During the use of the BKMS® System, a text file (called a \"session cookie\") is saved on your computer containing only the number of your session. This is necessary for technical reasons in order to establish the connection to a security-certified server. The \"session cookie\" does no damage to your computer, it does not access your data and has no relation to the contents of your report. If you close all browser windows after submitting your report, the \"session cookie\" will expire and be automatically deleted.
Compliance - Speak up!
Boehringer Ingelheim is committed to conducting business with integrity and in compliance with applicable laws, regulations and company policies and procedures. This commitment is supported by the “Speak up” policy endorsed by the Board of Managing Directors of Boehringer Ingelheim.
It might happen that you become aware of an action or behaviour which is not in line with our commitment, such as wrongdoing, misbehaviour, doubtful practices, or deviation from policies and procedures. In this case we encourage you to “Speak up” and report this to your line manager, the local Compliance Officer, the HR department or any other manager responsible for the function where the action or behaviour occurred.
If you are uncomfortable in directly contacting these persons or if your attempts to raise concerns have not yielded results, we are providing this “Speak up” portal. The web portal is provided by a third party vendor which does not have access to content or any data of you or your report.
We are encouraging users of the “Speak up” portal to provide their name, however if you would like to remain anonymous, your identity will would not be captured in the system.
It is prohibited to knowingly submit false or slanderous information, or submitting reports which include spurious accusations or denunciations. These kinds of reports will not be tolerated and might by subject to legal prosecution, civil right claims and labor law sanctions.
Your report is important to help protecting Boehringer Ingelheim and its employees from the negative consequences of non-compliance and inappropriate behaviour.
If potential non-compliance or inappropriate behaviour is immediately brought to our attention, it enables us to take action and deal with issues timely and appropriately. It will also support us in addressing any future risks resulting from non-compliance and inappropriate behaviour, and therefore finally helps prevent financial or reputational damage to Boehringer Ingelheim, and protect the jobs of Boehringer Ingelheim employees.
Your report should be well-founded, to the best of your knowledge correct and complete, made in good faith, and supported by any evidence on the incident you are in possession of.
False and unfounded allegations will not be tolerated and might lead to legal and/or disciplinary consequences.
There are defined categories of incidents which can be reported and which will be explained when you continue to submit a report. Please limit your report to one of those categories.
If an incident is related to something which is not included in one of those categories, Boehringer Ingelheim employees are kindly requested to directly contact the local responsible department, their Compliance Officer or Human Resources. In particular, this system should NOT be used to report Adverse Events, product complaints and incidents related to Quality (e.g. GxP) or Environment, Health and Safety (EHS). In order to report the above, please use the established internal reporting processes.
Yes, you have the possibility to report anonymously. The BKMS® System places utmost importance on protecting whistleblowers and enables you – while keeping your anonymity – to communicate with us also in the later processing of the report.
However, reports that are not anonymous are generally considered more reliable and make it easier for us to follow up on the reported allegations.
Any employee who threatens, retaliates against or harasses any person who has reported in good faith a compliance concern, or is considering reporting such a concern, shall be subject to disciplinary action, up to and including termination.
What is the process for submitting a report? How do I set up a postbox?
To submit an anonymous or personalized report, start by clicking the ”Submit report“ button located on the top left side of our introduction page.
There are 4 steps to the report process:
First, you will be asked to confirm that you read, understood and accept the information on processing of your personal data, and to respond to a security query.
On the following page, you will be asked about the category of your report.
On the report page, you can elaborate on your report in your own words and answer questions about the incident by simply selecting responses. You can type up to 5000 characters into the free text field, which corresponds to a full page. You may also submit files of total up to 5MB to support your report. Please do bear in mind that documents can contain information about the author, consider redacting those details. Following the sending of your report, you will receive a reference number as confirmation that you have forwarded this report.
Please subsequently set up your own secured postbox. You will receive any feedback from us via this postbox, including questions from us on more details of the report, and answers from us to any questions from your side.
If you already have a secured postbox, you can access it directly via the ”Login“ button. First, you will have to answer a security query.
As long as you do not enter any data from which conclusions about your person can be drawn, the technology of the BKMS® System will protect your anonymity.
How do I receive feedback and remain anonymous at the same time?
The overriding principle of the BKMS® procedure in use is the protection of your identity. The system’s anonymity protection function is certified by an independent body.
