Data Protection at Helmut Fischer

Compulsory information data protection in accordance with Article 12 et seq. GDPR

The processing of your personal data takes place only if it is necessary for the initiation, justification, implementation (content adjustment and modification) or termination of a legal relationship between you and us (Article 6 paragraph 1 letter b GDPR), you have consented to the data processing (Art. 6 Abs. paragraph 1 letter a GDPR or Art. 9 paragraph 2 letter a GDPR), there is a legitimate interest in the processing (Article 6 paragraph 1 letter f GDPR) or other legal obligations or legal requirements permit the processing (Article 6 paragraph 1 letter c GDPR). For further information on the handling of personal data please refer to our following privacy policies.

Valid for customers, interested parties, suppliers, distribution and cooperation partners of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies), hereinafter referred to as the "Fischer Group". 
With the following information acc. Art. 12 ff. GDPR, we give you an overview of the processing of your personal data by us and your rights under the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Which data is processed in detail and how it is used depends largely on the products or services requested or commissioned.

The processing of your personal data takes place only if it is necessary for the initiation, justification, implementation (content adjustment and modification) or termination of a legal relationship between you and us (Article 6 paragraph 1 letter b GDPR), you have consented to the data processing (Art. 6 Abs. paragraph 1 letter a GDPR or Art. 9 paragraph 2 letter a GDPR), there is a legitimate interest in the processing (Article 6 paragraph 1 letter f GDPR) or other legal obligations or legal requirements permit the processing (Article 6 paragraph 1 letter c GDPR). For further information on the handling of personal data please refer to our following privacy policies.

Valid for customers, interested parties, suppliers, distribution and cooperation partners of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies), hereinafter referred to as the "Fischer Group".

With the following information acc. Art. 12 ff. GDPR, we give you an overview of the processing of your personal data by us and your rights under the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Which data is processed in detail and how it is used depends largely on the products or services requested or commissioned.

HELMUT FISCHER GMBH Institut für Elektronik und Messtechnik 
Industriestraße 21 
71069 Sindelfingen 
Germany 

+49 (0) 70 31/3 03-0 
+49 (0) 70 31/3 03-710 
mail@helmut-fischer.com
www.helmut-fischer.com

Christian Schwinge 
Schwinge GmbH 
Am Kochenhof 12 
70192 Stuttgart 
Germany 

 +49 (0) 711 / 258560-0 
 christian.schwinge@helmut-fischer.com

a) Sources
We process personal data that we collect from you as part of our business relationship. In addition, we process (as far as necessary for the provision of our products and the provision of our services) personal data that we obtain from other companies of the "Fischer Group" (defined as (i) Fischer; (ii) those with Fischer within the meaning of §§ 15 (iii) the Helmut Fischer Foundation, domiciled in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of Sections 15 et seq. AktG) or by other third parties (e.g. to execute orders or to fulfill contracts or on the basis of your given consent).

b) Categories of personal data
When initiating a business relationship or when creating master data, the following personal data can be collected, processed and stored: 
Address and communication data (name, address, telephone, e-mail address, other contact data), personal master data ( Date / place of birth, gender, nationality, family status, ability to work, occupation), credentials (e.g. ID data), authentication data (e.g. signature sample), tax ID.

When using products and services within the framework of contracts concluded with us, in addition to the aforementioned data, the following additional personal data may be collected, processed and stored:
Contract master data (order data, data from the fulfillment of our contractual obligations, information on any third-party beneficiaries), billing, service and payment data (debit data, tax information, other personal data (profession, employer), documentation data (e.g. logs), product data (e.g. requested or booked services and products), as well as the following business creditworthiness documents: Income / surplus invoices, balance sheets, business evaluation, type, and duration of the self-employment.

c) Customer contact information
As part of the business start-up phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by the Fischer Group, further personal data is generated. These include Information about the contact channel, date, cause and outcome, (electronic) copies of correspondence and information on participation in direct marketing activities.

d) Information Society Services
When processing data in the context of Information Society Services, you will receive further information on data protection related to the service.

