TABLE OF CONTENTS

  • DATA PROTECTION INFORMATION FOR INFORMANTS ACC. ART. 13 GDPR
  • PURPOSES OF DATA PROCESSING
  • LEGAL BASIS
  • WHAT PERSONAL DATA IS PROCESSED?
  • RECEIVER
  • STORAGE PERIOD
  • YOUR RIGHTS AS DATA SUBJECT
  • RESPONSIBLE BODY FOR DATA PROCESSING
  • DATA PROTECTION OFFICER

DATA PROTECTION INFORMATION FOR NOTIFIERS ACC. ART. 13 GDPR

PURPOSES OF DATA PROCESSING

In the following, we would like to inform you about the collection, processing and use of personal data in the context of the whistleblower system. Please read this data protection information carefully before submitting a report. The purpose of data processing is to provide a secure and confidential channel for reporting compliance violations, in particular (suspected) violations of the law and serious violations of the guidelines of the controller named below. The internal reporting office of the responsible organization receives the report and investigates the reported case.

LEGAL BASIS

We process your personal data in accordance with Art. 6 para. 1, lit. b GDPR in order to comply with our obligations under the Whistleblower Directive (Directive (EU) 2019/1937) and its national implementations by receiving information about misconduct via a technically implemented reporting channel (by e-mail or telephone) in order to evaluate it and to fulfill our other obligations under the Whistleblower Directive and its national implementations. You have the right to object to the processing of your personal data.

WHAT PERSONAL DATA IS PROCESSED?

Type of data

The following data types/categories (list/description of data categories) may be subject to the processing of personal data

  • Personal master data (address data, date of birth, etc.)
  • Communication data (e.g. telephone, e-mail)
  • Contract data (contractual relationship, product or contractual interest), customer number
  • Usage data, purchasing behavior, customer history
  • Billing/payment data, bank data
  • Planning and control data, analysis data
  • Qualification data
  • Photos / Videos
  • Particularly sensitive data (in particular health data, trade union membership, religious beliefs)
  • Information (from third parties, e.g. credit agencies or public directories)
  • Particularly sensitive data (in particular health data, trade union membership, religious beliefs)
  • Information (from third parties, e.g. credit agencies or public directories)

Categories of affected persons

The categories of data subjects affected by the processing include:

  • Customers
  • Interested parties
  • Subscribers
  • Employees
  • Suppliers
  • Sales representative
  • Contact person

RECEIVER

In the event of a confidential report, your personal data will only be disclosed if this is absolutely necessary for the fulfillment of our contractual and legal obligations or if the internal organization requires the disclosure. This only applies to persons who are responsible for receiving reports or for taking follow-up measures, as well as persons supporting them in the fulfillment of these tasks (Art. 9 Whistleblower Directive). In addition, we use a service provider (processor in accordance with Art. 28 DSGVO), which we contractually oblige in accordance with the legal requirements of the DSGVO and whose compliance we monitor. This is a company from the IT service sector. Otherwise, personal data will not be passed on or otherwise transferred to third parties unless this is necessary for the purposes of criminal prosecution. If required by law or orders from government bodies, personal data may be disclosed to them.

STORAGE PERIOD

Personal data is stored for as long as is necessary for the clarification and final assessment of the notification and compliance with legal requirements. In the event that judicial and/or disciplinary proceedings are initiated, the data may be stored until the conclusion of the proceedings or until the expiry of the time limits for appeals. The duration of storage depends in particular on the severity of the suspicion and the possible breach of duty reported. This data is then deleted in accordance with the statutory provisions (3 years).

YOUR RIGHTS AS DATA SUBJECT

As the data subject, you are entitled to the following rights, provided the legal requirements are met:

  • Right to information, Art. 15 GDPR
  • Right to rectification, Art. 16 GDPR
  • Right to erasure, Art. 17 GDPR
  • Right to restriction of processing, Art. 18 GDPR
  • Right to data portability, Art. 20 GDPR,
  • Right to object, Art. 21 GDPR

If the data processing is based on a weighing of legitimate interests, you have the right to object to this processing of the data. There must be legitimate reasons for this arising from your particular situation. You also have the right to complain to the data protection supervisory authority about data processing.

RESPONSIBLE BODY FOR DATA PROCESSING

OWG Beteiligungs AG
Gruber Strasse 65
85586 Poing / Germany
Phone: +49 (0) 8121 707 - 17 100
Fax: +49 (0) 8121 707 - 12 116
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

DATA PROTECTION OFFICER

All interested parties and visitors to our website can contact us regarding data protection issues at:

Bernhard Brunner
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
T +49 941 2986930
F +49 941 29869316
M This email address is being protected from spambots. You need JavaScript enabled to view it.
W www.projekt29.de