Directory of procedures for everyone (17.03.2021)
1 General Information on the Party Responsible and the Procedure
1.1 Name/Company of the Party Responsible
1.2 Owner, Executive Boards, Managing Directors and Other Persons Charged with the Leadership of the Company
Mr Stephan Wedi (owner)
Mr Fabian Rechlin (managing director)
1.3 Data Protection Coordinator, Internal
Mr Fabian Rechlin
1.4 Data Protection Coordinator, external
Lars Hille, Data Protection Coordinator
TÜV Rheinland Industrie Service GmbH
TÜV Rheinland Group
1.5 Management of Data Processing
Mr Stephan Heßling (provisional)
1.6 Purpose of Data Collection, Data Processing or Data Use
The primary purpose is the conclusion of customer contracts. Additional purposes are personnel management, supplier management and providing support to trade representatives and interested parties
1.7 Description of Groups of Persons Affected and Related Data or Data Categories
Customer management procedure
Personnel management procedure
Supplier management procedure
Trade representative management procedure
1.8 Recipients or Categories of Recipients With Whom Data may be Shared
- open positions in the case of proceeding legal provisions
- internal posts
- service provider
- external positions fulfilling the purposes named under 1.6
1.9 Normal Deadlines for Data Deletion
The deletion of data takes place once the legal periods of retention in accordance with the Articles of Association or the contract have expired. Insofar that data is not affected by this, it will be deleted if the purposes stated under 1.6 cease to apply.
1.10 Planned Data Transfer Abroad
2 Notes on the Legal Basis
In accordance with Section 4g Paragraph 2 Sentence 2 Federal Data Protection Act (BDSG), the data protection coordinator will, on request, make information in accordance with Section 4e Sentence 1 no. 1-8 BDSG available to anyone in a suitable way.
A method is a package of processes connected by an intended purpose determined by those responsible (explanatory statement to Article 18 EU Data Protection Guidelines). A directory of procedures is the overview to be published that can be understood by anyone (Section 4e Sentence 1 No. 1-8 BDSG). Accordingly, each responsible authority that processes personal data creates a ‘directory of automated procedures (directory of procedures )’.
The obligation to notify is subject to automatic processing procedures in accordance with Section 4d Paragraph 1 BDSG. As a procedure consists of multiple automated processes or groups of automated processes, the overview to be created legally for the purposes of prior checks in accordance with Section 4d Paragraph 6 Sentence 2 BDSG with the information in accordance with Section 4e Sentence 1 nos. 1-9 BDSG and the information in accordance with Section 4g Paragraph 2 BDSG can be designated as a processing overview by the persons with access authorisation. The processing overview forms the foundation for the data protection coordinator’s work.
The term ‘automatic personal processing’ is described as the collection, processing or use of personal data using data procession facilities in Section 3 Paragraph 2 BDSG.