Home - BKMS System

Privacy notice

We take data protection and confidentiality very seriously and adhere to the provisions of the EU General Data Protection Regulation (GDPR) as well as current national data protection regulations. Please read this information on data protection law carefully before submitting a report.

Name and contact details of the controller

Wiener ArbeitnehmerInnen Förderungsfonds (waff), Lassallestrasse 1, 1020 Vienna; Telephone: 01/ 217 48 – 0, www.waff.at;

Data protection officer: Mag. David Klein

Contact: datenschutz@waff.at

The whistleblowing system is operated by a specialised company, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin, Germany, on behalf of waff. EQS Group GmbH and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organisational measures. All data are stored encrypted with multiple levels of password protection according to a system of permissions so that access is restricted to a very small selection of expressly authorised persons at waff.

Data and categories of data that are processed

Use of the whistleblowing system is voluntary. If you submit a report via the whistleblowing system, we collect the following personal data and information:

Your name, if you choose to reveal your identity
Whether you are employed at waff
The names and other personal data of persons whom you list in your report, if applicable
Where applicable, special categories of data according to Article 9 GDPR or personal data concerning criminal convictions and crimes according to Article 10 GDPR

Sources from which the data are obtained

The personal data are collected directly from the person who submits the report. In the course of further processing, personal data may also be collected from the employer and other sources arising from the descriptions of the situation.

Legal basis

Personal data are processed on the basis of the Viennese Whistleblower Protection Act (W-HSchG) where the report falls within the scope of application of this law.

Reports which do not fall within the scope of application of the W-HSchG are processed on the basis of the legitimate interests of the controller pursuant to Article 6(1)(f) GDPR where the interests of the data subject do not outweigh such interests. waff has a legitimate interest in discovering and preventing abuses and thereby averting damage to waff, its employees and stakeholders.

Purpose of data collection

The data processing serves to protect against image damage for the controller, to protect the employees, to protect the organisation, to process the complaint, to process the information on procedures, to assist the associated investigations and to aid in clarification of the case.

Recipients

Incoming reports are received by a small selection of expressly authorised and specially trained employees at waff (internal reporting office) and always handled in confidence. The employees at the internal reporting office evaluate the matter and carry out any further investigation that may be required by the specific case. In some circumstances, personal data may be shared with decision-makers at waff, with authorities or with courts.

All persons who receive access to the data are obligated to maintain the strictest confidentiality.

Personal data and information entered into the whistleblowing system are stored in a database operated by EQS Group GmbH in a high-security data centre. Only waff can view the data. EQS Group GmbH and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organisational measures.

All data are stored encrypted with multiple levels of password protection according to a system of permissions so that access is restricted to a very small selection of expressly authorised persons at waff.

Note on the use of the whistleblowing system

Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and BKMS^® System, a cookie is stored on your computer that merely contains the session ID (a session cookie). This cookie is only valid until the end of your session and expires when you close your browser.

It is possible to set up a secured postbox within the whistleblowing system with an individually chosen pseudonym/ user name and password. This allows you to send reports to the internal reporting office at waff either by name or in an anonymous, secure way. This system only stores data inside the whistleblowing system, which makes it particularly secure. It is not a form of regular e-mail communication.

Note on sending attachments

When submitting a report or an addition, you can simultaneously send attachments. If you wish to submit an anonymous report, please take note of the following security advice: Files may contain hidden personal data that could jeopardise your anonymity. Please remove all such information before sending a file. If you are unable to remove this information or are uncertain about how to do so, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the footer, citing the reference number received at the end of the reporting process.

Storage period

The personal data are stored for a period of up to one year if the report does not lead to a sufficiently justified suspicion of a legal violation and / or has not led to the initiation or continuation or suspension of an investigation process.

Personal data which have been processed or transmitted based on sound reports shall be stored for up to five years and beyond for the period which is necessary and proportionate for carrying out official administrative or court procedures or to protect an individual.

Rights of the data subjects

You have the right of access, rectification, erasure, restriction of processing of the stored data concerning and a right of objection, as a well as a right to data portability, pursuant to the provisions of the General Data Protection Regulation (EU) 2016 / 679 (GDPR).

These rights may be restricted insofar as this is necessary to protect the identity of a whistleblower or for the purpose of taking follow-up measures.

