Note on data protection
Name and contact details of the partner responsible for processing and of the company data protection officer.
This data protection notice applies to data processing by:
BETTE WESTENBERGER BRINK Rechtsanwälte PartmbB
(hereinafter responsible for the content: Mr. Christian Faber, Attorney at Law, Partner)
Große Langgasse 1a
D-55116 Mainz, Germany
T +49 (0)6131 28770 0
F +49 (0)6131 28770 99
The company data protection officer of BETTE WESTENBERGER BRINK Rechtsanwälte can be reached at the above address or at firstname.lastname@example.org.
The infrastructure of the whistleblower system, including websites and database, is operated by the service provider iComply GmbH, located in 55116 Mainz, Große Langgasse 1a, on behalf of Bette Westenberger Brink PartmbB.
Personal data and information entered into the whistleblower system are stored in a database operated by iComply GmbH in an ISO/IEC 27001 certified data center. Only Bette Westenberger Brink PartmbB is allowed to view the data. The technical service provider, the data center operator and other third parties do not have access to the data. This is guaranteed in a certified procedure by comprehensive technical and organizational measures.
All data is stored in encrypted form and with multi-level password protection, so that access is restricted to a very narrow circle of expressly authorized persons at Bette Westenberger Brink PartmbB.
Purpose of the whistleblowing system
The purpose of the whistleblower system is to receive and process information about (suspected) violations of laws or regulations in a secure and confidential manner.
Lawfulness of processing
The processing of personal data within the scope of this whistleblower system is based on § 10 of the German Whistleblower Protection Act (HinSchG) to the extent that our client is obliged to establish and operate an internal reporting office pursuant to the HinSchG. Furthermore, the processing of personal data in the context of this whistleblower system is based on the legitimate interest of our client in the detection and prevention of wrongdoing and the associated prevention of damage and liability risks (Art. 6 para. 1 lit. f DSGVO in conjunction with §§ 30, 130 OWiG). By sending the whistleblower form, you also give your consent to the processing of the personal data concerning you (Art. 6 para. 1 lit a DSGVO).
Use of the whistleblower portal
Use of the whistleblower system is on a voluntary basis. When submitting a report via the whistleblower system, we collect the following personal data and information:
- Your name (if you disclose your identity)
- whether you are employed by our client (if you disclose this information)
- if applicable, names of persons as well as other personal data of the persons you name in your report.
Confidential treatment of tips
Incoming tips are received by a narrow circle of expressly authorized lawyers of Bette Westenberger Brink PartmbB and are always treated confidentially. The lawyers of Bette Westenberger Brink examine the facts of the case and, if necessary, carry out a further case-related clarification of the facts.
In order to further process incoming information, it is regularly necessary to pass on information to our clients. Information is only passed on if the whistleblower has given his or her express consent.
Our clients may also be based in countries outside the European Union or the European Economic Area, which may have different regulations on the protection of personal data. We always ensure that the relevant data protection regulations are complied with when passing on tips.
Any person who receives access to the data is obligated to maintain confidentiality.
Information of the accused person
In principle, we are not obliged to inform the accused persons that we have received a tip about them, as the area exception from professional secrecy from Art. 14 (5) lit d) DSGVO applies to lawyers. The content of the tips is collected and processed within the client relationship with the companies.
Retention period of personal data
Deletion of personal data takes place after the purpose has been achieved or if there is no longer a legitimate interest, but at the earliest after expiry of the legal archiving and retention obligations.
Notes on sending attachments
When submitting a report or sending an addendum, you have the option to send attachments to the confidential counsels. If you would like to submit a report anonymously, please note the following security advice: files may contain hidden personal data that could jeopardize your anonymity. Remove this data before sending. If you are unable to remove this data or are unsure, copy the text of your attachment to your report text or send the printed document anonymously to the address listed in the footer using the reference number you receive at the end of the reporting process.
Data subject rights
You have the right to
- Information (Art. 15 DSGVO)
- Correction (Art. 16 DSGVO)
- Deletion (Art. 17 DSGVO)
- Restriction of processing (Art. 18 DSGVO)
as well as the right to object to the processing of your personal data (Art- 21 DSGVO), insofar as there are grounds for doing so that arise from your particular situation. If the right of objection is exercised, we will immediately check to what extent the stored data is still required for the processing of the notice for legal reasons. Data that is no longer required will be deleted immediately.
You also have the right to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.