Privacy policy

Current or former SBRS employee, contractor or dependent

This Policy sets out what personal data we collect, for what purposes and your rights in this respect.

What does this privacy notice cover?

Every individual within SBRS GmbH (SBRS) respectively within the Shell Group of companies is responsible for protecting personal data about each other as well as that of our customers, business partners and suppliers.

This Privacy Notice provides information about personal data processed by SBRS in relation to individuals who are or were employees, interns or individual contractors as well as dependents of SBRS employees (‘SBRS Staff’).

For individuals who apply to work for SBRS, or who attend a recruitment event or undertake an assessment please refer to the Privacy Notice – SBRS Recruitment at https://www.sbrs.com/en/privacy-policy-for-applicants/

Cookies that are used when you visit our website are explained in our Cookie Policy at https://www.sbrs.com/en/privacy-policy-cookie-policy/

As well as this Privacy Notice, bespoke privacy notices and supplementary privacy statements may contain further information about how we process your personal data in relation to specific HR processes (such as Open Resourcing). In those instances, such privacy notices will be communicated to you separately. These privacy notices may vary among the countries in which we operate to reflect local practices and applicable law requirements.

This Privacy Notice explains what personal data are processed about you, why we are processing your personal data and for which purposes, how long we hold your personal data for, how to access and update your personal data, as well as the options you have regarding your personal data and where to go for further information.

The categories of personal data we collect about you.

What personal data do we process about you? Collection of information

We process personal data necessary to manage the application process and employment relationship and to engage contractors and interns of SBRS. This includes personal home contact information, date of birth, marital status, payroll and bank account information, wage and benefit information, emergency contacts, work history, qualifications, work performance information, information required to ensure you have the permit to work in the country/ies you are engaged in, as well as any other information necessary for managing the employment relationship and engaging contractors.

Sensitive personal data

We may also process some special categories of personal data (’sensitive personal data’) such as data relating to an individual’s health, its racial or ethnic origin, religious or philosophical beliefs, sexual orientation, political opinions and trade union membership. We will only process such personal data where it is necessary for the purposes of complying with employment and social security laws, for the establishment, exercise or defense of claims or where necessary for the purposes of providing occupational medical advice and support, to protect the vital interests of an individual (such as in an emergency), where necessary for reasons of public health or where the individual has provided its explicit consent.

We only process your personal data on a legal basis.

Why do we process your personal data?

We process your personal data:

  • in order to satisfy our obligations to comply with local laws and regulations;
  • for legitimate business interests (for example performance management in order to ensure we have qualified and competent personnel or for health, safety and security purposes to ensure that only authorised personnel can access certain sites or assets, litigation and defense of claims); or
  • where we have your explicit consent.

Please note that as a general principle, SBRS does not seek or rely on the consent of SBRS Staff for processing personal data. However, there are limited circumstances in which consent is required, such as if required by applicable local law.

Personal data requested from SBRS Staff represent the minimum required in order to fulfil legal and/or contractual requirements and to provide opportunities to take part in programs or to provide a benefit. Failure to provide us with the information requested may negatively affect your ability to remain in employment, internship or engagement as a contractor or from participating in a program or receiving a benefit.

In those cases where processing is based on consent you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent. Withdrawal of consent may however impact your ability to remain employed or otherwise engaged or from participating in a program or receiving a benefit.

The purposes for which we process your personal data.

For what purposes do we process your personal data? How will we use your personal data?

We process personal data covered by this Privacy Notice for the following purposes:

  • Human Resources, personnel management, business process execution, internal management, management reporting, organisational analysis and development – including budgetary, financial and organisational planning, administration, compensation, performance management;
  • Health, safety and security – including protection of SBRS’ Staff life or health, occupational health and safety, protection of SBRS’ assets and authentication of SBRS Staff status and access rights; or
  • Legal and/or regulatory compliance – including compliance with legal or regulatory requirements.

We may also process your personal data for a secondary purpose if it is closely related, such as:

  • storing, deleting or anonymizing your personal data;
  • fraud prevention, audits, investigations, dispute resolution or insurance purposes, litigation and defence of claims; or
  • statistical, historical or scientific research.

Monitoring

All activities on SBRS IT equipment and/or when connected to the SBRS IT network / Shell IT network may be monitored in line with relevant legislation and company policies for legitimate business purposes.

