Data protection declaration
Data protection declaration for customers and suppliers
Data protection declaration for employees
Data protection declaration for applicants
Data protection declaration for customers and suppliers
according to Article 13 GDPR
| Responsible body: |
Welba GmbH
Gewerbepark Siebenmorgen 6
53547 Breitscheid |
| Data protection officer: |
Reinhold Goetz
Certified Data Protection Officer and Auditor TÜV
02235 - 99 47 99 7
rgoetz@wimas.de |
1. Purpose of data collection, processing or use
The main purpose is the collection, processing and use of data on behalf of fulfilling customer orders. A secondary purpose is supplier support and prospective customer support. Specifically, this includes: customer management and acquisition, appointment management, contract processing, service processing, invoicing, purchasing goods and payment transactions.
2. Legal basis for processing
The legal basis for the processing of our customers' personal data is Article 6 paragraph 1 letter b) GDPR, according to which processing is permitted to fulfill a contract with the data subject.
3. Recipients or categories of recipients to whom the data is disclosed
As a general rule, we do not pass on our customers' personal data to third parties unless disclosure is absolutely necessary due to legal regulations or to fulfill the order. In this case, those affected will be informed of this unless they are already aware of it.
4. Data transfer to third countries
There are no plans to transfer the data to countries outside the EU or EEA (third countries).
5. Storage period for personal data
In principle, we delete the data if the purpose for which the data was collected no longer applies, e.g. when a contractual relationship ends, provided that there are no statutory retention periods that prevent deletion. If deletion is not possible, e.g. data stored in an electronic archive system, will be blocked for further processing.
The storage period or deletion periods for customer data depends on the type of data. We keep a precise list of the data categories and types of data we process in an electronic directory of processing activities in accordance with Article 30 GDPR, which we are happy to make available to those affected on request.
We do not delete data that we need to assert, exercise or defend legal claims in accordance with Article 17 paragraph 3 letter e) GDPR.
6. Right to information, correction, deletion and restriction of processing
You have the right to receive information about your personal data stored by us at any time. You also have the right to correction, blocking or, apart from the mandatory data storage for business transactions, deletion of your personal data, provided that there is no legal obligation to retain it. If such an obligation exists, we will block your data on request.
7. Consents
You can make changes or revoke your consent by notifying us accordingly with effect for the future.
8. Provision of personal data
In order to fulfill the order, the client or the person concerned is obliged to provide personal data to the extent that is necessary for the order to be fulfilled. It is the client's responsibility to only provide the contractor or the responsible body with the data that is necessary for the contract to be fulfilled (minimum principle).
9. Right to complain to the supervisory authority
You have the right to contact the data protection supervisory authority and obtain information about your rights under the Federal Data Protection Act (BDSG) and other data protection regulations, including the General Data Protection Regulation (GDPR). In addition, the supervisory authority is the contact point for complaints regarding the processing of personal data.
Responsible supervisory authority for Rhineland-Palatinate:
LDI Landesbetrieb Daten und Information
Valenciaplatz 6
55118 Mainz
06131 605-0
poststelle@ldi.rlp.de
Data protection declaration for employees
according to Article 13 GDPR
| Responsible body: |
Welba GmbH
Gewerbepark Siebenmorgen 6
53547 Breitscheid |
| Data protection officer: |
Reinhold Goetz
Certified Data Protection Officer and Auditor TÜV
02235 - 99 47 99 7
rgoetz@wimas.de |
1. Purpose of data collection, processing or use
The collection, use and transmission of personal data is carried out for our own purposes and to fulfill legal and social security obligations.
2. Legal basis for processing
The legal basis for the processing of personal data of our employees is Section 26 of the new Federal Data Protection Act (data processing for the purposes of the employment relationship), Article 6 (1) (b) GDPR (data processing for the performance of a contract), Article 6 (1) (c) GDPR (data processing to fulfill a legal obligation) and Article 6 (1) (f) GDPR (data processing for our own purposes), according to which the processing is permitted. Processing based on consent is carried out in accordance with Article 6 (1) (a) GDPR.
3. Recipients or categories of recipients to whom the data is communicated
As a general rule, we do not pass on any personal data of our employees to third parties unless disclosure is absolutely necessary due to legal regulations or to fulfill the contract. In this case, employees will be informed of this unless they already know about it.
4. Data transfer to third countries
There are no plans to transfer the data to countries outside the EU or EEA (third countries).
5. Storage period for personal data
As a general rule, we delete personal data when the purpose for which the data was collected no longer applies, e.g. when the employment relationship ends, provided that there are no legal retention obligations that prevent deletion. If deletion of the data is not possible, e.g. data that is stored in an electronic archive system, it will be blocked for further processing.