We process the personal data referred to in part 3 in accordance with the provisions of the EU Data Protection Regulation (GDPR) and the Federal Data Protection Act (Act): 

a) To comply with contractual obligations (Article 6 paragraph 1 lit. b GDPR)
The processing of personal data takes place for the establishment, implementation and termination of a contract for the provision of products or services, as well as for the implementation of pre-contractual measures for the preparation of offers, contracts or other on the conclusion of the contract wishes, based on your request.
The purpose of data processing is primarily based on the specific products and services and may include, but is not limited to, needs analysis, consulting and support. Further details on the purpose of data processing can be found in the respective (also pre-contractual) contractual documents of our cooperation. 
Interested parties may be contacted, taking into account any restrictions expressed during the initiation of the agreement, and customers, suppliers and distribution and cooperation partners during the business relationship, using the data they have provided.

b) On the basis of your consent (Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR) 
Insofar as you have given us consent to the processing of personal data for specific purposes (e.g. disclosure of data within the group of companies), the lawfulness of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us prior to the validity of the EU General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected. You can request an overview of the status of the consents you have given us at any time.

c) Due to legal requirements (Article 6 (1) (c) GDPR) or in the public interest (Article 6 (1) (e) GDPR)
We are subject to various legal obligations and legal requirements and process data for the following purposes: Identity and age checks, the fulfillment of tax control and reporting obligations as well as the assessment and management of risks within the Group.

d) In the context of weighing interests (Article 6 (1) (f) GDPR)
In order to safeguard the legitimate interests of us or third parties, further processing of the data provided by you may be necessary for the following purposes:

• Review and optimization of needs analysis and direct customer approach procedures; including segmentation and calculation of completion probabilities
• Advertising or market and opinion research, provided that you have not objected to the use of your data
• Assertion of legal claims, defense in legal disputes, defense against liability claims
• Ensuring IT security and IT operations
• Consultation and exchange of data with credit bureaus for the identification of credit risks
• Prevention of crime
• Video surveillance for the protection of domestic rights, for the collection of evidence of crime
• Measures for building and office security
• Measures to ensure home ownership
• Measures for business management and further development of services and products
• Risk management in the corporate group

Within the Fischer Group, those entities that have access to your data to fulfill our contractual and legal obligations will have access to them. Our service providers may also receive data for these purposes if they comply with our written data protection directives.

With regard to the transfer of data to recipients outside of the Fischer Group, it should first be noted that we are bound to secrecy about all customer-related information from which we obtain knowledge. We may only disclose information about you if statutory provisions so dictate, if you have given your consent and / or if you have instructed our commissioned processors in a manner consistent with the provisions of the EU General Data Protection Regulation and the Federal Data Protection Act. 
Under these conditions, recipients of personal data may for example:

• Public authorities and institutions in the presence of a legal or regulatory obligation.
• Processor to whom we provide personal information to conduct the business relationship with you. Specifically: support / maintenance of EDP / IT applications, archiving, document processing, call center services, compliance services, controlling, data destruction, purchasing / procurement, space management, recovery, customer administration, letter shops, marketing, media technology, regulatory reporting, research, risk controlling, expense reporting, telephony, video legitimation, website management, auditing services, payments.

Other data recipients may be those for whom you have given your consent to submit the data.

Applicable for applicants (m/f/d) of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer and Anni Walther Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies), (hereinafter referred to as the “controller“).

With the following information pursuant to Art. 12 et seq. GDPR we will provide an overview of our processing of your personal data in line with the application procedure and your rights from the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA). The individual course of the application procedure shall be decisive for the data to be processed in detail and the manner they are used.

If you are a minor (applicants under the age of 18), by taking note of the data protection declaration, you declare that your parents have approved your application.

"Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer and Anni Walther Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies)

Industriestraße 21
71069 Sindelfingen
Germany

+49 (0) 70 31 / 3 03 - 0
+49 (0) 70 31 / 3 03 - 710
info@helmut-fischer.com
www.helmut-fischer.com

Christian Schwinge
schwinge GmbH
Am Kochenhof 12
70192 Stuttgart
Germany

+49 (0) 711 / 258560-0
christian.schwinge@helmut-fischer.com

a) Sources

We process personal data provided by you in line with the application procedure. Moreover, we process personal data you have made accessible to us via a profile in a professional social media network (e.g. XING, LinkedIn, StepStone, etc.) or we have collected permissibly from other publicly accessible sources and may process (e.g. website with application etc.)

b) Categories of personal data

In line with the employment procedure the following personal data related to your application can be collected, processed and saved:

Address and communication data (name, address, telephone, e-mail address, other contact details), person master data (date/place of birth, gender, nationality, marital status, legal capacity, photo), as well as information on professional qualifications, education and professional development, driving licenses and vehicle classes, Residence status or work permit.

Moreover, further personal data provided to us (CV, certificates, questionnaires, interviews, previous activities) or occupational information we collected from sources (e.g. professional social media networks, website with application, etc.) you have made publicly accessible, will be processed).

If provided by you voluntarily in the application letter or in the course of the application procedure, special categories of personal data (such as health data, religion, degree of disability) will also be processed.

In particular by personal, telephone or written contacts initiated by you or the controller further personal data are created. This includes e.g. information on the contact channel, date, occasion and result (electronic) copies of the correspondence, as well as interview transcripts.

We process the personal data mentioned in no. 3 for the purpose of your application for an employment relationship in compliance with the regulations of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA).

a) For the purpose of the employment relationship (Art 6 paragraph 1 lit. b GDPR combined with § 26 paragraph 1 combined paragraph 8 FDPA)

Personal data shall be processed insofar as it is decisive for the employment relationship.
Insofar as an employment relationship is established between you and us, we can process the personal data already provided by you further pursuant to § 26 paragraph 1 FDPA, if this is required for the realization or termination of the employment or for exerting or fulfilling rights and obligations of representing the interests of employees resulting from legislation or a collective agreement, a works or company agreement.
In the context of your application we shall be entitled to contact you under the data provided by you.

b) On the basis of your consent (Article 6 paragraph 1 lit. a GDPR combined with § 26 paragraph 2 FDPA)

Provided that you have given us your consent to process personal data in line with the application procedure for certain purposes (e. g. disclosure of data within the “Fischer Group”), the processing shall be legitimate on the basis of your consent. A given consent may be revoked at any time. Please note that the cancellation will only be valid for the future. Processing made before the cancellation shall not be affected. You may request an overview of the status of the contents you have given at any time.

c) On the basis of your consent for special categories of personal data (Article 9 paragraph 2 lit. a GDPR combined with § 26 paragraph 2 FDPA)

The processing of special categories of personal data (e.g. health data) shall be based on your consent pursuant to Art 9 paragraph 2 lit. a GDPR combined with § 26 paragraph 2 FDPA, unless legal permissions such as Art 9 paragraph 2 lit. b combined with § 26 paragraph 3 FDPA are pertinent.

d) Due to compliance with legal obligations (Article 6 paragraph 1 lit. c GDPR combined with § 26 paragraph 2 FDPA)

Your data is also processed in order to fulfill our legal obligations as an employer with regard to tax and social security law.

On the basis of Art. 9 paragraph 2 lit. b GDPR combined with § 26 paragraph 3 FDPA also includes the processing of special personal data in accordance with Art. 9 paragraph 1 GDPR, insofar as this is for the exercise of rights or the fulfillment of legal obligations from labor law, the right to social security and social protection (e.g. providing health data to health insurance companies, recording the severely disabled person to grant additional leave and determination of the severely disabled person's tax).