When setting up your secured postbox, please select your own pseudonym/user name and password. Your report is kept anonymous through encryption and other special security routines. You will never be asked for compulsory personal information at any time during the reporting process. If you want to stay anonymous do not submit any information that can be traced back to you. If possible, please avoid using a computer that has been provided by your employer to submit your report, as accessing the BKMS® System might be tracable (even if the information entered into the system is not tracable).
Via the secured postbox, the dedicated examiner of Boehringer Ingelheim will provide you with feedback on what is happening with your information or pose questions if details still need to be clarified - you will also remain anonymous during the dialogue. We are interested in addressing compliance concerns, not in you as a whistleblower.
To establish a communication with you, we are depending from your willingness to re-enter the system and access the report again, please support our investigation by regularly opening your report and checking if any question / information has been posted from our side.
Speak up - Information about data protection and consent
Boehringer Ingelheim’s1 whistleblower system "Speak up" provides a portal for reporting specific indications of compliance violations. Compliance violations are:
violations of legal or statutory requirements or
internal Boehringer Ingelheim policies and procedures, particularly the Code of Conduct and the seven compliance areas Anti-Bribery / Anti-Corruption, Antidiscrimination, Antitrust, Data Protection, Healthcare Compliance, Insider Trading and Export Control & Trade.
Using “Speak up” allows you to report on any of those specific indications of non-compliance and on violations of the Boehringer Ingelheim Code of Conduct.
Please read this policy carefully and contact us should you have any questions (firstname.lastname@example.org). This portal is operated for Boehringer Ingelheim International GmbH, Binger Strasse 173, 55216 Ingelheim am Rhein.
The information you report will be automatically received by:
the subsidiary of Boehringer Ingelheim located in the country where the incident occurred or to the subsidiary responsible for the country where the incident occurred,
Compliance Function responsible for the region, and
Compliance Department within Boehringer Ingelheim International.
Please check http://www.boehringer-ingelheim.com/corporate_profile/annual_report.html where you will find our annual report showing the countries where Boehringer Ingelheim is represented with subsidiaries.
First valuation of the case will be made by the dedicated case examiner in the appropriate subsidiary as mentioned above. Based on the evaluation by the case examiner, the case might be assigned for further handling by the Compliance Function responsible for the region, or to Corporate Compliance within Boehringer Ingelheim International. It may result in the initiation of internal and external investigations conducted by BI resources, external investigation resources working on behalf of Boehringer Ingelheim, or the authorities.
Technical protection of the whistleblower system:
Technical maintenance of the “Speak Up” whistleblower system is performed by Business Keeper AG, an independent operator located in 10789 Berlin, Bayreuther Str. 35 (subsequently "BK AG") acting as commissioned data processor for Boehringer Ingelheim International. The data is provided on protected servers of Telekom Deutschland GmbH in Germany. Only Boehringer Ingelheim is responsible for controlling and processing the content of the reports. Personal data that is entered in the whistleblower system is stored in a database operated by BK AG in Germany. All data is encrypted, password-protected and stored at a secure location so that access to the content of the data electronically stored in “Speak up” is limited to a narrow circle of authorized persons in the Compliance function of the Boehringer Ingelheim group of companies. BK AG cannot view the content of the data electronically stored in this database. As long as you do not enter data which makes it possible to draw conclusions about your identity, this whistleblower system protects your anonymity automatically using a certified technical solution which is protected through numerous technical and organizational measures.
Processing and sharing your report within Boehringer Ingelheim:
Depending on your report of the country where the incident took place, the Boehringer Ingelheim dedicated case examiner for this country will receive the information provided by you. These are primarily the responsible members of the Compliance function. Once your report has been received, the dedicated Case Examiner within the Compliance function of the country where the incident occurred creates a case in the case management system. The Case Examiner can add more information on the case in the system and can check whether a further investigation is required. Your report and the opened case can also be accessed by the Compliance function responsible for the region, and by the Compliance function of the company Headquarter, Boehringer Ingelheim International in accordance with applicable data protection / privacy laws. In case of further investigation, the responsible Case Examiner will assign the case for investigating it locally, or to the regional Compliance function. The regional Compliance function will assess if the case will be investigated on regional level, or if Corporate Compliance has to be involved. The criteria for assignment to local/regional/corporate Compliance are defined in the Boehringer Ingelheim “Speak up procedure” and include – but are not limited to – the level of management involvement, the potential financial damage and the potential reputational damage. An investigation can be conducted by internal or external investigation specialists. External specialists such as attorneys, auditors or forensic experts whom we engage are bound to Boehringer Ingelheim by contractual or legal confidentiality and data protection / privacy obligations to keep confidential the information provided by you and comply with applicable data protection / privacy laws.
