PRIVACY POLICY FOR EMPLOYEES AT CISPA ACCORDING TO ART. 13 GDPR
This privacy policy informs you about the processing of your personal data (hereinafter: data) as an employee at CISPA.
We are required by law to provide you with this information. Data protection and the handling of personal data is very important to us, so we always ensure that your personal data is processed properly. If you have any questions about your employee data and how it is processed, the Corporate Data Protection & Information Security Department and our Data Protection Officer are at your disposal. The data protection officer is not subject to any instructions, is independent in his position and is legally obliged to maintain secrecy and confidentiality (Article 38 GDPR, § 38 BDSG), so that you can contact him in confidence.
Responsible for data processing within the meaning of the GDPR and other data protection regulations is:
CISPA – Helmholtz-Zentrum für Informationssicherheit gGmbH
Stuhlsatzenhaus 5
66123 Saarbrücken
Germany
Tel.: +49 681 87083 1001
Fax: +49 681 87083 8801
E-Mail: info@cispa.de
Management:
CISPA is represented by the managing directors Prof. Dr. Dr. h. c. Michael Backes and Dr. Kevin Streit.
Data Protection Officer:
You can reach our data protection officer at: dsb@cispa.de
If you have any questions about data protection, you can also contact our corporate data protection & information security department: datenschutz@cispa.de
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), insofar as this is necessary for the employment relationship. The legal basis for this is Article 88 GDPR and, if applicable, Article 6 para. 1 lit. b GDPR for the initiation and implementation of a contractual relationship, the employment contract.
In addition, we process personal data if this is necessary for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR) or for the defence and assertion of legal claims arising from the employment relationship. The legal basis for this is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies, for example, in a possible obligation to provide evidence in the context of legal proceedings.
For certain data processing, we require your express consent within the meaning of Art. 6 para. 1 lit. a GDPR (e.g. use of images and personal data that are not required for the employment relationship). For this purpose, you can voluntarily sign corresponding declarations of consent. Consent given can be revoked at any time with effect for the future. In accordance with Article 88 of the GDPR, we may further process the personal data you have already provided as part of an application procedure for the purposes of the employment relationship, insofar as this is necessary for the commencement, implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representative body resulting from a law or a collective agreement, a works or service agreement (collective agreement).
Special legal bases are:
We process the following personal data from you for the above purposes:
The data we process about you will be erased as soon as you have revoked your consent, objected to the processing, it is no longer required for the performance of the employment relationship or the employment relationship has been terminated and there are no statutory retention periods to the contrary.
The following statutory retention periods may influence the storage period of the data:
We will only pass on your personal data if this is necessary and there is a legal basis for doing so. We generally pass on your data to the following recipients:
Transfer outside the EU or EEA:
In principle, we do not intend to transfer your personal data to a third country. Should a transfer nevertheless take place – for example due to the use of certain software solutions - we will inform you about the processing of your personal data.
You have the following rights with regard to the processing of your data by CISPA:
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f of the GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 of the GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which is implemented by us without specifying a particular situation.
If you would like to exercise your data protection rights, you can do so by e-mail at datenschutz@cispa.de or directly to our data protection officer at dsb@cispa.de.
This privacy policy is currently valid and has the status June 2023.
Due to changes in legal or regulatory requirements, it may become necessary to amend this data protection declaration. We will inform you of any fundamental changes. The current data protection declaration can be called up and printed out at any time.