Data protection information for whistleblower

With the fol­lo­wing, we inform per­sons pro­vi­ding infor­ma­ti­on about the pro­ces­sing of their per­so­nal data when using the online whist­le­b­lo­wing por­tal and the rights to which the­se per­sons are entit­led vis-à-vis us under data pro­tec­tion law.

The law firm rei­chert & rei­chert acts as a legal ombuds­man in the con­text of exis­ting man­da­tes. The func­tion of the legal ombudsman’s office has the advan­ta­ge for whist­le­b­lower that we can gua­ran­tee a very high degree of anony­mi­ty vis-à-vis the com­pa­nies affec­ted by the hint.

In addi­ti­on to this online whist­le­b­lower cont­act form, whist­le­b­lo­wers can also use our whist­le­b­lower hot­line at +49 (0)7731 9587–0, our whist­le­b­lower mail­box at the pos­tal address of our law firm at Max-Porzig-Strasse 1 in 78224 Sin­gen and the staff of our whist­le­b­lower pro­tec­tion team on site at the pos­tal address of our law firm.

Respon­si­ble for data pro­ces­sing and its data pro­tec­tion officer
The data pro­ces­sor is rei­chert & rei­chert, steu­er­be­ra­ter und rechts­an­walts­kanz­lei, sole pro­prie­tor Dr. Hans­jörg Rei­chert, Max-Porzig-Straße 1 in 78224 Sin­gen. You can reach us by tele­pho­ne on +49 (0)7731 9587–0 or by e‑mail at kanzlei@reichert-reichert.de.

You can reach our data pro­tec­tion offi­cer at the abo­ve cont­act details or by e‑mail at datenschutz@reichert-reichert.de. The data pro­tec­tion offi­cer is only respon­si­ble for ques­ti­ons rela­ting to data pro­tec­tion law. He can­not pro­vi­de any infor­ma­ti­on on the con­tent or cour­se of refe­ren­ces or pro­cee­dings con­duc­ted at the ombudsman’s office.

Pur­po­se of data processing
We pro­cess per­so­nal data of whist­le­b­lower pro­vi­ding hints exclu­si­ve­ly for the pur­po­se of pro­ces­sing and cla­ri­fy­ing hints and accu­sa­ti­ons, as well as to cont­act you as requi­red by law (con­fir­ma­ti­on of receipt and infor­ma­ti­on on the sta­tus of the case) and to com­ply with our obli­ga­ti­ons to pro­vi­de evi­dence and docu­men­ta­ti­on. Inten­tio­nal­ly fal­se hints may con­sti­tu­te a cri­mi­nal offen­se under the Cri­mi­nal Code, so we also pro­cess per­so­nal data for our legal defen­se as well as to enforce legal claims.

Cate­go­ries of data subjects
Per­sons, respec­tively Whist­le­b­lower pro­vi­ding hints in the case of vol­un­t­a­ry dis­clo­sure of identity.

Cate­go­ries of per­so­nal data
Only per­so­nal data that the per­son, respec­tively whist­le­b­lower pro­vi­ding the hint has pro­vi­ded vol­un­t­a­ri­ly and anony­mously will be processed.

In the case of a hint via our online whist­blower por­tal, this is the first name and sur­na­me, the e‑mail address and all other data of the per­son giving the hint that result or may result from the con­tent of the hint. Fur­ther­mo­re, we pro­cess the date and time of receipt of the encrypt­ed hint. The online whist­le­b­lower por­tal also auto­ma­ti­cal­ly pro­ces­ses tech­ni­cal data on gene­ral sys­tem usa­ge. An eva­lua­ti­on or crea­ti­on of sta­tis­tics that allow con­clu­si­ons to be drawn about your iden­ti­ty is not pos­si­ble from this data.

If the per­son pro­vi­ding the hint uses the whist­le­b­lower hot­line, the pro­ces­sing includes the date and time of the call, if visi­ble the trans­mit­ted tele­pho­ne num­ber from which the call was made, the per­so­nal data which the per­son pro­vi­ding the hint vol­un­t­a­ri­ly pro­vi­des to us as well as all other data of the per­son pro­vi­ding the hint which result or may result from the con­tent of the hint. The whist­le­b­lower hot­line also auto­ma­ti­cal­ly pro­ces­ses tech­ni­cal data on gene­ral sys­tem usa­ge. An eva­lua­ti­on or crea­ti­on of sta­tis­tics that allow con­clu­si­ons to be drawn about your iden­ti­ty is not pos­si­ble from this data.

