Cookies are disabled in your browser.
Please enable cookies to use BKMS^® Incident Reporting.
For more information about cookies, please click here.

Information about Cookies

During the use of BKMS^® Incident Reporting, a text file (called a “session cookie”) is saved on your computer containing only the number of your session. This is necessary for technical reasons in order to establish the connection to a security-certified server. The “session cookie” does no damage to your computer, it does not access your data and has no relation to the contents of your report. If you close all browser windows after submitting your report, the “session cookie” will expire and be automatically deleted.

English
Deutsch

If you would like to send your first report, please click here:

If you have already set up a postbox, you may login here:

The observance of laws and regulations is a central aspect of our business conduct.

We conduct our business on the basis of a responsible approach that aims to create sustainable value and meet the needs and wishes of our customers. Compliance with statutory requirements and internal regulations is our clear claim. If any laws or regulations have been violated in spite of this, we want to investigate the matter and initiate appropriate measures.
At ERGO, we strive for open and trustful communication with our customers, partners and stakeholders and wish to address critical cases or information directly. In some situations, however, providing direct information is not possible or reasonable. For such cases, ERGO offers this portal as an additional option.

It allows for the confidential submission of reports about possible violations of laws or regulations. Submitted reports are processed by the ERGO compliance department. Depending on the situation, other relevant authorities such as the internal auditing department or the data protection officer may be involved.

You are free to submit reports completely anonymously if you so wish. You are not obliged to enter any data which allows for conclusions to be drawn about your identity at any stage of the reporting process.

Important: we urge the whistleblowers to verify all information to the best of their knowledge. The deliberate submission of wrong information may result in criminal or civil penalties.

Why should I submit a report?

Why should I submit a report?

Complying with laws and regulations is important to us. At the same time: If any offences have taken place, we want to detect them. Help us!

Your report can help protect ERGO and third parties from possible damage. It might also contribute to reverse damage that has already been inflicted.

What reports should I submit?

What reports should I submit?

If you possess information about possible breaches of laws or internal regulations at ERGO, we would like to know. This applies especially to actions that might incur significant economic damage or harm the reputation of our company.

You can submit reports on the following topics:

Corruption / bribery
White-collar crime / fraud
Anti-competitive practices
Violations of data protection regulations
Conflicts of interest
Non-observance of sales compliance
Breaches of the code of conduct
Money Laundering / Terrorist Financing
Other circumstances that constitute a considerable risk for our reputation

During the reporting process, our system will provide you with detailed information about the listed categories.

How will my report be processed? How do I set up a postbox?

How will my report be processed? How do I set up a postbox?

If you want to send a report, either anonymously or in your name, click “Submit report” at the top of our introductory page.

The reporting process consists of four steps:

First, you will be asked to read some information on the protection of your anonymity and to respond to a security query.
On the following page, you will be asked about the category of your report.
On the report page, you can elaborate on your report in your own words and answer questions about the case by simply selecting responses. In the free text field you can write 5,000 characters, which corresponds to a full DIN A4 page. You may also submit a file of up to 5MB to support your report. Please bear in mind that attached documents can contain information about the author. Following the submission of your report, you will receive a reference number to confirm that you have sent this report.
Subsequently, you can set up your own, secured postbox. This postbox will allow you to receive information on the status of your report or questions about the situation at hand.

Submitted reports are processed by the ERGO compliance department. Depending on the situation, other relevant authorities such as the internal auditing department or the data protection officer may be involved.

If you already have a secured postbox, you can access it directly via the “Login” button. First, you have to answer the security query here as well.

How do I receive feedback?

How do I receive feedback?

At ERGO, we use a process that prioritises the protection of the whistleblower. The manufacturer of this process has received a certification that confirms the technical guarantee of data confidentiality. A special procedure exists for feedback.

As part of your report submission, you can set up a secured postbox. When setting up your postbox, you will choose a pseudonym and password. Special encryption and security measures protect your report. This postbox will allow you to receive information on the status of your report or questions about the situation at hand.

Information about Data Protection

Information about Data Protection

The whistleblowing portal serves to recognise and avoid significant risks to the ERGO Group AG. For this reason, the portal receives and processes information regarding legal infringements securely and confidentially, especially those related to financial crime (e.g. corruption, money laundering), antitrust and insurance supervisory law, market abuse, data protection, or serious breaches of related internal rules. Use of the whistleblowing portal is voluntary.

The whistleblowing portal is operated by Business Keeper AG, Bayreuther Str. 35, 10789 Berlin, Germany on behalf of ERGO Group AG. Communication between your computer and the whistleblower portal is encrypted (TLS). Data entered into the whistleblower system are encrypted, password-protected, and stored in a database operated by Business Keeper, which is located in a high-security data centre in Germany. Business Keeper AG cannot access the data.