If you believe that the processing of your personal data violates the provisions of data protection law or that your legal data protection rights have been otherwise violated, you can also register a complaint with the supervisory authority which is responsible for you. In Austria, the competent authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna (Telephone: +43 1 52 152-0, E-mail: dsb@dsb.gv.at).

Version: 3 April 2023

Accessibility Statement

waff strives to make its websites accessible in accordance with the Vienna Anti-Discrimination Act, Provincial Law Gazette (LGBl.) 35 / 2004, as amended, for implementation of Directive (EU) 2016 / 2102 of the European Parliament and of the Council of 26 October 2016 on the accessibility of the websites and mobile applications of public sector bodies (Official Journal L 327 from 2 December 2016, p. 1).

This Accessibility Statement applies to: https://www.bkms-system.net/waff

Status of compatibility with the requirements

This web application has been WACA certified on behalf of EQS Group GmbH and has been awarded the WACA certificate version WCAG 2.1 – AA in Silver on 30 November 2022. The ‘Web Content Accessibility Guidelines – WCAG 2.1’ conformance level AA has therefore been fulfilled to a very high degree. All content and functionality are accessible to all users. Optional extended functionality is also generally accessible but some users may find that these features cannot be operated in an ideal manner. These features are subject to continuous review and improvement by EQS Group.

The following is a summary of the issues that prevented a ‘Gold Certification’ (WCAG 2.1 – AA in Gold):

Page 1 ‘Introduction’

The quote is shown as a div element, which is not a standard quote field. However, it should not restrict accessibility.
The image of the person does not have any descriptive alternative text for the quote. However, this should not significantly restrict accessibility since this would be non-essential information relating to the personal details in the quote text.
The pre-selection of country and language is not optimal but does not restrict accessibility.
Specifying the customer’s name in the page title would be better according to the evaluation.
Depending on the country which is selected, the language parameters are adjusted in the HTML lang attribute (e.g. de-AG, de-AF), which is not ideal. Ideally, the language parameters should remain as de-DE on a German webpage. However, no real effects were noticeable in the review.

Page 2 ‘Security page’

No complaints.

Page 3 ‘Category page’

No complaints.

Page 4 ‘Report page’

No complaints.

Page 5 ‘Set up a postbox’

No complaints.

Page 6 ‘Print view’

No complaints.

Page 7 ‘Do not set up a postbox’

No complaints.

Page 8 ‘Postbox overview’

No complaints.

Page 9 ‘View communication step’ (postbox area)

No complaints.

Page 10 ‘Send addition’ (postbox area)

When sending an addition after submitting a report, a text field needs to be completed again, which is marked with a star denoting a required field. It is not possible to submit an addition with the field empty. The informative nature of the error message has been assessed as suboptimal here; however, thanks to the required field stars, the attributes “required” and “aria” are largely sufficient.

Preparation of the accessibility statement

This statement was prepared on 25 January 2022.
The statement was prepared based on an evaluation carried out by a third party.
This statement was last updated on 21 February 2023.

Feedback and contact details

The web services should be accessible to all users wherever possible, regardless of their limitations or technical capabilities. If any information is insufficiently accessible for you, please contact us at: waff@waff.at. Our team will deal with your request internally and provide the requested information accordingly in a timely manner.

Enforcement proceedings

Should you not receive satisfactory answers from waff communication, you are free to make a complaint to the Anti-Discrimination Office. The Anti-Discrimination Office accepts complaints electronically via a contact form.

This Anti-Discrimination Office will review the complaints to determine whether they relate to violations of the requirements of the Viennese Anti-Discrimination Act – in particular, deficiencies in compliance with accessibility requirements – by the province or the municipality of Vienna or an agency associated with the province or the municipality of Vienna. If the complaint is justified, the Anti-Discrimination Office must issue recommendations for action to the respective agency of the City of Vienna or the legal entities concerned and propose measures to remedy the deficiencies identified.

For further information on the complaints procedure, please visit:
https://www.wien.gv.at/verwaltung/antidiskriminierung/barrierefreie-websites.html

If you are yourself impacted by suspected discrimination with regard to insufficient accessibility, the Anti-Discrimination Office will assist you with information and advice concerning possible legal remedies.

The waff whistleblowing system