PRIVACY POLICY FOR EMPLOYEES AND OTHER COMPARABLE DATA SUBJECTS OF PM STUDIO (MEMBER OF PM GROUP)

In the following policy, we would like to provide you with an overview regarding our processing of your personal data and your rights under data protection law. Which specific data is processed, and in what way it is used, primarily depends on the proposed or agreed components of your employment relationship based on an employment contract with an employee or an external service or labor agreement with an external contractor, as well as any additional services. For this reason, some elements of this policy may not apply to you.

Who is the controller of data processing and who can I contact?

Who is the controller of data processing and who can I contact?

Below is a list of the responsible parties within the pm group. We recommend that you contact the position depending on your contact person. However, you can contact any of these agencies independently of your specific contact for their data protection concerns.

Responsible company

– PM Studio GmbH
Samerwiesen 5
63179 Obertshausen
Germany

– PM Studio Paris Sasu
12 Rue de Paris
92100 Boulogne-Billancourt
France

– PM Studio Asia Ltd. c/o PM China Ltd
8th Floor, Yong De Li Commercial Building 46-48,
Cao Tang 5th Street, Cha Shan Town,
Dong Guan Guangdong 523378,
China

Responsible company

  • PM Studio GmbH
    Samerwiesen 5 
    63179 Obertshausen
    Germany
  • PM Studio Paris Sasu
    12 Rue de Paris
    92100 Boulogne-Billancourt
    France
  • PM Studio Asia Ltd. c/o PM China Ltd
    8th Floor, Yong De Li Commercial Building 46-48, Cao Tang 5th Street, Cha Shan Town, Dong Guan Guangdong 523378
    China

Contact details of the representative data protection officer

Contact details of the representative data protection officer

What sources and data do we use?

What sources and data do we use?

We process personal data that we have obtained or acquired from our employees or other comparable data subjects (e.g. applicants, trainees, interns, employees who have left the company) in the course of the employment relationship. Insofar as this is necessary for the employment relationship, we also process personal data that we obtain from publicly available sources (e.g. press, internet) with permission or that is transmitted to us lawfully by other companies in pm group or other third parties (e.g. notices of illegal activities).

Relevant personal data includes personal details (name, address and other contact information, date of birth and birthplace as well as nationality), family details (e.g. marital status, information about your children), religious affiliation, health information (if relevant for the employment relationship, e.g. in case of severe disability), any previous convictions (criminal record), identity authentication data (e.g. ID data), tax ID number and information regarding qualifications and previous employers. This can also include job data (e.g. application for remote work position), data related to the fulfilment of our contractual obligations (e.g. salary payments), information about your financial situation (e.g. loan liabilities, garnishment of salary) and other data comparable with the categories mentioned.

Why do we process your data (purpose of processing) and on what legal basis?

Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and accompanying local legislation

  1. To fulfil contractual obligations (Art. 6 (1)(b) GDPR in conjunction with Art. 88 GDPR)
    Data processing occurs for the establishment, performance or termination of the employment relationship in the context of the contract existing with you or to take steps prior to entering into a contract as requested. If you make use of additional services (e.g. child care), your data will be processed to provide these additional services where this is necessary.

  2. To protect legitimate interests (Art. 6 (1)(f) GDPR in conjunction with Art. 88 GDPR)
    As far as necessary, we process your data beyond the extent of contractual fulfilment in order to preserve our legitimate interests or the legitimate interests of third parties.
    Examples of this include:

–    Measures for personnel development planning,

–    Measures regarding organizational changes,

–   Assertion of legal claims and defense in legal disputes,

–    Ensuring the company’s IT security and IT operation,

–    Prevention and investigation of criminal offences or severe breaches of duty,

–   Video surveillance to protect access to company premises, collect evidence in case of robberies and fraud schemes, for instance in the plants of pm group,

–    Measures for building and plant security (e.g. entry control),

–    Measures for enforcing rights of access to company premises.

  • Measures for personnel development planning,
  • Measures regarding organizational changes,
  • Assertion of legal claims and defense in legal disputes,
  • Ensuring the company’s IT security and IT operation,
  • Prevention and investigation of criminal offences or severe breaches of duty,
  • Video surveillance to protect access to company premises, collect evidence in case of robberies and fraud schemes, for instance in the plants of pm group,
  • Measures for building and plant security (e.g. entry control),
  • Measures for enforcing rights of access to company premises. Samerwiesen 5 – 63179 Obertshausen Germany
  1. To fulfil contractual obligations (Art. 6 (1)(b) GDPR in conjunction with Art. 88 GDPR)
    Data processing occurs for the establishment, performance or termination of the employment relationship in the context of the contract existing with you or to take steps prior to entering into a contract as requested. If you make use of additional services (e.g. child care), your data will be processed to provide these additional services where this is necessary.

  2. To protect legitimate interests (Art. 6 (1)(f) GDPR in conjunction with Art. 88 GDPR)
    As far as necessary, we process your data beyond the extent of contractual fulfilment in order to preserve our legitimate interests or the legitimate interests of third parties.
    Examples of this include:

We also process your data if this is necessary to exercise or fulfil rights and obligations resulting from a collective wage agreement or a company-wide agreement.

Who will receive my data?

Who will receive my data?

Within the company, your data will be provided to those entities that need the data to fulfil our contractual and statutory obligations, such as supervisors, the human resources department, the works council or severe disability representatives. Service providers and agents commissioned by us may receive data for these purposes. These are companies in the categories of payroll, insurance, training providers, management of company athletics, IT services, logistics, printing services and telecommunications.

