Privacy

iWhistle is our whistleblowing system. Employees, customers, business partners or other persons providing information can use iWhistle to report suspected violations of laws and internal rules to the internal reporting office. iWhistle is part of our compliance management system.

Who is responsible for data processing?
Responsible for the processing of your personal data is (hereinafter also organisation):
Muster GmbH & Co. KG, Compliance Office, Musterstr. 1, 12345 Musterhausen, compliance@muster-gmbh.de

What data is processed?
The use of iWhistle is on a voluntary basis. In the case of tips, the following personal data is processed

  • Whistleblower: name (if you disclose your identity), contact details (if you provide them)
  • Persons affected by incidents: First name and surname, information about incidents and suspicions of violations of laws and regulations
  • Witnesses and/or third parties named in the notice (e.g. customers, suppliers, colleagues or business partners): first and last name, contact details.


What do we process your data for and on what legal basis?
The above-mentioned data is processed for the purpose of uncovering and preventing serious misconduct and avoiding and averting particularly drastic legal consequences and damages that threaten the existence of our organisation (criminal prosecution, claims for damages, damage to our image, supervisory measures) as well as for our employees. The legal basis for the processing is our legal obligation pursuant to Art. 6 para. 1 lit c DSGVO to comply with the requirements of Section 10 of the Whistleblower Protection Act (HinSchG).

Who receives my data?
In the course of audits, investigations and remedial measures to be taken, it may be necessary to transmit information on a reported incident to external advisors (e.g. legal advisors) or to the competent authorities.
The technical operation of iWhistle is carried out by the specialised software service provider iComply GmbH, Gro├če Langgasse 1a, DE-55116 Mainz, on our behalf.

What data protection rights do you have?
You have the right to request information free of charge about the personal data stored about you, its origin and recipient and the purpose of the data processing. If we process your data on the basis of our legitimate interest, you have the right to object to the processing if there are legitimate grounds arising from your particular situation (right of objection). In addition, you have the right to correct incorrect personal data, the right to delete personal data, the right to restrict the processing of personal data, the right to data portability. You can contact us at any time about this and other questions on the subject of personal data. Finally, you have the option of lodging a complaint with a data protection supervisory authority if you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way.

How long is the personal data stored?
The documentation of whistleblowing and personal data contained therein are generally deleted three years after the conclusion of the procedure. The documentation may be kept longer in individual cases in order to fulfil the requirements under the Whistleblower Protection Act (HinSchG) or other legal provisions, as long as this is necessary and proportionate. A final assessment is also stored for documentation purposes.