Data Privacy Information
“Tell ams OSRAM” can be used by ams OSRAM employees, customers and business partners to report Compliance violations (“Compliance Whistleblowing”) in particular relating to anti-trust and anti-corruption, Data Breaches (“Data Breach Notification”) or Human Rights violations (“Human Rights Violations & Concerns”).
The different reporting functions are strictly separated. “Compliance Whistleblowing” is made available by the ams OSRAM Corporate Compliance Office. Only employees working in the Corporate Compliance Office within the OSRAM GmbH have access to these reports. “Data Breach Notification” is operated by the Corporate Data Protection Officer and only members of this department have access to the reports. The Notification system “Human Rights Violations & Concerns” is operated by the Corporate Human Rights Office. Only employees of this department have access to these reports. Information will not be exchanged between these departments unless exceptional circumstances require such exchange to investigate a particular incident.
The infrastructure for “Tell ams OSRAM” includes databases and websites that are provided by EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin. The EQS Group GmbH is contractually bound to maintain strict confidentiality and complies with all applicable data privacy requirements.
What personal data and information will be collected and processed?
When offences and incidents are reported through “Tell ams OSRAM” or the secure postbox, personal data will be collected and processed:
- of the person submitting a report (e.g. name or contact details) and
- of the individuals concerned by an incident (i.e. as included in the description of an individual's actions)
The appropriate department will process the data to review reports, conduct investigations of reported incidents, mitigate deficiencies and resolve the incident.
In the course of conducting investigations or mitigating deficiencies, we may be required to share information with other stakeholders. For example the legal department, ams OSRAM management, other ams OSRAM entities or external advisors (e.g. lawyers) or the appropriate public authorities. We may also be required to inform the appropriate regulator or the affected individuals of the incident.
How long will personal data be retained?
Personal data and information provided through “Tell ams OSRAM” will be retained as long as necessary to process a report and, if required, to impose sanctions or to comply with statutory retention periods. In case a report proves to be unfounded, the report and any personal data included herein, will be deleted immediately.