Data protection information for employees/VP

In connection with the performance of your operational tasks, you collect, process and use personal data within the meaning of the European General Data Protection Regulation (GDPR).

According to the provisions of the GDPR, personal data may only be collected, stored, processed, used or transmitted to the extent that this is necessary to fulfil the company's purposes. In every phase of collection, storage, processing and use, personal data must be protected from unauthorized access and unauthorized knowledge as well as from loss and destruction. Transmission to locations outside the company is only permitted if this is necessary to carry out operational tasks or if there is a legal right to disclosure. Even within the company, disclosure to colleagues is only permitted if knowledge of the data is necessary for them to carry out their tasks.

A violation of these protective obligations can lead to fines and, if the person affected has suffered damage as a result, also claims for damages against the company and, within the framework of labor law provisions, also claims for recourse against you. Personal data may therefore only be collected, processed, disclosed, made accessible or otherwise used within the scope of operational activities and only for the purpose of fulfilling the respective lawful or contractual task.

All personal data that is processed, used or collected using data processing systems or that comes from these data processing systems is protected. However, personnel files in any form and personal data that is processed in non-automated files, e.g. in conventional card files, files or file collections, are also protected if they are accessible and can be evaluated according to certain characteristics.

Data protection law, as set out in the European General Data Protection Regulation and the Data Protection Adaptation and Implementation Act, is a fundamental right and regulates the protection of personal data when it is collected, stored, processed, used and transmitted. A key principle of data protection law is that personal data may only be collected, stored, processed, used and transmitted if a data protection law or other legal provision permits or requires this or if the person concerned has consented (prohibition subject to permission).

Violations of data protection regulations can constitute both an administrative offence punishable by a fine and a criminal offence, and can also give rise to an obligation for the employee to pay compensation under employment law. Compliance with data protection is therefore one of the contractual obligations of every employee in our company. If you have any questions, particularly in connection with the disclosure or transmission of personal data to other parties, please contact your supervisor or the company data protection officer. You can reach our company data protection officer using the contact details below. The company data protection officer is obliged to maintain confidentiality and will treat your enquiries confidentially.

Our data protection officer:

Mr Heidler

 

Terms

Personal data

According to Art. 4 No. 1 GDPR, personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics. Data about owner-managed companies are also personal data if there is a close relationship between the company as a legal entity and the natural persons behind it.

processing

Processing in accordance with Article 4 No. 2 GDPR means in particular any knowledge of personal data, reading, querying, storage, e.g. on backup data media, disclosure by transmission, deletion or destruction of devices and data media.

Principles of processing

Personal data may only be processed for legitimate and specified purposes, must be accurate, up-to-date and necessary for the purpose in question, and processed lawfully, fairly and in a manner that is transparent to the data subject. This means that appropriate security must be ensured at every stage of handling personal data, including protection against unauthorised disclosure or transfer of data or data storage devices, against unlawful processing and against accidental loss, destruction or damage. Data to be deleted or devices and data storage devices to be destroyed must be deleted or destroyed securely and confidentially.

Liability

Any person who has suffered material or immaterial damage as a result of a breach of this regulation has the right to compensation from the controller or processor in accordance with Article 82 (1) GDPR. Under labor law, you are liable to your employer for damage caused by you through gross negligence or, in individual cases, negligently, e.g. by failing to comply with regulations and instructions or by violating this confidentiality obligation.

Legal basis

This selection of legal regulations is intended to give you an overview of the data protection regulations. The presentation is exemplary and is by no means complete. You can obtain further information on data protection issues from your supervisor and the company data protection officer.

Telecommunications Digital Services Data Protection Act - TDDDG
§ 3 Confidentiality of communication – telecommunications secrecy

(1) The content of telecommunications and their specific circumstances, in particular the fact whether someone is or was involved in a telecommunications process, are subject to telecommunications secrecy. Telecommunications secrecy also extends to the specific circumstances of unsuccessful attempts to establish a connection.

(2) The following are obliged to maintain the secrecy of telecommunications:

1. Providers of publicly available telecommunications services and natural and legal persons involved in the provision of such services,
2. Providers of telecommunications services offered in whole or in part on a commercial basis, as well as natural and legal persons involved in the provision of such services,
3. Operators of public telecommunications networks and
4. Operators of telecommunications systems used to provide telecommunications services on a commercial basis.

The obligation to maintain confidentiality continues even after the end of the activity that gave rise to it.

(3) Those obliged under paragraph 2 sentence 1 are prohibited from obtaining knowledge of the content or the specific circumstances of telecommunications for themselves or others beyond what is necessary for the provision of telecommunications services or for the operation of their telecommunications networks or their telecommunications systems, including the protection of their technical systems. They may only use knowledge of facts subject to telecommunications secrecy for the purpose stated in sentence 1. The use of this knowledge for other purposes, in particular passing it on to others, is only permissible if this law or another statutory provision so provides and expressly refers to telecommunications processes. The reporting obligation under Section 138 of the Criminal Code takes precedence.

