Information on data protection in the context of the mental risk assessment of DEKRA Automobil GmbH
70565 Stuttgart, Germany
2. Data processing
2.1 Source and origin of the data
2.2 Nature of personal data, purpose and lawfulness of processing
2.2.1 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 lit. f GDPR)
- IP address
- Date and time of access
- Website from which the access is made (referrer URL)
- Browser used
- Operating system of the computer
- Name of the access provider
We base the data processing on our legitimate interests according to Art. 6 (1) p. 1 lit. f GDPR for the purposes listed above.
2.2.2 Purposes within the scope of your consent (Art. 6 para. 1 lit. a GDPR)
- Affiliation to the business unit (e.g. location, department, team)
- Field of activity
- Length of service
- Whether you have your own management responsibility
- Whether you report to a manager
- Whether you have contact with third parties in your daily work (e.g. customers)
- Year of birth
- Employment relationship
- Working hours model
- Contractually agreed weekly working time
- Effective estimated working time per week
- If applicable, key personnel figures
- Assessment of working conditions
- Mention of reasons for a positive or negative assessment
- Open comments (suggestions for improvement, remarks)
- Assessment of own health, motivation and commitment to the company
- Mention of current acute physical and psychosomatic complaints
- Estimate the number of days you went to work sick
- Assessment of how high your performance capacity was on these days compared to days when you were/are healthy
- Use of certain company services and social and additional benefits
- be able to assess the risk potential of various working conditions,
- be able to assess the potential for promoting the health and performance of various working conditions and offerings,
- create target group specific guidelines for action within your company (e.g. for your department, your job or your employment relationship),
- review the success of risk-reducing, health- and performance-promoting measures
- show the potential savings for your employer through certain measures
- establish risk and performance profiles for industries and job functions,
- fulfill your employer's legal obligation to regularly conduct the risk assessment of mental stress and to document it, as well as to document the corresponding measures to reduce identified mental risks (§ 5 and § 6 ArbSchG).
2.3 Existence of automated decision-making in individual cases (including profiling)
2.4 Consequences of not providing data
2.5 Recipients of the data within the EU
2.6 Recipients of the data outside the EU
2.7 Storage periods
2.8 Rights concerning the processing of personal data
- On request, you have the right to obtain information from us about the personal data concerning you and processed by us, to the extent defined in Art. 15 GDPR.
- You have the right to require us to rectify any inaccurate personal data concerning you without undue delay (Art. 16 GDPR).
- Where the legal reasons defined in Art. 17 GDPR apply, you have the right to immediate deletion (“right to be forgotten”) of personal data concerning you. These legal reasons include: the personal data are no longer necessary for the purposes for which they were processed, or you withdraw your consent, and there are no other legal grounds for processing; the data subject objects to the processing (and there are no overriding legitimate grounds for processing––does not apply to objections to direct advertising).
- If the criteria defined in Art. 18 GDPR are fulfilled, you have the right to restriction of processing as established in the above article of the GDPR. According to this article, restriction of processing may be called for in particular if processing is unlawful and the data subject opposes deletion of the personal data and requests the restriction of their use instead, or if the data subject has objected to processing according to Art. 21 (1) GDPR as long as it is unclear whether our legitimate interest overrides the interest of the data subject.
- You have the right to data portability as defined in Art. 20 GDPR. This means you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller, such as another service provider. Prerequisite is that processing is based on consent or a contract, and is carried out using automated means.
- In addition, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
- If you think that processing of personal data concerning you and carried out by us is unlawful or impermissible, you have the right to file a complaint with the supervisory authority responsible for us.
- Your requests regarding the exercise of your rights should, if possible, be addressed directly to our data protection officer by e-mail or in writing to the address given above with the suffix "Data Protection".
|SPECIAL REFERENCE TO YOUR RIGHT OF OBJECTION ACCORDING TO ART. 21 GDPR|
|You have the right to object at any time under Art. 21 GDPR to processing of personal data concerning you which is based on Art 6 (1) lit. e or f GDPR, on grounds relating to your particular situation. We will desist from processing your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or unless processing is for the establishment, exercise, or defense of legal claims. For the exercise of the objection there are no other costs than the transmission costs according to the basic tariff.|
The objection can be made form-free and should preferably be directed to:
Or in writing to the above address with the address addition "data protection".