Data Protection for employees and for self-employed consultants

Declaration on the collection and processing of employees' personal data1 and the self-employed consultants

(updated 05.05.2022)

This Privacy Policy applies to employees of Robert Half Deutschland GmbH & Co, Robert Half Deutschland GmbH & Co KG and Protiviti GmbH (Germany) (in this privacy statement, both companies are also referred to as "employer", "we", "us", "our" or "the company(ies)"; Robert Half also as "RH"; Protiviti GmbH also as "Protiviti").

Temporary workers of RH and for self-employed consultants for whom RH arranges assignments with third parties.

The following definitions apply:

  • "Employees" means employees of the Companies including Temporary workers permanently employed by RH under an employment contract;
  • "Internal employees" means employees of the companies excluding Temporary workers;
  • "Temporary workers" means workers of RH who are hired out to other companies;
  • "Self-employed consultants" means self-employed persons (natural persons and legal entities) to whom RH places orders with third parties.

This privacy policy describes how and for what purposes the companies collect, store and use your personal data, including your name, address and other personal information.

The companies will process personal data in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR) and German data protection laws, as well as in accordance with applicable national labour law provisions and any applicable collective agreements.

Under the GDPR and German data protection laws, we are each the (sole) "controller" in relation to the personal data; this means that it is our responsibility to decide for what purposes and in what way your personal data will be processed. We comply with our legal obligations when processing your personal data and take appropriate steps to protect your personal data. This Privacy Policy applies equally to current and former employees and current and former self-employed consultants.

It is important that you read this Privacy Policy together with any other Privacy Notice we may provide to you, such as the Privacy Notice included in our applicant registration form; and you should also read it on certain occasions, such as when we collect your personal data from you, so that you are fully aware of how and why we use your personal data.

Table of contents

What information do we process about you?

In the course of the application process, we collect your personal data directly from you as the main source, from your CV, where applicable via reference providers and via online tests in which you voluntarily participate at our request. In addition, we collect various information about you during your employment or when you work with us. Among them, in particular, the following data:

  • Your identity (your full name, any previous names, gender, date of birth and marital status);
  • If necessary, proof of your work permit, which may include a photograph, as well as nationality, place of birth, driver's licence, etc. (according to the legal regulations);
  • Your contact details including your email address, home address and telephone numbers;
  • Details of bank account and national insurance number (so that we can make and prove payments to you and, if you are our employee, social security contributions);
  • Specific information for payroll such as: Your seniority, your bank details, your church tax details;
  • Your tax number;
  • Your qualifications, work experience, career development;
  • Your salary (employee) or fee (self-employed consultant) and other benefits;
  • Your education;
  • Your professional career;
  • Details of reference providers (previous employers or reference providers from the field of your education) and letters of reference;
  • Emergency contact details;
  • Other information contained in your CV or information you wish to provide to us;
  • Performance assessment data;
  • Special features for the management of contractual services;
  • Data on absences;
  • Photos and video recordings made by you;
  • Results of various tests (personality tests and skills tests);
  • Data from the recording of working hours (employees) or activities (self-employed consultants), in particular those entered via our time recording tools;
  • etc.

If the employee or self-employed consultant does not provide personal information, Companies may not be able to manage the employment or placement of self-employed consultants and the employee may not be able to participate in certain activities or benefits related to their employment or the self-employed may not be placed to a client.

Purposes for processing your personal data

We process and store your personal data and may disclose it in order to manage your employment relationship with us or your relationship as an self-employed consultant and/or to pursue our other legitimate business interests. These include the following:

