Data Privacy Information for the use of the Data Privacy Breach and Information Portal
We are committed to data privacy and confidentiality and follow the provisions of the EU General Data Protection Regulation (GDPR) as well as applicable national data protection regulations.
Please read this data privacy notice carefully before submitting a report.
Purpose of the Data Privacy Breach and Information Portal and Lawfulness of Processing
The Data Privacy Breach and Information Portal (BKMS® Incident Reporting) is used to receive, process and administer reports of potential data privacy breaches and your requests for information regarding the processing of your personal data by Siemens Healthineers in a secure and confidential manner.
The processing of personal data within the Data Privacy Breach and Information Portal is based on the legitimate interest of Siemens Healthineers in the detection and prevention of data privacy breaches and thus in the prevention of damage to Siemens Healthineers, its employees and customers and in the processing for the fulfilment of legal obligations to which Siemens Healthineers is subject.
The legal basis for this processing of personal data is Article 6 (1) (f) and Article 6 (1) (c) GDPR.
In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for Siemens Healthineers processing that personal data about you is that you have consented (Article 6 (1) (a) GDPR).
The controller for the Data Privacy Breach and Information Portal is Siemens Healthineers AG and its subsidiaries, each as a controller (hereinafter also referred to as "Siemens Healthineers").
The Data Privacy Breach and Information Portal including the database in which you entered the personal data is operated by the service provider Business Keeper AG, Bayreuther Str. 35, 10789 Berlin, Germany, on behalf of Siemens Healthineers.
Personal data and information entered into the BKMS® Incident Reporting are stored in a database operated by Business Keeper AG in a high-security computer center. Access to the data is only possible for Siemens Healthineers. Business Keeper AG and other third parties have no access to the data. This is guaranteed through a certified process by comprehensive technical and organizational measures.
Access to the data electronically stored in the BKMS® Incident Reporting is limited to a narrow circle of expressly authorized employees of Siemens Healthineers’ Legal and Compliance Organization.
Siemens Healthineer has appointed a data protection officer. Information regarding data privacy can be requested by contacting the Siemens Healthineers’ Data Privacy Officer at: mailto:firstname.lastname@example.org.
Type of personal data collected
The use of the Data Privacy Breach and Information Portal is voluntary. If you submit a report or message via the BKMS® Incident Reporting, we collect the following personal data and information:
your name and contact details, if you disclose them, the relationship you have with Siemens Healthineers, and, if applicable, names of individuals and other personal data of individuals you mention in your report.
Confidential treatment of information
Incoming reports are received by a small group of expressly authorized, confidential and specially trained employees of the legal and compliance organization of Siemens Healthineers and are always treated confidentially. The employees of Siemens Healthineers Legal and Compliance Organization will review the facts of the matter and, if necessary, carry out further relevant clarification of the facts of the case.
When processing a report, it may be necessary to forward reports to other Siemens Healthineers employees or employees of other group companies, e.g. if the reports refer to processes in subsidiaries. The latter may also have their registered office in countries outside the European Union or the European Economic Area, in which different regulations for the protection of personal data may exist.
In such cases, if required by applicable law, Siemens Healthineers takes measures to implement appropriate and suitable safeguards for the protection of your personal data. In particular:
We ensure that personal data is only transferred to recipients in third countries if the respective recipient
- has entered into EU Standard Contractual Clauses; or
- has implemented Binding Corporate Rules in its organization; or
- applies another appropriate and suitable safeguard as required by applicable law.
Please follow the links below for further information about the respective safeguards:
- EU Standard Contractual Clauses: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
- Binding Corporate Rules: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en
Rights of the data subject
In accordance with the applicable data privacy laws and where appropriate, you and the individuals named in the report have the right to information, rectification, erasure, restriction of processing and the right to object to the processing of your personal data. If the right to object is exercised, Siemens Healthineers will promtly check to what extent the stored personal data is still necessary for processing a report. Personal data no longer required will be deleted without undue delay. You also have the right to file a complaint with a data privacy supervisory authority.
Retention period of personal data
Personal data will be kept for as long as it is required for the clarification and final assessment of the report or if there is a legitimate interest or if this is required by law. After the processing of the report has been completed, this data is deleted in accordance with legal requirements.
Use of the Data Privacy Breach and Information Portal
Communication between your computer and the Data Privacy Breach and Information Portal takes place via an encrypted connection (SSL). The IP address of your computer is not stored during the use of the Portal. To maintain the connection between your computer and the Portal, a cookie is stored on your computer which only contains the session ID (so-called null cookie). The cookie is only valid until the end of your session and becomes invalid when you close your browser.
You have the option of setting up a protected postbox in the BKMS® Incident Reporting using a pseudonym / username and password of your choice. This way you can send messages to the responsible Siemens Healthineers’ employee by name or anonymously and securely. With this system, the data is stored exclusively in the Data Privacy Breach and Information System and is therefore particularly secure; it is not an ordinary e-mail communication.
When submitting a report or additional information, you can send attachments to the Siemens Healthineers’ representative responsible. If you wish to report anonymously, please note the following security notice: Files may contain hidden personal data that could compromise your anonymity.
Remove this data before sending files. If you are unable to remove this data or are unsure, copy the text of your attachment to your message text or send the printed document anonymously to the address listed in the footer, indicating the reference number you receive at the end of the message process.
By using this whistleblower system, you consent to the processing of your personal data, to the extent you have provided them.