With the following information, we would like to give you an overview of how your personal data is processed by us and your rights according to data protection law. Which specific data are processed and how they are used depends largely on the requested or agreed-upon services. Therefore, not all sections of this information will apply to you.
Furthermore, this data protection information may be updated periodically. You'll find the latest version on this page at any time.
Version 1.0 as of Feb., 12th 2021 currently applies.
Data protection officer of the Workpath GmbH
Data protection officer of Workpath GmbH
When contacting the Data Protection Officer, please state the company to which your enquiry relates. Please refrain from enclosing sensitive information such as a copy of an identity card with your enquiry.
The responsible body within the meaning of the data protection laws is
Managing Director: Johannes Müller
Seat of the company: Munich, register court: Munich Local Court, HRB 230902
We process personal data in accordance with the GDPR regulations and the Federal Data Protection Act (FDPA) [Bundesdatenschutzgesetz (BDSG)]:
To fulfil contractual obligations (Art. 6 Para. 1 (b) GDPR)
Processing is necessary for the performance of a contract with you. This also includes sending out the newsletter, which is a contractual service.
The same applies to those processing operations required to carry out pre-contractual measures, such as in cases of queries regarding our services.
Due to statutory requirements (Art. 6 Para. 1 (c) GDPR)
We are subject to various legal obligations that result in data processing. These include, for example, tax laws, as well as the respective statutory accounting, responding to inquiries and meeting the requirements of supervisory or law enforcement authorities and compliance with tax audits and reporting obligations.
In addition, the disclosure of personal data within the context of administrative/judicial measures may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.
Within the scope of weighing interests (Art. 6 Para. 1 (f) GDPR)
If required, we process your data beyond actual contractual compliance for the protection of our legitimate interests or those of third parties. Examples of such cases are:
In our company, employees receive your data in order to contact you and for contractual collaboration (including the implementation of pre-contractual measures).
Your data will only be forwarded to service providers (processors) when necessary to perform our contractual duties (e.g. support/ EDP maintenance /IT applications, accounting, data erasure). All service providers are obliged to handle your data confidentially pursuant to a commissioned processing contract.
With regard to the data transfer to recipients outside of our company, it should be noted that we only forward required personal data in compliance with the applicable data protection regulations.
Subject to these conditions, recipients of personal data may be:
We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual or legal obligations, these are deleted on a regular basis.
Exceptions to the above-mentioned deletion criteria are for:
If the data processing takes place in our legitimate interest of that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions also apply here.
Every data subject has the right of access pursuant to Art. 15 GDPR, right to rectification pursuant to Art. 16 GDPR, right to erasure pursuant to Art. 17 GDPR, right to restriction of processing pursuant to Art. 19 GDPR, right to object from Art. 21 GDPR as well as the right to data portability from Art. 20 GDPR.
With the right to access and the right to erasure, the restrictions in accordance with §§ 34 and 35 BDSG apply.
In addition, there is a right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR). A list of the supervisory authorities (for the non-public sector) with is available at:
Under the terms of the contractual relationship, you may provide the personal information necessary to initiate, carry out and terminate the contractual relationship and to fulfil the respective contractual obligations or those that we are required to collect by law. Without this data, we will not be able to contact you, enter into a contract with you or perform the services detailed therein.
Case-specific right to object
You have the right to object to the processing of your personal data by us at any time for reasons arising from your particular situation, provided that this objection was filed in accordance with Art. 6 Para. 1 (f) GDPR (data processing based on a weighing of interests).
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purpose of enforcing, carrying out or defending legal claims.
Recipient of an objection
The objection can be made without any formal requirements with 'Objection' in the subject line, your name, address and date of birth and should be addressed to: