Record of Processing Activities

01. Application

  • Purpose: Recording and choosing of persons interested in a vacant position in our company
  • Person affected: Applicant proactive applicant of tender or job advertisement
  • Access: Management and HR respective departments
  • Disclosure: none
  • Deletion: 2-6 months after refusal. Where applicable, adding to candidate pool after consultation with candidate
  • Legal Basis: Consent of affected person
  • Protection: Lockable cabinets, data protection on the server

 

02. Workforce

  • Purpose: Recording and managing of employees and keeping a personnel file
  • Person affected: Employees & interns (application, CV, proof of qualification, in-job training, contracts, changes)
  • Access: Management and HR respective departments
  • Disclosure: Tax office, health insurance company, social security offices, pension offices, offices for mini-jobs
  • Deletion: 2 years after leaving
  • Legal Basis: Processing in connection with employment in accordance with DSGVO
  • Protection: Lockable cabinets, data protection on the server

 

03. HR-Payroll

  • Purpose: Recording of basis for accounting and paying of the contractual salary
  • Person affected: Employees (Personal data, Bank details, billable services)
  • Access: Management and HR respective departments, bank for payments, reporting to social insurance memberships, pensions etc.
  • Disclosure: Tax office for preparational accounting, bank for payments, reporting to social insurance memberships, pensions etc.
  • Deletion: 12 years
  • Legal Basis: Processing in connection with employment in accordance with DSGVO, legal obligation for notification
  • Protection: Lockable cabinets, data protection on the server

 

04. Debtors

  • Purpose: Managing of debtors, debtors = customers, clients – Order confirmation and invoicing of ordered goods and services (via fax, email or webshop), dunning
  • Person affected: Contact person in the departments, name, contact data (data from business card)
  • Access: Management respective departments: administration, sales internal/external, IT internal/external, marketing, client relationship, research
  • Disclosure: Online CRM software, tax office for financial accounting, payment service provider webshop, debt collection agency in case of dunning
  • Deletion: 10 years
  • Legal Basis: Consent of affected person
  • Protection: Agreement to data protection contract of EU (03/2018), lockable cabinets, data protection on the server

 

05. Creditors

  • Purpose: Supplier > Receipt of invoices for ordered goods and services
  • Person affected: Contact person for suppliers, name, contact data (data from business card)
  • Access: Management respective departments: administration, sales internal/external, IT, marketing, client relationship, research, bank for payments
  • Disclosure: Online CRM software, tax office for financial accounting
  • Deletion: 10 years
  • Legal Basis: Consent of affected person, justified interest
  • Protection: Agreement to data protection contract of EU (03/2018), lockable cabinets, data protection on the server

 

06. Newsletter

  • Purpose: Information about products and offers, sending of press releases, Invitation to conferences, follow-up emails
  • Person affected: Registered persons for newsletter, (name and company, country, email address)
  • Access: Marketing, IT
  • Disclosure: Newsletter software
  • Deletion: Yearly check for usage, if not immediate deletion
  • Legal Basis: Consent of affected person, justified interest
  • Protection: Limited access to software

 

07. Conferences

  • Purpose: Thematic conferences and publication of the program for interested persons
  • Person affected: Speaker and Delegates (Picture [LinkedIn or submitted], Name, position, company, country, email, phone number, LinkedIn profile, Industry)
  • Access: Administration, Marketing, Event Management, IT
  • Disclosure: Website, Printed brochures
  • Deletion: On request
  • Legal Basis: Consent of affected person, justified interest

 

08. Contacts in web application

  • Purpose: Provision of data in our database, that has been taken from public media sources
  • Person affected: Stakeholder involved in hotel construction projects, e.g. Architect, Interior designer, General contractor, Developer, Investor, Hotel brands etc. (Data: Name and Contact information)
  • Access: All employees, Customers of database, Test users of database
  • Disclosure: Website
  • Deletion: When contacts are not relevant anymore, projects closed or contacts are not included anymore
  • Legal Basis: Justified interest
  • Protection: Limited access to online database

 

09. News Articles

  • Purpose: Publication of recent information taken out of our database
  • Person affected: Stakeholder involved in hotel construction projects, e.g. Architect, Interior designer, General contractor, Developer, Investor, Hotel brands etc.
  • Access: Public
  • Disclosure: Website
  • Deletion: none
  • Legal Basis: Justified interest

 

10. Publication on Website

  • Purpose: Provision of information and references
  • Person affected: Employees (name, business contact information, jurisdiction) Customers: References
  • Access: Public
  • Disclosure: Website
  • Deletion: If not wanted anymore or not relevant anymore
  • Legal Basis: Consent of affected person consent of affected person