Data privacy policy
We take the issue of data protection and confidentiality very seriously and comply with the applicable data protection regulations (EU GDPR and applicable national data protection regulations). Please read this data privacy policy carefully before submitting a report.
Purpose of the whistleblower system
The whistleblower system (BKMS® system) is used to receive and process information on criminal offences and violations of the law in the area of white-collar crime, corruption, disregard for personal rights or discrimination, violations of data protection regulations and human rights and environmental risks or violations in a secure and confidential way. It is also available for all reports that fall within the scope of the German Whistleblower Protection Act (HinSchG) in accordance with Sections 1, 2 HinSchG.
The BKMS® system guarantees a very high level of protection for the data processed in the whistleblowing system thanks to its encryption and authorisation concept. It fully guarantees the protection of the whistleblower’s identity. Information can also be submitted anonymously.
Further information on the reporting or complaints procedure can be found on the FBB website.
Legal bases
Personal data is processed on the basis of Art. 6 Para. 1 lit. c General Data Protection Regulation (GDPR) in conjunction with Section 10 Para. 1 Whistleblower Protection Act (HinSchG) if the information provided falls within its scope of application (see Section 3 HinSchG). In other cases, the legal basis for processing personal data is Art. 6 Para. 1 lit. f GDPR.
We have a legitimate interest in processing the data you voluntarily transmit to us using this whistleblowing tool. This also includes any personal data required to process and document information and complaints. The necessity can be for different reasons and is always evaluated on a case-by-case basis. Important criteria here are the need to use the information for further clarification of the facts or for making contact. We may submit personal data to a competent authority for further investigation and use it as part of our internal investigations. This is the only way that allows us to recognise and clarify violations, introduce protective measures and initiate preventive measures.We would like to expressly point out that we only process the information provided by you with the whistleblower system and that anonymous information provided in this respect does not allow the system to create any reference to the whistleblower.
If personal information is processed by us, we protect your right to privacy by encrypting data without exception and by restricting access to data to those people entrusted with investigative tasks.>/p>
Data processing controller
Flughafen Berlin Brandenburg GmbH (“FBB”), 12521 Berlin, is responsible for the data protection of the whistleblower system. The whistleblower system is operated by a specialist company, EQS Group AG, Bayreuther Str. 35, 10789 Berlin, Germany, on behalf of FBB.
Personal data and information entered into the whistleblower system is stored in a database operated by EQS Group AG at a high-security data centre.
Access to the data is only possible for authorised FBB employees who are responsible for receiving reports and taking follow-up action.
EQS Group AG and other third parties do not have access to whistleblower system data. This is guaranteed in a certified process through comprehensive technical and organisational measures. All data is encrypted and stored with multi-level password protection meaning that access is restricted to a very small circle of expressly authorised persons at FBB.
Type of personal data collected
Use of the whistleblower system is voluntary. We collect the following personal data and information when you submit a report via the whistleblower system:
- your name (if you disclose your identity),
- whether you are employed by the FBB Group and, if so, in which organisational unit,
- other personal data resulting from your report or any attachments, and.
- names of persons and the personal data of those you name in your report, if applicable.
In the event that further personal data is collected as part of the investigation carried out in response to your report, this data will also be processed via the whistleblower system. If you do not provide your name and the content of your report and/or attachments does not provide any indications that directly or indirectly allow conclusions to be drawn about your identity, this is not personal data within the meaning of Art. 4 No. 1 GDPR.
Confidential handling of information
Information is only received by an expressly authorised and specially trained circle of FBB employees who are responsible for receiving reports and taking follow-up action, and is always handled confidentially. The employees check the facts of the case and, if necessary, carry out further case-related clarification of the facts.
It may be necessary to pass on information to other employees of FBB or employees of other Group companies, e.g. if the information relates to events in subsidiaries, when processing a report or as part of a special investigation. Personal information about the whistleblower will always be treated confidentially and will not be passed on to persons within or outside FBB without the whistleblower’s consent, not even for the purpose of clarifying the facts, unless there is a legal obligation to disclose the information.