Who is responsible for processing the data?

ERGO Group AG
ERGO-Platz 1
40477 Düsseldorf
E-mail: compliance@ergo.de

Please contact ERGO Group AG´s Data Protection Officer if you have any questions about this notice. The Officer can be contacted via post addressed to the “Data Protection Officer” at the address above, or via e-mail at datenschutz@ergo.de.

What categories of data do we use, and where does the data come from?

Use of the whistleblowing portal is voluntary. We collect the following personal data and information, when you submit a report:

Your name, if you choose to provide it
Whether you are employed at ERGO Group AG or one of its subsidiaries
The names and other personal data of persons you name in your report.

Your computer's IP address is not recorded during or after use of the whistleblowing portal. In order to maintain the connection between your computer and the BKMS^® system, a null cookie is stored on your computer, which contains only the session ID. The cookie is valid only until the end of your session and becomes invalid when you close your browser. Nonetheless, traces of your visit to the whistleblowing portal may be left on your computer. Therefore, if you visit the whistleblowing portal from a company computer, you should consider deleting in particular the temporary data (cache) in your browser.

You have the option to set up a secure mailbox in the whistleblowing portal using a pseudonym/user name and password, which you can select yourself. This way you can exchange messages and files anonymously and securely with the person responsible in ERGO Group AG`s compliance department. This system of communication is not like normal e-mail exchange; the data is only saved in the whistleblowing portal and is therefore specially protected.

For what purposes and on what legal basis do we process your data?

We process your personal data in compliance with the EU General Data Protection Regulation (GDPR) and all other applicable laws (e.g. the German Federal Data Protection Act).

ERGO Group AG will process personal data confidentially, such as names and other data related to the communication and its content, and for the sole purpose of receiving and processing the abovementioned information securely and confidentially. In so far as your consent to process your personal data is required, it provides the legal basis in accordance with Article 6(1)(a) of the GDPR. In all other cases, processing within the meaning of Article 6(1)(f) of the GDPR serves to protect the overriding legitimate interests of ERGO Group AG, the investigation of legal infringements and serious breaches of internal regulations, as well as the protection of ERGO (Group) and its employees from potential related damages.

Will data be passed on?

When you share your name in the whistleblowing portal, we ensure your identity as the whistleblower is treated confidentially.

Only a very limited number of expressly authorised persons from within ERGO Group AG´s compliance department have access to the data you provide. Depending on the report's content, certain expressly authorised persons from within the internal audit department, with the Data Protection Officer and individually authorised persons in subsidiary companies may receive access to the data on a case-by-case basis, if it is necessary to process a particular information. If these subsidiaries are headquartered in countries outside of the European Union or the European Economic Area, an adequate level of data protection will be ensured through binding company internal regulations on data protection. Each person with access to the data is obliged to treat it confidentially.

Investigations of information reported are highly confidential. Principally, your name or any circumstances which could expose your identity as whistleblower are not revealed. However, in certain exceptional cases, we may be required to provide your name, e.g. as required by law.

If an initial suspicion is confirmed, the information may be passed on to another internal department to initiate sanctions, or to a governmental law enforcement authority.

Information of the subject(s) affected by the whistleblowing

In certain cases we are legally obliged to inform those affected that we have received information about them. This can only be done once the act of informing them no longer jeopardises the investigation of the information received. No direct or indirect information about the identity of the whistleblower, in so far as permitted by law, is revealed in the process.

How long will your data be stored?

We store personal data related to the information for as long as it is required for the investigation or for as long as we are required by law. Following this period, information received is either deleted or anonymized, i.e. any reference to your identity as the whistleblower is finally and irreversibly erased.

What rights do users of the whistleblowing portal have?

In addition to your right to object, you have a right to information, a right to rectify or erase data under certain conditions, as well as a right to restrict data processing. Upon request, we will make the data that you provided available in a structured, accessible and machine-readable format. Please contact the aforementioned address to exercise these rights.

Right to object

If we process your data for the purposes of protecting our legitimate interests, you may object to this processing if your particular situation precludes the processing of your data. In such case we would stop the processing, unless we have overriding legitimate interests. In case you have given consent, you have the right to withdraw your consent without disadvantages at a later stage.

You may contact the aforementioned Data Protection Officer or the data protection authorities. The authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf
Fon: +49 (0) 211/38424-0
E-Mail: poststelle@ldi.nrw.de
Internet: https://www.ldi.nrw.de/

Information up to date as of April 2019

Select country

Cancel