If the per­son pro­vi­ding the hint lea­ves the infor­ma­ti­on by post, we recei­ve the date of receipt of the docu­ments and the per­so­nal data which the per­son pro­vi­ding the hint vol­un­t­a­ri­ly pro­vi­des to us as well as all other data of the per­son pro­vi­ding the infor­ma­ti­on which result or may result from the con­tent of the hint.

In the case of a per­so­nal appoint­ment at our office, we recei­ve all rele­vant per­so­nal data of the per­son pro­vi­ding the hint hat may be coll­ec­ted during the whist­le­b­lo­wing inter­view, the per­so­nal data that the per­son pro­vi­ding the hint vol­un­t­a­ri­ly pro­vi­des to us as well as all other data of the per­son pro­vi­ding the hint that result or may result from the con­tent of the hint.

Legal basis of the processing
The legal basis for the pro­ces­sing of per­so­nal data vol­un­t­a­ri­ly pro­vi­ded via any chan­nel of our whist­le­b­lower pro­tec­tion sys­tem is the con­sent of the whist­le­b­lower pur­su­ant to Artic­le 6(1)(a) of the GDPR and pur­su­ant to Artic­le 9(2)(a) of the GDPR if and to the ext­ent that spe­cial cate­go­ries of per­so­nal data as defi­ned in Artic­le 9(1) of the GDPR are also cover­ed by the consent.

The legal basis for the pro­ces­sing of per­so­nal data of whist­le­b­lo­wers for the ful­film­ent of legal obli­ga­ti­ons, in par­ti­cu­lar from Direc­ti­ve (EU) 2019/1937 on the pro­tec­tion of per­sons who report inf­rin­ge­ments of Uni­on law (so-called “Whist­le­b­lower Direc­ti­ve”) and the Whist­le­b­lower Pro­tec­tion Act is Art. 6 (1) lit. c DSGVO.

The legal basis for the pro­ces­sing of per­so­nal data of whist­le­b­lo­wers for law enforce­ment, legal defence or asser­ti­on of rights is our legi­ti­ma­te inte­rest pur­su­ant to Art. 6 para. 1 lit. f DSGVO

Cate­go­ries of recipients
For the pur­po­ses set out abo­ve, per­so­nal data of whist­le­b­lo­wers will only be dis­c­lo­sed within our firm to per­sons who need it for the per­for­mance of their tasks and roles. We may also dis­c­lo­se per­so­nal data of whist­le­b­lo­wers in the­se cases to the com­pa­ny con­cer­ned by the whist­le­b­lo­wing, if our law firm has been man­da­ted accor­din­gly by the com­pa­ny, and, if neces­sa­ry, to fur­ther advi­sors, courts or public aut­ho­ri­ties who sup­port or advi­se us in the pro­ces­sing and cla­ri­fi­ca­ti­on of the given hint.

Third coun­try transfer
A trans­fer of per­so­nal data to reci­pi­ents in count­ries out­side the EU or the EEA is not planned.

Data sources
For pro­ces­sing pur­po­ses, we only use per­so­nal data pro­vi­ded to us by the whist­le­b­lower in the con­text of the whist­le­b­lower pro­tec­tion system.

Obli­ga­ti­on to provide
As a mat­ter of prin­ci­ple, we only coll­ect the data requi­red to pro­vi­de the whist­le­b­lower por­tal online and the whist­le­b­lower hot­line. Wit­hout this data, we can­not set up and main­tain the whist­le­b­lower report­ing chan­nels or gua­ran­tee their tech­ni­cal secu­ri­ty. If whist­le­b­lo­wers optio­nal­ly pro­vi­de fur­ther per­so­nal data within a report­ing chan­nel, this is done vol­un­t­a­ri­ly. Fail­ure to pro­vi­de this optio­nal and vol­un­t­a­ry infor­ma­ti­on does not have any direct nega­ti­ve con­se­quen­ces for the basic pro­ces­sing and cla­ri­fi­ca­ti­on of the report, but may under cer­tain cir­cum­s­tances make the pro­ces­sing and cla­ri­fi­ca­ti­on of the report or com­mu­ni­ca­ti­on with the per­son pro­vi­ding the report more dif­fi­cult, delay­ed or impossible.

Cri­te­ria for deletion
We dele­te the per­so­nal data of whist­le­b­lo­wers two months after the con­clu­si­on of the case, unless the data is still requi­red in the con­text of (cri­mi­nal) pro­cee­dings, is sub­ject to a lon­ger legal obli­ga­ti­on to retain or pro­vi­de evi­dence, or we have a demons­tra­ble legi­ti­ma­te inte­rest in retai­ning the data for a lon­ger peri­od. In the­se cases, the data will be dele­ted or des­troy­ed imme­dia­te­ly after the expiry of the­se peri­ods or after our legi­ti­ma­te inte­rest and any sub­se­quent reten­ti­on peri­ods have cea­sed to apply.

