How will my data be protected when using the online reporting system?
Data protection provisions – online reporting system
Data protection is important to us
We take the protection of your personal data very seriously. The following data privacy notice will inform you of which personal data we process when you visit this website or report a breach.
1. Controller within the meaning of Art. 4 no. 7 GDPR
The data controller that processes the data within the meaning of Art. 4 no. 7 GDPR and the data recipient indicated to you when you report a breach is:
Schwarz Dienstleistung KG
2. Reporting breaches via the online reporting system /Contacting Compliance
Purpose of data processing and legal basis
This online reporting system was set up for reporting compliance-relevant matters. You can use it to report potential compliance breaches that could have serious consequences for the company, including criminal penalties or administrative fines.
You can also use the online reporting system if you have specific questions on compliance matters you would like to have answered by Compliance staff.
The legal basis for this data processing is Art. 6 (1) sentence 1 f) GDPR.
Type of data processed
Use of the online reporting system is voluntary. The data we process depends on the information you provide us with. We normally process the following data:
- Your name and contact details, if you have provided us with this information.
- Whether you are employed with us, if you want to tell us.
- The names of individuals and other personal data related to an individual, depending on what you report to us.
Recipients/ Categories of recipients
The data you have sent us is processed by the controller and only in the Compliance department. As a matter of principle, we rule out any disclosure of the data to third parties. It may be that we need to share the data that you sent us with other departments within the controller or with other Schwarz Group companies if this is necessary to investigate the matter.
Data is also processed on our behalf by processors, such as the operator of this online reporting system, Business Keeper AG, Bayreuther Strasse 35, 10789 Berlin, Germany. This processor and any other processors are carefully selected, and are also audited and bound by contract in accordance with Art. 28 GDPR.
We are legally obliged to inform the accused individual that we have received a report concerning them as soon as informing them thereof no longer risks prejudicing the investigation of a report. However, your identity as a whistle-blower is not revealed to the person against whom the compliance allegations were made, to the extent to which this is legally permissible.
Storage period/ Criteria for determining the storage period
Data is stored for as long as is necessary to fulfil the aforementioned purposes, namely to conclude the investigation of the report and carry out anonymised reporting on the nature and origin of the report and the communication channel used to make the report. ,and as is necessary under applicable law. Criteria that determine this period include the complexity of the matter reported, the length of time it takes to investigate it and the subject of the allegation. The data is deleted once the purpose for collection has been fulfilled.
3. Use of the online reporting system
Communication between your device and the online reporting system takes place via an encrypted connection (SSL). Your IP address is not stored. A cookie containing a session ID (session cookie) is stored on your computer for the sole purpose of maintaining the connection to the online reporting system. This cookie is valid for the duration of your session and is then deleted.
4. Your rights as data subject
You have the right, pursuant to Art. 15 (1) GDPR, upon request to receive information free of charge on the personal data about you that have been stored in the controller's system.
If the statutory requirements are met, you also have the right to rectification, erasure and restriction of processing of your personal data.
If data is processed on the basis of Art. 6 (1) e) or f) GDPR, you have the right to object. If you object to data processing, it will not be processed in future unless the controller can prove compelling legitimate grounds for further processing that prevail over the data subject's interest.
If you have provided the data yourself, you have a right to data portability.
If data is processed on the basis of your consent in accordance with Art. 6 (1) a) or Art. 9 (2) a) GDPR, you can withdraw your consent at any time with future effect without affecting the lawfulness of prior processing.
In the above-mentioned cases, if you have any further questions or wish to file a complaint, please contact our Data Protection Officer in writing or by e-mail; see section 5.
You also have the right to file a complaint with the competent data protection supervisory authority.
5. Contact the data protection officer
If you have any further questions concerning the processing of your data or exercising your rights, you can contact the responsible controller's data protection officer:
Schwarz Dienstleistung KG