Privacy

We act as trusted lawyers for companies and organisations and are entrusted with receiving confidential information from employees, customers, business partners and other whistleblowers. For this purpose, we provide this digital whistleblower system.

 

We always treat reports confidentially. You also have the option of submitting anonymous reports via the digital whistleblower system. Here we inform you about how we process personal data and what rights you have as a data subject when using the digital whistleblower system.


Who is responsible for data processing?
The controller within the meaning of the legal regulations on data protection is:

Schneiders & Behrendt PartmbB, Rechts- und Patentanwälte
Gerard-Mortier-Platz 6
44793 Bochum
Deutschland
Telefon: +49 234 9136-0
E-Mail: info@bolex.de

Datenschutzbeauftragter:
Adlex GmbH
Gerard-Mortier-Platz 6
44793 Bochum
Deutschland
Telefon: +49 234 9136599
E-Mail: dsb@adlex.de

What data will be processed?

The use of the digital whistleblower system is voluntary. In the event of reports, the following personal data will be processed:


  • Whistleblower: name (if you disclose your identity), contact details (if you provide them), communication content, relation to the company
  • Persons affected by incidents (if existing and known): name, information about incidents and suspected violations of laws and regulations, contact details, communication content
  • Witnesses and/or third parties mentioned in the report (e.g. customers, suppliers, colleagues or business partners, if existing and known): first and last name, contact details, communication content, relation to the company


For which purpose and on which legal basis do we process your data?
The above-mentioned data is processed for the purpose of detecting and preventing serious misconduct and avoiding and averting particularly drastic or existence-threatening legal consequences and damage both for the company concerned (criminal prosecution, claims for damages, reputational damage, supervisory measures) and for our activities as an external reporting centre. For this purpose, the report is analysed and, depending on the result of the examination, a report on the incident is sent to the company concerned for further handling. The legal basis for the processing is the processing of the report in relation to you and the company concerned pursuant to Art. 6 para. 1 lit. b) GDPR, to fulfil a legal obligation pursuant to Art. 6 para. 1 lit. c) GDPR or to safeguard the legitimate interests of the controller, the company concerned or a third party pursuant to Art. 6 para. 1 lit. f) GDPR, unless express consent pursuant to Art. 6 para. 1 lit. a) GDPR can be seen in your report.

Who will receive my data?
In the course of examinations, investigations and remedial measures to be taken, it may also be necessary or desired by you to transmit personal information about a reported incident to the company concerned or to the competent authorities. The digital whistleblower system is operated by the specialised software service provider iComply GmbH, Große Langgasse 1a, DE-55116 Mainz, Germany, on our behalf.

 

Your report will be processed by us, whereby information will be passed on to the company concerned insofar as this is necessary and expedient in order to clarify and remedy any violations. In this context, too, we maintain the greatest possible confidentiality and will consult with you if you have enabled us to contact you. 


 
What data protection rights do you have?
If we process your personal data, you are a data subject within the meaning of GDPR and have the following rights vis-à-vis us as the controller: 

  • right to information about the purpose, type, scope and duration of the processing (Art. 15 GDPR)
  • right to correction of the stored data (Art. 16 GDPR)
  • right to deletion of stored data (Art. 17 GDPR) 
  • right to restriction of the processing of data (Art. 18 GDPR)
  • right of the data recipients being informed by us as the controller with regard to the execution of the rights of correction, deletion and restriction of the processing (Art. 19 GDPR)
  • right to data transferability in machine-readable form (Art. 20 GDPR)
  • right to object to data processing (Art. 21 GDPR)
  • right to revoke the declaration of consent under data privacy law (Art. 7 para. 3 GDPR)
  • right not to participate in an automated decision (Art. 22 GDPR)
  • right to appeal to a supervisory authority (Art. 77 GDPR)


How long will the personal data be stored? 
Personal data will be stored for as long as necessary to fulfil the purpose, e.g. for clarification and final assessment, or as required by law. Thereafter, this data will be deleted in accordance with legal requirements. If a report proves to be unfounded, the report and the personal data contained therein will be deleted immediately. Apart from that, the reports and notifications will regularly be deleted after 6 months. In addition, a final assessment will be stored for documentation purposes.