All SBRS Staff may receive an access badge which allows SBRS to record the date, time and access points made by individuals within SBRS premises and assets. The data from the access and security systems may be used:

  • for health, safety and security purposes, to prevent fraud and specifically for the protection of SBRS assets, SBRS Staff and visitors to SBRS premises;
  • to comply with legal and regulatory requirements, specifically where there is a local legal requirement to provide information to government/regulatory authorities;
  • to monitor the number of individuals entering, exiting and working in a SBRS location for human resources and/or real estate planning purposes.

Premises and assets of SBRS may be equipped with surveillance cameras (CCTV). Where SBRS operate surveillance cameras, they will be identified. Surveillance cameras are used for health, safety and security and specifically the protection of SBRS assets, SBRS staff and visitors to SBRS premises.

All images are routinely deleted (within 72 hours) unless there has been a health, safety or security incident, suspected or actual criminal activity, in which case they may be viewed by internal SBRS investigation teams and externally if legally required or permitted by law enforcement authorities or other government authorities (e.g. environmental authority).

Screening

In order to comply with legal and regulatory obligations, to protect SBRS’ assets and employees/contractors and specifically to ensure that SBRS can comply with trade control, anti-money laundering and/or bribery and corruption laws and other regulatory requirements, we carry out screening on all employees and contractors on a periodic basis.  This screening takes place against publicly available or government issued sanctions lists.

Any personal data collected through the screening will not involve profiling or automated decision-making regarding suitability for continued employment, internship or engagement as a contractor.

Data Controller

Who is responsible for the personal data collected

SBRS GmbH
(Head Office: Hünxer Strasse 149 / 46537 Dinslaken / Deutschland,
Telephone: +49 2064 602 – 100, Telefax: +49 2064 602 – 484,
E-Mail: info@sbrs.com, Internet: www.sbrs.com), registered with the District Court of Duisburg
under No. HRB 19295, will be responsible for processing your personal data, either solely or jointly with its affiliates within the Shell group of companies.

The purposes for which we process your personal data.

Who is responsible for any personal data collected?

We process the personal data covered by this privacy policy for the following purposes:

  • Conducting business activities – including providing, researching, developing and improving products or services; entering into and performing contracts with business customers, suppliers and business partners; collecting and billing for services, products and materials from and for SBRS; managing business relationships and marketing, such as by maintaining and promoting contact with existing and potential customers, account management, customer service, and conducting and analyzing market research and marketing strategies; collecting and responding to customer complaints and inquiries. For example, by maintaining and promoting contact with existing and potential customers, account management, customer service and development, conducting and analyzing market research and marketing strategies; recording and responding to customer complaints and inquiries; to fulfill other purposes covered by the Federal Data Protection Act; claims management;
  • Organization and management of the business – including financial management, asset management, mergers, spin-offs, acquisitions and disposals, application of control mechanisms, management reporting and analysis, internal audits and investigations;
  • Health, safety and security – including the protection of an individual’s life or health, health and safety in the workplace, the protection of SBRS businesses and personnel, and the identification and verification of an individual’s access rights; or
  • Compliance with legal and/or regulatory requirements – including compliance with official requirements.

We may also process your personal data for a secondary purpose if it is closely related to this, such as:

  • Storage, deletion or anonymization of personal data;
  • Prevention of fraud, audits, investigations, dispute resolution or for insurance purposes, litigation and legal proceedings and the defense/defense of claims; or
  • Statistical, historical or scientific research.

Communication and marketing

You may receive offers on behalf of the respective business customer, supplier or business partner. On all occasions, you will be given the opportunity to use the unsubscribe function via the various digital channels that we may use to interact with you. to use them.

Who do we share your personal data with?

Who will we share the personal data with?

Your personal data are exclusively processed for the purposes referred to above and will only be shared on a strict “need to know basis” with:

  • Other companies within the Shell group of companies, including to those which may be located outside of your location (this includes outside EEA countries);
  • Authorised third party agents, service providers, external auditors and/or subcontractors of SBRS;
  • A competent public authority, government, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which the relevant SBRS company/companies is subject to or as permitted by applicable law; or
  • Any person to whom SBRS proposes to transfer any of its rights and/or duties.

Your personal data may be transferred outside of your country, subject to appropriate safeguards.