Exis­tence of auto­ma­ted decision-making inclu­ding profiling
Per­so­nal data of the data sub­ject will not be used for auto­ma­ted decis­i­on making inclu­ding profiling.

Revo­ca­ti­on of con­sent given
Pur­su­ant to Art. 7 (3) GDPR, data sub­jects have the right to revo­ke cons­ents given (Art. 6 (1) a GDPR) at any time, wit­hout this affec­ting the lawful­ness of the pro­ces­sing car­ri­ed out up to that point. If the data sub­ject revo­kes his/her cons­ents, we shall cea­se the cor­re­spon­ding pro­ces­sing and dele­te the data pro­ces­sed for this pur­po­se, unless the data sub­ject has express­ly con­sen­ted to fur­ther use of your data or the­re is a legal ground for fur­ther processing.

Objec­tion to data pro­ces­sing on the basis of legi­ti­ma­te interests
If data are pro­ces­sed on the basis of legi­ti­ma­te inte­rests of the con­trol­ler (Art. 6(1)(f) of the GDPR), the data sub­ject has the right to object to the pro­ces­sing at any time on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on pur­su­ant to Art. 21 of the GDPR. We will then no lon­ger pro­cess the data unless the­re are demons­tra­b­ly com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the inte­rests, rights and free­doms of the data sub­ject, or the pro­ces­sing ser­ves to assert, exer­cise or defend legal claims.

Data sub­ject rights
Every data sub­ject has the right to obtain from us, under the respec­ti­ve legal con­di­ti­ons and to the respec­ti­ve legal ext­ent, infor­ma­ti­on about the per­so­nal data con­cer­ning him or her (Art. 15 GDPR), as well as the right to rec­ti­fi­ca­ti­on (Art. 16 GDPR), era­su­re (Art. 17 GDPR) or rest­ric­tion of pro­ces­sing (Art. 18 GDPR), as well as the right to data por­ta­bi­li­ty ( Art. 20 GDPR) and not to be sub­ject to a decis­i­on based sole­ly on auto­ma­ted pro­ces­sing, inclu­ding pro­fil­ing (Art. 22 GDPR). Fur­ther­mo­re, every data sub­ject has the right to lodge a com­plaint with a super­vi­so­ry aut­ho­ri­ty (Art. 77 GDPR). The right of appeal may in par­ti­cu­lar be asser­ted befo­re the super­vi­so­ry aut­ho­ri­ty of the place of the alle­ged inf­rin­ge­ment or your place of residence.

 

 

Information on data protection on our website
hinweisportal.reichert-reichert.de/en/

With the fol­lo­wing, we inform you about the pro­ces­sing of your per­so­nal data when using our web­site and the rights to which the­se per­sons are entit­led under data pro­tec­tion law.

Detail­ed infor­ma­ti­on on the hand­ling of per­so­nal data when using our whist­le­b­lower por­tal can be found in our infor­ma­ti­on on data pro­tec­tion for whistleblowers.

Per­so­nal data is all data that can be rela­ted to you per­so­nal­ly, e.g. name, address, e‑mail addres­ses, user behaviour.

We pro­cess your per­so­nal data in com­pli­ance with the pro­vi­si­ons of the Euro­pean Data Pro­tec­tion Regu­la­ti­on (GDPR), the Fede­ral Data Pro­tec­tion Act NEW (BDSG) and all other rele­vant laws on the pro­ces­sing of per­so­nal data.

Respon­si­ble for data pro­ces­sing and its data pro­tec­tion officer
The data pro­ces­sor is rei­chert & rei­chert, steu­er­be­ra­ter und rechts­an­walts­kanz­lei, sole pro­prie­tor Dr. Hans­jörg Rei­chert, Max-Porzig-Straße 1 in 78224 Sin­gen. You can reach us by tele­pho­ne on +49 (0)7731 9587–0 or by e‑mail at kanzlei@reichert-reichert.de.

You can reach our data pro­tec­tion offi­cer at the abo­ve cont­act details or by e‑mail at datenschutz@reichert-reichert.de. The data pro­tec­tion offi­cer is only respon­si­ble for ques­ti­ons rela­ting to data pro­tec­tion law. He can­not pro­vi­de any infor­ma­ti­on on the con­tent or cour­se of refe­ren­ces or pro­cee­dings con­duc­ted at the ombudsman’s office.

