Privacy Notice of Employees and Candidates

With this privacy notice (hereinafter the “Notice”), we, Clearstream Operations Prague s.r.o. or Deutsche Börse Services s.r.o. as a Deutsche Börse Group entities (hereinafter “We”/“Our”/“Us”) concluding or having concluded with you an employment contract, inform you how We process your personal data (hereinafter the “Personal Data”). Your Personal Data means any information relating to you such as name, contact details. Your Deutsche Börse Group entity will process your Personal Data as follows. Identity and contact details of Us and of Our data protection officer

  • Deutsche Börse Group entity
    with business/contact details as defined in your employment contract.
  • Data Protection Officer
    Mergenthalerallee 61, 65760 Eschborn, Germany
    Email: dataprotection@deutsche-boerse.com, phone: +49 69 2 11-1 38 40
  1. Purpose, categories of Personal Data, legal basis and retention
    1. We process the following categories of your Personal Data for the following purposes:
      1. HR purposes:

        Your basic employee data (e.g. name, telephone number, address, position, function, department, marital status, tax number, social security number) to the extent necessary for the purposes below;

        1. Personal data that you provide when you apply for a job. This includes information provided through an online job site, via e-mail, in person at interviews and/or by other method. In particular, We process your personal data such as name, e-mail address, address, date of birth, qualifications, experience, information relating to your employment history, skills or other personal data that you provide directly to Us or to third party who may recommend you as a candidate for a specific job opening. We process this data for the following purposes related to the recruitment process:
          • To consider your application in respect of a role for which you have applied;
          • To consider your application in respect of other roles that may suit your profile;
          • To communicate with you in respect of the recruitment process;
          • To enhance any information that we receive from you with information obtained from third party data providers;
          • To negotiate contractual relationships with you;
          • Or any other purposes which are necessary to finalize whole recruitment process.
        2. Your basic data for the purpose of processing employee benefits as part of our benefit program (this relates only to the personal data needed to obtain a particular benefit for you). This includes transferring the necessary personal data to the provider of the benefits such as Multisport card, Sodexo card etc. for the purpose of administrating benefits;
        3. Travel information (travel data, credit card information, passport number, expenses made) for the purposes of the negotiation, arrangement and purchasing of all travel related activities (e.g. Airfare, Train, Hotel & Car Rental reservations) and the reimbursement of travel expenses;
        4. All data displayed on your medical certificate e.g. name, address, date of birth, health insurance company, the doctor’s name and address for the purpose of assessing the initial medical examination confirmation or once you are employed for the purpose of maintaining your health certificates and time management;
        5. Attendance data (time spent on projects, working hours, absence due to sickness) for the purposes of recording and managing your working time;
        6. Personal Data you may have provided on your own or have asked others to provide in the context of a feedback process for the purposes of training and skill development as well as for purposes of global feedback, career development and recognition;
        7. Employee data for the purposes of employee relations (e.g. creating, changing and terminating employee contracts, creation of employment certificates) and for project related measures (e.g. committee decisions, promotion planning or salary adjustments);
        8. Payroll and bonus data for the purposes of enabling Us to calculate and pay your salary and to administer tax related standards, pension and other standard employment function;
        9. Your business contact details and Personal Data related to the day-to-day business and supervision of you by your direct manager (in particular, performance data, skill data, recruitment data, workforce/trend data, education, status, salary, bonus data, travel expenses, online training data, credit card numbers) as well as Personal Data related for the purposes of succession planning of executives to enable direct managers located in another site to make job-related decisions
      2. Business purposes:
        1. Your basic business contact details (e.g. name, business telephone number, dial-in data, business email address) for the purpose of using the various communication channels (e.g. business email accounts, Lync/Skype, enterprise mobility);
        2. Your Personal Data contained in business emails or attachments thereto for the purposes of enabling email communication between you and colleagues and/or others outside Our company (e.g. customers, suppliers);
        3. Your business contact details processed for the purposes of setting up and executing electronic payments with customers and/or suppliers (e.g. names, account numbers);
        4. Your business contact details processed for the purposes of commercial handling and management with customers and/or suppliers (e.g. name, email address, department);
        5. Your business contact details processed for the purposes of customer relationship management;
        6. Your business contact details and environmental function processed for the purposes of ensuring environmental compliance.
      3. Security purposes:
        1. Your computer related Personal Data (e.g. UserID, installed software, IP address, computer name, location) for the purposes of tracking and managing computing assets such as software licensing and hardware systems, installation of additional software applications;
        2. Your Personal Data contained in log files or security reports (in particular, your IP address, name, location and time of access) for the purposes of intrusion detection, system protection, monitoring and logging;
        3. Your Personal Data (in particular your name, email address, UserID, location) necessary for the purposes of providing UserHelpDesk services, including error reports and treatments as well as processing IT-related issues and problems;
        4. Personal Data collected via Our video surveillance systems for the purposes of preventing unauthorized third parties from accessing Our sites.
      4. Insurance purposes:
        1. Personal Data collected directly from you or your HR department or other resources available to us, which may include health information or other sensitive personal data for the purposes of insurance services, including mainly management of insurance policies, claims handling, support of insurance-related requests and coordination with HR concerning employee-related insurance policies.
        2. In some cases, We may collect Personal Data, including sensitive data about \our family members, close personal relationships, beneficiaries, and emergency contacts for purposes of provision of health care or life insurance benefits (including accident and dismemberment coverage) to you or your dependents or in case you experience a medical emergency at work.
      5. Background Confirmation Checks:
        1. Your Personal Data provided to Us in the process of pre-employment communications (first and surname and your email contact) details may be used for the purposes of performance of one-time check which serves as an additional compliance control mechanism.
      6. Facility management:
        1. Your Personal Data (Name and surname) provided to Us in the process of granting the permission to access the parking places under the Car Parking Guidelines and issuance of parking badge.
        2. Your photography for the purpose of issuance of the ID card/Access Card.
    2. Legal basis for Our processing of your Personal Data