With respect to the transfer of data to recipients outside our company, it must first be noted that we, as employers, only transfer necessary personal data under consideration of the applicable privacy regulations. As a rule, we may only transfer information about our employees if this is required by statutory provisions, the employee has given consent or we are otherwise authorized to transfer data. Subject to these conditions, the recipients of personal data could include:

–   Social insurance agencies,

–   Health insurance companies,

–   Pension funds,

–   Tax authorities,

–   Trade associations,

–   Credit and financial service institutions or comparable institutions to which we transfer personal data for the performance of the contractual relationship (e.g. for salary payments),

–   Accountants and wage tax auditors,

–   Service providers that we engage in the course of order processing.

  • Social insurance agencies,
  • Health insurance companies,
  • Pension funds, 
  • Tax authorities,
  • Trade associations,
  • Credit and financial service institutions or comparable institutions to which we transfer personal data for the performance of the contractual relationship (e.g. for salary payments),
  • Accountants and wage tax auditors,
  • Service providers that we engage in the course of order processing.

Additional data recipients could include those entities for which you have granted us your consent to the transfer of data or to which we are permitted to transfer personal data based on our legitimate interest.

Will data be transferred to a third country or an international organization?

Will data be transferred to a third country or an international organization?

Data transfer to entities in countries outside the European Union (so-called third parties) may occur:

–   if it is required by law (e.g. tax reporting obligations)

–   if you have given us your consent or

–   if this is permitted under data protection law due to legitimate interests and no prevailing legitimate interests of the data subject prevent this.

  • if it is required by law (e.g. tax reporting obligations)
  • if you have given us your consent or
  • if this is permitted under data protection law due to legitimate interests and no prevailing legitimate interests of the data subject prevent this.

Furthermore, transfer to entities in third countries is provided for in the following cases:

–   With the consent of the data subject or based on legal regulations for combating money laundering, the financing of terrorism and other criminal activities, or as part of the balancing of interests, personal data may be transferred in individual cases while preserving the level of data protection guaranteed in the European Union.

  • With the consent of the data subject or based on legal regulations for combating money laundering, the financing of terrorism and other criminal activities, or as part of the balancing of interests, personal data may be transferred in individual cases while preserving the level of data protection guaranteed in the European Union.

How long will my data be stored?

How long will my data be stored?

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. In this regard, it must be noted that the employment relationship is a continuing obligation that extends over a long period of time. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its (fixed-term) continued processing is necessary for the following purposes:

–   Fulfilling statutory retention obligations that might result from the locally applicable social law, commercial law, tax law, banking law, money laundering law and securities trade law. The storage of business files and documentation is based on the periods prescribed in those laws.

–   Retaining evidence within the framework of the locally applicable statutes of limitation.

  • Fulfilling statutory retention obligations that might result from the locally applicable social law, commercial law, tax law, banking law, money laundering law and securities trade law. The storage of business files and documentation is based on the periods prescribed in those laws.
  • Retaining evidence within the framework of the locally applicable statutes of limitation.

If data processing occurs in our legitimate interest or the legitimate interest of a third party, the personal data will be deleted as soon as this interest ceases to exist. The abovementioned exceptions apply in this context.

The same applies to data processing based on given consent. As soon as you have withdrawn this consent with future effect, the personal data will be deleted, unless one of the abovementioned exceptions applies.

What rights do I have under data protection law?

What rights do I have under data protection law?

Every data subject has the right to access information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR as well the right to data portability pursuant to Article 20 GDPR. There is also a right to lodge a complaint with a supervisory authority (Article 77 GDPR). The restrictions of Sections 34 and 35 of the new Federal Data Protection Act (BDSG-neu) apply to the right to access information and the right to erasure.

You may withdraw your consent to our processing of personal data at any time after giving it. This also applies to the revocation of declarations of consent issued to us before the GPDR took legal effect, that is, before 25 May 2018. Please note that the withdrawal of consent only has future effect. The lawfulness of data processing occurring before withdrawal shall not be affected.

Do I have an obligation to provide data?

Do I have an obligation to provide data?

Within the framework of the employment relationship, you must provide such personal data that is required for the establishment, performance or termination of the employment contract and to fulfil the corresponding contractual obligations, or that we are obligated to collect for legal reasons or due to a collective agreement. Without this data, we will generally not be able to conclude, perform or terminate a contract with you.

It is possible that you will experience disadvantages if you do not provide specific personal data, e.g. lack of access to work tools facilitating work for employees with severe disabilities.
If you do not provide us with the required information and documents, this may prevent the establishment and performance of the employment contract.

To what extent is automated decision-making involved?

To what extent is automated decision-making involved?

As a rule, we do not use any automated decision-making for the establishment, performance of termination of the employment contract pursuant to Article 22 GDPR. If we do use this procedure in individual cases, we will inform you separately of this fact and your rights in this respect insofar as this is prescribed by law.

Will profiling be performed?

Will profiling be performed?

No

Information about your right to object pursuant to Article 21 DS-GVO

Information about your right to object pursuant to Article 21 DS-GVO

Right to object based on the circumstances of the individual case

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on Art. 6 (1)(e) GDPR (data processing in the public interest) or Art. 6 (1)(f) GDPR (data processing based on the consideration of legitimate interests).

If you object, we will not continue to process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. This particularly applies if processing is necessary for the assertion, exercise or defense of legal claims.

Recipient of an objection

Objections can be made form-free with the subject “Objection”, indicating your name, address and responsible company, to be directed to:

PM Studio GmbH
Data Protection Officer
Samerwiesen 5
63179 Obertshausen, Germany
E-Mail: dataprotection@pm-st.com