The information in your report may also be given to the management responsible within Boehringer Ingelheim group, which also has to correct the shortcomings and implement corrective measures that may have been discovered during processing of the report. More, information of your report might be shared in established local, regional or corporate Investigation Committees representing typically HR, Compliance, Internal Audit, Legal and Business functions. Management of the function where the incident occurred might also join respective committee meetings.
If the content of your report does not fall under any of the specific compliance categories, we will forward your report to the responsible Boehringer Ingelheim department provided we deem this to be necessary and appropriate. The general rule, however, is that “Speak up” is only used to record reports related to the report categories listed.
Please let us know if you do not want us to share your personal data, particularly your name, with persons outside the Boehringer Ingelheim Compliance Department (unless this is necessary for safeguarding the legitimate interests of Boehringer Ingelheim). Please note, however, that, as a consequence, we may not be able to give full consideration to your report.
Access of government agencies:
Boehringer Ingelheim may also be required by law to provide certain government agencies, including, without limitation, government investigative agencies or courts with information about compliance violations. If we are obligated to provide information, as well as in the event of confiscations, we are not able to withhold the information provided by you. In some instances, Boehringer Ingelheim is not obligated to share personal data with government agencies, but has the legal right to do so voluntarily.
Please let us know if you do not want us to voluntarily share your personal data, including, without limitation, your name, with government agencies (unless this is necessary to safeguard the legitimate interests of Boehringer Ingelheim). Please note, however, that, as a consequence, we may not be able to give full consideration to your report.
Sharing information with other countries:
Personal information that you may have provided in your report, might automatically be transferred (based on your report of the country where the incident occurred) to other EU/EEA countries or countries outside the EU/EEA where the confidential treatment of personal data is not guaranteed by law to the same extent as it is in Germany. This applies particularly to countries which are not considered to have an adequate level of data protection as provided for in the EU/EEA provisions. Within Boehringer Ingelheim group, however, an adequate level of data protection is guaranteed through binding internal data protection guidelines and the Boehringer Ingelheim Group Data Transfer Agreement, also in countries other than Germany and outside the EU/EEA.
Notification of affected parties:
It is frequently required by law that the persons about which a report on indications of a compliance violation has been received have to be notified and heard. In the course of the investigation, these persons will have the opportunity to present their view about the report.
Please let us know if you do not want us to give your name as the whistleblower. Please note that the person affected may have legal rights according to applicable data protection / privacy laws to information which may require us to disclose your name. Government agencies may also have similar rights to information or confiscation which will result in disclosure of your name. This may be the case in particular if the person affected claims that the information brought forward against him/her is knowingly or negligently untrue and decides to file charges.
Storing personal data:
The personal information you provided will be retained for 5 years after investigating and resolving the compliance report including the remediation of any shortcomings discovered and the handling of any ensuing litigation. Your personal data will be retained even longer if this is required due to legal, regulatory or contractual obligations to retain records or if it is permitted by law. Your personal data will be deleted as soon as this is required by law.
Consent and voluntary nature:
As you enter information into the whistleblowing system, the system will ask for your consent to the collection, processing and use of your personal data included in the information as described above. Please note that you can only proceed to the report form after you have clicked on the data processing consent box. If you do not want Boehringer Ingelheim to collect, process and use your personal data as described in this policy, you may submit your report anonymously. The disclosure of your personal data is voluntary, as is the use of the whistleblower system.
We would, however, appreciate it, if you could give us your name. Many investigations can be conducted more quickly and efficiently if the name of the whistleblower is known, since the person handling the report can get in touch with the whistleblower directly to clarify any information in the report. By using this whistleblower system, you agree that your personal data, to the extent provided by you, will be collected, processed and used as described above.
Your data protection rights and contact:
You can request information which personal data we store about you. In justified cases, you may also request the deletion, correction or limitation of the processing of your data. If your personal data is transferred to a country outside the EU that does not provide adequate protection, you may request a copy of the contract that provides adequate protection of personal data. Where you provided consent for the use of your personal data, you can withdraw your consent at any time with future effect.
If you have any questions about our use of personal data, this data protection declaration or would like to exercise your rights, you can contact us at any time or you can contact our data protection officer directly:
Boehringer Ingelheim International GmbH
– Data Protection Officer –
Binger Straße 173
55216 Ingelheim am Rhein
1 Boehringer Ingelheim International GmbH, headquarters: Ingelheim, Germany; Court of Registration: Mainz, HRB 21063. Further information can be found at www.boehringer-ingelheim.com