Data protection and confidentiality policy
We take the issue of data protection and confidentiality very seriously and comply with the provisions of the General Data Protection Regulation (GDPR) as well other applicable national data protection laws. We highly recommend reading the present data protection notice carefully before submitting a report.
Please note, that for LEDVANCE SK employees pursuant to Section 10 (1) of Act No. 54/2019 Coll. on Protection of Whistleblowers Reporting Anti-Social Activity and on Change and Amendment of Certain Acts, as amended (the “Slovak Whistleblowing Act”) for LEDVANCE s.r.o. with its registered seat in Nitra in Slovakia, ID No. 50 197 011, special Data privacy rules as laid out under point 2.7 in the Appendix 5 to the LEDVANCE “Guideline Compliance” apply.
Purpose of the whistleblowing system and legal basis
The whistleblowing system "LEDVANCE Integrity Line (LILi)" serves to provide, process and manage information about compliance violations safe and confidentially. The processing of these personal data is based on our company's legitimate interest in detection and prevention of misconduct in order to avoid damage for LEDVANCE, its employees and customers. Legitimation ground for processing these personal data is Article 6 (1) sec. 1 lit. f GDPR (legitimate interest) and in cases where the whistleblower's identity is consciously and freely released, Art. 6 (1) sec. 1 lit. a GDPR (consent). Should you need any further information on the appreciation of interests in accordance with Art. 6 (1) sec. 1 lit. f GDPR, please use one of our contact options listed in this Policy.
Controller
For data protection topics related to the whistleblowing system, the controller is
LEDVANCE GmbH, Parkring 33, 85748 Garching near Munich, Germany
(hereinafter also: "LEDVANCE"). The whistleblowing system itself is operated by a service provider called EQS Group GmbH, Karlstraße 47, 80333 Munich, located in Germany. EQS Group GmbH is a specialized company in this field. Yet, the whistleblowing system is operated in the name of LEDVANCE. This service provider has been carefully selected and verified. [According to a data processing agreement (DPA) we ensure that the service provider processes personal data only on our behalf and in accordingly to our instructions.]
Personal data and information entered into the whistleblower system are stored on a database in a high-security data center operated by EQS Group GmbH. Only LEDVANCE has a right for data access. EQS Group GmbH and other third parties do not have any kind of data access. Extensively technical and organizational measures ensure this in a certified procedure.
All data are encrypted and stored with passwords on more than one levels, accessible to specific and by LEDVANCE authorized persons.
Data protection officer
LEDVANCE has appointed a data protection officer:
Matthias Lindner
bDSB LEDVANCE
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
Germany
Phone: +49 40 790235 – 0
Fax: +49 40 790235 – 170
Email: privacy@ledvance.com
Type of collected personal data
You are not obliged to use the whistleblower tool. But, if you would like to make a report via the whistleblower tool, we collect the following personal data and information:
- your name, provided you disclose your identity,
- whether you work for LEDVANCE and
- names of persons and other personal data of the persons mentioned in your report.
Confidential handling of information
A small group of LEDVANCE's Compliance-Organization employees is dedicated and specially trained for the handling of incoming information, which are always treated confidentially. These Compliance group in LEDVANCE verifies the facts and, if necessary, carries out a case-related fact-analysis. During a special investigation or during processing a message, it may become necessary to provide information to other employees within the Group, e.g. if the indications refer to actions in other companies of the LEDVANCE Group. The latter may also be based in countries outside the European Union (EU) or the European Economic Area (EEA) and different rules on the protection of personal data may apply. Furthermore, the sharing of information with affiliates of the LEDVANCE Group, located outside the EU/EEA, is based on approved binding corporate rules for the protection of personal data. Please find these Binding Corporate Rules here. We always pay attention that the relevant data protection regulations are be adhered to. Any person in LEDVANCE or other related service providers, who has access to the data, is required to confidentiality.
Information of the accused person
Basically, the law requires to inform the accused persons that we have received a message, provide that the verification process of the information is no longer endangered. Your identity as a whistleblower will not be disclosed, to the extent permitted by law. However, there may be deviations, for example according Article 14(3) of the GDPR.
Rights of the data subject
According to the European data protection law, you and the persons mentioned in the message have the right of access, the right to rectification, to erasure, to restriction of processing as well as a right to object the processing of your personal data. Once the right of objection is claimed, we shall immediately check to what extent the stored data are still required for the verification of the information. Data no longer needed are deleted immediately.
If you, as a whistleblower, consciously and freely release your anonymity and give us your consent processing your personal data, you remain the right to withdraw your consent up to one month after the report has been made.
If you wish to make use of your rights or have questions about data protection at LEDVANCE, please use our contact form or send us an e-mail to privacy@ledvance.com.
LEDVANCE takes your questions and concerns very seriously and we always strive to meet them. Additionally, you have the right at any time to address a complaint to the responsible data protection supervisory authority.
For LEDVANCE the responsible data protection supervisory authority is
Bavarian State Office for Data Protection Supervision
Promenade 27 (Castle)
91522 Ansbach, Germany
Retention period of personal data
Personal data shall be retained for as long as it is necessary for the case clearing and the final reports' assessment. Also, the personal data shall be retained for a longer period, if the company has a grounded interest or this is required by the law. Generally, after completion of the information processing and investigation, this data will be deleted within two months. Deviations are allowed only, if specific legal provisions require further storage or this is required in specific cases for further legal steps such as disciplinary proceedings or the introduction of criminal proceedings.
Use of the whistleblower portal
Communication between your computer and the whistleblower tool takes place via an encrypted connection (called “SSL”). Your computers IP address will not be stored during the use of the whistleblower portal. In order to maintain the connection between your computer and the whistleblower tool, a cookie will be displayed on your computer, which contains only the session ID (called “NL cookie”). The cookie is only valid until the end of your session and will become invalid when the browser would be closed invalid.
You remain the option by using a self-selected pseudonym/ username and password to create a protected mailbox in the whistleblower tool. This enables you to message securely the responsible LEDVANCE employee by name or anonymously. In this system, the data are stored only in the whistleblowing tool and therefore they are highly secured, i.e. it is not an ordinary e-mail communication.
Tips on sending attachments
When submitting a report or sending an amendment, you obtain the option to send to the responsible LEDVANCE employee attachments. If you send anonymously a message, please take into consideration the following security advice: Files could probably contain hidden personal data that might endanger your anonymity. Please, remove these data before sending the file(s). Should it be unable to remove this information, please copy the text of your attachment into your messages' text or send the printed one anonymously to the address listed in the footer by stating the reference number you will receive at the end whistleblowing process.