Data protection information for the whistleblower system
We take the issue of data protection and confidentiality very seriously and follow the provisions of the EU General Data Protection Regulation (GDPR) as well as applicable national data protection regulations. Please read the following data protection information for the whistleblower system carefully before submitting a report.
Responsible entity and contact details of the data protection officer
The body responsible for data protection in the whistleblower system is the
Ceconomy AG
Kaistr. 3
40221 Duesseldorf
Germany
The whistleblower system is operated together with the companies affiliated with Ceconomy AG (together hereinafter: Ceconomy). The information is recorded by the Compliance Department of the MediaMarktSaturn Retail Group. Depending on which (country) Ceconomy company is affected by the tip, this company is included in the processing of the tip or in the investigation within the Ceconomy compliance organization.
All inquiries regarding data protection can be directed to
To the data protection officer
Ceconomy AG
Kaistr. 3
40331 Düsseldorf
Germany
E-mail: datenschutz@ceconomy.de
Purpose of the whistleblower system and legal basis
The whistleblower system (BKMS® system) is used to receive, process and manage reports of violations of Ceconomy's compliance requirement in a secure and confidential manner.
The processing of personal data within the framework of the BKMS® system is based on the legitimate interest of our company in the detection and prevention of wrongdoing and thus in the prevention of damage to Ceconomy, its employees and customers. The legal basis of this processing of personal data is Article 6 (1) lit. f DSGVO. As soon as the respective EU member states have implemented the Whistleblower Directive (Directive (EU) 2019/1937) into national law, the legal basis is Article 6 (1) lit. c DSGVO. In Germany, processing in individual cases is based on Section 26 (1) sentence 2 BDSG if the processing specifically serves to uncover criminal acts committed by employees.
Categories of personal data collected
Use of the whistleblower system is on a voluntary basis. When you submit a report via the whistleblower system, we collect the following personal data and information:
- Your name, if you disclose your identity,
- whether you are employed by Ceconomy and
- if applicable, names of persons as well as other personal data of the persons you name in your notification.
Confidential treatment of indications
The whistleblower system is provided by a specialized company, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin in Germany, on behalf of Ceconomy. Personal data and information entered into the whistleblower system are stored in a database operated by EQS Group GmbH in a high-security data center. Inspection of the data is only possible for Ceconomy. EQS Group GmbH and other third parties have no access to the data. This is ensured in the certified process by comprehensive technical and organizational measures.
All data is stored in encrypted form with multi-level password protection and is subject to an authorization concept so that access is restricted to a very narrow group of recipients expressly authorized by Ceconomy.
Incoming information is received by a narrow circle of expressly authorized and specially trained employees of Ceconomy's Compliance Organization and is always treated confidentially. The employees of Ceconomy's Compliance Organization examine the facts and, if necessary, carry out further case-related clarification of the facts.
In the course of processing a report or in the course of a special investigation, it may be necessary to pass on information to other Ceconomy employees or employees of other Group companies, e.g. if the information relates to transactions in subsidiaries. The latter may also be based in countries outside the European Union or the European Economic Area, in which different regulations for the protection of personal data may exist. We always ensure that the relevant data protection regulations are complied with when passing on information.
Any person who gains access to the data is bound to confidentiality.
Information of the accused person
In principle, we are legally obligated to inform the accused persons that we have received a tip about them as soon as this information no longer jeopardizes the follow-up of the tip. Your identity as a whistleblower will not be disclosed - to the extent permitted by law.
Data subject rights
According to European data protection law, you and the persons named in the notice have the right to information (Art. 15 DSGVO), correction (Art. 16 DSGVO), deletion (Art. 17 DSGVO), restriction of processing (Art. 18 DSGVO) and data portability (Art. 20 DSGVO) within the framework of the legal provisions.
Insofar as personal data is processed on the basis of a legitimate interest (Art. 6 (1) p. 1 lit. f) DSGVO), you also have the right to object to the processing in accordance with Art. 21 DSGVO for reasons arising from your particular situation. If the right of objection is exercised, we will immediately check the extent to which the stored data is still required for the processing of a notice. Data that is no longer required will be deleted immediately.
You also have the right to complain to a supervisory authority.
Storage period of personal data
Personal data will be retained for as long as is necessary for the clarification and final assessment of the tip-off or if there is a justified interest on the part of the company or if this is required by law. After completion of the tip processing, this data is deleted in accordance with the legal requirements.
Use of the whistleblower portal
Communication between your computer and the whistleblower system takes place via an encrypted connection (SSL). The IP address of your computer is not stored during the use of the whistleblower portal. To maintain the connection between your computer and the BKMS® system, a cookie is stored on your computer that only contains the session ID (so-called session cookie). The cookie is only valid until the end of your session and becomes invalid when you close the browser.
To safely rule out identification on the company's network, whistleblowers are advised to copy the access link to BKMS and use it from a network outside Ceconomy.
You also have the option of setting up a protected mailbox in the whistleblower system with a pseudonym/user name and password of your own choosing. In this way, you can securely send reports to the responsible Ceconomy employee by name or anonymously. In this system, the data is stored exclusively in the whistleblower system and is therefore particularly secure; it is not a normal e-mail communication.
Notes on sending attachments
When submitting a report or sending a supplement, you have the option to send attachments to the responsible Ceconomy employee. If you wish to submit a report anonymously, please note the following security warning: Files may contain hidden personal data that may compromise your anonymity. Remove this data before sending. If you are unable to remove this data or are unsure, copy the text of your attachment to your report text or send the printed document anonymously to the address listed in the footer using the reference number you receive at the end of the reporting process.
Status: March 2023