Record of Processing Activities
01. Application
- Purpose: Recording and choosing of persons interested in a vacant position in our company
- Person affected: Applicant proactive applicant of tender or job advertisement
- Access: Management and HR respective departments
- Disclosure: none
- Deletion: 2-6 months after refusal. Where applicable, adding to candidate pool after consultation with candidate
- Legal Basis: Consent of affected person
- Protection: Lockable cabinets, data protection on the server
02. Workforce
- Purpose: Recording and managing of employees and keeping a personnel file
- Person affected: Employees & interns (application, CV, proof of qualification, in-job training, contracts, changes)
- Access: Management and HR respective departments
- Disclosure: Tax office, health insurance company, social security offices, pension offices, offices for mini-jobs
- Deletion: 2 years after leaving
- Legal Basis: Processing in connection with employment in accordance with DSGVO
- Protection: Lockable cabinets, data protection on the server
03. HR-Payroll
- Purpose: Recording of basis for accounting and paying of the contractual salary
- Person affected: Employees (Personal data, Bank details, billable services)
- Access: Management and HR respective departments, bank for payments, reporting to social insurance memberships, pensions etc.
- Disclosure: Tax office for preparational accounting, bank for payments, reporting to social insurance memberships, pensions etc.
- Deletion: 12 years
- Legal Basis: Processing in connection with employment in accordance with DSGVO, legal obligation for notification
- Protection: Lockable cabinets, data protection on the server
04. Debtors
- Purpose: Managing of debtors, debtors = customers, clients – Order confirmation and invoicing of ordered goods and services (via fax, email or webshop), dunning
- Person affected: Contact person in the departments, name, contact data (data from business card)
- Access: Management respective departments: administration, sales internal/external, IT internal/external, marketing, client relationship, research
- Disclosure: Online CRM software, tax office for financial accounting, payment service provider webshop, debt collection agency in case of dunning
- Deletion: 10 years
- Legal Basis: Consent of affected person
- Protection: Agreement to data protection contract of EU (03/2018), lockable cabinets, data protection on the server
05. Creditors
- Purpose: Supplier > Receipt of invoices for ordered goods and services
- Person affected: Contact person for suppliers, name, contact data (data from business card)
- Access: Management respective departments: administration, sales internal/external, IT, marketing, client relationship, research, bank for payments
- Disclosure: Online CRM software, tax office for financial accounting
- Deletion: 10 years
- Legal Basis: Consent of affected person, justified interest
- Protection: Agreement to data protection contract of EU (03/2018), lockable cabinets, data protection on the server
06. Newsletter
- Purpose: Information about products and offers, sending of press releases, Invitation to conferences, follow-up emails
- Person affected: Registered persons for newsletter, (name and company, country, email address)
- Access: Marketing, IT
- Disclosure: Newsletter software
- Deletion: Yearly check for usage, if not immediate deletion
- Legal Basis: Consent of affected person, justified interest
- Protection: Limited access to software
07. Conferences
- Purpose: Thematic conferences and publication of the program for interested persons
- Person affected: Speaker and Delegates (Picture [LinkedIn or submitted], Name, position, company, country, email, phone number, LinkedIn profile, Industry)
- Access: Administration, Marketing, Event Management, IT
- Disclosure: Website, Printed brochures
- Deletion: On request
- Legal Basis: Consent of affected person, justified interest
08. Contacts in web application
- Purpose: Provision of data in our database, that has been taken from public media sources
- Person affected: Stakeholder involved in hotel construction projects, e.g. Architect, Interior designer, General contractor, Developer, Investor, Hotel brands etc. (Data: Name and Contact information)
- Access: All employees, Customers of database, Test users of database
- Disclosure: Website
- Deletion: When contacts are not relevant anymore, projects closed or contacts are not included anymore
- Legal Basis: Justified interest
- Protection: Limited access to online database
09. News Articles
- Purpose: Publication of recent information taken out of our database
- Person affected: Stakeholder involved in hotel construction projects, e.g. Architect, Interior designer, General contractor, Developer, Investor, Hotel brands etc.
- Access: Public
- Disclosure: Website
- Deletion: none
- Legal Basis: Justified interest
10. Publication on Website
- Purpose: Provision of information and references
- Person affected: Employees (name, business contact information, jurisdiction) Customers: References
- Access: Public
- Disclosure: Website
- Deletion: If not wanted anymore or not relevant anymore
- Legal Basis: Consent of affected person consent of affected person