Information and data protection notice issued by Kölner Institut für Managementberatung GmbH pursuant to Art. 14 and 21 GDPR
This information is intended to provide you with an overview of the ways in which we process your personal data if you participate in the services offered by Kölner Institut für Managementberatung GmbH. Specifically, this includes implementation of procedures in human-resources diagnostics (e.g. assessment/development/orientation center) or measures in human-resources development (e.g. coaching, workshop, training). Here, we provide you with information on the data we collect from you and how we use it. We also clarify your rights under applicable data-protection legislation laws and inform you about the individuals and entities you can contact with any questions.
Controller:
The controller for data processing is Kölner Institut für Managementberatung GmbH, Domstraße 55-73, 50668 Cologne, Germany, e-mail: datenschutznothing@ki-management.com.
Data processing to protect the legitimate interests of the controller:
Our client has transmitted your data to us on the basis of Section 26 (1) Sentence 1 of the German Data Protection Act [BDSG], amended, pertaining to the justification and execution of the employment relationship between you and our client. We also process the data transmitted to us in accordance with Section 26 (1) Sentence 1 BDSG, Amended, in the case of initiation or in the context of existing employment relationships, for the purpose of conducting procedures in human-resources diagnostics (e.g. assessment/development/orientation center) or measures in human-resources development (e.g. coaching, workshop, training). This also includes the support provided to participants in connection with this effort.
The data processing in the context of the events carried out on our part can specifically relate to the following items of data about you: name, personnel number, business or organizational unit, age, gender, work telephone number and e-mail address, recommendation issued, assessment of different skill areas, behavior observed in the context of human-resources diagnostics, and photo protocols in human-resources development measures.
Data recipient:
After the procedures in human-resources diagnostics have been carried out, our client or, for example, your (potential) employer receives a potential-analysis report documenting your personal strengths, opportunities for improvement, a quantitative overview of your results and the observed behavior.
Once human-resources development measures have been carried out, our client or your employer receives a list of participants that includes your name and your signature and confirms that you have participated in the measure. In the case of training measures, a photo protocol of the training is typically transmitted for forwarding to the participants (including you, among others).
When commissioned directly, we transmit your name to banks, and in the case of receivables due, under certain circumstances, we may transmit it to a collection agency if authority to do so exists, e.g. pursuant to the legal provisions referenced above.
We can also forward your data to external service providers, e.g. IT‑service providers, companies that destroy data, providers of print services, etc., that work under strict orders to assist us with the processing of data on a controller’s behalf and with which we have concluded an agreement for processing by a processor pursuant to Art. 28 GDPR. Data is not processed outside of the EU or the EEA.
We do not sell your personal data to third parties or otherwise market this data.
Data erasure:
Participants’ personal data is erased once the report on the respective event has been drawn up and the client has been notified of the results.
Rights of the data subject:
In accordance with the relevant provisions of the GDPR, data subjects have the right of access (Art. 15) to personal data concerning them, and to rectification of incorrect data or to erasure of data (Art. 16, 17). There is also the right to restrict Processing (Art. 18) and, in cases covered by Art. 20 of the GDPR, the right to data portability.
Please contact the above-referenced controller to assert your rights as a data subject.
Contact details of the data protection officer:
Our company data protection officer will be happy to assist you with information or suggestions on the subject of data protection. The contact particulars for reaching him are as follows:
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg, Germany
officenothing@datenschutz-sued.de.
Right to lodge a complaint with a supervisory authority:
Every data subject has the right to lodge a complaint with a supervisory authority if he or she is of the view that processing of data pertaining to him or her constitutes an infringement of the provisions of data protection legislation. Specifically, the right to lodge a complaint can be asserted with a supervisory authority in the Member State in which the data subject resides, or in the location in which the alleged infringement took place, e.g. with the supervisory authority in North Rhine-Westphalia.