Use of the whistleblower portal
Communication between your computer and the whistleblowing system takes place via an encrypted connection (SSL). Your computer’s IP address is not stored while you are using the whistleblower portal. To maintain the connection between your computer and the BKMS® system, a cookie is stored on your computer and only contains the session ID (“null cookie”). The cookie is only valid until the end of your session and becomes invalid when you close the browser.
You have the option of setting up a protected mailbox in the whistleblower system with a pseudonym/user name and password of your choice. In this way, you can send reports to the responsible FBB employee by name or anonymously and securely. This system stores data exclusively in the whistleblower system and is therefore particularly secure; it is not standard email communication.
Information on sending attachments
When submitting a report or sending additional information, you have the option of sending attachments to the responsible FBB employee. If you wish to submit a report anonymously, please note the following security information:
Files may contain hidden personal data that compromise your anonymity. Remove this data before sending. If you are unable to remove this data or are unsure, copy the text of your attachment to your report text or send the printed document anonymously to the address listed in the footer, quoting the reference number you receive at the end of the reporting process.
Documents and evidence provided by you will be used for further clarification of the facts and made available to other internal company departments or criminal investigation authorities if it is useful for that purpose.
Retention period of personal data
Personal data is stored for as long as required for clarification and conclusive assessment. Once the processing and assessment of the information has been completed, the respective case data will be deleted after three years if the suspicion does not prove to be true. If evidence is substantiated, the information can be passed on to law enforcement authorities for further investigation. In this case or in the event of further internal investigations, the data will be processed at least until the conclusion of the respective investigations and then deleted after three years. In this case, we will also only disclose information about the whistleblower to law enforcement authorities if you have consented to the disclosure or if we are legally obliged to pass on the information.
Rights of the data subject
If we process your personal data to protect legitimate interests in accordance with Art. 6 Para. 1 lit f GDPR, you have the right to object to this processing of your personal data at any time on grounds relating to your particular situation (Art. 21 Para. 1 GDPR). The objection can be sent by letter or email to the following:
Flughafen Berlin Brandenburg GmbH
Compliance
12521 Berlin
Email: Compliance@berlin-airport.de
When exercising your objection, we request that you explain the reasons as to why we should not process your personal data. In the event of your justified objection, we will no longer process your personal data unless we can produce compelling, legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing serves the purpose of the assertion, exercise or defence of legal claims.
In accordance with the respective legal provisions, you also have the right
- to obtain information about the processing of your personal data. In this context, you also have the right to receive a copy of the personal data that is the subject of the processing (Art. 15 GDPR);
- to obtain without undue delay the rectification of inaccurate personal data concerning you or to have incomplete personal data completed (Art. 16 GDPR);
- to obtain the immediate erasure of your personal data, provided that it is no longer required for the fulfilment of the purpose for which it was collected or there is otherwise a reason for erasure and there are no obstacles to erasure, such as statutory retention periods (Art. 17 GDPR);
- to obtain the restriction of processing of your personal data (Art. 18 GDPR).
You also have the right to request that your personal data be transmitted by us to third parties, if technically feasible. This right does not apply if the rights and freedoms of other persons are affected by the transmission (Art. 20 GDPR).
Finally, you have the right to lodge a complaint with any supervisory authority of your choice, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you by us infringes the legal provisions. Further administrative or judicial remedies to which you may be entitled remain unaffected by this (Art. 77 GDPR).
Data protection officer
If you have any regarding data protection, you can also contact FBB’s data protection officer at any time. To do so, send a corresponding message to:
Flughafen Berlin Brandenburg GmbH,
Data Protection Officer
12521 Berlin
Email: datenschutz@berlin-airport.de.
Last updated: February 2024
