (HGB) and Fiscal Code (AO). The periods specified there for storage or documentation are generally six to ten years.
      • Preservation of evidence within the framework of the statutory limitation provisions. According to §§ 195 ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
    3. If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply here. The same applies to data processing based on consent given. As soon as this consent is revoked by you for the future, the personal data will be deleted, unless one of the exceptions mentioned applies. If the data is stored on the basis of a company agreement, the storage period is regulated there.

  6. What data protection rights do I have?

    1. Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

    2. You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only takes effect in the future. Processing that took place before the revocation is not affected.

  7. Is there an obligation to provide data?

    1. Within the scope of the employment relationship, you must provide those personal data that are necessary for the establishment, implementation and termination of an employment relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to enter into or perform the contract with you.

  8. To what extent is there automated decision-making?

    We do not use automated decision-making pursuant to Article 22 of the GDPR for the establishment, implementation and termination of the working relationship. Should we use these procedures in individual cases, we will inform you separately about this and about your rights in this regard, insofar as this is required by law.

  9. Does profiling take place?

    We do not process your data with the aim of automatically assessing certain personal aspects.

  10. Information about your right to object according to Article 21 GDPR

    1. Individual right of objection.

      1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

    2. Recipients of an objection

      1. The objection can be made informally with the subject "Objection", stating your name, address and date of birth, and should be addressed to the contact details mentioned under point 1 or directly to your HR manager.

  11. Changes to this privacy policy

    We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

© 2023 Martin Melzer, All rights reserved.