  • Making a decision about your employment (including taking personality tests, answering questionnaires, participating in surveys and employee interviews on motivation and onboarding) (employees);
  • Determining the conditions under which you will work for us and drawing up your employment contract (employee) or placement contract (self-employed consultant);
  • Obtaining personal references and/or references from previous employers (employees) or clients (self-employed consultants) and issuing references;
  • Management and maintenance of your personnel file in:
    • Workday and in the HCM portal (internal employee RH);
    • in Workday, on a protected and secured folder on the company's internal drive, in the HCM portal, in the time recording tool "Time and Space"(iCat) as well as in the paper file (internal employee Protiviti);
    • Managing and maintaining your data in the digital personnel file on the branch's own drive and in a personnel folder on the payroll department's drive, in Salesforce and in the paper personnel file, as well as in the HCM portal and in the time recording tool (temporary workers from RH);
  • Conduct employee appraisals and performance appraisals (employees);
  • Managing your working modalities (e.g. flexible working hours or home office) (employees);
  • Compliance with health and safety obligations (employees);
  • Set up the payroll process so that we can transfer your salary and any expense reimbursements to your bank account (employees);
  • Setting up the billing process so that we can transfer your fee and any expense reimbursements to your bank account (self-employed consultants);
  • Paying your salary and issuing a monthly payroll (employee);
  • Payment of your fee or a credit note and issue of a monthly statement upon receipt of your invoice (self-employed consultants);
  • Withholding of wage tax and social security contributions and settlement vis-à-vis the competent tax authorities and social security institutions (employees);
  • Manage and update your absences such as holiday or sick days, parental leave and other time off (employees);
  • To manage sickness absence and assess your ability to work;
  • Administration of training support/ student loans/ referral bonus/ time ticket loans (employees);
  • Making arrangements for the termination of your employment and related administrative tasks (employees);
  • Transfer of your personal data to our parent company in the USA to set up your employee account (employee);
  • Granting appropriate access rights to various internal systems that you need to perform your function in or for the company: such as our Customer Relationship Management System - Salesforce (RH internal staff and Protiviti) and our financial system - PeopleSoft - Global Finance System (RH internal staff); to our HCM portal/time tracking tool (RH temporary workers and self-employed consultants);
  • Provision of company-owned work equipment (employees);
  • Business planning and management including annual budgeting for the individual departments;
  • Settlement of disputes, grievances, complaints and claims involving you or other employees/self-employed consultants (employees and self-employed consultants);
  • Monitoring your use of our information systems in accordance with our Business Tools & Communications Policy (Employees);
  • Fulfil all legal, regulatory and administrative obligations and compliance with and application of social and tax legislation (employees and self-employed consultants);
  • Work planning, both administrative and organisational (temporary workers);
  • Managing the services provided to the client and invoicing them (temporary workers and self-employed consultants);
  • Maintain and ensure communication between the companies and employees/self-employed advisers;
  • Preparation and evaluation of statistics;
  • Conducting employee surveys for internal purposes (employees);
  • Support, both administrative and organisational, the recruitment and application process (employees and self-employed consultants);
  • Recording and processing your working hours/project times, in particular via time recording tools, to ensure that all legal and contractual provisions, in particular the Working Hours Act, are complied with (employees and self-employed consultants);
  • To provide workplace adjustments;
  • For the granting of social benefits (including parental allowance, statutory sickness benefit and other benefits). For any other lawful commercial purpose to the extent permitted or required by applicable law or regulation;
  • Credit reference agencies and third parties that carry out sanctions checks and terrorism checks.

We only use your personal data if we are legally entitled to do so. We use your personal data in the following cases:

  • To perform a contract to be entered into or concluded with you;
  • For the detection of criminal offences;
  • To safeguard our legitimate interests;
  • To fulfil our legal obligations (incl. collective agreements);
  • If we have your consent to do so;
  • If we assert rights in connection with the employment relationship of employees or the relationship of self-employed consultants;
  • The processing of special categories of personal data shall be permitted for the purposes of the employment relationship if it is necessary for the fulfilment of rights or the fulfilment of legal obligations arising from labour law, social security law and social protection law and there is no reason to assume that the data subject's legitimate interest in the exclusion of the processing overrides the legitimate interest.

Legitimate interest exists where we have a business or commercial reason to use your data in connection with the operation and management of our business. When processing your personal data, we consider any potential impact on you and your legal rights and aim to balance our mutual interests. We will only use your personal data for activities where our interests outweigh yours (unless we you have given us consent or we are required to do so to comply with a legal or regulatory obligation or we are permitted to do so by law).

Sensitive personal data

Sensitive personal data includes information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health and sexual orientation.

In some cases, we may process your sensitive personal data because you have chosen to provide it to us.

If we need your written consent, we will tell you the specific information we want to know from you and why we need it. We take additional security and other measures to protect sensitive personal information and limit the people who have access to it.

