Our clients place great importance on data protection and compliance with data protection regulations, particularly the German Data Protection Act and the German Telemedia Act. In the interest of transparency of data protection, the following data privacy statement serves to explain users of this electronic whistleblower system about how to deal with reports received and how to inform them about the type, scope and purpose of collection and use of personal data.
Purpose: The electronic reporting system is used for accepting and investigating serious cases of suspicion in relation to economic crimes (especially cases of bank/finance crime, money laundering, terrorist financing, fraud, corruption or other such punishable offences that can prove to be a threat to client's assets). Tip-offs without an appropriate reference to the subject of economic crime are not followed up through this electronic whistleblower system.
Confidentiality: With this electronic whistleblower system, the whistleblowers have the option to submit reports concerning the client by maintaining confidentiality about their identity. It is ensured that whistleblowers who report an actual case of suspicion in good faith have no negative consequences to fear on account of this report. However, the electronic whistleblower system must not be used to submit false reports knowingly, or to submit totally libellous reports. On request, reports can also be given anonymously.
Whistleblower: The electronic whistleblower system is open to employees of clients as well as to third parties (e.g. clients, business partners, suppliers, employees of affiliates) for giving tip-offs.
Processing and using personal data: Personal data that is entered in this electronic whistleblower system is saved in highly secure servers of audimex ag in Germany which are encoded and password-protected. Access to these files is only granted to a small group of expressly authorised persons from the legal and compliance department and the internal audit department of clients. Personal data is collected, processed, and used only for the intended purpose, i.e. for the operation of the whistleblower system, and to check and examine received reports. Insofar as it is necessary for investigation of the matter, personal data can be forwarded to carefully selected individual from the client side to the necessary extent. Every person who has access to the data is obliged to maintain confidentiality.
Retention and deletion of data: Personal data is kept till the duration necessary for investigation and final evaluation of the report. After the investigation is complete, the personal data is deleted on a regular basis within an appropriate time-frame of 2 months and in accordance with the legal requirements. In case legal and/or disciplinary procedures are introduced, the data is to be retained till the procedure is complete or till the time limit for bringing proceedings. Personal data associated with reports submitted without any cause is immediately deleted. If legal requirements or government orders require that personal data are to be produced, then these data can be handed over to them.
Duty to notify: Provided that personal data is collected and stored using this whistleblower system, your company/organization informs the concerned persons about the purpose for which the personal data was collected, processed and used. The client is permitted to inform the person concerned only when there is no danger with respect to clarification of the facts and collection of necessary evidence.
Responsible person: The person responsible for this electronic whistleblower system in terms of data protection is the client's privacy officer. The whistleblower system is operated by audimex ag on behalf of the client.
Queries: If you have any queries regarding data protection and use and sharing of personal data, please contact the client’s data protection officer.
Security: The client implements technical and organisational measures in order to protect the personal data, which is managed using this electronic whistleblower system, from unauthorised access, sharing, misuse, manipulation, loss or damage while collecting, processing or using it.