We are pleased that you are visiting our whistleblower system. The whistleblower system is used to report violations of applicable laws and internal policies within our organization. This helps us to clarify and prosecute such violations. In the following, we provide information on the collection of personal data when using the whistleblower system. Personal data is any data that can be directly or indirectly related to you personally.
Person responsible for data processing
Responsible person according to Article 4 (7) General Data Protection Regulation (GDPR) is Wesling Service und Dienstleistungen GmbH cf. the legal notice.
Assigned Service Provider:
The website is provided with the support of Althammer & Kill GmbH & Co. KG, Roscherstr. 7, 30161 Hannover, www.althammer-kill.de, which acts on our behalf and can therefore also view (receive) your data to the extent necessary. A corresponding order processing agreement has been concluded.
Contact details of (external) data protection officer:
For the informational use of our websites, we only collect the personal data that your browser automatically transmits to us, such as:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- the amount of data transferred in each case and the access status (file transfered, file not found, etc.)
- Web page from which the request comes
- Browser type / version / language
- Operating system and its interface
- Language and version of your browser.
No personal data is stored, as the second half of the IP is omitted. An identification of the computer or the user is excluded in this way. The anonymous data is deleted after 30 days.
Legal basis of data processing:
The above data is technically necessary to display our websites and to ensure stability and security, according to Article 6 (1) (f) GDPR.
Use of the whistleblower system is voluntary. However, please note that the information you share about yourself, other employees, customers, suppliers and other cooperation partners may lead to corresponding consequences for those reported. Therefore, please deliberately share only information that is correct and complete to the best of your knowledge.
In doing so, we process the data that you provide to us: Your name and contact details, the name and other details of persons reported, details of the circumstances of the report including the specific or general facts, misconduct observed including circumstances relevant to criminal law, details of time, place and date. In the reporting form itself, the correct organization must be selected, the subject line and the field Your message to us. In addition, you can upload files such as pdf, png, and jpg. Furthermore, during further processing, there may be further storage of questions and answers to the facts of the case, if necessary, data on natural persons.
If you wish to report anonymously, you must enter a password known only to you. Our service provider will then send you a randomly selected access number. Keep this data safe, because - to ensure anonymity - it cannot be reset or retransmitted. Please note: Anonymous reports should be processed, but the person responsible is not legally obliged to do so. You can log in to the whistleblower system with your access data at any time after the initial entry and call up the current status of the communication. Our timely responses are also included here.
The data is first checked by our service provider and then forwarded to our ombudsperson. Everything else is controlled from here, including questioning and access by other persons. Access to the data is strictly limited to those persons who really need to have access; the need-to-know principle applies. Access is only ever granted if it is necessary and required, or if mandatory legal regulations require transfer or disclosure to authorized bodies. If persons are part of the notification, they must be informed about this within 4 weeks according to Article 14 GDPR for legal reasons. The information does not include any details.The legal protection of the Whistleblower Protection Act (HinSchG) applies, if it is applicable.
Contracted Service Providers:
Althammer & Kill GmbH & Co. KG, Roscherstr. 7, 30161 Hannover, www.althammer-kill.de is used as a processor for the provision of the system, the anonymous communication option and the forwarding to the ombudsman or the person responsible in the management. Data will only be viewed by the latter to the extent necessary and required.
The data in the whistleblower system will only be stored as long as necessary and required, at the latest three years after the conclusion of the procedure according to §11 para. 5 HinSchG. Access may be blocked before then, so that only limited access would be available. If mandatory legal provisions stipulate a longer storage period, or if a longer period is necessary in individual cases due to legitimate interests, this principle may be deviated from.
Legal basis of data processing:
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. c) GDPR in conjunction with. §10 HinSchG and Art. 6 para. 1 lit. f) GDPR and §26 para. 1 Federal Data Protection Act. The legitimate interest lies in the detection and clarification of possible misconduct by stakeholders, the protection of the company's interests through ad hoc measures to prevent further damage, and the assertion of claims for damages and other possibilities for punishment.
Processing of your personal data in countries outside the EU and the EEA (third countries)
A processing of your personal data in states outside the European Union and the European Economic Area in the whistleblower system does not take place.
You have the following rights with respect to us regarding personal data concerning you:
- Right to information,
- Right to rectification or deletion,
- Right to restriction of processing,
- Right to data portability,
- Right to complain to a supervisory authority.
Right of objection
How to contact us regarding your rights
To exercise your rights you can contact us at any time. It is best to use the following contact details from the legal notice.
We use technical and organizational security measures to protect personal data that we receive or collect, against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments. The transmission of your personal data is encrypted using SSL technology (https) to prevent access by unauthorized third parties.