Transfer of your personal data outside the European Economic Area

We are part of an international group of companies. Your personal data is securely stored on servers in Europe and in the UK and securely transferred to our parent company Robert Half International Inc. in the USA and stored in the "cloud".

Data protection laws outside Europe may not offer the same level of protection as laws in Europe. In this case, we will ensure that your personal data is adequately protected, secure and kept confidential and that we have a lawful basis for its transfer. This means that we require the third parties receiving the data to sign the Standard Contractual Clauses (SCCs) recognised by the European Commission to give personal data the same protection as when processed within the EEA.

You have the right to receive a copy of the reasonable protections we use. To do so, contact the offices listed in the Contact section.

Protection of your personal data

Your personal data will be treated confidentially and can only be viewed or routinely accessed by yourself, your immediate supervisor (and higher-ranking supervisors in your team's reporting line), employees of the Human Resources Department and Payroll Department, and, if applicable, other employees entrusted with the servicing of your employment relationship or their assignment (employees and self-employed consultants). If other employees have access to your personal data for financial or budgetary purposes, resource planning, forecasting and other legitimate business purposes, it will be limited to data relating to your work (such as your name, position, office location, direct manager). Access to the data is only granted to persons who have been authorised accordingly beforehand. Authorisation shall only be granted if there is a genuine business need and only to the extent necessary for the performance of the task in question.

We use modern, secure storage facilities and technical protection methods to protect your personal data against unauthorised or unlawful processing or transmission, accidental loss, destruction or other damage.

If third parties provide services and it is necessary for the third parties to have access to your personal data for reasons of their legitimate interests, we will ensure that they only have access to your data to the extent necessary for the provision of the provided services. We also ensure that any service provider we engage is contractually bound to comply with applicable data protection laws, to treat your personal data confidentially and to provide adequate safeguards to protect your personal data.

Collection and processing of your personal data as follows

Your personal data will be

  • transferred in our online HR tool "Workday" and into the HCM portal (internal employees at RH);
  • in Workday, to a protected folder on the company's internal drive, to the HCM portal, to the Time recording tool "Time and Space"(iCat) and transferred to the paper file (internal employee Protiviti).

We use Workday and the HCM Portal, for standard HR administrative and payroll activities and collect personal data in these systems.

  • We manage and maintain the data of RH's temporary workers in the digital personnel file on the branch's own drive and in a personnel folder on the payroll department's drive, in Salesforce and in the paper personnel file of the respective employee as well as in the HCM portal.

This involves the following types of personal data of our employees and self-employed consultants: Your full name, home address, personal email address, private contact details, contact details of persons to be notified in case of emergency, passport number, date of birth, social security number, tax number, bank details, salary or fee, career development and photos of you. Some of this personal data may have been transferred by you or us before you actually joined our company in order to create your (employee) account and give you access to the company's IT systems to the extent necessary for your job.

After starting your employment, you will receive an introduction to the use of Workday (internal RH and Protiviti employees). You and your manager record details of your career and training objectives, business and personal development goals and any changes to your salary. You can enter additional personal data and make changes to keep your data up to date, for example if your address changes.

In addition, your data may be stored in other databases. However, we always try to limit the number of places where your data is stored in order to optimise the security of your data. Access to this data is only granted to persons who actually need this access to fulfil their tasks. Furthermore, their access is limited to the data they actually need.

Disclosure of your personal data to third parties

In the following cases, Robert Half may disclose your personal data as necessary or appropriate to external third parties (who are not part of the Robert Half group of companies) without notifying you:

  • To companies and individuals we use to perform business functions and services for us, such as:
    • The insurance broker we have appointed so that we can provide appropriate company social benefits for you;
    • Payroll services that enable us to pay our employees' salaries;
    • For corporate events and training at external venues;
    • Concur Technologies for travel management and expense accounting (internal RH staff); "Time and Space"(iCat) (internal Protiviti staff);
    • Egencia for business travel management (internal RH and Protiviti employees);
    • United Healthcare Global, which provides benefits for our internal employees (from RH and Protiviti) on business trips that take them to destinations more than 100 kilometres from their homes, not only in emergency cases;
    • External gift voucher system and for sending internal company birthday cards (internal employees of RH);
    • The operators of the time tracking tools used (employees and self-employed consultants);Operating data storage facilities, including in the US and in the CloudHosting of our web servers;
    • Operate the data analyses and statistical evaluations;
    • Legal, accounting, auditing and other professional services
  • Towards authorities, e.g. police and other law enforcement agencies; supervisory authorities.
  • To comply with applicable laws and court orders or when we reasonably believe such action is necessary to: (a) comply with the law requiring such disclosure; (b) protect the rights or property of Robert Half or affiliates; (c) prevent a crime or offence, protect national security and/or protect the general public.
  • To third parties to whom we may sell or transfer any part of our business or business assets or with whom we may merge. Similarly, we can take over other businesses or merge with them. If our business changes, we will inform you.
  • To IT consultants who carry out testing and development work on our IT systems, to service providers contracted by us to process data and to other service providers who may also be based outside the EEA.

