We are pleased that you are visiting the internal reporting office of your organization. The Althammer & Kill GmbH & Co. KG has been commissioned to take over the tasks of the internal reporting office according to HinSchG. Its simplified purpose is to receive reports of rule violations in your organization, to check them for plausibility, to investigate the facts of the case, and to provide a final report with recommendations for measures to be taken by your organization. In this context, we process your personal data. Personal data is all data that can be directly or indirectly related to you personally.
Person responsible for data processing
Responsible person according to Article 4 (7) General Data Protection Regulation (GDPR) is Althammer & Kill GmbH & Co. KG, see also https://www.althammer-kill.de/impressum and https://www.althammer-kill.de/hinweise-zum-datenschutz.
Assigned Service Provider:
For the provision of the system, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, for supporting application software (Exchange-Online) Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland as an order processor. Data will only be viewed by them to the extent necessary and required.
Contact details of external data protection officer:
Lerchenstr. 28, 22767 Hamburg
Telefon +49 40 69797280
Telefax +49 40 69797290
For the informational use of our websites, we only collect the personal data that your browser automatically transmits to us, such as:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- the amount of data transferred in each case and the access status (file transfered, file not found, etc.)
- Web page from which the request comes
- Browser type / version / language
- Operating system and its interface
- Language and version of your browser.
No personal data is stored, as the second half of the IP is omitted. An identification of the computer or the user is excluded in this way. The anonymous data is deleted after 30 days.
Legal basis of data processing:
The above data is technically necessary to display our websites and to ensure stability and security, according to Article 6 (1) (f) GDPR.
Use of the whistleblower system is voluntary. However, please note that the information you share about yourself, other employees, customers, suppliers and other cooperation partners may lead to corresponding consequences for those reported. Therefore, please deliberately share only information that is accurate and complete to the best of your knowledge.
In doing so, we process the data that you provide to us: Your name and contact details, the name and other details of reported persons, more detailed circumstances of the report including the specific or general facts, observed misconduct including circumstances relevant under criminal law, details of time, place and date. In the reporting form itself, the correct organization must be selected, the subject line and the field Your message to us. In addition, you can upload files such as pdf, png, and jpg. Furthermore, in the course of further processing, there may be further storage of questions and answers to the facts of the case, if necessary, data on natural persons.
If you wish to report anonymously, you must enter a password known only to you. We will then send you a randomly selected access number. Keep this data safe, because - to ensure anonymity - it cannot be reset or retransmitted. You can log in to the whistleblower system at any time after initial entry with your access data and call up the current status of communication. Our timely responses are also included here.
The data is primarily processed by the ombudsperson in accordance with § 17 HinSchG. You will receive feedback within the statutory time limits. This is usually followed by an investigation of the facts or other follow-up measures are taken in accordance with § 18 HinSchG. This also involves the exchange of personal data with the organization. Access to data is strictly limited to those persons who really need to have access; the need-to-know principle applies. Access is only ever granted if it is necessary and required, or if mandatory legal regulations require transfer or disclosure to authorized bodies. If persons are part of the notification, they must be informed within 4 weeks according to Art. 14 GDPR for legal reasons, unless there is a justified exception for the case that the investigation is endangered by the information. The information does not include details. The legal protection of the HinSchG applies, insofar as it is applicable.
The data in the whistleblower system is only stored for as long as necessary and required, at the latest three years after the conclusion of the procedure pursuant to Section 11 (5) HinSchG. If mandatory legal provisions stipulate a longer storage period or if a longer period is necessary in individual cases due to legitimate interests, this principle may be deviated from.
Legal basis of data processing:
The legal basis for the processing of your personal data is Article 6 (1) (c) and (f) GDPR in conjunction with. § 10 HinSchG. The legitimate interest is the investigation of reported violations.
You have the following rights with respect to us regarding personal data concerning you:
- Right to information,
- Right to rectification or deletion,
- Right to restriction of processing,
- Right to data portability,
- Right to complain to a supervisory authority.
Right of objection
How to contact us regarding your rights
To exercise your rights, you can contact us at any time. The best way to do this is to use the following contact details: email@example.com.
We use technical and organizational security measures to protect personal data that we receive or collect, against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments. The transmission of your personal data is encrypted using SSL technology (https) to prevent access by unauthorized third parties.