Privacy Policy
We take the protection of personal data very seriously and always process it in accordance with the applicable data protection laws and regulations, in particular the EU General Data Protection Regulation (GDPR). With this Privacy Policy we would like to inform you about the categories, extent and purpose of the personal data processed by us and your rights as a data subject.
Please read this Privacy Policy carefully before submitting a report. We want to protect you effectively as a whistleblower and offer you the whistleblower system (BKMS® System), a secure communication platform for submitting reports. It is possible to submit reports by name or anonymously. You can set up a protected mailbox in the whistleblower system with a pseudonym / user name and password of your choice. In this way, you can receive feedback on your report and remain anonymous during further communication, if you wish. With this system, the data is stored exclusively in the whistleblower system and is therefore particularly secure; it is not an ordinary e-mail communication.
You also have the possibility to send attachments via the whistleblower system. Please note that files may contain hidden personal information that may compromise your anonymity.
1. Data controller and general information
Your data will be processed by idealo Internet GmbH, Zimmerstraße 50, 10888 Berlin, telephone: +49 800 72 40 831, e-mail: mail@idealo.de (service provider within the meaning of the German Telemedia Act (TMG) and person responsible within the meaning of the GDPR; hereinafter also referred to as "idealo", "we" or "us"). The whistleblower system is operated by EQS Group AG, Bayreuther Str. 35, 10789 Berlin, Germany, as a data processor on behalf of idealo.
2. Collection and processing of personal data
Personal data and information entered into the whistleblower system is stored in a database at a high-security data centre. Only idealo is able to view this data. EQS Group AG and other third parties have no access to the data. This is guaranteed in the certified procedure by comprehensive technical and organizational measures.
All data is encrypted and password-protected at multiple levels when stored. Access is therefore restricted to a very small number of recipients who are expressly authorized by Axel Springer.
When processing a notification or as part of a special investigation, it may be necessary to make information available to other employees of idealo or employees of other group companies, if the information relates, for example, to transactions in subsidiaries. The latter may also be located in countries outside the European Union or the European Economic Area in which different regulations may exist for the protection of personal data. We always make sure that the relevant data protection regulations are observed when passing on information.Any person who has access to the data is obliged to maintain confidentiality.
3. Type of personal data collected
The use of the whistleblower system is voluntary. When you submit a report via the whistleblower system, we collect the following personal data and information: Your name, if you disclose your identity, whether you are an employee of idealo and, if applicable, the names of persons and other personal data of the persons you name in your report.
4. Legal basis and purpose of the whistle-blowing system
The whistleblower system (BKMS® System) serves to receive, process and manage notifications of compliance violations at idealo in a secure and confidential way. The processing of personal data within the BKMS® System is based on the legitimate interest of our company in the detection and prevention of corruption, fraud and other grievances and thus in the prevention of damage for idealo, employees and customers. The legal basis for this processing of personal data is Article 6 para. 1 lit. f GDPR.
5. Sharing your data with third parties
To the extent we are legally obliged to do so or t permitted by data protection law, we transmit personal data to authorities such as the police or the public prosecutor's office (Art. 6 Para. 1 lit. c GDPR). This data is disclosed on the basis of our legitimate interest in combating misuse, prosecuting criminal offences and securing, asserting and enforcing of legal claims, provided that our interests are not overridden by your interests, fundamental rights or freedoms, Art. 6 para. 1 lit. f GDPR.
6. Storage period
We store personal data only as long as the clarification and final evaluation of the notification requires or we are otherwise entitled or obliged to do so.
7. Session cookie
Communication between your computer and the whistleblower system takes place via an encrypted connection (TLS). The IP address of your computer is not stored during and after the use of the whistleblower portal.To maintain the connection between your computer and the BKMS® system, a zero cookie is stored on your computer, which only contains the session ID. The cookie is only valid until the end of your session and becomes invalid when you close your browser.
8. Contact details and your rights
If you have any questions or suggestions regarding data protection or the enforcement of your rights as a data subject, please contact our data protection officer at any time:
idealo internet GmbH
Data privacy
Zimmerstraße 50
10888 Berlin
privacy@idealo.de
Right to access information and rectification
Unless there are legal reasons to the contrary, you can obtain information from us about whether personal data relating to your person is processed by us and also concretely what data about you is stored. You can also have incorrect data corrected and completed.
Erasure, restriction of processing and `right to be forgotten´
You can request the deletion and restriction of your personal data. Please note that there are legal storage obligations and therefore we may not completely delete your data in every case. In this case, your data will be marked with the aim of restricting their future processing.
Objection to data processing
As a rule, there is no right to object to data processing on the basis of the so-called legitimate interest (Art. 6 para. 1 lit. f GDPR), Art. 21 para. 1 sentence 2 GDPR.
Right of complaint
In addition, you have the right to appeal to the competent supervisory authority and the right to lodge appeals. The supervisory authority to which the complaint was lodged informs the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy.
Existence of automated decision-making processes
We do not use automatic decision making or profiling.
Last revised: December 2018