Data protection information for employees and applicants (as at 10/2025)

The following information shows how we handle your data:

1. person responsible for data processing

Wirtschaftsförderung Region Kassel GmbH
Kurfürstenstrasse 9
34117 Kassel

Phone: +49 561 7073350
E-Mail: info@wfg-kassel.de

If you have any questions about data protection, please contact us at any time using the above contact details.

2. purpose and legal basis of data processing

We process your data on the basis of the EU General Data Protection Regulation (GDPR)the Federal Data Protection Act (BDSG) as well as all other laws relevant to us under data protection law.

2.1 Employment relationship

We store the necessary information on our applicants and employees for personnel administration purposes and carry out payroll accounting:

  • Master and contact data
  • Health data
  • Wage data
  • Social security data
  • Family relationships
  • Application data
  • Contract data
  • Time recording data
  • Training data
  • Travel dates

The data is processed on the basis of Art. 6 para. 1 lit. b GDPR. Without the provision of the necessary data, it is not possible to carry out and manage the employment relationship. We may also be legally obliged to process personal data. In this case, data processing takes place on the basis of Art. 6 para. 1 lit. c GDPR. Insofar as special categories of personal data within the meaning of Art. Art. 9 GDPR processed (e.g. health data), the legal basis for processing is § Section 26 (3) BDSG resp. Art. 9 para. 2 lit. b GDPR i.V.m. Art. 6 para. 1 lit. b GDPR.

We generally collect the data from the data subject themselves. In addition, data may be collected via internet searches, social networks, etc.

Furthermore, data processing may be necessary to ensure occupational safety, to defend against breaches of duty under employment contracts or to carry out company integration management. If you use a company pension scheme offered by us, data will also be processed in this area.

In principle, employees' personal data is stored for the duration of the employment relationship. There may be special regulations in individual areas. Insofar as statutory retention obligations exist, these must be taken into account by us.

Applicants' data will be deleted six months after the end of the application process. In exceptional cases, we may store the data for longer if the applicant has consented to this or if statutory retention periods make this necessary.

Insofar as there are no statutory retention obligations, personal data can be deleted if its further processing is no longer required for the performance or termination of the employment relationship.

2.2 IT security

As part of our security measures, we keep various logs in IT systems. These are used, on the one hand, for troubleshooting if necessary and, on the other hand, as proof of data collection, changes and deletions. The following data is logged for this purpose:

  • Device data
  • Access data
  • User data

The legal basis is, on the one hand, our legitimate interest in Art. 6 para. 1 lit. f GDPR the secure operation of IT systems and, on the other hand, legal requirements under Art. 6 para. 1 lit. c GDPR to ensure the integrity, confidentiality and availability of data (accountability).

As a rule, log data for IT security is deleted after four weeks at the latest. Log data in connection with accountability is deleted in accordance with the applicable legal requirements. In justified cases of suspicion, data may also be retained until the facts of the case have been clarified.

3. recipients of personal data

We only pass on your data to third parties if this is necessary to fulfill the purpose. Furthermore, data may be passed on on the basis of legal regulations in accordance with Art. 6 para. 1 lit. c and e GDPR to authorities and social security institutions. Data may also be passed on to customers and other business partners to the extent necessary for business purposes.

Data is passed on to our external tax advisor to the extent necessary for our accounting, payroll accounting, the preparation of balance sheets and other tax matters. In various cases, processors may be commissioned in accordance with Art. 28 GDPR who may receive data from us or have access to your data in connection with their services. In this context, data may also be transferred outside the EU. We ensure that there is either an EU adequacy decision for the destination country in question in accordance with Art. Art. 45 GDPR or we have concluded a contract with the relevant service providers on the basis of the standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR concluded. You can find them here: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_de.

4. your rights

You have the following rights vis-à-vis us with regard to your personal data:

  • Right to information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7 para. 3 GDPR)
  • Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR)

5. data protection officer

We have appointed an external data protection officer:

Stefan Pietsch
Pietsch IT GmbH
Wilhelmshöher Street 1
34590 Wabern

Tel: +495683-923440
E-Mail: datenschutz@pietsch-it.de
Internet: www.pietsch-it.de

6. topicality and amendment of this data protection information

This data protection information is currently valid (see status in the heading). It may become necessary to amend this data protection information as a result of the further development of our services or due to changes in legal or official requirements.