      With respect to HR purposes, Our processing of your Personal Data is permitted by law. The legal basis is Art. 6 para. 1 lit. (b) of the General Data Protection Regulation EU 2016/679 (GDPR) permitting the processing of your Personal Data for the purposes of the performance of Our contract with you.

      With respect to the business and security purposes, the legal ground for the data processing is Art. 6 para. 1 lit. (f) of the GDPR permitting the processing of your Personal Data for Our own legitimate interests.

      With respect to the insurance purposes, the legal ground for the data processing is Art. 6 para. 1 lit. (b) of the GDPR permitting the processing of your Personal Data for the purposes of the performance of Our contract with you.

      With respect to the background Confirmation Checks purposes, the legal ground for the data processing is Art. 6 para. 1 lit. (c) of the GDPR permitting the processing of your Personal Data for the purposes of the compliance with a legal obligaion to which We are subject and Art. 6 para. 1 lit. (f) of the GDPR permitting the processing of your Personal Data for Our own legitimate interests.

      With respect to the facility management purposes, the legal ground for the data processing is Art. 6 para. 1 lit. (f) of the GDPR permitting the processing of your Personal Data for Our own legitimate interests.

      With respect to other purposes, legal ground for the data processing may also be Art. 6 para. 1 lit. (a) GDPR permitting the processing of your Personal Data on basis of a valid consent.

    3. Do you have to provide your Personal Data to Us?

      With respect to HR purposes, the provision of your Personal Data is necessary to enter and/or maintain Our employment contract with you. This means that you are obliged to provide your Personal Data to Us.

    4. Do We make automated decisions on you?

      We do not make any automated decisions solely on automatic processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

    5. Source from which We have obtained your Personal Data

      We may have obtained your Personal Data set out in Section 1.1 above from the following sources: e.g. data provided directly from you, data provided from a recruitment agencies, data from a feedback process by managers/colleagues; data from emails or email chains of customers/suppliers/other employees (e.g. in the context of customer relationship management). These sources are not publicly accessible.

    6. Retention periods

      The retention periods for Personal Data depend on the purpose of the processing. Under the GDPR, the criteria used to determine the applicable retention period are that We will retain Personal Data set out under Section 1.1 above for as long as (i) necessary for the respective purpose, and/or (ii) required by applicable statutory retention laws.

  2. Transfer of Personal Data to third parties
    1. Transfer of your Personal Data to third parties

      If your Personal Data may be processed – for Our aforementioned purposes only – at other divisions and Our affiliated Deutsche Börse Group entities, We will sign a data processing agreement prior to data processing.

      If required for operational purposes, a third party (e.g. Tax Office, Health Insurance Company, Employment Office) may be engaged to process the data.

      In general the categories of recipients regarding your Personal Data are:

      • Payroll providers
      • Third parties, where legal provisions shall apply (e.g. Tax Office and Social Security Authorities)
      • Software providers
      • UserHelpDesk
      • External consultants (e.g. law firms)
      • Works council (if applicable)
      • Other providers (e.g. scan service)

      On request HR will provide you with a list of the third parties that may have access to your Personal Data.

    2. Transfer of your Personal Data to third parties in countries outside the European Union

      The Third Parties referred to in Section 2.1 to which We transfer your Personal Data may be located e.g. in the US outside the European Union. There is no adequacy decision by the European Commission for such country; this means that the level of data protection in such country is not comparable with the level of data protection in the European Union.

      The appropriate safeguard We use to secure your Personal Data in the context of such transfer are the so-called EU Model Clauses. You can find such safeguards under http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm or contact Our data protection officer (see above).

  3. Your Rights

    Under applicable data protection laws, you have rights

    • of access to, rectification of, and/or erasure of your Personal Data;
    • to restrict or object to its processing;
    • to tell Us that you do not wish to receive marketing information;
    • (in some circumstances) to require certain of your Personal Data to be transferred to you or a third party, which you can exercise by contacting Us at the details set out at the beginning of this Notice.

    To the extent Our processing of your Personal Data is based on your consent, you also have the right to withdraw your consent, without affecting the lawfulness of Our processing based on your consent before its withdrawal.

    To exercise your rights, you can contact Us as set out in Section above. You can also lodge a complaint about Our processing of your Personal Data with a relevant data protection authority.