The processing of health data can also be used to assess the ability to work according to Art. 9 paragraph 2 lit. h combined with § 22 paragraph 1 FDPA may be required.
Due to legal requirements, in particular according to § 257 of the German Commercial Code (HGB) and § 147 of the German Tax Code (AO), the Controller is obliged to store and store business documents and data for several years. In addition, all access to the communication systems are logged, stored and evaluated as needed to meet legal requirements and ensure information security.

In the event of disclosure for reasons of data protection, freedom of information or other laws, legal proceedings or investigations by supervisors, data subjects must assume that e-mails, text messages, voicemail or other electronic communications can be accessed, read, heard or disclosed by third parties, if they are relevant to the questions examined.

e) For the purposes of the legitimate interests (Article 6 paragraph 1 lit. f GDPR)

To protect justified interests of us or a third party the processing of data submitted by you can be required for the following reasons:

• Defense of asserted claims from the employment relationship
• Burden of proof in a process pursuant to the General Equal Treatment Act (GETA)
• Reconciliation with so-called EU terror lists pursuant to the European anti-terror regulation 2580/2001 and 881/2002 to ensure that no funds or other economic resources are provided for terrorist purposes
• Prevention of crimes
• Video surveillance for preserving the domiciliary right, collecting evidence in the event of crimes
• Building and office security precautions
• Measures for assuring the domiciliary right
• Risk control within the corporate group
• Own statistical purposes with anonymous data (e.g. studies as to the behavior of employees)
• Safeguarding IT security and IT operations: The personal data resulting from the use of the IT systems, e-mail, internet and telephony services is generally not used for performance and behavioral control. The legal basis for the processing of personal data to ensure the proper operation of e-mail / internet services is the legitimate interest of the Controller. The recorded protocol and connection data are used exclusively for billing internet use, ensuring system security, defending and / or analyzing cybercrime, controlling network load balancing and network optimization, analyzing and correcting technical errors, and disruptions, abuse control and suspected criminal offenses. The processing of the stored personal data, with the exception of the data collected by the legally required archiving, will be restricted after approx. 6 months. The data is only part of the long-term archiving.

Within the controller those persons and entities shall be granted access to your data which are required by them to make a decision and to comply with our (pre-) contractual and legal obligations.

We can transmit your personal data to related companies of the "Fischer Group" (defined as (i) Fischer; (ii) the companies associated with Fischer within the meaning of §§ 15 ff. AktG; (iii) Helmut Fischer Foundation with registered office in Baar, Switzerland, registered in the commercial register of the canton of Zug under the company number CHE-114.282.578 (the "Helmut Fischer Foundation") and (iv) with the Helmut Fischer Foundation within the meaning of §§ 15 ff. AktG affiliated companies), to the extent permissible in line with the purposes and legal bases mentioned under no. 4. or data processing tasks for applicant management are centrally executed within the group.

If we are not able to offer you a position to be filled, but think that your application could be of interest for future positions within the group due to your profile, we will forward your personal application data to other companies related to us, provided that your express consent is at hand.

With regard to data transfer to recipients outside the controller it must be considered first of all that we will only transfer information about you if provided by legal stipulations, you have given your consent and/or processors commissioned by us guarantee that the requirements of the EU GDPR and the Federal Data Protection Act are complied with and this is required for constituting an employment relationship.

Under these conditions the recipients of personal data may for instance be:

• Public bodies and institutions in the circumstances of a statutory or official obligation
• Processors to which we submit personal data for the application procedure. In detail: Providers of applicant management systems, support/servicing of EDP/IT applications, compliance services, data destruction, risk controlling, website management incl. host provider.

Further data recipients may be those entities for which you have given the consent to data transfer.

Data transfer to countries outside the EU or EEA (so-called non-member countries) shall only take place if it is required for the constitution of an employment relationship, is statutory, you have given us your consent or in line with order processing. If service providers are employed in a non-member state, these shall be obliged to the compliance with the data protection level in Europe in addition to written instructions by the agreement of EU standard contractual clauses.