RECORD OF PROCESSING ACTIVITIES

01. Application

Purpose: Recording and choosing of persons interested in a vacant position in our company

Person affected: Applicant proactive applicant of tender or job advertisment

Access: Management and HR respective departments

Disclosure: none

Deletion: 2-6 months after refusal. Where applicable, adding to candidate pool after consultation with candidate

Legal Basis: Consent of affected person

Protection: Lockable cabinets, data protection on the server

02. Workforce

Purpose: Recording and managing of employees and keeping a personnel file

Person affected: Employees & interns (application, CV, proof of qualification, in-job trainings, contracts, changes)

Access: Management and HR respective departments

Disclosure: Tax office, health insurance company, social security offices, pension offices, offices for mini-jobs

Deletion: 2 years after leaving

Legal Basis: Processing in connection with employment in accordance with DSGVO

Protection: Lockable cabinets, data protection on the server

03. HR-Payroll

Purpose: Recording of basis for accounting and paying of the contractual salary

Person affected: Employees (Personal data, Bank details, billable services)

Access: Management and HR respective departments, bank for payments, reporting to social insurance memeberships, pensions etc.

Disclosure: Tax office for preparational accounting, bank for payments, reporting to social insurance memeberships, pensions etc.

Deletion: 12 years

Legal Basis: Processing in connection with employment in accordance with DSGVO, legal obligation for notification

Protection: Lockable cabinets, data protection on the server

04. Debtors

Purpose: Managing of debtors, debtors = customers, clients – Order confirmation and invoicing of ordered goods and services (via fax, email or webshop), dunning

Person affected: Contact person in the departments, name, contact data (data from business card)

Access: Management respective departments: administration, sales internal/external, IT internal/external, marketing, client relationship, research

Disclosure: Online CRM software, tax office for financial accounting, payment service provider webshop, debt collection agency in case of dunning

Deletion: 10 years

Legal Basis: Consent of affected person

Protection: Agreement to data protection contract of EU (03/2018), lockable cabinets, data protection on the server

05. Creditors

Purpose: Supplier > Receipt of invoices for ordered goods and services

Person affected: Contact person for suppliers, name, contact data (data from business card)

Access: Management respective departments: administration, sales internal/external, IT, marketing, client relationship, research, bank for payments

Disclosure: Online CRM software, tax office for financial accounting

Deletion: 10 years

Legal Basis: Consent of affected person, justified interest

Protection: Agreement to data protection contract of EU (03/2018), lockable cabinets, data protection on the server

06. Newsletter

Purpose: Information about products and offers, sending of press releases, Invitation to conferences, follow-up emails

Person affected: Registered persons for newsletter, (name and company, country, email address)

Access: Marketing, IT

Disclosure: Newsletter software

Deletion: Yearly check for usage, if not immediate deletion

Legal Basis: Consent of affected person, justified interest

Protection: Limited access to software

07. Conferences

Purpose: Thematic conferences and publication of the program for interested persons

Person affected: Speaker and Delegates (Picture [LinkedIn or submitted], Name, position, company, country, email, phone number, LinkedIn profile, Industry)

Access: Administration, Marketing, Event Management, IT

Disclosure: Website, Printed brochures

Deletion: On request

Legal Basis: Consent of affected person, justified interest

Protection: 

08. Contacts in web application

Purpose: Provision of data in our database, that have been taken from public media sources

Person affected: Stakeholder involved in hotel construction projects, e.g. Architect, Interior designer, General contractor, Developer, Investor, Hotel brands etc. (Data: Name and Contact information)

Access: All employees, Customers of database, Test users of database

Disclosure: Website

Deletion: When contacts are not relevant anymore, projects closed or contacts are not included anymore

Legal Basis: Justified interest

Protection: Limited access to online database

09. News Articles

Purpose: Publication of recent information taken out of our database

Person affected: Stakeholder involved in hotel construction projects, e.g. Architect, Interior designer, General contractor, Developer, Investor, Hotel brands etc.

Access: Public

Disclosure: Website

Deletion: none

Legal Basis: Justified interest

Protection: 

10. Publication on Website

Purpose: Provision of information and references

Person affected:  Employees (name, business contact information, jurisdiction) Customers: References

Access: Public

Disclosure: Website

Deletion: If not wanted anymore or not relevant anymore

Legal Basis: Consent of affected person consent of affected person

Protection: