Information on data protection
The protection of your data and the confidentiality of your identity are very important to the company of the FUCHS Group (“FUCHS”). Naturally, FUCHS processes your personal data exclusively in accordance with the EU General Data Protection Regulation (EU-GDPR) and the applicable national data protection regulations. With the outstanding encryption and permission concept, FUCHS also guarantees an exceptional level of protection for the data in the BKMS® Compliance System (“whistleblowing system”) – including your identity. FUCHS also offers you the ability to submit your report anonymously. Please read this data protection information carefully before submitting a report.
Purpose and legal foundation of the whistleblowing system
The whistleblowing system serves the purpose of securely and confidentially receiving, processing and managing reports from employees of the FUCHS Group, business partners and other third parties concerning violations of the law and internal company rules (such as the Code of Conduct) and also aids in resolving the respective situation. Moreover, it supports the submitting and answering of questions on the topic of compliance at FUCHS.
The processing of personal data within the framework of the whistleblowing system takes place in accordance with Art. 6(1)(1)(f) EU-GDPR on the basis of FUCHS’s legitimate interest in the discovery and prevention of legal violations and malpractices. Such incidents can cause considerable damage to our financial standing and our reputation. The legitimate interest of FUCHS therefore outweighs the rights of the data subjects to informational self-determination, especially due to the technical and organisational measures we implement to minimise any impairment of said self-determination and to protect confidentiality and data integrity.
Responsible authority
The parties responsible for data protection in the whistleblowing system are
- FUCHS SE, Einsteinstr. 11, D-68169 Mannheim (Tel: +49 (0)621 3802-0, fax: +49 (0)621 3802-7190, email: kontakt@fuchs.com) and
- its subsidiaries: https://www.fuchs.com/gruppe/unternehmen/das-unternehmen/fuchs-weltweit/
as parties with mutually autonomous responsibility. The whistleblowing system is operated by a specialised company, EQS Group AG, Bayreuther Str. 35, 10789 Berlin in Germany, on behalf of FUCHS.
EQS Group AG operates a database in a high-security data centre, where it stores the personal data and information. The decryption and viewing of the data are only possible by FUCHS. Neither EQS Group AG nor other third parties have access to interpretable data. This is ensured by a certified procedure through extensive technical and organisational measures. All data are stored encrypted with multiple levels of password protection so that access is restricted to expressly authorised recipients at FUCHS, who must make use of the data to achieve the goals of the whistleblowing system.
FUCHS has appointed a data protection officer. Inquiries on data protection at FUCHS should be directed to attorney at law Dr. Karsten Kinast, LL.M., KINAST Rechtsanwaltsgesellschaft mbH, Hohenzollernring 54, D-50672 Köln.
Type of personal data collected
Use of the whistleblowing system takes place on a voluntary basis. When you submit a report via the whistleblowing system, FUCHS initially collects only the personal data that you provide to FUCHS. These data generally consist of:
- your name, if you choose to reveal your identity,
- whether and in which department you are employed at FUCHS,
- other personal data (e.g. date of birth, telephone or fax numbers, email or postal addresses, vehicle license plate number, relationships with others, other personal characteristics and attributes, etc.) that arise from your report and
- the names and other personal data of those persons (such as the examples above) whom you list in your report, if applicable.
In the event that additional personal data are collected by FUCHS or third parties within the course of the investigation following from your report, these data may also be processed via the whistleblowing system.
Confidential handling of reports
A small circle of expressly authorised and specially trained employees of the compliance organisation of FUCHS receives incoming reports and handles these as confidentially as possible at all times. The employees of the FUCHS compliance organisation evaluate the matter and perform any further investigation required by the specific case.
While processing a report, especially within the course of investigating a situation, it may be necessary to share reports with additional employees of FUCHS, including employees of other FUCHS Group companies, e.g. if the reports refer to incidents and situations at FUCHS Group companies. The latter may be based in countries outside the European Union or the European Economic Area, which may have different regulations about the protection of personal data. FUCHS always complies with the applicable data protection regulations even when sharing reports.
All persons at FUCHS who receive access to the data are obligated to maintain confidentiality.
Notification of accused parties
FUCHS is legally obligated to inform accused parties that a report concerning them has been received as soon as and insofar as the disclosure of this information no longer jeopardises the investigation according to an assessment by FUCHS. If you did not submit your report anonymously, FUCHS will refrain from disclosing your identity as a whistleblower – unless this is required by law – and will continue to handle this information confidentially.
Rights of the data subject
Pursuant to European data protection legislation, you and the persons named in your report (the data subjects) have a right of access, rectification, erasure, restriction of processing and objection to processing of their respective personal data. If a data subject invokes the right to object to the processing of the personal data, FUCHS will immediately evaluate the necessity of the stored data for the examination of a report. In this case, further processing will only take place if FUCHS can demonstrate compelling legitimate grounds that override the interests, rights and freedoms of the data subject. FUCHS immediately deletes data that are no longer needed. You also have the right to appeal with the supervisory authority.
Retention period of personal data
FUCHS retains personal data for as long as necessary to clarify the situation and perform a final assessment of the report and for as long as a legitimate interest exists on the part of FUCHS or retention is required by law. After the report processing is concluded, FUCHS will delete the data in accordance with statutory requirements.
Use of the whistleblowing portal
Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and the whistleblowing system, a cookie is stored on your computer that merely contains the session ID (a so-called session cookie). This cookie is only valid until the end of your session and expires when you close your browser.
It is possible to set up a postbox within the whistleblowing system that is secured with an individually chosen pseudonym/user name and password. This allows you to send additional information to or answer the questions of the employee of FUCHS responsible for processing your report either using your name or anonymously. All data sent via the postbox are encrypted and stored exclusively in the whistleblowing system, ensuring that the data receive special protection superior to that of typical email communication.
Note on sending attachments
When submitting a report or an addition, you can simultaneously send file attachments to the employee of FUCHS responsible for the processing of your report. If you wish to remain anonymous, please take note of the following security advice: Files (email attachments of any kind) can contain hidden personal data that could put your anonymity at risk. Remove this data before sending. If you are unable to remove this data or are uncertain whether you have entirely removed it, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the footer, citing the reference number received at the end of the reporting process.
Version: 1 June 2019