Note on data protection
Via "Hinweisgeberexperte.de", employees, customers or business partners of the company can report both violations of compliance regulations, such as antitrust or corruption law in particular ("Compliance" reporting channel), and certain violations of data protection regulations ("Data Protection" reporting channel) or human rights ("Human Rights" reporting channel).
The three reporting systems are strictly separated. The reporting channel "Compliance" is operated by the Corporate Compliance Department of the company and only employees of this department have access to the reports. The reporting channel "data protection" is provided by the company's data protection department and only this department has access to the reports received via this channel. The reporting channel "Human Rights" is operated by the human rights department of the company and only employees of this department have access to this reporting channel. Information is only exchanged between the departments if this would be exceptionally necessary to process a specific case. The infrastructure of the system including websites and database is operated by the service provider iComply GmbH, located in 55116 Mainz, Große Langgasse 1A. iComply GmbH is contractually obliged to maintain strict confidentiality and to comply with all data protection requirements.
What personal data and information is collected and processed?
When reporting violations via "iWhistle", personal data is collected:
- of the person submitting a report (e.g. name, contact details) (optional/voluntary!) and
- of the persons affected by an incident (e.g. description of the actions of persons affected)
entered in the respective reporting form or transmitted via the protected mailbox are collected and processed. The data is processed by the responsible department in order to review the reported incidents, to initiate and conduct investigations and to take remedial action where necessary.
As part of the reviews, investigations and remedial actions to be taken, it may be necessary to share information about a reported incident with staff in other departments such as Human Resources or with the management of the Company, other companies, external advisors (e.g. legal advisors) or the relevant authorities. We may also be required to report a reported incident to the relevant authorities and data subjects.
How long will personal data be stored?
The personal data and information you provide will be retained for as long as knowledge of them is necessary to process the report and, if applicable, to initiate sanctions, or for as long as the data must be retained by law. If a report proves to be unfounded, the report and the personal data it contains will be deleted immediately.