Data protection notices
We take data protection and confidentiality very seriously and comply with the applicable national and European data protection provisions. The key aspects of our data storage policy are explained briefly below.
This page provides information about how we process reports that you have submitted to the whistleblowing system and how we ensure that they are handled confidentially.
Purpose of the data processing, legal basis and confidential report handling, categories of personal data
The purposes of the data processing are the handling and further investigation of the reports received through the whistleblowing program, as well as to take any actions that may be required in the light of it under relevant legislation, based on the legal obligations of Beiersdorf CZ to investigate and prevent violations within this company and thereby prevent damage to the company, its employees, customers and contractual partners. The legal basis for the processing of personal data is Article 6(1) lett. c) of the EU General Data Protection Regulation (GDPR).
Based on the report received in the system, we process your personal data (if you are not anonymous notifier) and also the personal data of protected persons. We can further process personal data of persons whose data is contained in your report or related documents or whose identity will come to light in connection with the investigation of the report.
The following personal data is processed when a notification is made:
- your name and date of birth;
- or other data from which your identity can be inferred;
- our other contact details, if you provide them (so that we can notify you in writing of the receipt of the notification and the outcome of the assessment if the postbox has not been created in the system);
- whether you are an employee, if you have indicated so in the notification;
- or any other personal data you provide in the notification or in related documents.
There is no processing of your personal data in the case of anonymous report.
Incoming reports are routed only to competent persons appointed by Beiersdorf CZ and are always handled confidentially. These competent persons examine the case, investigate it further and, in the event of reasonable suspicion, can pass it on to the appropriate public authority. These competent persons prepare for Beiersdorf CZ proposed measures to remedy or prevent the unlawful condition with reference to the report filed.
When investigating the report, it may be necessary to provide some necessary information from the reports to other Beiersdorf AG employees or employees of other Beiersdorf AG group companies (e.g., if the reports relate to events at Beiersdorf AG subsidiaries) but in any way no personal data of the notifier or other protected persons are provided to those companies (only with your previous consent). Group companies may be based in countries outside the European Union or the European Economic Area that have different rules on protecting personal data. In this case, we ensure that the data is transferred in line with the applicable data protection regulations. Depending on the data’s destination in the case in question, we agree standard data protection clauses, apply binding internal data protection rules, or transfer data only to companies that are located in countries for which the European Commission has issued an adequacy decision. In addition, we always comply with the relevant data protection laws when processing reports.
You have nothing to fear if you use the whistleblowing system in good faith. In the event of misuse, e.g., if a whistleblower were to deliberately submit a false report with the aim of discrediting someone, we reserve the right to take action against him/ her.
Using the whistleblowing system
Communication between your computer and the whistleblowing system uses an encrypted connection (SSL). Your computer's IP address is not stored when you use the system. A cookie is stored on your computer to maintain the connection between it and the BKMS® system. This cookie only contains the session ID and is only valid until the end of your session, i.e., it becomes invalid when you logout or close your browser.
However, please note that accessing the whistleblowing system may leave traces on your computer. If you use a company computer to access the system you should consider deleting the temporary data (cache) and your browser history afterwards. If your browser offers a "private mode" you should use this for preference, as it saves you having to make deletions manually.
You can also set up a secure postbox with a pseudonym/ username and password of your choice. This allows you to send reports to competent persons appointed by Beiersdorf CZ anonymously and safely should your identification not be known based on your pseudonym / username. This system only saves data in the whistleblowing system and specially protects it in the process; it is not comparable to standard e-mail communication.
Sending attachments
You can also send attachments to the competent persons appointed by Beiersdorf CZ when submitting reports or sending additional information. If you would like to submit your report anonymously, please note the following safety advice: Files may contain hidden personal information that could jeopardize your anonymity. Please remove all such information before sending any file. If you are unable to remove the information or are unsure how to do this, please copy the text or submit a printed copy of the document anonymously to the competent persons appointed by Beiersdorf CZ.
Your rights regarding processing of your personal data
You may exercise your rights to information, rectification, erasure, restriction of processing in respect of the personal data concerned under the GDPR. You have also the right to data portability if applicable. In order to exercise your rights, please contact the controller mentioned below. You may also address your complaint to the Office for Personal Data Protection, registered seat at Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, www.uoou.cz.
Storage duration
We store the report submitted through the notification system and the documents related to the report for 5 years from the date of receipt of the notification.
Responsible departments and data security
The department responsible for the data protection within the whistleblowing system is Beiersdorf AG’s Corporate Compliance Management department, Beiersdorfstrasse 1-9, 22529 Hamburg, Germany. It is represented by the Executive Board. You can contact our data protection officer at the above mentioned address or via dataprotection@beiersdorf.com. The whistleblowing system is operated in Beiersdorf AG’s name and on its behalf by a German company that specializes in this area, EQS Group AG, Karlstraße 47, 80333 München, Germany. In this capacity, it acts as a service provider on the instructions of the data controller within the meaning of the GDPR. The data in the whistleblowing system is stored using comprehensive technical and organizational measures. It is specially encrypted in such a way that EQS Group AG cannot view it and only specified persons at Beiersdorf AG, which have been appointed as competent persons by BDF CZ, have access to it.
„Our business culture and behavior as a company is based on our four Core Values - Care, Trust, Simplicity, and Courage. These values guide us and represent the way we do business in a compliant way following high ethical standards.