Data privacy statement according to EU General Data Protection Regulations (EU-GDPR)

 

With the following information, we would like to give you an overview of the use and processing of your personal data by TDK-Micronas GmbH. Furthermore, we would like to point out the rights you are entitled to under German and European data protection law.

Responsible body and contact:

Responsible body for the processing of personal data is:

Günter Weinberger, CEO
Reinhard Schnekenburger, CFO
TDK-Micronas GmbH
Hans-Bunte-Straße 19
D-79108 Freiburg
Telephone: +49 761 5170
Fax: +49 761 517 2174
Email address: TDK-Micronas@Micronas.com

 

The company Data Protection Officer can be reached at:

Ulrich Haas, Data Protection Officer
TDK-Micronas GmbH
Hans-Bunte-Straße 19
D-79108 Freiburg
Telephone: +49 761 5170
Fax: +49 761 517 2174
Email address: Datenschutz@Micronas.com

Definition of personal data:

By ‘personal data’, it is meant all information that relates to an identified or identifiable natural person. A natural person is considered to be identifiable, either directly or indirectly, in particular by association with any identifying information, such as a name, identification number, location data, online user names, or one or more special features, as well as the expression of physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person.
Examples of personal data are: name, birthday, address, marital status, gender, email address, telephone number, bank account number, license plates, entries in Computer Log Files.

For what purpose is your data used:

We process personal data according to specifications in accordance with the terms of the European Data Protection Regulation (DSVGO) and the new version of the Federal Data Protection Act (Bundesdatenschutzgesetz BDSG). We process data for the following purposes:

1. For the fulfillment of contractual obligations (GDPR Art. 6 1b)

We process personal data if it is necessary to fulfill a contract or to carry out pre-contractual measures. Contractual obligations exist towards employees, applicants, customers, suppliers, and other partners. Personal data that is used here comprises of primarily contact data, bank details, payment data, information on education.

2. To carry out an employment relationship (BDSG § 26 para. 1) or to safeguard our legitimate interests (DSGVO Art. 6 1f)

We process personal data if processing is required to establish, conduct or terminate an employment relationship, or if necessary to fulfill a collective agreement or company agreement.
Furthermore, we process personal data if there are legitimate interests on our part, that is, if the processing is necessary to transact our business or to carry out our business processes.

We use your data in the following business processes:
- Production and sale of semiconductor elements.
- Project planning.
- To ensure the necessary employee qualifications.
- Attendance planning and attendance control.
- Measures for building and plant safety.
- Measures to guarantee right of owner or occupier of premises to undisturbed possession.
- IT measures ensuring data security and data integrity.
- Ensuring communication processes via telephone, intranet, internet, email, post, etc.
- Measures for staff management.
- Rental and on-site services.

The data used varies depending on the process. These are essentially: employee master data, partner data, production data, information on education and training, time recording data, attendance data, project data, movement data over company boundaries, video recording at company borders, access authorizations, system authorizations, proof of change in IT systems and other administrative processes, telephone numbers, internet log files, and email addresses.

3. For compliance with legal requirements (GDPR Art. 6 1c)

Like every trading company, we too are subject to a variety of different legal obligations and requirements. Examples include: commercial law, tax code, labor law, product liability law, social security law, and General Equal Treatment Act. Legal obligations generally relate to retention periods of data processed under points 1 and 2.

In addition, the Customs Code Implementing Regulation requires us to compare personal data with international terrorist lists. The data used is personal master data, such as name, birthday, place of birth, and address.
The Occupational Health Prevention Regulation requires the processing of health data.

4. On the basis of your consent (GDPR Art. 6 1a)

In addition to the processing requirements mentioned above, personal data can also be used if you have personally consented to the use of your data. With your consent, the legitimacy of data handling is given; consent can be revoked at any time.
If, for example, directories with private telephone numbers are kept and made accessible to other employees, this only happens following the individual consent of those registered.

Who has access to your data (GDPR Art. 13 1e):

Within TDK-Micronas GmbH, there are those that have access to your data when it is necessary for them to carry out their duties. For example, the HR master data is accessible to the HR department and information on education is available to respective supervisors.
Employee contact details, such as email address, telephone number, and department are accessible to all employees within the TDK group.

In addition, the following external organizations receive personal data:
- Tax authorities, social security funds, and employment offices in accordance with legal requirements.
- Banking institutions in the context of payment transactions.
- Chamber of Commerce, the University of Cooperative Education, and schools in the context of education and training.

If personal data is not processed in-house but assigned to external service providers in the form of order data processing, this only happens if the binding data protection agreement ensures a data protection level corresponding to the Data Protection Regulation (example: online portal for applicants).

In addition, tax auditors, accountants, and other auditors can receive short-term access to personal data in a very restricted and event-related manner as part of their job.

If your data is transmitted to a third country (non-EU) or international organizations (GDPR Art. 13 1f):

A transfer of personal data to offices in countries outside the European Union (third countries) takes place within the framework of internal TDK communication and planning processes. The shared use of software platforms also makes personal information accessible to TDK branches outside the EU.

A transfer to third countries is permitted if the relevant state has been certified by the European Commission as having an adequate level of data protection (GDPR Art. 45).
If this is not the case, TDK-Micronas may only transfer personal data to a third country or an international organization provided that the data recipient has provided appropriate safeguards to protect the data. This is usually achieved by the implementation of standard data protection clauses, which are prescribed by the European Commission, or by an equivalent procedure according to GDPR Art. 46.
TDK-Micronas transmits personal data only to bodies for which suitable guarantees pursuant to GDPR Art. 46 exist.

How long will your data be stored (GDPR Art. 13 2a):

The data of the user ID within the directory service (‘Active Directory’) will be automatically deleted 6 months following an employee’s departure. This includes email addresses, group memberships, phone numbers, and other profile information.

Applicant data will be reduced to trash data after 6 months and completely deleted after another 12 months, unless the applicant has actively agreed to a longer retention period. In this case, the extension time is 6 months.

CCTV data and internal access control data are deleted after one week. Log data from the firewall will be deleted after 8 weeks.

In addition, the processing and storing of your data lasts as long as it is required to fulfill our contractual and legal obligations.
The required retention periods from various legal requirements range from 10 years (for example, Commercial Code) to 30 years (Ordinance on Occupational Health Prevention and Product Liability Act).

Relevant legal obligations include:
- Commercial Code (HGM)
- Sales Tax Law (UStG)
- Product Liability Act (ProdHaftG)
- Tax Law (EStG, KStG and GewStG)
- Ordinance on Occupational Health Prevention (ArbMedVV)
- General Equal Treatment Act (AGG)

What rights do you have in relation to your data (Art. 13 2b-d according to Art. 15-21):

Every concerned party has the right to information on the data collected (GDPR Art. 15), the right of rectification (Art. 16), the right to deletion (Art. 17) and the right to limit processing (Art. 18), in particular deletion and limitation must be subject to the necessary requirements.

With right to information and cancellation rights, the restrictions according to §§ 34 and 35 are to be taken into consideration.

In addition, each data subject has the right of data transferability under Art. 20 and a right of objection under GDPR Art. 21.

If necessary, please contact the above-mentioned responsible office of the Data Protection Officer to exercise your rights.

Furthermore, there is a right of appeal to a competent data protection supervisory authority according to GDPR Art. 77 in conjunction with BDSG § 19.

Does any automated decision-making or profiling exist (Art. 13 2f – Art. 22):

Automated decision-making, including profiling, within the meaning of GDPR Art. 22 does not take place.