Privacy

Data protection information on the whistleblower system

Information on data protection in the whistleblower system of Mestemacher GmbH

In the following, we would like to inform you about the collection, processing and use of personal data within the framework of the whistleblower system if you submit a report via our IT-supported contact form, by e-mail, telephone call, letter or personal appearance with us. Therefore, please read this data protection information very carefully before submitting a report. Compliance Beratung + Service GmbH, Maximilianstraße 24, 80539 Munich, Germany, is responsible for data processing as a commissioned data processor bound by instructions. This also applies to all other companies specified in the IT-supported contact form, hereinafter referred to as "Mestemacher", as we make use of the regulation to provide a whistleblowing point for several companies.


 Purpose of the whistleblower system and data processing

The purpose of the whistleblower system is to receive and process information on (suspected) violations of the law or serious internal violations of rules against one or more companies within Mestemacher in a secure and confidential manner. The processing of personal data as part of the whistleblower system is based on the legitimate interest in the detection and prevention of wrongdoing and the associated prevention of damage and liability risks (Art. 6 para. 1 lit. F GDPR in conjunction with Sections 30, 130 OWiG). The establishment of a whistleblower system is intended to give employees and third parties the opportunity to report legal violations in the company in a protected manner. If a report received concerns an employee, the processing also serves to prevent criminal offenses or other legal violations in connection with the employment relationship (Section 26 (1) BDSG). Your data will be processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR), which is given by the fact that the notification can also be submitted anonymously. As a rule, consent can only be withdrawn within one month (30 days) of receipt of the notification, as in certain cases we are obliged under Art. 14 para. 3 lit. a GDPR to inform the accused person of the allegations made against them and the investigations carried out within one month. This also includes the storage, the type of data, the purpose of the processing, the identity of the controller and - if legally required - of the reporting party, so that it is no longer possible to stop the data processing or delete the identification data. The withdrawal period may be shortened, e.g. if the nature of the report requires the immediate involvement of an authority or a court, because as soon as a disclosure has been made to the authority or court, the identification data is held by us as well as by an authority or court. Therefore, if a whistleblower chooses to make a non-anonymous report, Mestemacher may be required to disclose the identity of the whistleblower to a defendant.


Processing of your personal data

The whistleblower system is used on a voluntary basis. We collect the following personal data and information when you submit a report:

  - Your name, if you disclose your identity,
   - Your contact details, if you provide them to us,
   - the fact that you have submitted a report via the whistleblower system
   - if applicable, names of persons and other personal data of the persons named in the report.


  The data submitted to the whistleblower system is encrypted and stored with multi-level password protection, so that access is restricted to a very narrow circle of expressly authorized employees of Compliance Beratung + Service GmbH and Mestemacher GmbH. The employees check the reported facts and, if necessary, carry out further case-related clarification of the facts; the data is always treated confidentially. However, confidentiality cannot be guaranteed if false information is knowingly posted with the aim of discrediting a person (denunciation). In certain cases, there is an obligation under data protection law to inform the accused person of the allegations made against them. This is required by law if it is objectively established that providing information to the accused can no longer affect the actual investigation of the allegation. As far as legally possible, your identity as the reporting party will not be disclosed and it will also be ensured that no conclusions can be drawn about your identity. As part of the processing of reports or an investigation, it may be necessary to pass on information to other employees or other employees of other companies within Mestemacher. We always ensure that the relevant data protection regulations are complied with when passing on information. If there is a corresponding legal obligation or data protection requirement for the clarification of information, other possible categories of recipients include law enforcement authorities, antitrust authorities, other administrative authorities, courts and commissioned law firms and auditing firms. Every person who receives access to the data is obliged to maintain confidentiality. Personal data will be stored for as long as required for the clarification and final assessment, for as long as there is a legitimate interest of the company or a legal requirement. Thereafter, this data is deleted in accordance with the legal requirements; within this framework, the duration of storage depends on the severity of the suspicion and the possible breach of duty, the complexity of the investigation and the like.


Your rights

You and the persons named in the notice have the right to information, rectification, erasure, restriction of processing and, in certain cases, the right to data portability. You can also object to the processing of your personal data on grounds relating to your particular situation, provided that the data processing is carried out in the public interest or on the basis of a balancing of interests. The objection can be made informally and should preferably be sent to the contact details listed in this data protection notice.
  If the right to object is exercised, we will immediately check the extent to which the stored data is still required, in particular for the processing of a reference. Data that is no longer required will be deleted immediately. You can also withdraw your consent at any time. In this context, please note the information under the first point of this statement "Purpose of the whistleblower system and data processing". You also have the right to lodge a complaint with a supervisory authority.


Contact details:
 
The contact person for exercising your rights and for further information is the person responsible for the whistleblowing system. Please use the following contact details: info@hinweisgeberexperte.de. Thank you.