SpeakUp Privacy Policy
Data protection policy
We take the issue of data protection and confidentiality very seriously and follow the provisions of the EU General Data Protection Regulation (EU GDPR) as well as applicable national data protection regulations. Please read this data protection information carefully before submitting a report.
Purpose of the whistleblower system and legal basis
The purpose of the whistleblowing system (SpeakUp system) is to receive, process and manage information about violations of Nordzucker's obligation to comply with applicable laws, binding rules and regulations (such as statutory regulations, administrative acts and judgements) as well as binding internal rules and principles and our values (compliance) in a secure and confidential manner. The processing of personal data within the framework of the SpeakUp system is based on the legitimate interest (pursuant to Art. 6 para. 1 lit. f and / or lit. c GDPR) of our company to uncover and prevent wrongdoing and thus to prevent damage to Nordzucker, its employees and customers. If a report received concerns an employee of Nordzucker, the processing also serves to prevent criminal offences or other violations of the law in connection with the employee relationship. If you submit a report by telephone, the legal basis is your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future.
Controller
The controller for the data protection of the whistleblower system is depending on processing location
- Nordzucker AG
Küchenstraße 9
38100 Braunschweig, Germany
Telephone: +495312411-0
or the respective local company of the Nordzucker Group:
- Nordzucker Polska S.A.
5 Stycznia 54
64-330 Opalenica, Poland
Telephone: +48614479300
- Považský cukor a.s
Cukrovarská 311/9
91401 Trenčianska Teplá, Slowakia
Telephone: +421326558500
- Sucros Oy
Maakunnantie 4
27820 Säkylä, Finland
Telephone: +35810431060
- Suomen Sokeri Oy
Sokeritehtaantie 20
02460 Kantvik, Finland
Telephone: +358140431010
- Nordic Sugar AB
Sockerbruksgatan 4
205 04 Malmö, Sweden
Telephone: +46 40 53 70 00
- Nordic Sugar A/S
Edvard Thomsens Vej 10, 7.sal
2300 Kopenhagen, Denmark
Telephone: +4532662500
- AB Nordic Sugar Kedainiai
Pramonės g. 6
57500 Kėdainiai, Lithuania
Telephone: +37034767730
- Mackay Sugar Limited
Racecourse Mill Peak Downs Highway
Racecourse Via Mackay, QLD 4740, Australia
Telephone: +61749538300
as independent controller themselves (hereinafter also: "Nordzucker"). The whistleblowing system is operated by a specialized company, EQS Group AG, Bayreuther Str. 35, 10789 Berlin in Germany, on behalf of Nordzucker.
Personal data and information entered into the whistleblower system are stored in a database operated by EQS Group AG in a high-security computer center. Access to the data is only possible for Nordzucker. EQS Group AG and other third parties have no access to the data. This is guaranteed in the certified process by comprehensive technical and organizational measures.
All data is encrypted and stored with multiple levels of password protection, so that access is limited to a very narrow circle of recipients of expressly authorized persons at Nordzucker.
Nordzucker has appointed a Data Protection Officer. Enquiries about data protection can be sent to dataprotection@nordzucker.com.
Categories of personal data collected
The use of the whistleblower system is on a voluntary basis. When you submit a report via the whistleblower system, we collect the following personal data and information:
- Your name, provided you have disclosed your identity,
- Whether you are employed by Nordzucker and
- If applicable, names of persons and other personal data of those persons you have named in your report.
Confidential treatment of information
Incoming reports are received by a small circle of expressly authorized and specially trained employees (Internal Reporting Office) and are always treated confidentially. The respective Internal Reporting Office will investigate the matter and carry out all further investigations that may be necessary in individual cases.
Who receives my data?
In the course of processing a report or in the course of a special investigation, it may be necessary to pass on data to other employees of Nordzucker or employees of other Nordzucker Group companies, e.g. if the report relates to processes or incidents of Nordzucker Group companies. Employees of Nordzucker Group companies may also be based in Australia and thus in a country outside the European Union. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in this country. When passing on information, care is always taken to ensure that the relevant data protection regulations are complied with.
If the content of your report does not relate to any compliance topic, we will forward your report internally to the responsible department. In the case of personnel matters, for example, this may be our HR department.
Any person who gains access to the data is obliged to maintain confidentiality.
Information of the accused person
In principle, we are legally obliged to inform the accused persons that we have received a hint about them as soon as this information no longer jeopardizes the follow-up of the hint. Your identity as a whistleblower will not be disclosed – as far as legally permissible.
Data subjects' rights
Under European data protection law, whistleblowers and the persons named in the report have the right of access, rectification, erasure, restriction of processing of personal data and the right to object to the processing of personal data concerning them. The right of access to information is limited to the extent that there is a legitimate interest of a third party, e.g. the whistleblower, in keeping the information confidential. If the right of objection is asserted, the respective Internal Reporting Office will immediately check the extent to which the stored data is still required for the processing of a report. Data that is no longer required will be deleted immediately. If the processing is based exclusively on the whistleblower's express consent, the whistleblower has the right to revoke the consent at any time. Such a revocation does not affect the lawfulness of the processing based on the consent prior to the revocation.
In addition, the whistleblower has the right to lodge a complaint with a supervisory authority. You may address the complaint to the competent data protection supervisory authority in the member state where you usually maintain your domicile, your place of work or at the place where the alleged violation occurred, among others to the supervisory authority responsible for Nordzucker AG:
State Commissioner for Data Protection of Lower Saxony, Germany
email: poststelle@lfd-niedersachsen.de
Telephone: +49 (0) 511 120-4500.
Retention period of personal data
Personal data will be stored as long as this is necessary to clarify the situation and carry out an assessment, there is a legitimate interest of a Nordzucker Group company or as long as it is required by law.
Use of the whistleblower system
Communication between your computer and the whistleblower system takes place via an encrypted connection (SSL). The IP address of your computer is not stored during the use of the whistleblowing system. To maintain the connection between your computer and the SpeakUp system, a cookie is stored on your computer that only contains the session ID (so-called zero cookie). The cookie is only valid until the end of your session and becomes invalid when you close your browser.
You have the option of setting up a protected mailbox in the whistleblower system with a pseudonym / user name and password of your own choice. In this way, you can securely send reports to the responsible Internal Reporting Office by name or anonymously. With this system, the data is stored exclusively in the whistleblower system and is therefore particularly secure; it is not a normal email communication.
Note on sending attachments
When submitting a report or sending a supplement, you have the option of sending attachments to the responsible Internal Reporting Office. If you wish to submit a report anonymously, please note the following security advice: Files may contain hidden personal data that may jeopardize your anonymity. Remove this data before sending. If you are unable to remove this data or are unsure, copy the text of your attachment to your report text or send the printed document anonymously to the respective Internal Reporting Office, quoting the reference number you receive at the end of the reporting process.
Status: 15.07.2023