Whistleblower System

This information is relevant for whistleblowers who have not chosen to submit an anonymous report and for individuals mentioned in the report.

Nature and Purpose of Processing

When a whistleblower submits a report or logs into the case system, certain personal data may be collected. If the whistleblower does not opt for anonymity, their personal data will be used to handle the case. Similarly, personal data of individuals named in the whistleblower report may be processed to investigate and address the issue. Whistleblowers who have submitted a report can log into the case system using a case number and password.

Legal Basis

The provision of the portal and the processing of the case are based on a legal obligation (Article 6(1)(c) GDPR).

Categories of Data

Whistleblower: Email address, phone number, first name, last name, the subject of the report, and, where applicable, other data voluntarily provided by the whistleblower.

Affected Individuals: The information varies depending on the whistleblower's report but generally includes at least the name of the individual(s).

Source of Data

The data originates from the whistleblower.

Recipients

Recipients of the data include the external whistleblower ombudsperson and BKP Compliant GmbH as the data processor.

Retention Periods

The data will only be processed as long as it is necessary for the relevant purpose. Afterward, the data will be deleted unless legal retention obligations apply.

Legal/Contractual Requirement

Providing personal data as a whistleblower is voluntary.

Third-Country Transfers

The data processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

Automated Decision-Making and Profiling

As a responsible organization, we refrain from using automated decision-making or profiling in this data processing.