Employees, independent workers, freelancers, contract workers, consultants, or other staff ("Employees") of the Startup Events GmbH, Rumfordstr. 15, 80469 Munich, Germany have or will have access to information relating to an identified or identifiable natural person ("Personal Data") during their performance of duties for the Startup Events GmbH. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Employees shall keep Personal Data disclosed to them strictly confidently. Employees shall comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation –"GDPR"); the German Federal Data Protection Act (BDSG as amended by the Datenschutz-Anpassungs-und -Umsetzungsgesetz EU – "BDSG"); and any other applicable data protection law as amended from time to time.
Employees shall act in compliance with the GDPR, the BDSG or any other applicable data protection law and shall not process Personal Data in an unlawful way. Especially, (1) Employees may only process Personal Data only in scope of their tasks, (2) the processing must be based on an applicable justification ground, and (3) the processing must comply with the purposes documented during initial collection.
Personal Data and other business information must be kept confidential by Employees and shall not be disclosed to unauthorized persons. In the event that an Employee transfers or otherwise discloses Personal Data to third parties (including affiliates of the Startup Events UG), the Employee shall ensure that such a transfer or disclosure is lawful. An Employee shall not transfer Personal Data to third parties who are not authorized recipients.
Article 5(1)(f) of the GDPR, states that "Personal data shall be […] processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality')." Employees are obliged to follow instructions issued by the Startup Events UG and their supervisors with regard to the protection of Personal Data.
Employees shall report any breaches of data protection requirements regarding the collection, processing and use of Personal Data (including hacking or phishing attacks) to the respective manager and to the Data Protection Officer (see below for contact details).
This Declaration Regarding the Obligation to Maintain Data Confidentiality shall not limit any statutory obligations or provisions on confidentiality in other agreements, arrangements or similar documents to which the Employees are subject to. The obligation to data confidentiality shall continue after termination. Any violation of the obligation to data confidentiality may have negative consequences, such as termination of employment or other relationships with the Startup Events UG. Moreover, violations may cause damage claims or fines.
In case of any questions – especially with regard to the legal basis / justification ground, instructions by the supervisor regarding data protection, data breaches –, please contact the Data Protection Officer Lisa Scheblein, Unterdürrbacherstraße 8, 97080 Würzburg, email@example.com, 0931/41726241.
 The GDPR is available via the websiteof the European Union (http://eur-lex.europa.eu) or directly via (http://eur-lex.europa.eu/eli/reg/2016/679/oj).
 The BDSG is available via a website provided bythe German Federal Ministry of Justice (https://www.gesetze-im-internet.de/).
Both parties are herewith informed, that standards for the authorization of further use and processing of personal data have been developed in accordance with the revision of the data protection regulations of the data protection basic regulation (DS-GVO) and the involved changes in the Federal Data Protection Act, which need to be observed throughout the employment handling. Hence, we´d like to inform you, that the use and processing of your personal data in connection with the organisation and handling of your employment at Startup Events UG, especially regarding the payment of remuneration is permitted under the regulation of § 26 of the Federal Data Protection Act (BDSG).
Besides this we like to offer you internet access for private use in an appropriate scope. Therefore a private account has to be set up. In order to use this provided internet access for private purposes, and also in order for us to use our employees´ images on our website, we kindly ask you to give your consent to the related use of your data.
Of course, we grant you sufficient time for consideration of this consent. If you wish to do so, we offer you a briefing on the manner and we would explicitly like to point out, that you can revoke your permission at any time. This declaration of consent is handed to you together with the employment contract, but it is a separate declaration and must therefore also be signed independently of the employment contract. The conclusion of the employment contract does not depend on the signing of this declaration of consent. For reasons of data protection we must deny the set up of the private account, if you don`t sign this declaration.
I hereby confirm that (i) I have read this declaration carefully and completely, and (ii) I comply with the obligations as described above.