Privacy policy
Fonds Soziales Wien takes the topic of data protection and confidentiality very seriously.
Central provisions of data protection legislation consist of
- the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679,
- and the Data Protection Act – DSG, BGBI. I No. 165/1999, as amended.
Please carefully read the data protection information before submitting a report.
Purpose of the whistleblowing system, legal foundation and automated decision-making
The whistleblowing system (BKMS® System) serves for securely and confidentially receiving, processing and managing reports concerning violations of the legal and compliance regulations of Fonds Soziales Wien. The processing of personal data within the framework of BKMS® System is based on the legitimate interest of our company in discovering and preventing malpractices and thereby averting damage for Fonds Soziales Wien, its employees and customers. The legal foundation for this processing of personal data is Article 6 (1)(f) GDPR.
No automated decision-making as defined in Article 22 GDPR takes place within the framework of the operation of the whistleblowing system.
Responsible party and data protection officer
The party responsible for data protection in the whistleblowing system is Fonds Soziales Wien.
The whistleblowing system is operated by a specialised company, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin in Germany, on behalf of Fonds Soziales Wien. With regard to the processing of your personal data, Fonds Soziales Wien has concluded a processing agreement with EQS Group GmbH in accordance with Article 28 (3) GDPR.
Personal data and information entered into the whistleblowing system is stored in a database operated by EQS Group GmbH in a high-security data centre. Only Fonds Soziales Wien can see the data. EQS Group GmbH and other third parties do not have access to the data. This is ensured in a certified procedure through extensive technical and organisational measures.
All data are stored encrypted with multiple levels of password protection and are subject to a permissions concept. Access to the data is restricted to a very small selection of expressly authorised persons at Fonds Soziales Wien.
Fonds Soziales Wien has appointed a data protection officer. Inquiries regarding data protection can be sent to datenschutz@fsw.at.
Sharing and type of collected personal data
Use of the whistleblowing system is voluntary. The sharing of your personal data is not required either by agreement or by law (or required for the conclusion of a contract). Even if you do not share your personal data, we shall ensure that your report is investigated by the employees responsible for this at Fonds Soziales Wien.
It should be expressly noted once again that you are in no way obliged to disclose your identity when submitting a report.
If you submit a report via the whistleblowing system, we collect the following personal data and information:
- Your name (if you choose to reveal your identity)
- Data in your report (if you choose to reveal your identity)
- Whether you are employed by Fonds Soziales Wien (if you choose to disclose this information)
- The names and other personal data of persons whom you list in your report, if applicable.
Confidential handling of reports
Incoming reports are received by Compliance Management, which is part of the Management Board of Fonds Soziales Wien, and always handled confidentially. The Compliance Management team of Fonds Soziales Wien will evaluate the matter and carry out any further investigation that may be required by the specific case.
All persons who receive access to the data are obligated to maintain confidentiality.
Information about the accused
We are legally obligated to inform accused parties of any reports received against them as soon as the disclosure of this information no longer jeopardises the investigation. Your identity as a whistleblower will not be disclosed unless we are legally bound to do so.
Rights of the data subject and right of appeal to the data protection authority
Pursuant to the provisions of national and European data protection legislation, you and the persons named in the report have
- the right of access (Article 15 GDPR),
- the right to rectification (Article 16 GDPR),
- the right to erasure (Article 17 GDPR),
- the right to restriction of processing (Article 18 GDPR)
- and a right of objection (Article 21 GDPR) to the processing of your personal data.
If the right to object to the processing of the personal data is exercised, the necessity of the stored data for the examination of a report will be evaluated immediately. Personal data that are no longer required will be deleted at once.
You also have the right to appeal with the Austrian data protection authority – DSB (dsb@dsb.gv.at).
Retention period for personal data
Personal data are retained for as long as necessary to clarify the situation and perform a final assessment or for as long as a legitimate interest exists on the part of the company or retention is required by law. After the report processing is concluded, the data will be erased in accordance with statutory requirements.
Use of the whistleblowing system
Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and BKMS® System, a cookie is stored on your computer that merely contains the session ID (session cookie). This cookie is only valid until the end of your session and expires when you close your browser.
It is possible to set up a postbox within the whistleblowing system that is secured with an individually chosen pseudonym/ user name and password. This allows you to send reports to the Compliance Management department of Fonds Soziales Wien either by name or in an anonymous, safe way. This system stores the data exclusively within the whistleblowing system, which makes the data particularly secure. It differs from regular e-mail communication.
Note on sending attachments
When submitting a report or an addition, you have the option of adding attachments. If you wish to submit an anonymous report, please note the following security advice: Files may contain hidden personal data that could jeopardise your anonymity. Please remove all such information before sending a file. If you are unable to remove such data or are uncertain about how to do so, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the footer, citing the reference number received at the end of the reporting process.
Version: 7 February 2021