You also have the option of sending attachments through the whistleblowing system. Please note that files may contain hidden personal data that could jeopardise your anonymity.
1. Data controller and general information
Your data is processed by Axel Springer SE, Axel-Springer-Straße 65, 10888 Berlin, Tel.: +49 30 2591 0, e-mail: firstname.lastname@example.org (service provider within the meaning of the German Telemedia Act (TMG) and controller within the meaning of the General Data Protection Regulation (GDPR)). When we use terms such as “we” or “us”, this is who we are referring to. The whistleblowing system is operated on Axel Springer's behalf in Germany by Business Keeper AG, Bayreuther Str. 35, 10789 Berlin – a company that specialises in this – under a commissioned processing arrangement.
2. Collection and processing of personal data
Personal data and information entered into the whistleblowing system is stored in a database at a high-security data centre. Only Axel Springer is able to view this data. Business Keeper AG and other third parties have no access to the data. As part of a certified procedure, this is ensured by means of comprehensive technical and organisational measures.
All data is encrypted and password-protected at multiple levels when stored. Access is therefore restricted to a very small number of recipients who are expressly authorised by Axel Springer.
When dealing with a disclosure or carrying out a special investigation, it may be necessary to make disclosures available to other Axel Springer employees or employees of other Group companies, if the disclosures relate to activities in subsidiaries, for example. The latter may also be based in countries outside the European Union or the European Economic Area, where different rules concerning the protection of personal data may apply. We always take care to ensure compliance with applicable data privacy provisions when sharing disclosures.
Every individual that has access to the data is under a duty of confidentiality.
3. Type of personal data collected
Use of the whistleblowing system is voluntary. If you make a disclosure through the whistleblowing system, we collect the following personal data and information: your name (if you reveal your identity), whether you are an employee of Axel Springer and, where applicable, the names of individuals and other personal data of individuals that you mention in your disclosure.
4. Legal basis and purpose of the whistleblowing system
The purpose of the whistleblowing system (BKMS® Incident Reporting) is to receive, deal with and manage disclosures concerning compliance breaches at Axel Springer in a secure and confidential manner. In the context of the BKMS® system, the processing of personal data is supported by our company's legitimate interest in uncovering and preventing corruption, fraud and other anomalies and thus in preventing damage to Axel Springer, employees and customers. The legal basis for this processing of personal data is Article 6(1) point (f) GDPR.
5. Sharing your data with third parties
Insofar as we are required to do so by law or are permitted to do so under data protection law, we will transmit personal data to public authorities such as the police or public prosecution service (Article 6(1) point (c) GDPR). This data is shared on the basis of our legitimate interest in preventing misuse, prosecuting criminal acts and securing, establishing and enforcing legal claims, unless outweighed by your rights and interests in the protection of your personal data, Article 6(1) point (f) GDPR.
6. Storage duration
We store personal data only for as long as it is required to clarify and definitively assess the disclosure or we are otherwise entitled or obligated to do so.
7. Session cookie
Communication between your computer and the whistleblowing system is via an encrypted connection (TLS). Your computer's IP address is not stored during or after use of the whistleblowing portal. In order to maintain the connection between your computer and the BKMS® system, a null cookie is stored on your computer, which contains only the session ID. The cookie is valid only until the end of your session and becomes invalid when you close your browser.
8. Contact details and your rights
Should you have any queries or comments on data privacy or wish to exercise your rights as a data subject, please contact our data protection officer at any time:
Axel Springer SE
10888 Berlin, Germany
Right to access information and rectification
Provided there are no legal grounds to the contrary, you can obtain information from us as to whether personal data relating to you is processed by us and also the specific data that we have stored about you. You can also have errors in your data corrected and missing information completed.
Erasure, restriction of processing and ‘right to be forgotten'
You can obtain the erasure of your personal data and the restriction of its processing. Please note that retention obligations are laid down in law and as a result of this we may not be able to completely erase your data in every case. In such cases, your data will be labelled to the effect that future processing should be restricted.
Objection to data processing
There is no general right of objection where data is processed on the basis of a legitimate interest (Article 6(1) point (f) GDPR), Article 21(1), second sentence, GDPR).
Right of complaint
You also have the right to lodge a complaint with the competent supervisory authority and the option of seeking legal remedies. The supervisory authority with whom the complaint was lodged will notify the complainant about the status and result of their complaint, including the option of seeking a judicial remedy.
Existence of automated decision-making processes
We do not perform any automated decision-making or profiling.
Last revised: December 2022