Commentaries: Art. 75b

The Agency shall process, on paper and in one or more information systems, employee data for the fulfilment of its tasks in accordance with this Act, in particular for:
1. determining personnel requirements;
2. meeting personnel requirements through staff recruitment;
3. wage and salary accounting, preparation of personnel records, social insurance notifications;
4. development and long-term retention of staff;
5. maintenance and improvement of staff qualifications;
6. planning, management and control through data analysis, benchmarking, reporting and planning of measures.
It may process the following personnel data necessary for the fulfilment of its tasks as specified in paragraph 1, including sensitive personal data:
1. personal details;
2. information on the health situation in relation to fitness for work;
3. information on performance and potential, and on personal and professional development;
4. data required for participation in the enforcement of social insurance law;
5. procedural documents and decisions by authorities relating to work.
It shall be responsible for data protection and security.
It may pass on data to third parties if a legal basis for this exists, or if written consent has been given by the data subject.
It shall issue implementing provisions on:
1. the architecture, organisation and operation of the information systems;
2. the processing of data, in particular the collection, storage, archiving and destruction thereof;
3. data processing permissions;
4. data categories in accordance with paragraph 2;
5. data protection and security.
It may provide for the disclosure of non-sensitive data through retrieval procedures. It shall issue implementing provisions for this purpose.