Data Protection Information
We take data protection and confidentiality very seriously and adhere to the current national and European data protection regulations. Please read the following information about data protection carefully before submitting a report.
Information about the whistleblowing system
The whistleblowing system is operated in Germany by Business Keeper GmbH on behalf of CECONOMY AG.
Personal data and information entered into the whistleblowing system is stored in a database operated by Business Keeper GmbH, Bayreuther Straße 35, 10789 Berlin. Only CECONOMY AG and their shareholders have access to the data. Neither Business Keeper GmbH nor any other third parties have access to the data.
All data is encrypted, password-protected, and stored in a secure location. This ensures that access is limited to a very close circle of explicitly authorised persons within CECONOMY AG.
The use of the whistleblowing system is entirely voluntary. Please note that we can only receive and examine reports if you confirm that you have read and understood this information about data protection and agreed to the processing of all personal data entered by you in accordance with the present data protection information.
We collect the following personal data and information when you submit a report using the whistleblowing system:
Your name, provided you choose to disclose your identity; whether or not you are an employee of CECONOMY AG; and, if applicable, names or other personal data of persons mentioned in your report.
Submitted reports are received by specially trained employees of the CECONOMY AG Compliance department and always treated confidentially. These employees within the Compliance department examine the circumstances and, if necessary, conduct further investigations relating to the case.
Within the context of the examining of a report or within the scope of a special investigation, it may become necessary to forward reports to other employees of CECONOMY AG, e.g. when the report relates to occurrences within subsidiaries. The latter may be based in countries outside the European Union or the European Economic Area with different regulations about the protection of personal data. We always ensure compliance with the relevant data protection legislation when forwarding reports.
Every person who receives access to the data is obliged to maintain confidentiality.
Principles of data protection
CECONOMY AG may only use personal data for the purposes for which it was originally collected, or to which the person in question has agreed subsequently. CECONOMY AG is furthermore obliged to take measures to ensure that personal data is used exclusively for the intended purpose and kept correct, complete, and up to date.
Information about the incriminated person
We would like to point out that under certain circumstances we may have to pass on the information you have provided, including your identity if you have disclosed it, to persons entitled to receive such information, i.e. possibly also to persons who are affected by your report. This will only happen if this information cannot be omitted due to an exception.
Further, CECONOMY AG is obliged to provide affected persons with access to personal data stored about them. In addition, the persons must be given the opportunity to correct, change or clear data that is incorrect. Your identity, i.e. that of the whistleblower, will not be disclosed. These rights can only be granted if this does not endanger the execution of investigative measures.
Information, correction, deletion, and closure
You and the persons named in the report have the right to information, correction, deletion, and closure of personal data and can revoke the storage of personal data at any time without giving reasons. In this case, the necessity of the stored data for the examination of a report will be evaluated immediately. Data that is no longer required will be deleted immediately.
CECONOMY AG stores reports for as long as this is necessary to carry out follow-up measures, or if a justifiable interest exists, or if their storage is required by law. Reports are subsequently deleted or anonymised, i.e. any links to your identity as a whistleblower and to persons named in the report will be removed permanently and irreversibly.