Home - BKMS System

Data Privacy Policy

We take data protection and confidentiality very seriously and adhere to the provisions of the EU General Data Protection Regulation (EU-GDPR) as well as current national data privacy regulations. Please read this data privacy information carefully before submitting a report.

Purpose of the whistleblowing system and legal basis

The whistleblowing system (BKMS^® System) serves the purpose of securely and confidentially receiving, processing and managing reports regarding violations of the compliance rules of the Majorel Group Luxembourg S.A.. The processing of personal data in the BKMS^® System is based on the legitimate interests of our company to detect and prevent misconduct and thus avoid damage to the Majorel Group Luxembourg S.A., its employees and customers. Article 6 (1) (f) EU-GDPR serves as legal basis for this data processing.

Responsible authority

The party responsible for data privacy in the whistleblowing system is

1) Majorel Group Luxembourg S.A. and
2) its subsidiaries and its affiliates

as parties with mutually autonomous responsibility (hereafter also: “Majorel Group Luxembourg S.A.”). The reporting system is operated by a specialised company, EQS Group GmbH, Karlstraße 47, 80333 Munich in Germany, on behalf of the Majorel Group Luxembourg S.A..

Personal data and information entered into the reporting system are stored in a database operated by EQS Group GmbH in a high-security data centre. Only the Majorel Group Luxembourg S.A. has access to the data. EQS Group GmbH and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organisational measures.

All data are stored encrypted with multiple levels of password protection so that access is restricted to a very small selection of expressly authorised persons at c.

The Majorel Group Luxembourg S.A. has appointed a data protection officer. Questions on data protection and privacy can be sent to: contact@majorel.com.

Type of the collected personal data

Use of the reporting system takes place on a voluntary basis. If you submit a report via the whistleblowing system, we collect the following personal data and information:

your name, if you choose to reveal your identity,
whether you are employed at the Majorel Group Luxembourg S.A., and
the names of persons and other personal data of persons that you name in your report.

Confidential handling of reports

Incoming reports are received by a small selection of expressly authorised and specially trained employees of the Compliance department of the Majorel Group Luxembourg S.A. and are always handled confidentially. The employees of the Compliance department of the Majorel Group Luxembourg S.A. will evaluate the matter and perform any further investigation required by the specific case.

During the processing of a report or the conduction of a special investigation, it may become necessary to share reports with additional employees of the Majorel Group Luxembourg S.A. or employees of other group companies, e.g. if the reports refer to incidents in subsidiaries. The latter may be based in countries outside the European Union or the European Economic Area with different regulations concerning the privacy of personal data. We always ensure that the applicable data privacy regulations are complied with when sharing reports.

All persons who receive access to the data are obligated to maintain confidentiality.

Information of the accused person

As a basic principle we are bound by law to inform the accused persons that we have received a report concerning them, unless this threatens further investigations into the report. In doing so, your identity as whistleblower is not revealed as far as is legally possible.

Rights of the data subjects

According to European data protection law, you and the persons named in the report have the right to inquiry, rectification, erasure, restriction of processing and the right to object to processing of personal data concerning them. If the right of objection is claimed, we will immediately examine to what extent the stored data is still necessary for the processing of a report. Data that is no longer required is deleted immediately. In addition, you have the right to lodge a complaint with a supervisory authority.

Retention period of personal data

Personal data is retained for as long as necessary to clarify the situation and perform an evaluation of the report or a legitimate interest of the company exists, or it is required by law. After the report processing is concluded, this data is deleted in accordance with the statutory requirements.

Use of the reporting portal

Communication between your computer and the reporting system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the reporting system. In order to maintain the connection between your computer and the BKMS^® System, a cookie is stored on your computer that merely contains the session ID (a so-called null cookie). This cookie is only valid until the end of your session and expires when you close your browser.

It is possible to set up a postbox within the reporting system that is secured with an individually chosen pseudonym / user name and password. This allows you to send reports to the responsible employee at the Majorel Group Luxembourg S.A. either by name or in an anonymous, safe way. This system only stores data inside the reporting system, which makes it particularly secure. It is not a form of regular e-mail communication.

Note on sending attachments

When submitting a report or an addition, you can simultaneously send attachments to the responsible employee of the Majorel Group Luxembourg S.A.. If you wish to submit an anonymous report, please take note of the following security advice: Files can contain hidden personal data that could compromise your anonymity. Remove this data before sending. If you are unable to remove this data or are unsure how to do so, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the footer, citing the reference number received at the end of the reporting process.

