1. Legal Grounds for Processing

By executing [Employee Agreement], <Client>, hereinafter referred to as the “Company,” shall have the right to process personal data, including the Employee’s personal identification number, provided to the Company by the Employee or another party, to enable the Company to fulfill its legal and contractual obligations in its capacity as employer or in order to take steps at the request of the data subject prior to entering into a labor contract.

Personal data may also be used based on the legitimate interests pursued by the Company or by a third party (such as Company affiliates), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

2. Purposes of Processing

Purposes of processing personal data include:

• Human resources and personnel management: Recruitment, onboarding, termination of employment, scheduling and recording time, performance, compensation and benefits, and training.

• Compliance with local and EU Member State Law: Processing necessary to fulfill legal obligations, including but not limited to prevention of crimes and disclosure of data to government or supervisory authorities such as tax and labor authorities.

• Business process execution and internal management: Activities such as travel and expenses, managing company assets, IT services, information security, internal audits and investigations, legal or business consulting, and handling or preparing for dispute resolution.

3. Transfers to Third Parties

When processing employee personal data for the above purposes, the Company may use services of third parties such as: [names of suppliers]. These third parties may receive or have access to employee personal data.

The Company ensures that any third-party provider implements suitable technical and organizational measures to protect personal data as required by applicable law.

4. Cross-Border Data Transfers

The Company’s business processes may involve transfers of employee data across national borders, including to [country names] (for which no adequacy decision by the European Commission has been issued), based on standard data protection clauses or other approved safeguards in accordance with the General Data Protection Regulation. Employees may request a copy of the Data Transfer Agreements or information on the other applicable safeguards.

5. Retention

Personal data will be stored no longer than necessary for the purposes of the processing activities and, in any case, not exceeding [number of years] years.

6. Employees’ Rights

Employees are entitled to receive information from the Company regarding the Company’s processing of their personal information.

Employees have the right to request rectification and/or erasure of personal data, restriction of processing, or to object to processing, as well as the right to data portability.

To exercise these rights, employees can contact the HR Department.

Employees also have the right to lodge a complaint with a Supervisory Authority ([link to their website]). Employees may also contact the Data Protection Officer or the HR department at [email address].