What is the secret behind service providers

§ 35 SGB I social secrecy

(1) Everyone is entitled to the fact that the social data concerning them (Section 67, Paragraph 2, Tenth Book) are not processed by the service providers without authorization (social secrecy). The maintenance of social secrecy includes the obligation to ensure within the service provider that the social data is only accessible to authorized persons or is only passed on to them. Social data of employees and their relatives may not be accessible to persons who make or participate in personnel decisions, nor may they be passed on by authorized persons. The claim is also directed against the associations of the service providers, the working groups of the service providers and their associations, the data center of the pension insurance, the public law associations mentioned in this code, integration specialist services, the artists' social insurance fund, the Deutsche Post AG, insofar as they are involved with the calculation or Payment of social benefits is entrusted to the authorities of the customs administration, insofar as they carry out tasks according to Section 2 of the Undeclared Labor Act and Section 66 of the Tenth Book, the insurance offices and municipal authorities as well as the recognized adoption placement agencies (Section 2 (3) of the Adoption Placement Act), insofar as they perform tasks according to this Code perform, and the offices that perform tasks according to § 67c paragraph 3 of the tenth book. The employees must maintain social secrecy even after they have finished their work at the above-mentioned offices.

(2) The provisions of the second chapter of the tenth book and the other books of the social security code regulate the processing of social data conclusively, unless Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons the processing of personal data, the free movement of data and the repeal of Directive 95/46 / EC (General Data Protection Regulation) (OJ L 119 of 4.5.2016, p. 1; L 314 of 22.11.2016, p. 72; L 127 of 23.5.2018, p. 2) in the currently valid version applies immediately. For the processing of social data in the context of activities that do not fall within the scope of Regulation (EU) 2016/679, Regulation (EU) 2016/679 and this law apply accordingly, unless otherwise regulated in this or another law.

(2a) The obligation to maintain statutory confidentiality obligations or professional or special official secrets that are not based on statutory provisions remains unaffected.

(3) Insofar as the transmission of social data is not permitted, there is no obligation to provide information, no obligation to provide evidence and no obligation to present or deliver documents, non-automated file systems and automatically processed social data.

(4) Company and trade secrets are equal to social data.

(5) Social data of the deceased may be processed in accordance with the second chapter of the tenth book. They may also be processed if the legitimate interests of the deceased or his relatives cannot be impaired.

(6) Paragraphs 1 to 5 also apply to those responsible or their processors, in addition to the bodies named in paragraph 1,
1.

process the social data domestically, unless the processing takes place in the context of a branch in another member state of the European Union or in another contracting state of the Agreement on the European Economic Area, or

2.

process the social data in the context of the activities of a domestic branch.

If paragraphs 1 to 5 are not to be applied in accordance with sentence 1, only Sections 81 to 81c of Book 10 apply to the person responsible or his processor.

(7) When processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679, the contracting states of the Agreement on the European Economic Area and Switzerland are the same as the member states of the European Union. In this respect, other countries are considered third countries.