Data privacy statement Technoform Bautec Holding GmbH

Data privacy statement
for applicants and employees

Status 10/2023


The information below explains how we use your data:

1. Data controller

Technoform Bautec Holding GmbH
Max-Planck-Str. 6
34253 Lohfelden, Germany

T +49 561 9583 300
E application [dot] tb_holding [at] technoform [dot] com (application[dot]tb_holding[at]technoform[dot]com)

If you have any questions regarding data protection, please contact us at any time using the contact details mentioned above.

2. Purpose and legal basis of data processing

We process your data based on the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant data protection laws.


2.1 Employment
We store information on our applicants and employees that is necessary for personnel administration and to carry out payroll accounting:

•    Master data and contact details
•    Health data
•    Wage data
•    Social security data
•    Family circumstances
•    Application data
•    Contract data
•    Time recording data
•    Training data
•    Travel data

Data processing is based on Section 26 BDSG. Without provision of the required data, administration of the employment relationship is not possible. 

We may also be required by law to process personal data. This data processing is performed on the basis of Article 6(1)(c) GDPR. Furthermore, data processing may be necessary to ensure occupational health and safety, to defend against breaches of obligations under the employment contract or to implement company integration management. If you use a company pension scheme offered by us, data will also be processed in relation to this.

In principle, the personal data of employees is stored for the duration of the employment relationship. Special regulations may exist in individual areas. Provided that statutory retention obligations exist, these are to be taken into account by us. 

Applicants' data will be deleted six months after the end of the application process. In exceptional cases we may store data for longer if the applicant has consented to this or if legal retention periods make this necessary.

Unless there is a legal obligation to retain data, personal data may be deleted if its further processing is no longer necessary for the performance or termination of the employment relationship.


2.2 IT security

We maintain various logs in IT systems as part of our security measures. These are used for troubleshooting when necessary and also for proving data collection, changes and deletions.  The following data is logged for this purpose:

•    Device data
•    Access data
•    User data

The legal basis for this is our legitimate interest in the secure operation of IT systems in accordance with Article 6(1)(f) GDPR and also the legal requirements in accordance with Article 6(1)(c) GDPR to ensure the integrity, confidentiality and availability of data (accountability).

Log data for IT security is usually deleted after six months at the latest. Log data related to accountability will be deleted in accordance with the applicable legal requirements. In justified cases of suspicion, data may also be retained until the facts of the case have been clarified.

3. Recipients of personal data

We only pass on your data to third parties if this should become necessary to fulfil a purpose. Furthermore, data may be passed on to authorities and social insurance institutions on the basis of statutory regulations in accordance with Article 6(1)(c) and (e) GDPR. Data may also be passed on to customers and other business partners to the extent necessary for business purposes. 

For the purpose of bookkeeping, payroll accounting, balance sheet preparation and other tax-related matters, data is passed on to our external tax advisor to the extent necessary for operational purposes. For the planning and booking of business trips, employee data is transferred to travel agencies, hotels and rental car, flight and rail travel providers only to the extent necessary. In addition, we pass on employee data to other Technoform companies in order to ensure smooth communications within Technoform.

In some cases, data processors may be used in accordance with Article 28 GDPR who may receive data from us or have access to your data in connection with their services. 

As part of this, data transfers outside the EU may also occur. In doing so, we make sure that there is either an EU adequacy decision in place pursuant to Article 45 GDPR for the target country in question or that we have concluded a contract with the service providers concerned based on the standard data protection clauses pursuant to Article 46 GDPR. 

You can find these here:


4. Your rights

You have the following rights in respect of us regarding your personal data:

•    Right of access (Art. 15 GDPR)
•    Right to rectification (Art. 16 GDPR)
•    Right to erasure (Art. 17 GDPR)
•    Right to restriction of processing (Art. 18 GDPR)
•    Right to data portability (Art. 20 GDPR)
•    Right to object (Art. 21 GDPR)
•    Right to withdraw (Art. 7 (3) GDPR)
•    Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)


5. Data Protection Supervisor

We have appointed an external data protection supervisor: 

Stefan Pietsch

Contact details:

Pietsch IT GmbH
Wilhelmshöher Straße 1
34590 Wabern, Germany

T +49 5683-923440
E datenschutz [at] pietsch-it [dot] de

6. Validity and amendment of this data protection statement

This data protection statement is currently valid (see status in the heading). Due to the further development of our offers or due to changed legal or official requirements, it may become necessary to amend this data protection statement.