Privacy Policy
We take the protection of personal data very seriously and always process it in compliance with applicable national and European data privacy provisions, in particular the General Data Protection Regulation (GDPR). With this privacy policy, we aim to fully inform you about how, why and to what extent we process personal data, and what your rights are as a data subject.
Please read this Privacy Policy carefully before making a disclosure. We want to actively protect you as a whistleblower. Our whistleblowing system (BKMS® system) provides you with a secure communication platform through which to make disclosures. Disclosures can be made using your own name or anonymously. You can set up a postbox within the whistleblowing system that is secured with an individually chosen pseudonym/username and password. This allows you to receive feedback and stay anonymous during the following communication if you so wish. Data is only stored in the whistleblowing system, and it is therefore particularly protected; no conventional e-mail communication is involved.
You also have the option of sending attachments through the whistleblowing system. Please note that files may contain hidden personal data that could jeopardize your anonymity.
1. Data controller and general information
Your data is processed by Axel Springer SE and the Axel Springer Group Companies which have introduced an electronic whistleblower system so that employees as well as third parties can report possible compliance violations, Reports of actual or suspected violations of laws or other misconduct and shortcomings can be submitted via this platform confidentially and, if desired, anonymously. Axel Springer SE and the participating Group companies are jointly responsible for the processing of personal data within the framework of the electronic whistleblower system in accordance with Article 26 of the General Data Protection Regulation (GDPR).
For further information and inquiries please contact us at Axel Springer SE, Axel-Springer-Straße 65, 10888 Berlin, Tel.: +49 30 2591 0, e-mail: compliance@axelspringer.de (service provider within the meaning of the German Telemedia Act (TMG) and controller within the meaning of the General Data Protection Regulation (GDPR)). When we use terms such as “we” or “us”, this is who we are referring to. The whistleblowing system is operated on Axel Springer's behalf in Germany by EQS Group GmbH, Karlstr. 47, 80333 Munich – a company that specializes in this – under a commissioned processing arrangement.
2. Collection and processing of personal data
Personal data and information entered into the whistleblowing system is stored in a database at a high-security data center. Only Axel Springer can view this data. EQS Group GmbH and other third parties have no access to the data. As part of a certified procedure, this is ensured by means of comprehensive technical and organizational measures.
All data is encrypted and password-protected at multiple levels when stored. Access is therefore restricted to a very small number of recipients who are expressly authorized by Axel Springer.
When dealing with a disclosure or carrying out a special investigation, it may be necessary to make disclosures available to other Axel Springer employees or employees of other Group companies, if the disclosures relate to activities in subsidiaries, for example. The latter may also be based in countries outside the European Union or the European Economic Area, where different rules concerning the protection of personal data may apply. We always take care to ensure compliance with applicable data privacy provisions when sharing disclosures.
Every individual that has access to the data is under a duty of confidentiality.
3. Type of personal data collected
Use of the whistleblowing system is voluntary. If you make a disclosure through the whistleblowing system, we collect the following personal data and information: your name (if you reveal your identity), whether you are an employee of Axel Springer and, where applicable, the names of individuals and other personal data of individuals that you mention in your disclosure.
4. Legal basis and purpose of the whistleblowing system
The purpose of the whistleblowing system (BKMS® Incident Reporting) is to receive, deal with and manage disclosures concerning compliance breaches at Axel Springer in a secure and confidential manner. In the context of the BKMS® system, the processing of personal data is supported by our company's legitimate interest in uncovering and preventing corruption, fraud, and other anomalies and thus in preventing damage to Axel Springer, employees, and customers as well as any legal obligation to do so according to national laws.
5. Sharing your data with third parties
Insofar as we are required to do so by law or are permitted to do so under data protection law, we will transmit personal data to public authorities such as the police or public prosecution service (Article 6(1) point (c) GDPR). This data is shared on the basis of our legitimate interest in preventing misuse, prosecuting criminal acts and securing, establishing and enforcing legal claims, unless outweighed by your rights and interests in the protection of your personal data, Article 6(1) point (f) GDPR.
6. Storage duration
We store personal data only for as long as it is required to clarify and definitively assess the disclosure, or we are otherwise entitled or obligated to do so.
7. Session cookie
Communication between your computer and the whistleblowing system is via an encrypted connection (TLS). Your computer's IP address is not stored during or after use of the whistleblowing portal. To maintain the connection between your computer and the BKMS® system, a null cookie is stored on your computer, which contains only the session ID. The cookie is valid only until the end of your session and becomes invalid when you close your browser.
8. Contact details and your rights
Should you have any queries or comments on data privacy or wish to exercise your rights as a data subject, please contact our data protection officer at any time:
Axel Springer SE
Data privacy
Axel-Springer-Str. 65
10888 Berlin, Germany
dataprivacy.holding@axelspringer.com
Right to access information and rectification
Provided there are no legal grounds to the contrary, you can obtain information from us as to whether personal data relating to you is processed by us and also the specific data that we have stored about you. You can also have errors in your data corrected and missing information completed.
Erasure, restriction of processing and ‘right to be forgotten'
You can obtain the erasure of your personal data and the restriction of its processing. Please note that retention obligations are laid down in law and as a result of this we may not be able to completely erase your data in every case. In such cases, your data will be labelled to the effect that future processing should be restricted.
Objection to data processing
There is no general right of objection where data is processed on the basis of a legitimate interest (Article 6(1) point (f) GDPR), Article 21(1), second sentence, GDPR).
Right of complaint
You also have the right to lodge a complaint with the competent supervisory authority and the option of seeking legal remedies. The supervisory authority with whom the complaint was lodged will notify the complainant about the status and result of their complaint, including the option of seeking a judicial remedy.
Existence of automated decision-making processes
We do not perform any automated decision-making or profiling.
Last revised: July 2024