Business cards
Description and scope
We collect your business card data in order to offer you our services.
Legal basis
Consent, Art. 6(1) sentence 1 lit. a) EU‑GDPR and legitimate interest, Art. 6(1) sentence 1 lit. f) EU‑GDPR.
Purpose
To contact you for advertising and marketing, to let you know which exhibition we will be attending next and to invoice you. This also constitutes our legitimate interest. Consent is given by providing your business card.
Storage duration
We store your data for as long as you have a business relationship with us.
Objection and removal options
You may object to the processing of your personal data in the context of contacting us at any time with effect for the future. In this case, however, we will no longer be able to process your enquiry. All personal data stored in the course of contacting us will be deleted unless statutory retention periods prevent deletion. Your personal data will then be blocked until the end of the statutory retention periods.
Employees and applicants
For the purposes of this privacy policy, the term “Employee” includes those who work on a permanent and non‑permanent basis, including temporary and contract workers, independent contractors, consultants, professional advisors, trainers, work experience/placement students and secondees.
(1) What types of personal data do we use?
When you apply for employment with our company or are an Employee of our company, we may collect, store, and use the following categories of personal data about you in connection with your (prospective) employment with us:
- personal contact details such as name, title, addresses, telephone numbers, and personal e‑mail addresses;
- date and place of birth;
- gender;
- information about your marital status, name, gender and date of birth of spouse and dependents (the “Family”);
- health insurance information about you and your Family;
- next of kin and emergency contact information;
- national tax and insurance number;
- bank account details, payroll records and tax status information;
- salary, annual leave, pension and benefits information;
- start date and location of employment/workplace;
- copy of licenses required in connection with your work such as driving license;
- copy of passport or other ID;
- recruitment information (including copies of right to work and VISA documentation, references and other information included in a CV or cover letter or as part of the application process);
- employment records (including job titles, work history, working hours, qualifications, training records and professional memberships);
- details of your existing and previous salary and fringe benefits;
- performance information (e.g., evaluation by supervisor as well as own assessment as part of the performance management process and/or performance review, employee development measures);
- disciplinary and grievance information;
- video surveillance footage and other information obtained through electronic means;
- data from the performance of employment, including work time, IT application and data usage (such as system and device passwords), system and device logs, and electronic content generated by you using our systems and devices (e‑mails, documents, etc.), business trip information, customer relationship management and sales information (such as customer contacts, visit reports);
- photographs;
- employee number;
- absence records;
- health and safety records; and
- other documents arising during the course of employment including accident records and signed company rules and procedures.
We may also collect, store and use the following “special categories” of more sensitive personal data:
- information about your health, including any medical condition, health and sickness records;
- biometric data;
- information about criminal convictions and offences.
(3) For what purposes do we process your personal data?
We will process your personal data for the following purposes:
- Personnel planning and personnel management such as recruitment, transfer and promotion, accounting and payment of your remuneration and compensation, organization of your business trips and reimbursement of your business trip expenses as well as other company‑related expenses, management of your sick leave and vacation, management of employee contributions and social security contributions, implementation of employment contracts (such as time recording, measurement, evaluation and remuneration of work performance), company care and prevention management, organization and implementation of employee events;
- Occupational health and safety such as contacting your family in emergencies, inspecting workplaces or work sites for occupational health and safety to meet health requirements;
- General business management such as quality and regulatory management, financial management including compliance with capital market requirements, risk and claims management, company car management, conducting internal audits and investigations and press relations;
- Provision of credit cards for processing company‑related payments;
- Management of the work equipment provided to you (telephone, computer, mobile phones, other IT equipment); maintenance of internal contact directories; management of access authorisations to systems and applications and authentication (e.g., when entering a building or parking garage using an access card); administration of user accounts and assignment of authorisations;
- Conduct of employee surveys;
- Video surveillance for the purpose of controlling access to office buildings;
- IT security (including logging of IT usage and defence against cyber‑attacks).
(4) For which legal bases do we process your personal data?
If you are a job applicant: If you send us an application, we will generally only consider your personal data for the post you applied for. We may also gather additional information about you from publicly available sources, former employers and instructors. Legal basis: Article 6(1)(b) EU‑GDPR. If the application process does not result in employment, we delete your data six months after the end of the process. For unsolicited applications or further consideration, we rely on your consent (Article 6(1)(a) EU‑GDPR) and delete within six months after receipt, but not before all related processes have ended and an additional six‑month period has lapsed.
If you are our Employee: We process your data based on (i) our overriding legitimate interest (Article 6(1)(f) EU‑GDPR), (ii) performance of a contract or steps prior thereto (Article 6(1)(b) EU‑GDPR), or (iii) compliance with legal obligations (Article 6(1)(c) EU‑GDPR). For sensitive data, processing is to comply with obligations under social or employment law (Article 9(2)(b) EU‑GDPR). In specific cases we may request your consent (Article 6(1)(a) and Article 7 EU‑GDPR). We hold your personal data for the duration of your employment and, to meet legal obligations, usually for at least 10 years after its end.
(5) How do we share your personal data?
If you are a job applicant, we do not share your data with other affiliated companies unless you submitted an unsolicited application or you have provided consent; in such cases sharing follows Section 4 above.
If you are an Employee, we may share your personal data internally with legal, HR, payroll, your line manager, managers in your business area, directors and IT staff where access is necessary to perform their roles.
We also share your personal data with third parties for certain purposes, including:
- Providers of public benefits, such as health insurance funds and social security institutions;
- Our legal advisors, law enforcement authorities and, where applicable, injured third parties, if necessary to clarify or prosecute illegal or abusive incidents and only where there are specific indications;
- Public authorities to which we are obliged to provide information, such as law enforcement, authorities that prosecute administrative offences subject to fines, and tax authorities;
- Contractually affiliated third‑party companies and external service providers (e.g., logistics companies, IT service providers, consultants, insurers, HR service providers, training institutes, travel agencies, credit card companies and financial institutions). These providers are carefully selected and regularly reviewed.
As our business evolves, corporate restructurings may require transfers of relevant employee information to the part of the company being transferred. Any transfer is carried out in accordance with this privacy policy and applicable data protection laws.
Personal data you provide may be transferred to countries outside the European Economic Area (EEA). Where data is shared externally, we implement appropriate safeguards so your rights remain protected under the EU‑GDPR. For processors, we establish the proper legal framework (Articles 26, 28, 29 EU‑GDPR). For transfers to non‑EEA entities without an adequacy decision (Article 45), we use appropriate safeguards, notably the Standard Contractual Clauses approved by Commission Implementing Decision (EU) 2021/914 (Articles 44 and 46(2)(c) EU‑GDPR).