We impose appropriate contractual security, confidentiality and other obligations, as appropriate, on the external service providers and processors we engage, in accordance with the services they provide to us. We allow them to process your personal data only in accordance with the law and our instructions. We do not allow third parties to use your personal data for their own purposes and we ensure that your personal data is returned securely or destroyed when our business relationship ends.

These third parties may only use your personal data for the purpose described in this statement.

Some of these external third parties are also responsible as data controllers for processing your personal data for their purposes; for example, the local tax authority is the data controller for tax purposes. We may not be able to impose obligations or restrictions on these controllers in relation to how they process your personal data.

No automated individual decision-making / Artificial Intelligence Support

RH applies artificial intelligence (“AI”) to search personal data and match CVs with the specifics of positions in the interest and for the purpose of finding suitable positions in the case of recruitment or the provision of self-employed consultants (Non-Employees) and Temporary Workers (Employees). For this, RH is using a service offered by Textkernel BV, Nieuwendammerkade 26a5, NL-1022 AB Amsterdam (“TK”), a company based in the Netherlands / EU.

In general AI describes computer systems that are able to perform tasks normally requiring human intelligence, such as self-driving-cars or translation between languages. RH processes your personal data in the case of recruitment or the provision of self-employed consultants based on legitimate interest regarding Article 6 (1) lit. f GDPR, which is especially in your and our concurrent interest of finding suitable positions, and as a Temporary Worker on the basis of § 26 BDSG.

You can object the processing with TK AI at any time by contacting [email protected]. In this case we will not use TK AI any longer regarding to your CV. This has no consequence or impact, especially not on your application or on finding suitable positions for you because we use our personal knowledge of you, the client and its business, the position, and the requirements for the role as well as the market at any time and make any decision.

CVs which are not considered for job placements any longer, job positions that has been filled or become unavailable or you decide to object the processing of your CV with TK AI will be deleted by TK.

For more information, also regarding the balancing test to the legitimate interest, you can contact us at [email protected].

Duration of the storage of your personal data

We store your personal data for the duration of your employment relationship or the duration of your assignment with third parties as a self-employed consultant on the basis of a placement made by us and in accordance with our legal obligations. Unless the law specifies a retention period, we only store your personal data for as long as is necessary. You can request more information on the retention periods of your personal data via the following e-mail address: [email protected].

Your legal rights are described in our privacy policy.

In summary, you have the following rights:

  • The right to access and view your personal information.
  • The right to correct the personal data we process about you.
  • The right to request the erasure / removal / destruction of your personal data.
  • The right to object to the processing of your personal data.
  • The right to request the restriction of the processing of your personal data.
  • The right to request the transfer of your personal data to you or a third party.
  • The right to withdraw your consent at any time with effect for the future if we rely on your consent to process your personal data.
  • The right to complain to a supervisory authority.

These rights must always be exercised within the limits set by the applicable data protection laws.

The company may require additional proof of identity in the event of reasonable doubt as to identity in order to protect the employee's/self-employed consultant's personal data against unauthorised access.

Contact

If you have any questions about this Privacy Policy or our use of your personal information, please contact our Human Resources Department, your contacts or email us at: [email protected].

You also have the option of contacting our external Data Protection Officer directly:

Lawyer Olga Stepanova,
Tower 185, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main,
Telephone: Phone: +49 (0)69 76 75 77 80
E-mail: [email protected]
Website: https://www.winheller.com/

1All male-only designations in this statement are for simplification and refer equally to members of all genders (m/f/d); full equality is ensured.