Information on data protection
We take data protection and confidentiality very seriously and adhere to the current national data protectionregulations. Please read this data protection information carefully before submitting a report.
Purpose of the whistleblowing system
The whistleblowing system (BKMS® System) serves the purpose of receiving and processing reports oncertaincriminal acts and legal violations, e.g. in the areas of white-collar crime and corruption, via a secure andconfidential channel. More detailed information can be found in the BKMS® System itself.
Responsible authority
The party responsible for data protection of the whistleblowing system is
PHOENIX TESTLAB GmbH
Königswinkel 10
32825 Blomberg (Deutschland)
Tel.: +49 5235 95 00-0
Fax: +49 5235 95 00-10
office@phoenix-testlab.de
The whistleblowing system is operated by a specialised company, EQS Group GmbH, Karlstraße 47, 10789Berlin in Germany, on behalf of PHOENIX TESTLAB GmbH (hereafter referred to as “PHOENIX TESTLAB”).
Data security
Personal data and information entered into the whistleblowing system are stored in a database operated byEQS Group GmbH in a high-security data centre. EQS Group GmbH does not have access to the data. This isensured in the certified procedure through extensive technical and organisational measures. All data are storedencrypted with multiple levels of password protection so that access is restricted to a very small selection ofpersons expressly authorised by PHOENIX TESTLAB.
Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL).Your IP address will not be stored during your use of the whistleblowing system.
Type of personal data collected
Use of the whistleblowing system takes place on a voluntary basis. If you submit a report via the whistleblowingsystem, we collect the following personal data and information:
- your name, if you choose to reveal your identity or are obliged to do so (e.g. whistleblowers in Portugal),
- whether you are employed at PHOENIX TESTLAB, and
- the names and other personal data of persons whom you name in your report, if applicable.
Confidential handling of reports
Incoming reports are received in the BKMS® System by a very small selection of expressly authorisedand speciallytrained persons from PHOENIX TESTLAB. These authorised persons evaluate the matter and carry out any furtherinvestigation that may be required by the specific case. If any further communication is needed between PHOENIXTESTLAB, who have a professional obligation to secrecy, and you, the whistleblower, this will take place fullyconfidentially and – if you so wish – anonymously via the BKMS® System.
Upon consultation with you, the transmitted information will be forwarded to authorized professional expertsunder full protection of your anonymity, if you so wish, and examined thoroughly in order to determine furtheraction. If the initial suspicion intensifies, further measures will be initiated. While processing a report orconducting a special investigation, it may be necessary to share reports with additional employees of PHOENIXTESTLAB.
We always ensure that the applicable data protection regulations are complied with when sharing reports. Allpersons who receive access to the data are obligated to maintain confidentiality.
Use of the whistleblowing portal
You can set up a postbox within the whistleblowing system that is secured with an individually chosenpseudonym/user name and password. This allows you to send reports to the managing managers of PHOENIX TESTLABeither by name or in an anonymous, safe way. This system only stores data inside the whistleblowing system, whichmakes it particularly secure. It is not a form of regular e-mail communication.
In order to maintain the connection between your computer and the BKMS® System, a cookie is stored onyourcomputer that contains only the session ID (a so-called session cookie). This cookie is only valid until the endof your session and expires when you close your browser.
No webtracking tools are used.
Note on sending attachments
When submitting a report or an addition, you can simultaneously send attachments to the responsible lawyer. Ifyou wish to submit an anonymous report, please take note of the following security advice: Files can containhidden personal data that could endanger your anonymity. Remove this data before sending. If you are unable toremove this data or are uncertain about how to do so, copy the text of your attachment into your report text.
Retention period of personal data
Personal data is retained for as long as necessary to clarify the situation and perform a concluding evaluation.After the report processing is concluded, the data are deleted in accordance with the statutory requirements,normally after a period of 3 months.
Right to information/modification and deletion of personal data
If you have any questions that are not addressed by this privacy policy or if you wish to obtain more detailedinformation about any point mentioned, please contact us. If you no longer consent to the retention of yourpersonal data or your personal data have changed, we will be happy to initiate the modification, locking ordeletion of your data within the scope of the legal regulations upon your request. You are entitled to receivinginformation about your personal data stored by us upon request. Please contact the responsible authority specifiedabove.
Updates to this privacy policy
This privacy policy will be updated to account for any modifications of this website or changes to proceduresimplemented by PHOENIX TESTLAB or upgrades of the internet and IT security technology used. We therefore reservethe right to modify or supplement this policy as and when necessary. We will publish the latest version of thepolicy here.
Information on the processing of personal data
Version: December 2019