Data protection information on the whistleblower system
Welcome to FELD M (hereinafter also referred to as "FELD M", "we" or "us"). According to the Hinweisgeberschutzgesetz (Whistleblower Protection Act; hereinafter referred to as the "HinSchG" to set up and maintain a reporting office in accordance with §§ 12 to 18 HinSchG. To this end, we operate reporting channels through which you can contact our internal reporting office to report information about violations.
In the following, we will inform you about the purpose and legal basis for which we process your personal data, for how long and what rights you have with regard to data processing, provided that you use our reporting channels.
Please take the time to read this notice as it contains important information about how we handle your personal information.
Also please note:
This document is drawn up in German. The following English translation is provided for convenience only. In case of any discrepancies between the German version of this document (you can find under "Datenschutz" in the German version of this page) and the English version, the German version shall prevail.
Content of this Notice
If we use the term "data" in the text, only personal data within the meaning of the GDPR is meant, including those of the special category.
General
We are obliged to set up a reporting office in order to comply with the requirements of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report violations of Union law ("Whistleblower Protection Directive") implemented by the Federal Republic of Germany with the Whistleblower Protection Act.
The aim of the Whistleblower Protection Directive is to improve the enforcement of European Union law in certain areas by providing special protection to persons who report breaches of Union law. Even if the HinSchG does not expressly mention this objective, it must be taken into account by way of an interpretation of the law in conformity with European law. The goal expressly enshrined in the HinSchG is the protection of natural persons who have obtained information about violations in connection with their professional activity or in advance of a professional activity and report or disclose it to the reporting office. The HinSchG also aims to protect persons who are the subject of a report or disclosure, as well as other persons affected by a report or disclosure.
In order to be able to report violations taking into account the aforementioned goals, we have therefore set up a reporting office and operate the corresponding reporting channels.
Whistleblowers
If you contact the internal reporting office to report or disclose information about violations to us, the reporting office will only process your data to the extent necessary to document the report and the respective state of affairs and to confirm receipt of the report to you. Furthermore, we process your data in order to check whether the reported violation falls within the material scope of application of the HinSchG and thus the responsibility of the internal reporting office is opened, to check whether the report is valid, and if it is necessary for the processing of the report, in particular for the processing of the report. the investigation of the facts is necessary to communicate with you regarding further information. In the process, we take notes and prepare minutes. We also process your data in order to take appropriate follow-up measures and to provide you with feedback on this and any actions still planned and the reasons for doing so. If the rights of persons associated with the report are affected by the internal investigations and investigations, no feedback will be given.
Accused persons
If you are named in a report or are the subject of a report, we will only process your data to the extent necessary to document the report and the respective state of affairs, to check whether the reported violation falls within the material scope of application of the HinSchG and thus whether the internal reporting office is responsible. We also process your data to check whether the report is valid. If it is established, we will process your data in order to carry out the investigations necessary for the investigation of the facts and to take appropriate follow-up measures.
Reporting office officers and employees in the reporting office
If you are an agent of the internal reporting office, we process your data in order to provide you with an account in the whistleblower module of our DPMS data protection software (DPMS) and to give you access to the reporting channels. In addition, we process your data to the extent necessary to document the reports and the respective state of affairs.
Purpose and legal basis
The purposes of the processing are, with reference to the legally enshrined objectives of better enforcement of Union and national law
- the establishment and operation of reporting channels in accordance with § 16 HinSchG;
- documenting the reports of whistleblowers in accordance with § 11 HinSchG;
- the confirmations of receipt to whistleblowers, the examination of the report with regard to the material scope and validity of reports as well as the communication with whistleblowers in accordance with § 17 (1) HinSchG;
- the implementation of follow-up measures in accordance with § 18 HinSchG;
- Feedback to whistleblowers (§ 17 para. 2 HinSchG)
The legal basis for this is Art. 6 para. 1 letter c), Art. 9 para. 2 j GDPR in conjunction with § 10 HinSchG.
Receiver
Access to or access to your data is only granted to persons entrusted with the processing of reports. As a rule, these are the reporting office officers and employees in the reporting office. If the disclosure of information that allows conclusions to be drawn about your identity as a whistleblower is necessary in the context of processing a report for follow-up measures, we will only pass on this information to competent authorities outside the reporting office if you have previously consented to the disclosure in accordance with § 9 (3) HinSchG. In the context of criminal prosecution or other obligations to authorities, your personal data may have to be disclosed to state investigating authorities or other competent state authorities as part of legal obligations. In this case, we will inform you in advance of this as well as the reasons for the disclosure. Refrain from providing information if the competent authority has informed us that this would jeopardise the relevant investigations, investigations or legal proceedings.
Our reporting channels are currently set up in the whistleblower module, of our DPMS data protection software (hereinafter referred to as "DPMS"). The DPMS data protection software is technically operated and provided by LegalInnovate Technologies GmbH, located at Issumer Tor 45 in 47608 Geldern, Germany. DPMS processes your data on our behalf and according to our instructions on servers in Germany. This means that they are not allowed to use or use your data for themselves, especially not for their own purposes or their own advertising measures. Any person who gains access to the data is bound by a duty of confidentiality.
Deletion and retention
We delete your data as soon as it is no longer necessary to achieve the purpose for which we collected it. This is usually the case three years after the end of the calendar year in which the proceedings were concluded.
Further information on data protection and your rights
They have the right to request information at any time about what data is stored about them. You can request correction, deletion and restriction of processing (blocking) of your personal data as long as this is legally permissible and possible within the framework of an existing contractual relationship. You have the right to lodge a complaint with any supervisory authority for data protection. You can object to data processing for reasons arising from your particular situation, if the data processing is based on our legitimate interests or is necessary for the performance of a public task.
Further information on data protection, in particular on your rights as a data subject, as well as information on the controller and data protection officer, can be found under the following link: https://www.feld-m.de/datenschutz/.
If you have any questions about the processing of your data, please contact the Data Protection Officer (datenschutz@feld-m.de).
Section 4 of the HinSchG guarantees protective measures for whistleblowers and other protected persons, such as exclusion of responsibility, prohibition of reprisals or obligations to pay damages.
