Data protection information

We take the issues of data protection and confidentiality very seriously and comply with the provisions of the EU General Data Protection Regulation (EU GDPR) and applicable national data protection regulations. Please read this data protection information carefully before submitting a report.

Purpose of the whistleblower system and legal basis

The purpose of the whistleblower system is to receive, process and manage reports of breaches of our company’s compliance obligations in a secure and confidential manner. The processing of personal data is based on our company’s legitimate interest in detecting and preventing misconduct and thus averting harm to the organisation, its employees and customers. The legal basis for this processing of personal data is Article 6 (1f) GDPR. In addition, the use of the whistleblowing system or parts thereof may be based on a legal obligation of the organisation (e.g. national implementation laws of the EU Whistleblowing Directive). The legal basis for these cases is Art. 6 para. 1c GDPR in conjunction with the respective legal obligation.

Responsible organisation

w&k Elektrotechnik GmbH
Wiesenthaler Straße 27
36466 Dermbach

Mail: compliance@w&k-gmbh.com

Responsible party and general information

The whistleblower system is operated by w&k Elektroanlagen GmbH. Personal data and information entered into the whistleblower system are stored in a database. The data can only be viewed by the person responsible. This is guaranteed in the certified process by comprehensive technical and organisational measures. All data is encrypted and stored with multi-level password protection, so that access is restricted to a very narrow circle of recipients expressly authorised by the controller. The controller has appointed a data protection officer. Enquiries regarding data protection and confidentiality can be sent to the contact details above.

Type of personal data collected

Use of the whistleblower system is voluntary. If you submit a report via the whistleblower system, we collect the following personal data and information:

– Your name, if you disclose your identity,

– whether you are employed by the controller and

– if applicable, the names of persons and other personal data of the persons you name in your report.

Confidential treatment of information

Incoming information is received by a small group of expressly authorised and specially trained employees of the controller and is always treated confidentially. The employees of the controller check the facts of the case and, if necessary, carry out further case-related clarification of the facts. When processing a report or as part of a special investigation, it may be necessary to pass on information to other employees of the controller or other employees who are related to the controller. Every person who receives access to the data is obliged to maintain confidentiality.

Information of the accused person

In principle, we are legally obliged to inform the accused persons that we have received a tip-off about them as soon as this information no longer jeopardises the follow-up of the tip-off. Your identity as a whistleblower will not be disclosed – as far as legally permissible.

Rights of data subjects

Under European data protection law, you and the persons named in the notice have the right to information, rectification, erasure, restriction of processing and a right to object to the processing of your personal data. If the right to object is exercised, we will immediately check the extent to which the stored data is still required for the processing of a notice. Data that is no longer required will be deleted immediately. You also have the right to lodge a complaint with a supervisory authority.

Retention period of personal data

Personal data will be stored for as long as is necessary for the clarification and final assessment of the report or for as long as the company has a legitimate interest or is required by law. Once the processing of the report has been completed, this data is deleted in accordance with the legal requirements.

Notes on sending attachments

When submitting a report or sending a supplement, you have the option of sending attachments to the responsible employee. If you wish to submit a report anonymously, please note the following security advice: Files may contain hidden personal data that could jeopardise your anonymity. Remove this data before sending. If you are unable to remove this data or are unsure, copy the text of your attachment to your report text or send the printed document anonymously to the address listed in the footer, quoting the reference number you receive at the end of the reporting process.