When we process personal data for travel expense accounting

Data protection information in accordance with Article 13 (1) and (2) of the General Data Protection Regulation (GDPR ) on the processing of personal data in travel expense accounting at the Zittau/Görlitz University of Applied Sciences (HSZG).

Person responsible for data processing

Zittau/Görlitz University of Applied Sciences
Theodor-Körner-Allee 16
02763 Zittau

Please send inquiries regarding data processing to
Your request will be forwarded to the responsible department and processed promptly.

Data protection officer of the controller

The data protection officer can be contacted at

DID Dresdner Institut für Datenschutz
Hospitalstraße 4
01097 Dresden

Web.: www.dids.de
Phone: +49 (0)351 / 655 772 - 0
E-mail:

Purposes of data processing

Personal data is processed for the following purposes:

The application and processing of business trip requests as well as the settlement of costs for business trips and
trips between and to the parts of the Zittau/Görlitz University of Applied Sciences.

Legal basis

Personal data is processed on the basis of Art. 6 para. 1 lit. a, b, e GDPR; § 3 para. 1 & 2 SächsDSDG; Sächsisches Reisekostengesetz - SächsRKG of 12.12.2008, legally revised as of April 1, 2014 and VwV-SächsRKG in the respective applicable version; travel expense regulations of the HSZG

Categories of personal data

The following categories of personal data are processed for specific purposes:
Personal data from Annexes 1 - 11 according to VwV-SächsRKG and from the university-specific
Annexes 12 - 15 and 17 to the procedural regulation on travel expenses of the HSZG (RKVV)

Receiver

The data is disclosed to auditors, companies that bear the costs of business trips and funding bodies.

Storage duration

The personal data is subject to the following retention and deletion periods:
10 years in accordance with the Tax Act, funding bodies may require longer retention periods in individual cases (up to 30 years)

Rights of the data subjects

As a person affected by the processing of your personal data, you have the following rights if the legal requirements are met.

  • You have the right to information about the processing of your personal data(Art. 15 GDPR).
  • You have the right to rectification of inaccurate personal data concerning you (Art.16 GDPR)
  • You have the right to erasure of your personal data (Art.17 GDPR).
  • You have the right to request the restriction of the processing of your personal data (Art.18 GDPR)
  • You have the right to data portability of your personal data (Art.20 GDPR)
  • You have the right to object to the processing of your personal data at any time (Art.21 GDPR)
  • You have the right to withdraw your consent to data processing at any time. The lawfulness of the data processing carried out on the basis of your consent until revocation remains unaffected(Art. 13 para. 2 lit. c GDPR).
  • You have the right to lodge a complaint with the Saxon data protection officer
    (Art. 77 GDPR).

Provision of personal data

The provision of personal data is not required by law or contract in accordance with Art. 13 para. 2 lit. e GDPR.

Decision-making and profiling

This processing activity does not involve automated decision-making or profiling in accordance with
Art. 22 GDPR.