Our handling of your data and your rights

Information according to Art. 13 and 21 of the General Data Protection Regulation (GDPR)

With the following information, we would like to give you an overview of how your personal data is processed by us and your rights according to data protection law. Which specific data are processed and how they are used depends largely on the requested or agreed-upon services. Therefore, not all sections of this information will apply to you.
Furthermore, this data protection information may be updated periodically. You'll find the latest version on this page at any time.
Version 1.0 as of Feb., 12th 2021 currently applies.

Responsible parties

Data protection officer of the Workpath GmbH
Data protection officer of Workpath GmbH
PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
When contacting the Data Protection Officer, please state the company to which your enquiry relates. Please refrain from enclosing sensitive information such as a copy of an identity card with your enquiry.

The responsible body within the meaning of the data protection laws is
Workpath GmbH
Ridlerstraße 39
80339 München
Germany
Managing Director: Johannes Müller
Seat of the company: Munich, register court: Munich Local Court, HRB 230902

We process your data for the following purposes and on the following legal basis:

We process personal data in accordance with the GDPR regulations and the Federal Data Protection Act (FDPA) [Bundesdatenschutzgesetz (BDSG)]:

To fulfil contractual obligations (Art. 6 Para. 1 (b) GDPR)
Processing is necessary for the performance of a contract with you. This also includes sending out the newsletter, which is a contractual service.
The same applies to those processing operations required to carry out pre-contractual measures, such as in cases of queries regarding our services.

Due to statutory requirements (Art. 6 Para. 1 (c) GDPR)
We are subject to various legal obligations that result in data processing. These include, for example, tax laws, as well as the respective statutory accounting, responding to inquiries and meeting the requirements of supervisory or law enforcement authorities and compliance with tax audits and reporting obligations.
In addition, the disclosure of personal data within the context of administrative/judicial measures may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.

Within the scope of weighing interests (Art. 6 Para. 1 (f) GDPR)
If required, we process your data beyond actual contractual compliance for the protection of our legitimate interests or those of third parties. Examples of such cases are:

  • If you contact us by e-mail or telephone, the data you enter will be stored for the purpose of individual communication with you,
  • Enforcement of legal claims and defence in legal disputes, and
  • Saving additional contacts in the CRM system for communication.

Who receives your data?

In our company, employees receive your data in order to contact you and for contractual collaboration (including the implementation of pre-contractual measures).
Your data will only be forwarded to service providers (processors) when necessary to perform our contractual duties (e.g. support/ EDP maintenance /IT applications, accounting, data erasure). All service providers are obliged to handle your data confidentially pursuant to a commissioned processing contract.
With regard to the data transfer to recipients outside of our company, it should be noted that we only forward required personal data in compliance with the applicable data protection regulations.

Subject to these conditions, recipients of personal data may be:

  • public bodies and institutions (e.g. tax authorities, law enforcement authorities) when presented with a statutory or regulatory obligation,
  • credit and financial services institutions (processing payment transactions)
  • tax consultants, certified public accountants and income/corporate tax auditors (statutory audit mandate)

How long will your data be stored?

We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual or legal obligations, these are deleted on a regular basis.

Exceptions to the above-mentioned deletion criteria are for:

  • Data required to fulfil the statutory retention requirements, e.g. German Commercial Code [Handelsgesetzbuch (HGB)] and Fiscal Code [Abgabenordnung (AO)]. The respective stipulated periods for retention or documentation are usually six to ten years.
  • Data for maintaining evidence in accordance with the legal statute of limitations. According to §§ 195 ff of the German Civil Code [Bürgerlichen Gesetzbuches (BGB)], these statutes of limitations can be up to 30 years, whereby the regular limitation period is three years.

If the data processing takes place in our legitimate interest of that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions also apply here.

Which data protection rights do you have?

Every data subject has the right of access pursuant to Art. 15 GDPR, right to rectification pursuant to Art. 16 GDPR, right to erasure pursuant to Art. 17 GDPR, right to restriction of processing pursuant to Art. 19 GDPR, right to object from Art. 21 GDPR as well as the right to data portability from Art. 20 GDPR.
With the right to access and the right to erasure, the restrictions in accordance with §§ 34 and 35 BDSG apply.
In addition, there is a right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR). A list of the supervisory authorities (for the non-public sector) with is available at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Am I obligated to provide data?

Under the terms of the contractual relationship, you may provide the personal information necessary to initiate, carry out and terminate the contractual relationship and to fulfil the respective contractual obligations or those that we are required to collect by law. Without this data, we will not be able to contact you, enter into a contract with you or perform the services detailed therein.

Information on your right to object according to Art. 21 Para. 1 S. 1 GDPR

Case-specific right to object
You have the right to object to the processing of your personal data by us at any time for reasons arising from your particular situation, provided that this objection was filed in accordance with Art. 6 Para. 1 (f) GDPR (data processing based on a weighing of interests).

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purpose of enforcing, carrying out or defending legal claims.

Recipient of an objection
The objection can be made without any formal requirements with 'Objection' in the subject line, your name, address and date of birth and should be addressed to:

Workpath GmbH
Ridlerstraße 39
80339 München
datenschutz@workpath.com