diff --git a/src/controllers/03-employee-controller.ts b/src/controllers/03-employee-controller.ts
index 95addd7..a6d67c1 100644
--- a/src/controllers/03-employee-controller.ts
+++ b/src/controllers/03-employee-controller.ts
@@ -144,9 +144,18 @@ type EmployeeUpdate = {
 export class EmployeeController extends Controller {
   @Get("stats")
   @Security("keycloak")
-  async getEmployeeStats(@Query() customerBranchId?: string) {
+  async getEmployeeStats(@Request() req: RequestWithUser, @Query() customerBranchId?: string) {
     return await prisma.employee.count({
-      where: { customerBranchId },
+      where: {
+        customerBranchId,
+        customerBranch: {
+          customer: isSystem(req.user)
+            ? undefined
+            : {
+                registeredBranch: { OR: permissionCond(req.user) },
+              },
+        },
+      },
     });
   }