Data Protection Policy for the App

1. Name and contact data of the data controller and the data protection officer

This Data Protection Policy covers data processing by:

Person responsible: DearEmployee GmbH on behalf of the employer (in the following “DearEmployee”), Bleicherstr. 14, 78467 Konstanz
Email: datenschutz@dearemployee.de
Telephone: 030 54909226

The Data Privacy Officer of DearEmployee is Hans-Jürgen Schwarz, reachable at h.schwarz@gade-eu.com.

2. Collection and storage of personal data and also nature and purpose and their use

a) When visiting the DearEmployee-App

You can access the DearEmployee-App without disclosing your identity. In this case we only collect the:

• IP address of the querying computer
• date and time of the access
• name and URL of the accessed file
• the website you were referred from (referrer URL)
• the browser used
• your computer’s operating system
• the name of your access provider

This information is temporarily stored in a log file and deleted automatically after 60 days.

We process the listed data for the following purposes:

• to ensure trouble-free connection to the website
• to ensure comfortable use of our website and the optimization of our platform
• for evaluating system security and stability

The legal foundation for the data processing is Art. 6 Subs. 1 Sentence 1 lit. f GDPR. Our legitimate interest follows from the above purposes for the data collection.

b) Participation in the DearEmployee Survey

You have the opportunity to participate in the DearEmployee Survey. The survey is a questionnaire offered online, where you can evaluate your working conditions as well as the stress caused by your work. This data collection is used for the objective that by means of statistical analysis your employer can be informed about the kind of working conditions which have an endangering or encouraging effect on health, motivation and bonding of the company ́s employees. In this way we have the possibility to collect information about appropriate measures for the improvement of working conditions and to check their effectiveness.

Your participation in the DearEmployee Survey is voluntary. The following information is required for participation:

• Membership of the entity (z.B. location, department, team)
• Field of activity
• Length of service
• Position
• If you dispose over any management responsibility
• If you are subject to an executive ́s authority
• If you have contact to third parties in your daily routine (e.g. customers)

Also you can use the possibility to make further statements:

• sex
• year of birth
• employment
• work time model
• the stipulated weekly work time
• the actual weekly work time assumed
• human resources data (where applicable)
• Payment
• valuation of working conditions
• Reasons for a positive or negative evaluation
• Open comments (suggestions for improvement, remarks)
• valuation of your own health, motivation and commitment to the company
• Mention of acute actual complaints, physically or psychosomatically
• Estimation of the amount of days you went to work sick
• Valuation of your capacity in these days in comparison to the days you were/ are in a healthy state
• Use of certain operational Services and social or additional benefits

The processing of this data takes place:

• To evaluate the risk potential of certain working conditions,
• To evaluate the potential of various working conditions and offers to encourage health and performance,
• To create recommendations for action in line with specific target groups within your company (e.g. for your department, your activity or your employment),
• To check the success of measures reducing risks and encouraging health and performance
• To point out saving potentials to your employer by means of appropriate measures
• To create risk and performance profiles for different sectors and fields of activity,
• To fulfill your employer ́s legal obligation to regularly perform and document a risk assessment about psychological stress and also to document appropriate measurements to reduce identified psychological risks (section 5 and 6 ArbSchG).

The collection of your personal data in the context of participation takes place in accordance with your approval given voluntarily, pursuant to Art. 9.2 lit. a GDPR.

In principle your data is deleted automatically for any further use after a period of 12 months following the deletion of your DearEmployee Insights user account. You withdraw your approval your data is deleted after the withdrawal and a deletion is examined.

c) Registration as a user (DearEmployee Insights)

Our platform offers you the possibility to register as a user for DearEmployee Insights and create a user account. In this way you obtain insight in the evaluation platform (“DearEmployee Insights”) of the DearEmployee Survey. This is why we request the following information:

• A valid email address

In addition you need to indicate a self-imposed password which is needed for the creation of your user account. In combination with your email address it serves as the access to your user account.

Also you have the opportunity to make further user statements:

• First name
• Last name

This data is processed:

• To identify you as our contracting party,
• In the context of justification, content-related design, transaction and change oft he contractual relationship with you about the use of our platform and the services offered by this platform,
• To check the entered data on plausibility
• To contact you in case you have any questions (if necessary)
• To assert a claim against you (if necessary)

The legal basis for the processing of your personal data in the context of your registration for a user account is Art. 6.1 Subs. 1 lit. b GDPR. Also the processing is necessary for the performance of the contract and pre-contractual measures as well as for the use of the platform.

You have the opportunity to make voluntary statements. The processing of the statements made voluntarily happens on the basis of our legitimate interest in accordance with Art. 6 Subs. 1 Sentence 1 lit. f GDPR. They serve the improvement of our contacting with you and the guarantee that questions are answered quickly.

After your user account is deleted, your personal data are automatically deleted, unless we are obliged to longer storage under Article 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial- law retention and documentation duties or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.

In our app, we use product analytics services provided by PostHog. Your usage behaviour within our app can be recorded and analyzed. These services are provided and integrated by our subprocessor PostHog Inc., 965 Mission Street, San Francisco, CA 94103 USA. The storage of this information is limited in time, happens only on servers within the European Union and is exclusively performed to improve our service along our users’ needs. You can find additional information in the privacy policy of PostHog at https://posthog.com/privacy

3. Transfer of data

Your personal data will not be transferred to third parties for purposes other than those specified below:

• You have expressly given your consent pursuant to Art. 6 Subs. 1 Sentence 1 lit. a GDPR;
• In cases where transfer of your data is necessary for compliance with a legal obligation pursuant to 6 Subs. 1 Sentence 1 lit. c GDPR;
• This is necessary for the protection of the Controller’s legitimate interests or those of a third party (Art. 6 Subs. 1 lit. f GDPR). The data processing is necessary in particular for the establishment, exercise or defence of legal claims and where there seems to be no reason to assume that you have an overriding and legitimate interest in preventing the transfer of your data.

4. Data subject rights

You have the right:

• pursuant to Art. 7 Subs. 3 GDPR to withdraw your consent to us at any time. This means that we may no longer continue processing the data based on that consent for the future;
• pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction or revocation of processing, the existence a right to lodge a complaint, the origin of your data, in so far as not collected by us, and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;
• pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;
• pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
• pursuant to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and we no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
• pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence or place of work or our registered offices.

5. Right to object pursuant to Art. 21 GDPR

In so far as your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct marketing. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation.

If you want to exercise your right to object, simply send an email to datenschutz@dearemployee.de.

6. Data Security

All the data you personally transfer, including your payment details, will be sent encrypted with the customary and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure SSL connection inter alia by the “s” appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, de-struction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.

If you register with us as a user, access to your user account is only possible after entering your personal password. You should always keep your access information confidential and close the browser window when you stop communicating with us, especially if you share your computer with others.

We also take corporate privacy very seriously. Our employees and the service companies commissioned by us have been obliged by us to secrecy and to comply with data protection regulations.

7. Actuality of and changes to this Data Protection Policy

This Data Protection Policy is the latest version and was last amended as of December 2023.

The further development of our App and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time under
https://www.dearemployee.de/en/data-protection-policy-app/