(4) If the telecommunications system is located on board a vessel or aircraft, the obligation to maintain telecommunications secrecy shall not apply to the person driving the vessel or his representative.

• 202a StGB Spying on data

(1) Anyone who, without authorization, obtains for himself or another person access to data which are not intended for him and which are specially secured against unauthorized access, by overcoming the access security, shall be punished with imprisonment for a term not exceeding three years or with a fine.

(2) Data within the meaning of paragraph 1 shall only be data that are stored or transmitted electronically, magnetically or in any other way that is not directly perceptible.

• 206 StGB – Violation of postal or telecommunications secrecy

(1) Anyone who, without authorization, informs another person of facts which are subject to postal or telecommunications secrecy and which have become known to him as the owner or employee of an enterprise which commercially provides postal or telecommunications services shall be punished with imprisonment for a term not exceeding five years or with a fine. (…)

(4) Any person who, without authorisation, informs another person of facts which he has become aware of as an official working outside the postal or telecommunications sector as a result of an authorised or unauthorised interference with the secrecy of postal or telecommunications services shall be punished with imprisonment for a term not exceeding two years or with a fine.

(5) The postal secrecy applies to the specific circumstances of the postal traffic of certain persons and to the contents of postal items. The content of telecommunications and its specific circumstances are subject to telecommunications secrecy, in particular the fact whether someone is or was involved in a telecommunications process. Telecommunications secrecy also extends to the specific circumstances of unsuccessful attempts to establish a connection.

Betrayal of business and trade secrets

• 2 Act on the Protection of Trade Secrets (GeschGehG)

Definitions

For the purposes of this law,

1. Trade secret

an information

1. (a) which, either as a whole or in the precise arrangement and composition of its components, is not generally known or readily accessible to persons in the circles which normally deal with this type of information and is therefore of economic value; and
2. (b) which is subject to appropriate confidentiality measures by its lawful holder, and
3. c) where there is a legitimate interest in confidentiality;

(…)

• 4 GeschGehG Prohibitions on actions

(1) A trade secret may not be obtained by

1. unauthorized access to, acquisition of or copying of documents, objects, materials, substances or electronic files under the lawful control of the trade secret holder and which contain the trade secret or from which the trade secret can be derived, or
2. any other conduct which, in the circumstances, does not comply with the principle of good faith, taking into account fair market practice.

(2) A trade secret may not be used or disclosed by anyone

1. the trade secret by an own act pursuant to paragraph 1
2. (a) point 1 or
3. b) Number 2

has obtained,

2. violates an obligation to restrict the use of the trade secret or
3. violates an obligation not to disclose the trade secret.

• 5 GeschGehG Exceptions

The acquisition, use or disclosure of a trade secret does not fall under the prohibitions of Section 4 if this is done to protect a legitimate interest, in particular

(…)

3. as part of the disclosure by employees to the employee representatives, if this is necessary for the employee representatives to be able to fulfil their duties.

• 10 GeschGehG Liability of the infringer

(1) An infringer who acts intentionally or negligently is obliged to compensate the owner of the trade secret for any resulting damage. Section 619a of the German Civil Code remains unaffected.

(2) In assessing the amount of damages, account may also be taken of the profit made by the infringer as a result of the infringement. The amount of damages may also be determined on the basis of the amount that the infringer would have had to pay as reasonable remuneration if he had obtained consent to obtain, use or disclose the trade secret.

(3) The owner of the trade secret may also demand monetary compensation from the infringer for damages other than financial losses, provided that this is equitable.

• 23 Violation of trade secrets

(1) Any person who, in order to promote his own or another's competition, for personal gain, for the benefit of a third party or with the intention of causing damage to the owner of an undertaking,

1. obtains a trade secret contrary to Section 4 Paragraph 1 Number 1,
2. uses or discloses a trade secret contrary to Section 4 Paragraph 2 Number 1 Letter a or
3. contrary to Section 4 Paragraph 2 Number 3, as a person employed by an undertaking, discloses a trade secret which was entrusted to him or her or which became accessible to him or her within the framework of the employment relationship, during the term of the employment relationship.

(2) Any person who, in order to promote his own or another's competition, for personal gain, for the benefit of a third party or with the intention of causing damage to the owner of an undertaking, uses or discloses a trade secret which he has acquired through an act of another in accordance with paragraph 1, number 2 or number 3, shall be punished in the same way.

(3) Anyone who, in order to promote his own or another's competition or for personal gain, uses or discloses a trade secret which is a secret document or a technical document entrusted to him in the course of business, shall be punished with imprisonment for a term not exceeding two years or with a fine, contrary to Section 4(2) no. 2 or no. 3.

(4) Any person shall be punished with imprisonment for a term not exceeding five years or with a fine

1. in the cases referred to in paragraph 1 or paragraph 2, acts on a commercial basis,
2. in the cases referred to in paragraph 1, number 2 or number 3 or paragraph 2, knows at the time of disclosure that the trade secret is to be used abroad, or
3. in the cases referred to in paragraph 1 number 2 or paragraph 2, the trade secret is used abroad.

(5) The attempt is punishable by law.