Privacy Policy (BKMS)
We take the protection of personal data very seriously and always process it in compliance with applicable national and European data privacy provisions, in particular the General Data Protection Regulation (GDPR). With this privacy policy, we aim to fully inform you about how, why and to what extent we process personal data, and what your rights are as a data subject.
Please read this Privacy Policy carefully before making a disclosure. We want to actively protect you as a whistleblower. Our whistleblowing system (BKMS® system) provides you with a secure communication platform through which to make disclosures. Disclosures can be made using your own name or anonymously. You can set up a postbox within the whistleblowing system that is secured with an individually chosen pseudonym/username and password. This allows you to receive feedback and stay anonymous during the following communication if you so wish. Data is only stored in the whistleblowing system, and it is therefore particularly protected; no conventional e-mail communication is involved.
You also have the option of sending attachments through the whistleblowing system. Please note that files may contain hidden personal data that could jeopardize your anonymity.
Data controller and general information
Your data is processed by AWIN AG, (Otto-Ostrowski-Straße 1A, 10249 Berlin Germany), e-mail: global-privacy@awin.com (referenced as “Awin”, “we” or “us”). Awin’s Privacy Policy can be found at https://www.awin.com/gb/privacy. The whistleblowing system is operated on Axel Springer's behalf in Germany by EQS Group GmbH (BKMS), Bayreuther Str. 35, 10789 Berlin – a company that specialises in this – under a commissioned processing arrangement. More informations on the processing of Data by BKMS can be found at Datenschutzhinweise (business-keeper.com).
Collection and processing of personal data
Personal data and information entered into the whistleblowing system is stored in a database at a high-security data center. Only Awin can view this data. EQS Group GmbH and other third parties have no access to the data. As part of a certified procedure, this is ensured by means of comprehensive technical and organizational measures.
All data is encrypted and password-protected at multiple levels when stored. Access is therefore restricted to a very small number of recipients who are expressly authorized by Awin.
When dealing with a disclosure or carrying out a special investigation, it may be necessary to make disclosures available to other Awin employees or employees of other Group companies, if the disclosures relate to activities in subsidiaries, for example. The latter may also be based in countries outside the European Union or the European Economic Area, where different rules concerning the protection of personal data may apply. We always take care to ensure compliance with applicable data privacy provisions when sharing disclosures.
Every individual that has access to the data is under a duty of confidentiality.
Type of personal data collected
Use of the whistleblowing system is voluntary. If you make a disclosure through the whistleblowing system, we collect the following personal data and information: your name (if you reveal your identity), whether you are an employee of Awin and, where applicable, the names of individuals and other personal data of individuals that you mention in your disclosure.
Legal basis and purpose of the whistleblowing system
The purpose of the whistleblowing system (BKMS® Incident Reporting) is to receive, deal with and manage disclosures concerning compliance breaches at Awin in a secure and confidential manner. In the context of the BKMS® system, the processing of personal data is supported by our company's legitimate interest in uncovering and preventing corruption, fraud, and other anomalies and thus in preventing damage to Awin, employees, and customers.
Sharing your data with third parties
Insofar as we are required to do so by law or are permitted to do so under data protection law, we will transmit personal data to public authorities such as the police or public prosecution service (Article 6 (1) point (c) GDPR). This data is shared based on our legitimate interest in preventing misuse, prosecuting criminal acts, and securing, establishing, and enforcing legal claims, unless outweighed by your rights and interests in the protection of your personal data, Article 6 (1) point (f) GDPR.
Storage duration
We store personal data only for as long as it is required to clarify and definitively assess the disclosure, or we are otherwise entitled or obligated to do so.
Session cookie
Communication between your computer and the whistleblowing system is via an encrypted connection (TLS). Your computer's IP address is not stored during or after use of the whistleblowing portal. To maintain the connection between your computer and the BKMS® system, a null cookie is stored on your computer, which contains only the session ID. The cookie is valid only until the end of your session and becomes invalid when you close your browser.
Contact details and your rights
Should you have any queries or comments on data privacy or wish to exercise your rights as a data subject, please contact our data protection officer at any time:
AWIN AG
Data Protection Officer
Otto-Ostrowski-Straße 1A
10249 Berlin
Germanyglobal-privacy@awin.com
Right to access information and rectificationProvided there are no legal grounds to the contrary, you can obtain information from us as to whether personal data relating to you is processed by us and the specific data that we have stored about you. You can also have errors in your data corrected and missing information completed.
Erasure, restriction of processing and ‘right to be forgotten'You can obtain the erasure of your personal data and the restriction of its processing. Please note that retention obligations are laid down in law and because of this we may not be able to completely erase your data in every case. In such cases, your data will be labelled to the effect that future processing should be restricted.
Objection to data processingThere is no general right of objection where data is processed based on a legitimate interest (Article 6 (1) point (f) GDPR), Article 21(1), second sentence, GDPR).
Right of complaintYou also have the right to lodge a complaint with the competent supervisory authority and the option of seeking legal remedies. The supervisory authority with whom the complaint was lodged will notify the complainant about the status and result of their complaint, including the option of seeking a judicial remedy.
Existence of automated decision-making processesWe do not perform any automated decision-making or profiling.
Last revised: January 2024