The retention period or deletion periods for personal data depend on the data category (employment contract, wage and salary statements, reports to social insurance providers, etc.). We keep a precise list of the data categories we process in an electronic register of processing activities in accordance with Article 30 GDPR, which we are happy to make available to employees on request.
We do not delete data that we need to assert, exercise or defend legal claims in accordance with Article 17 Paragraph 3 Letter e GDPR. This includes, for example, declarations of commitment to maintain the confidentiality of personal data and to maintain trade and business secrets as well as declarations of consent.
6. Right to information, correction, deletion and restriction of processing
Employees have the right to receive information about the personal data stored by us at any time. Employees also have the right to correct, block or delete personal data, provided that there is no mandatory data storage due to statutory retention periods.
7. Consents
Employees can make changes or revoke their consent by notifying us accordingly, with effect for the future.
8. Provision of personal data
In order to fulfill legal and social security obligations within the framework of an employment relationship, the employee is obliged to provide personal data to the extent necessary for the performance of the contract. It is the employee's responsibility to only provide the company as the responsible body with the data that is necessary for the performance of the contract (minimum principle).
9. Right to complain to the supervisory authority
Employees have the right to contact the data protection supervisory authority and obtain information about their rights under the Federal Data Protection Act (BDSG) and other data protection regulations, including the General Data Protection Regulation (GDPR). In addition, the supervisory authority is the contact point for complaints regarding the processing of personal data.
Responsible supervisory authority for Rhineland-Palatinate:
LDI Landesbetrieb Daten und Information
Valenciaplatz 6
55118 Mainz
06131 605-0
poststelle@ldi.rlp.de
Data protection declaration for applicants according to Article 13 GDPR
| Responsible body: |
Welba GmbH
Gewerbepark Siebenmorgen 6
53547 Breitscheid |
| Data protection officer: |
Reinhold Goetz
Certified Data Protection Officer and Auditor TÜV
02235 - 99 47 99 7
rgoetz@wimas.de |
1. Purpose of data collection, processing, or use
We process your personal data for our own purposes within the framework of human resources administration and for the following reasons:
- Evaluation and processing of incoming applications
- Conducting job interviews and selecting applicants
- Concluding an employment contract (establishing an employment relationship)
2. Legal basis for processing
The legal basis for the processing of applicants' personal data is Section 26 of the new Federal Data Protection Act (BDSG-neu) (data processing for the purposes of the employment relationship). According to this, applicants are also considered employees.
Furthermore, the legal basis for data processing can be found in Article 6 (1) (b) GDPR (data processing for the performance of a contract) in conjunction with Article 6 (1) (f) GDPR (data processing for our own purposes).
In certain cases, we process your data to protect a legitimate interest of ours or third parties. A legitimate interest exists, for example, if your data is required to assert, exercise, or defend legal claims within the scope of the application process (e.g., claims under the General Equal Treatment Act). In the event of a legal dispute, we have a legitimate interest in processing the data for evidentiary purposes. In this case, we refer to the legality of the processing within the meaning of Article 6 (1) (f) GDPR.
3. Recipients or categories of recipients to whom the data is disclosed
As a general rule, we do not disclose applicants' personal data to third parties.
4. Data transfer to third countries
Data is not transferred to countries outside the EU or EEA (third countries).
5. Retention period for personal data
We generally delete personal data; if the purpose for which the data was collected no longer applies, e.g., upon termination of the application process, we delete the data 6 months after receipt of the rejection notice (Section 61b (1) of the German Employment Act (ArbGG)). Unless you have given us your consent to a longer retention period for inclusion in an applicant pool.
We do not delete data that we need to assert, exercise, or defend legal claims in accordance with Article 17 (3) (e) GDPR. This includes, for example, declarations of commitment to maintain the confidentiality of personal data and to protect trade and business secrets, as well as declarations of consent.
6. Right to information, rectification, erasure, and restriction of processing
All applicants have the right to receive information about the personal data stored by us at any time. Applicants also have the right to rectification, blocking, or erasure of personal data, provided that no mandatory data retention period exists due to legal retention obligations.
7. Consent
If a declaration of consent has been obtained from applicants, the applicant can revoke their consent by notifying us accordingly, with effect for the future.
8. Provision of personal data
For the selection process, the applicant is obliged to provide personal data to the extent necessary for the application process. It is the applicant's responsibility to provide us, as the responsible body, only with the data required for the application process (minimal principle).
9. Right to lodge a complaint with the supervisory authority
Applicants have the right to contact the data protection supervisory authority and obtain information about their rights under the Federal Data Protection Act (BDSG) and other data protection regulations, including the General Data Protection Regulation (GDPR). Furthermore, the supervisory authority is the contact point for complaints regarding the processing of personal data.
Responsible supervisory authority for Rhineland-Palatinate:
LDI Landesbetrieb Daten und Information
Valenciaplatz 6
55118 Mainz
06131 605-0
poststelle@ldi.rlp.de
