This information is relevant for whistleblowers who have not opted for anonymous reporting and for persons concerned who are named in the report.
a) Type and purpose of processing
Some personal data may be collected during the whistleblower report and the case login. If the whistleblower has not opted for an anonymous report, their personal data will be used to process the case. The personal data of a data subject contained in the whistleblower report may also be processed and used to clarify and process the facts of the case. If the whistleblower has submitted a report, they can log in via the case login with a case number and password.
b) Legal basis
The provision of the portal and the processing of the case is based on a legal obligation (Art. 6 para. 1 lit. c GDPR).
c) Data categories
Whistleblower: Whistleblower: e-mail address, telephone number, first name, surname, your concern, possibly other data that the whistleblower sends us unsolicited
Persons concerned: The information may vary depending on the whistleblower report. Usually at least name details.
d) Source of the data
Whistleblower
e) Recipient
The recipient of the data is the external whistleblower ombudsman's office and BKP Compliant GmbH as processor
f) Storage periods
Data will only be processed in this context for as long as the relevant purpose exists. It will then be deleted, provided there are no statutory retention obligations to the contrary.
g) Legal / contractual requirement
The provision of the whistleblower's personal data is voluntary.
h) Transfer to third countries
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
i) Automated decision-making and profiling
As a responsible company, we do not use automated decision-making or profiling for this data processing.