Data protection information for visitor registration at the reception of the Head Office

1. Who is responsible for data processing and who can I contact?

The person responsible for your personal data in terms of data protection law is:
DEKRA SE,
Handwerkstraße 15
70565 Stuttgart

2. What sources and data do we use?

We process personal data that we receive from you as part of the visitor registration process at the reception desk of the head office.
Relevant personal data may be: personal data (e.g. title, surname, first name), business contact details (e.g. e-mail address, address, telephone number), information about your employment relationship (e.g. employer, position in the company).

3. What do we process your data for (purpose of processing) and on what legal basis?

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws.
Irrespective of this, there may always be constellations in which we process your personal data that is not mentioned here. In these cases, you will receive separate information on data protection related to the respective occasion, insofar as this is required by law.
We process your personal data for the purpose of access control for visitors and in order to be able to issue you with a visitor badge and/or a visitor access card as part of the visitor registration process at the reception of the head office, as well as to be able to ensure the return of these.
This primarily includes personal data, business address data, business communication data as well as information about your employment relationship and position in your company.
The collection and recording of your data takes place on the basis of our legitimate interest. Our legitimate interest lies in the documentation of your visit as well as the creation, provision, assurance and traceability of the handing over of the visitor badge and/or visitor access card as well as their return. This serves to ensure smooth visitor access support. The legal basis for the processing is Art. 6 (1) (f) GDPR

4. Who gets my data?

In order for us to be able to process your data in accordance with the purposes described above, it may be necessary to transmit your data to other recipients for processing.
Within our company group, your data may also be transmitted to other companies if they perform data processing tasks centrally for the companies affiliated to the group (e.g. IT services).
With regard to the transfer of data to recipients outside the DEKRA Group, we only pass on information if this is required by law, if we obtain your consent or if this is necessary and permissible to safeguard our legitimate interests.
Under these conditions, recipients of personal data may be, for example, service providers and vicarious agents employed by us, who receive data for these purposes, insofar as they comply in particular with confidentiality and data protection requirements. These can be, for example, companies in the IT services category. We ensure that your personal data is used in accordance with instructions by concluding processing contracts with commissioned service providers.
The processing described in this privacy notice are processed via the Microsoft M365 – Sharepoint application by our service provider Microsoft Ireland Operations Limited One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k. For this purpose, a corresponding data processing agreement has been concluded with Microsoft, which ensures that your personal data is processed in accordance with instructions in accordance with the requirements of European data protection law. For more information about privacy at Microsoft, see the Microsoft Privacy Statement .

5. How long will my data be stored?

We process your personal data for as long as this is necessary for the fulfilment of our contractual and legal obligations or for as long as we can justify a legitimate interest in the processing. If you have given us your consent, we will process your data until you withdraw your consent at the latest.
Your data will be automatically deleted 6 months after the end of your stay

6. What data protection rights do I have?

You are entitled to the following statutory rights as a data subject, provided that their requirements are met:
  • Right of access about your data processed by us in accordance with Art. 15 GDPR,
  • Right to rectification of inaccurate data in accordance with Art. 16 GDPR,
  • Right to erasure of the data stored by us in accordance with Art. 17 GDPR,
  • Right to restriction of the processing of data stored by us in accordance with Art. 18 GDPR,
  • Right to data portability in accordance with Art. 20 GDPR,
  • Right to object pursuant to Art. 21 GDPR,
  • If you have given us your consent to data processing, you can revoke this consent at any time with effect for the future Art. 7 para. 3 GDPR,
  • Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data violates the provisions of the GDPR.

7. Is there an obligation for me to provide data?

As part of the visitor registration process, you must provide the personal data that is necessary for the provision of the visitor badge and/or visitor access card or that we are legally obliged to collect. Without this information, we may not be able to provide you with appropriate access to DEKRA's business premises.

8. To what extent is there automated decision-making or profiling?

As a matter of principle, we do not use fully automated decision-making in accordance with Article 22 of the GDPR. If we use these procedures in individual cases, we will inform you separately about this and your rights in this regard, if required by law.

9. Informtion about your right to object in accordance with article 21 of the GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) of the GDPR (data processing in the public interest) and Article 6 (1) (f) of the GDPR (data processing on the basis of a balancing of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

10. Recipient of an objection or revocation

The objection or revocation can be addressed to the controller in any form.

11. Status and changes to this privacy policy

This Privacy Policy is as of October 2023.
We reserve the right to amend this privacy policy in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We will inform you separately of any significant changes to the content.