Version: 23/12/2019

Data Privacy Policy

MAJOREL takes the topic of data protection and confidentiality very seriously. We adhere to the provisions of the EU General Data Protection Regulation (EU-GDPR) as well as current national data protection regulations. Please read this data protection information carefully before submitting a report.

Controller

The party responsible for data protection in the whistleblowing system isMajorel Group Luxembourg S.A.
43, boulevard Pierre Frieden
L-1543 Luxembourg
Email: contact@majorel.com

The data protection officer of Majorel Group Luxembourg S.A. (hereafter: MAJOREL) can be reached at the above postal address with the addition "An den Datenschutzbeauftragten" or at the email address: contact@majorel.com.

Type of collected personal data

Use of the whistleblowing system takes place on a voluntary basis. If you submit a report via the whistleblowing system, we collect the following personal data and information:

your name, if you choose to reveal your identity,
whether you are an employee of MAJOREL and
the names and other personal data of persons whom you list in your report, if applicable.

The whistleblowing system (BKMS^® System) does not set any cookies, and no personal data are collected by means of cookies.

Purpose and legal foundation of the data processing

The whistleblowing system (BKMS^® System) serves the purpose of securely and confidentially receiving, processing and managing reports concerning violations of the compliance rules of MAJOREL. Incoming reports are received by a small selection of expressly authorised and specially trained employees of the compliance organisation of MAJOREL and always handled confidentially. The designated employees of the MAJOREL compliance organisation evaluate the matter and perform any further investigation required by the specific case. If the investigation reveals that compliance violations did in fact occur, this can result in appropriate measures being taken against persons involved.

The processing of personal data within the framework of the BKMS^® System is based on the justified interest of our company in discovering and preventing abuses and thereby averting damage to MAJOREL, MAJOREL group companies, employees and customers. The legal foundation for this processing of personal data is therefore Article 6(1)(f) EU-GDPR.

Transmission of data to third countries

While processing a report or conducting a special investigation, it may be necessary to share reports with additional employees of MAJOREL or employees of other MAJOREL group companies, e.g. if the reports refer to incidents in subsidiaries. The latter may be based in third countries, in other words, countries outside the European Union or the European Economic Area for which no adequacy decision by the EU Commission exists and which may have different regulations concerning the protection of personal data. In such cases, it is therefore possible for personal data to be transmitted to third countries. We will always ensure that the applicable data protection regulations are complied with when sharing reports with third countries.

All persons who receive access to the data are obligated to maintain confidentiality.

Recipients of personal data

The processing of personal data in the BKMS^® System by MAJOREL takes place on the BKMS^® servers in a high-security data centre located in Germany. The operator (contract processor) of the BKMS^® System is

EQS Group GmbH
Karlstraße 47
D-80333 München
Germany

A corresponding processing contract in accordance with Art. 28 GDPR has been concluded. Neither EQS Group GmbH nor third parties have access to the report contents in the BKMS^® System.

Information about the accused

We are legally obligated to inform accused parties of any reports received against them as soon as the disclosure of this information no longer jeopardises the investigation. Your identity as a whistleblower will not be disclosed unless we are legally bound to do so.

Rights of the data subject

Pursuant to European data protection legislation, you and the persons named in the report have a right of access, rectification, erasure, data portability, restriction of processing and right of objection to processing of your personal data. If the right to object to the processing of the personal data is invoked, the necessity of the stored data for the examination of a report will be evaluated immediately. Data that are no longer needed will be deleted at once. If you would like to make use of your right to object, please contact the address listed under item 1.

You also have the option of contacting a data protection authority and submitting a complaint there. The competent authority for our company is the

State Representative for Data Protection and Freedom of Information of North Rhine-Westphalia

Kavalleriestr. 2-4
40213 Düsseldorf
Phone: +49 (0) 211/38424-0
Fax: +49 (0) 211/38424-10
Email: poststelle@ldi.nrw.de

However, you can also contact the data protection authority responsible for your place of residence.

Automated decision-making

No automated decision-making takes place with regard to the processing of your personal data described here.

Profiling

No profiling takes place.

Retention period of personal data

Personal data are retained for as long as necessary to clarify the situation and issue a final assessment of the report or until existing contractual and/or legal obligations are met, unless overriding statutory retention periods prevent erasure of the data.

Updating of the privacy policy

If this privacy statement is modified, notice of this change will be published on the website and in other suitable locations.

Version: June 2018

Majorel is now Teleperformance