Information on data processing for employees of the Institute for Plasma Research and Technology e.V.

The protection of your personal data is important to us. This privacy notice explains the purposes for which and the extent to which the INP collects, processes or discloses your data. It also sets out the rights to which you are entitled as a data subject.

This privacy notice applies to all INP staff. Staff includes employees in scientific and administrative roles, board members, PhD students, students, interns and visiting researchers (hereinafter ‘employees’). In accordance with Section 26(8) of the Federal Data Protection Act (BDSG), this also includes, in particular, job applicants, former employees, trainees and persons in a quasi-employee relationship.

1. Responsibility for data processing

Leibniz Institute for Plasma Science and Technology e.V. (INP)
Felix-Hausdorff Straße 2
17489 Greifswald
welcome@inp-greifswald.de
www.leibniz-inp.de

Contact details of our Data Protection Officer:

Nadja Dahlhaus
Leibniz Institute for Plasma Science and Technology e.V. (INP)
Felix-Hausdorff Straße 2
17489 Greifswald
inp-datenschutz@inp-greifswald.de
 

2. Purpose & legal basis of data processing

We process your personal data for the purposes of establishing, carrying out and terminating the employment relationship.

Processing is carried out on the basis of Section 26(1) of the Federal Data Protection Act (BDSG) in conjunction with Article 88 of the General Data Protection Regulation (GDPR).
Where necessary, processing is also carried out on the basis of Article 6(1)(c) of the GDPR (legal obligations) and Article 6(1)(f) of the GDPR (legitimate interests, in particular IT security).

We process special categories of personal data (e.g. health data) exclusively to the extent that this is necessary for the exercise of rights or the fulfilment of legal obligations under labour and social security law. Processing is carried out on the basis of Section 26(3) of the Federal Data Protection Act (BDSG) in conjunction with Article 9(2)(b) of the GDPR and – where applicable – Article 9(2)(h) of the GDPR.
Where, in individual cases, processing is carried out on the basis of consent, this is governed by Article 9(2)(a) of the GDPR and Section 26(2) of the BDSG. Such consent is voluntary and may be withdrawn at any time with effect for the future.


3. Categories of data processed

  • Personal master data (name, contact details)
  • Contract and employment data
  • Remuneration and tax data
  • Social security data
  • Qualification data
  • Time and attendance data
  • IT usage data
  • Health data


4. Specific processing activities

IT security and training:
Processing of log, attendance and IT usage data, as well as personal data required to ensure IT security and system stability, or needed for forensic evidence preservation and documentation in the event of security incidents.

OSIRIS research information system (CRIS system)
Processing of data for the documentation of academic activities (e.g. publications, project participation, as well as data required to fulfil internal and external reporting obligations). The provision of further details (e.g. CV, photo, ORCID link) is voluntary and will only be processed and, where applicable, published with your explicit consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time with future effect

Further information can be found in INPzentral 2 under Data Protection.


5. Publication of your data

In the course of your work, personal data may be published where this is necessary for the performance of your duties or for the external presentation of the Institute.

Official details (e.g. name, role and official contact details) may be published in particular on the website, in publications or in internal directories.
The legal basis is Article 6(1)(f) of the GDPR in conjunction with Section 26 of the BDSG. You have the right to object in accordance with Article 21 of the GDPR.

Photographs of employees are processed exclusively on the basis of separate consent. You will receive the relevant information in this regard as part of the declaration of consent.


6. Use of AI applications

The INP permits the use of artificial intelligence (AI) applications for official purposes, provided that the internal AI guidelines are strictly adhered to and no personal data is processed, or a corresponding data protection assessment has been carried out. These guidelines ensure that the use of AI complies with legal standards and ethical guidelines, and serve to protect the rights and freedoms of data subjects.


7. Recipients of your data

We will only transfer your personal data to third parties if there is a legal basis for such transfer. Recipients of your personal data may include, in particular:

  • internal departments
  • staff representatives
  • public authorities and funding bodies
  • external service providers (Art. 28 GDPR)

Where third parties process your data on our behalf, agreements on commissioned data processing in accordance with Article 28(3) of the GDPR are concluded. Recipients of your personal data may primarily include other companies with which we have a business relationship. Your personal data is transferred to our service provider for external payroll accounting. When applying for funding projects, personal data must also be transferred to the funding body if the names of the planned staff are known. (See the BMBF’s data protection information in INPzentral2). Upon request, we can also provide you with this information in paper form.

In individual cases, data may be transferred to other authorised recipients.  These include, for example, social security providers, tax authorities, funding bodies or external IT service providers.

Where data is transferred, we always take into account the technical and organisational measures of the recipients in accordance with Article 32 of the GDPR.


8. Transfer to third countries

The transfer of personal data to third countries may take place in individual cases (e.g. in connection with the use of video conferencing systems or cloud services). In such cases, the transfer takes place exclusively in compliance with Articles 44 et seq. of the GDPR. Where an adequacy decision by the European Commission exists for the relevant third country (e.g. the EU-US Data Privacy Framework), the transfer takes place on this basis. Otherwise, appropriate safeguards are provided, in particular through the conclusion of standard contractual clauses in accordance with Article 46 of the GDPR.


9. Retention period

The data is stored for the duration of the employment relationship, unless the employer’s legitimate interest in further storage has ceased to exist.  All remuneration-related data, such as invoices and payslips, etc., are retained for 10 years in order to comply with tax and social security retention or disclosure obligations, in particular Section 147 of the German Fiscal Code (AO). Section 147(4) of the German Fiscal Code (AO) governs  the start of the retention period for tax- e obligations. Personal data contained in commercial documents is stored for a period of 6 years in accordance with the retention obligation under Section 257 of the German Commercial Code (HGB). Data not relevant to remuneration, insofar as it can be separated with reasonable effort, is retained for the duration of the standard limitation period of 4 years following the termination of the employment relationship, Article 17(3)(e) of the GDPR, Section 195 of the German Civil Code (BGB). The 4-year retention period is justified on the grounds of legitimate interest under Article 6(1)(f) of the GDPR in the event of a potential legal dispute, in line with the standard limitation period of 3 years specified therein. The period begins at the end of the calendar year in which the employment relationship ends. At the end of each calendar year, a review is carried out to determine whether further storage is necessary. If this is not the case, the data will be deleted. Longer retention periods may apply under other regulations. 


10. Your rights

You have the right to obtain information about the personal data concerning you (Article 15 GDPR). You may also request the rectification of inaccurate data (Art. 16 GDPR). Furthermore, under certain conditions, you have the right to erasure of data (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The processing of your data is carried out on the basis of legal provisions. We require your consent only in exceptional cases. In such cases, you have the right to withdraw your consent for future processing (Art. 7(3) GDPR). Furthermore, you may also have a right to object pursuant to Art. 21 GDPR in the event of processing carried out on the basis of a legitimate interest. You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your personal data is not lawful.

The address of the supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information, Mecklenburg-Western Pomerania
Werderstraße 74a
19055 Schwerin
E-Mail: info@datenschutz-mv.de
Webseite: www.datenschutz-mv.de

11. Automated decision-making

No automated decision-making, including profiling, takes place in accordance with Article 22 of the GDPR.


12. Provision of personal data

The provision of your personal data is necessary for the performance of the employment relationship. Failure to provide personal data would result in the personnel file being incomplete or not containing all current information about you, or the Institute being unable to fulfil its legal obligations, which may mean that the employment relationship cannot be carried out.


13. Right to make changes

Due to the further development of our Institute or changes in legal requirements, it may become necessary to amend this privacy policy. We will inform you of any changes to the privacy policy in an appropriate manner. 

You can view the current version of this privacy policy at any time on the INP intranet. 


14. Further information on data protection

Further information on data processing can be found in our privacy policy

on our homepage at: https://www.inp-greifswald.de/de/privacy-policy/  and in INPzentral 2 under Data Protection.

Partners & Sponsors
of the INP

INP EU projects Leibniz Gemeinschaft (opens in new Tab) Info page HR EXCELLENCE Total E-Quality (opens in new Tab) Federal Ministry of Research, Technology and Space (opens in new Tab) Ministerium für Wissenschaft, Kultur, Bundes- und Europaangelegenheiten (opens in new Tab)