Transfers of your personal data to other countries

Where your personal data have been transferred to companies within the Shell Group and/or to authorized third parties located outside of your country (including outside of the European Economic Area) we take organizational, contractual and legal measures to ensure that your personal data are exclusively processed for the purposes mentioned above and that adequate levels of protection have been implemented in order to safeguard your personal data.

SBRS is committed to safeguarding your personal data.

Security of your personal data

We have implemented technology and policies with the objective of protecting your privacy from unauthorised access and improper use and will update these measures as new technology becomes available, as appropriate.

SBRS only holds your personal data for a defined period of time

How long do we hold your personal data for?

All information, including personal data, is managed in line with the SBRS and Shell Group standards for Information and Records Management and securely deleted once no longer required for a legitimate business purpose or for a legal/regulatory purpose. With some exceptions required to comply with local legal requirements:

  • information contained within personnel files is held for no longer than 10 years once your employment has terminated;
  • information relating to retirement benefits are held for no longer than 99 years from the commencement of employment;
  • any personal data gathered as part of the screening against publicly available or government issued sanctions lists and media sources are held for no longer than 15 years after they were first gathered;
  • the names, date, time and access points for all individuals entering SBRS premises are held for (max.) 3 years from each access;
  • where an individual has been dismissed or had its contract terminated due to serious misconduct, including breaching the Shell Life Saving Rules or breaching the Shell Code of Conduct, that information is held for up to 30 years post termination.

In all cases information may be held for (a) a longer period of time where there is a lawful reason to do so (in which case it will be deleted once no longer required for that purpose) or (b) a shorter period where you object to the processing of the personal data and there is no longer a legitimate business purpose to retain it.

Your rights and how to exercise them.

Your rights in relation to your personal data

We aim to keep our information about you as accurate as possible. You can request:

  • access to your personal data;
  • correction or deletion of your personal data (in the case of deletion, only where it is no longer required for a legitimate business purpose);
  • that the processing of your personal data is restricted; and/or
  • that you receive personal data that you have provided to SBRS, in a structured, digital form to be transmitted to another party, if this is technically feasible.

Those individuals who have access to HR Online can access their personal data through the following website:https://hronline.shell.com/. Alternatively, please contact a member of the SBRS HR team. If you are a contractor you should speak with your external contracting/employing company/agency. We furthermore ask former employees or dependents to contact info@sbrs.com  or Datenschutz@shell.com.

Who can you contact if you have a query, concern or complaint about your personal data?

If you have any issues, queries or complaints regarding the processing of your personal data please contact us at any time at info@sbrs.com or Datenschutz@shell.com. Furthermore, you can choose to contact us using our postal address. The postal address is: SBRS GmbH, Hünxer Strasse 149, 46537 Dinslaken, Deutschland).

You may also contact the Shell Group Chief Privacy Officer at Privacy-Office-SI@shell.com or Shell International B.V. The Hague, The Netherlands, Trade Register No. 27155369, Correspondence: PO Box 162, 2501 AN, The Hague, The Netherlands.

If you are not satisfied or do not agree with the processing of your personal data by SBRS, you have the right to lodge a complaint with the Federal German Data Protection Commissioner or with the State Data Protection Commissioner responsible for you (Federal Estate in which you have your residence) or also with the Dutch Data Protection Authority with the address PO Box 93374, 2509 AJ The Hague, The Netherlands or alternatively Prins Clauslaan 60, 2595 AJ The Hague, The Netherlands.

Visit the following websites for more information:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

or https://autoriteitpersoonsgegevens.nl/en.

Cookies and similar technologies

SBRS may use cookies and similar technologies that aim to collect and store information when you visit a SBRS website. This is to enable SBRS to identify your internet browser and collect data on your use of our website, which pages you visit, the duration of your visits and identify these when you return so that we improve your experience when visiting our website(s).

We also use cookies to personalize and enhance your experience on our site and improve the delivery of ads to you. You can control and manage your cookies preferences by adjusting your browser settings or using the cookies preference tool on SBRS websites – for more information, please refer to the SBRS Cookie Policy at https://www.sbrs.com/en/privacy-policy-cookie-policy/

Changes to this privacy notice

This Privacy Notice may be changed over time. You are advised to regularly review this Privacy Notice for possible changes. This Privacy Notice was last updated as per 16th October 2023.