Data coll­ec­tion for purely infor­ma­tio­nal use (log files)
You can visit our web­site wit­hout having to pro­vi­de any per­so­nal infor­ma­ti­on. In the case of purely infor­ma­tio­nal use of our web­site, e.g. if you do not cont­act us with a hint or other­wi­se trans­mit infor­ma­ti­on to us, we only coll­ect the per­so­nal data that your brow­ser auto­ma­ti­cal­ly trans­mits to our ser­ver. The data is stored in access logs when the page is cal­led up; erro­n­eous page calls are stored in error logs. The access logs con­tain the fol­lo­wing data: IP, direc­to­ry pro­tec­tion user, date, time, acces­sed pages, logs, sta­tus code, amount of data, refe­rer, user agent, acces­sed host name. The IP addres­ses are stored anony­mously. Error logs con­tain, in addi­ti­on to the error mes­sa­ges, the acces­sing IP address and, depen­ding on the error, the acces­sed website.

The log files are stored to ensu­re the func­tion­a­li­ty of the web­site. In addi­ti­on, we use the data to opti­mi­se the web­site and to ensu­re sta­bi­li­ty and security.

The legal basis for the tem­po­ra­ry sto­rage is Art. 6 para. 1 p. 1 lit. f DSGVO in the legi­ti­ma­te inte­rest in achie­ving the afo­re­men­tio­ned purposes.

The anony­mi­sed IP addres­ses from the access logs are retai­ned for 60 days. Details of the direc­to­ry pro­tec­tion user used are anony­mi­sed after one day. Error logs, which record faul­ty page views, are dele­ted after seven days.

The coll­ec­tion of data for the pro­vi­si­on of the web­site and the sto­rage of the data in log files is abso­lut­e­ly neces­sa­ry for the ope­ra­ti­on of the site. The­re is no pos­si­bi­li­ty for the user to object.

Data coll­ec­tion when using the web­site to sub­mit a hint
For detail­ed infor­ma­ti­on on the hand­ling of per­so­nal data when using our whist­le­b­lo­wing pro­tec­tion sys­tem, plea­se refer to our infor­ma­ti­on on data pro­tec­tion for whistleblowers.

Exis­tence of auto­ma­ted decision-making inclu­ding profiling
Per­so­nal data of the data sub­ject will not be used for auto­ma­ted decis­i­on making inclu­ding profiling.

Revo­ca­ti­on of con­sent given
Pur­su­ant to Art. 7 (3) GDPR, data sub­jects have the right to revo­ke cons­ents given (Art. 6 (1) a GDPR) at any time, wit­hout this affec­ting the lawful­ness of the pro­ces­sing car­ri­ed out up to that point. If the data sub­ject revo­kes his/her cons­ents, we shall cea­se the cor­re­spon­ding pro­ces­sing and dele­te the data pro­ces­sed for this pur­po­se, unless the data sub­ject has express­ly con­sen­ted to fur­ther use of your data or the­re is a legal ground for fur­ther processing.

Objec­tion to data pro­ces­sing on the basis of legi­ti­ma­te interests
If data are pro­ces­sed on the basis of legi­ti­ma­te inte­rests of the con­trol­ler (Art. 6(1)(f) of the GDPR), the data sub­ject has the right to object to the pro­ces­sing at any time on grounds rela­ting to his or her par­ti­cu­lar situa­ti­on pur­su­ant to Art. 21 of the GDPR. We will then no lon­ger pro­cess the data unless the­re are demons­tra­b­ly com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de the inte­rests, rights and free­doms of the data sub­ject, or the pro­ces­sing ser­ves to assert, exer­cise or defend legal claims.

Data sub­ject rights
Every data sub­ject has the right to obtain from us, under the respec­ti­ve legal con­di­ti­ons and to the respec­ti­ve legal ext­ent, infor­ma­ti­on about the per­so­nal data con­cer­ning him or her (Art. 15 GDPR), as well as the right to rec­ti­fi­ca­ti­on (Art. 16 GDPR), era­su­re (Art. 17 GDPR) or rest­ric­tion of pro­ces­sing (Art. 18 GDPR), as well as the right to data por­ta­bi­li­ty ( Art. 20 GDPR) and not to be sub­ject to a decis­i­on based sole­ly on auto­ma­ted pro­ces­sing, inclu­ding pro­fil­ing (Art. 22 GDPR). Fur­ther­mo­re, every data sub­ject has the right to lodge a com­plaint with a super­vi­so­ry aut­ho­ri­ty (Art. 77 GDPR). The right of appeal may in par­ti­cu­lar be asser­ted befo­re the super­vi­so­ry aut­ho­ri­ty of the place of the alle­ged inf­rin­ge­ment or your place of residence.