Data Protection Statement
Santander takes data protection and confidentiality very seriously. Therefore, Santander is committed to ensure the handling of personal data within the organisation which is in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and applicable national data protection legislation. Please read this data protection statement carefully before you submit a report.
Purpose of the Whistleblowing System and Legal Basis of the Data Processing
The whistleblowing system (BKMS®) is designed to receive, process and manage any reference of violations of Santander's compliance commitment in a secure and confidential manner. The processing of personal data in the context of the BKMS® is based on the legitimate interest of our company in the detection and prevention of maladministration and thus the prevention of damage for Santander, its employees and customers, in accordance with Article 6 para. 1f EU GDPR.
Contact Details of the Data Controller
Responsible for the whistleblowing system is:
Santander Consumer Bank AG
Santander-Platz 1
41061 Mönchengladbach
Operator of the System and Security
The whistleblowing system is operated by a specialized company on behalf of Santander, EQS Group GmbH, based in Bayreuth Str. 35, 10789 Berlin, Germany.
Personal data and information provided to the whistleblowing system is stored in a database operated by EQS Group GmbH in a high security data processing center. Access to the stored data is only for Santander possible. EQS Group GmbH and other third parties have no access to the stored data. This is ensured through comprehensive technical and organizational measures. In addition, all data stored in the data center is encrypted and secured by a multi-level password protection. The BKMS® whistleblowing system is a certified process.
Type of Collected Personal Data
The use of the whistleblowing system is voluntary. If you submit a message via the whistleblowing system, the following personal data and information might be collected:
- Your name, if you choose to disclose your identity,
- whether you are employed at Santander and
- where applicable, names of persons and other personal data of the persons you include in your report.
Confidential Treatment of Reports
Incoming reports are received by expressly authorized and specially trained Santander employees in Compliance, Internal Audit, Human Resources and Operations. Employees of the compliance department will review the facts and, if necessary, carry out a further case-related clarification of the facts or forward them to one of the above mentioned areas in order to clarify the facts. Reports are kept confidential and the authorized employees are committed to confidentiality.
In the context of reviewing a report or in case of a special investigation, it may be necessary to forward certain information to authorized employees within Santander Germany or employees of other Santander subsidiaries in Germany, e.g. if the reports refer to transactions in subsidiaries. A transfer of reports or personal data to other EU/EEA Santander subsidiaries or to third countries does not take place.
Any person who gains access to the data is required to maintain confidentiality.
Information to the Reported Person
We are generally required by law to inform the accused persons whom we have received a report about as soon as this information no longer jeopardizes the clarification of the report. Your identity as a whistleblower will not be disclosed – unless this is required by law.
Retention and Deletion of Personal Data
Personal data will be kept as long as they are required for the clarification and final assessment of the report or in cases where the company has a legitimate interest or if this is required by law. After completing the report review, reported data will be deleted in accordance with law.
Use of the Whistleblowing System
The communication between your computer and the whistleblowing system takes place via an encrypted connection (SSL). The IP address of your computer will not be stored while using the whistleblower portal. To maintain the connection between your computer and the BKMS®, a cookie, which only contains the session ID (so-called zero cookie) is stored on your computer. The cookie is only valid until the end of your session and becomes invalid when the browser is closed.
You have the option to set up a protected postbox in the whistleblowing system with your own pseudonym / username and password. This way, you can send reports to the responsible contact person within Santander by name or anonymously and securely. In this system the data is stored exclusively in the whistleblowing system and thereby particularly secured; this is not an ordinary e-mail communication.
Notice on Sending Attachments
When submitting a report, you have the option to send attachments to the Santander contact person. If you wish to submit an anonymous report, please observe the following security note:
Files may contain personal data that compromise your anonymity. Remove this data before sending the attachments. If you are unable to remove this information or are unsure, copy the relevant text of the attachment to your message text or send the printed document anonymously to the address listed in the footer, stating the reference number you will receive at the end of the report submission process.
Rights of Data Subjects
Both, the whistleblower as well as the persons named in the report have the right of access, correction, deletion, restriction of processing and a right to object to the processing of their personal data. If the right of objection is exercised, we will immediately check to what extent the stored data is still required for reviewing a report. Personal data which is no longer required, will be deleted immediately.
In addition, you have a right to complain to a supervisory authority. The data protection supervisory authority responsible for Santander is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen.
Contact to the Data Protection Officer
If you have any questions about the collection, processing or use of your personal data by Santander and the exercise of your rights in the context of the whistleblowing system, please contact:
Santander Consumer Bank AG
Datenschutzbeauftragter
Santander-Platz 1
41061 Mönchengladbach
E-mail: whistleblowing@santander.de