Data Processor
Name and contact details of the controller:
DEWE Brünofix GmbH
Fabrik für Metallchemie
Pruppacher Weg 8
D-91126 Rednitzhembach
Tel.: +49 9122 9868-100
Fax: +49 9122 9868-130
E-mail: info@bruenofix.de
Managing Director: Ralf S. Schmidt
Nuremberg District Court HRB 2775
VAT registration number: DE133509734
Name and contact details of the data protection officers:
Mrs Gisela Pöllinger
Datenschutz Pöllinger GmbH
Dresdner Str. 38
92318 Neumarkt
Tel.: 09181/2705770
Email: datenschutz@datenschutz-poellinger.de
Processing framework and origin of the data
Purpose and legal basis for the processing Art. 6, paragraph 1, lit. a, c, f GDPR
The whistleblower system enables you to contact us and report compliance or legal violations. We process your personal data in order to check the report you have submitted via the whistleblower system and to investigate the alleged legal or compliance violations. In doing so, we may have further questions for you. We will only use the whistleblower system for communication. The confidentiality of the information you provide is our top priority.
The corresponding processing of your personal data is based on your consent given when reporting via the whistleblower system (Art. 6 para. 1 lit. a GDPR).
Furthermore, we process your personal data to the extent necessary to fulfil legal obligations. This includes, in particular, reports of facts relevant to criminal, competition and labour law (Art. 6 para. 1 lit. c GDPR).
Your personal data may be processed if this is necessary to protect the legitimate interests of the company or a third party (Art. 6 para. 1 lit. f GDPR). We have a legitimate interest in processing personal data to prevent and detect violations within the company, to review the legality of internal processes and to maintain the integrity of the company.
If you provide us with special categories of personal data, we process these on the basis of your consent (Art. 9 (2) (a) GDPR).
Categories of personal data that are processed
In principle, it is possible to use the whistleblower system without providing personal data, as far as legally permissible. However, you can voluntarily disclose personal data as part of the whistleblower process, in particular information about your identity, first and last name, and email address. When using the whistleblower system, various types of data are processed. The scope of the data also depends on the information you provide yourself.
However, the information you provide may also contain personal data of third parties to whom you refer in your report. The persons concerned will have the opportunity to comment on the information. In this case, we will inform the persons concerned about the report. In this case, too, your confidentiality is protected, since – as far as legally possible – no information about your identity will be given to the person concerned and your report will be used in such a way that your anonymity is not compromised.
The following types of data are processed:
Anonymised IP address
First name and surname provided voluntarily
E-mail address provided voluntarily
Telephone number provided voluntarily
Text, audio and image files: You have the option to upload various files.
Recipients (categories) of personal data
Only authorised persons within the company are permitted to view the stored data. If necessary, specially authorised persons from our subsidiaries may also be authorised to view the data. All persons authorised to view the data are expressly bound to confidentiality.
In order to fulfil the aforementioned purpose, it may also be necessary for us to transfer your personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.
If we pass on your personal data within the group or externally, a uniform level of data protection is ensured by means of internal data protection regulations and/or corresponding contractual agreements. In all cases, responsibility for data processing remains with the company.
Finally, we transfer your personal data to Datenschutz Pöllinger GmbH to the extent described above for technical implementation. We have concluded an AV contract for this purpose.
Storage period for personal data
In principle, your data will be deleted after the retention obligations and periods issued by the legislator or the supervisory authorities have expired. If data is not affected by this, it will be deleted when its purpose no longer applies.
Transfer to third countries
In principle, personal data is not transferred outside the European Union.
Rights of the data subject
Information about the data stored about you (Art. 15 GDPR). In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it has not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the details.
Rectification – If incorrect personal data is processed (Art. 16 GDPR),
erasure and restriction as well as objection to the processing
(Art. 17, 18 and 21 GDPR).
Right to data portability (Art. 20 GDPR) – to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller.
Withdrawal of consent (Art. 7 (3) GDPR). This has the consequence that we may no longer continue the data processing based on this consent in the future.
Right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
Obligation to provide personal data
As a whistleblower, you are not obliged to provide personal data. When you report a tip-off, you will receive an online ID and have to assign your own password. If you forget your ID or password, you will not be able to access the whistleblowing system. An online ID or password cannot be reset.
Right to revoke consent
Every data subject has the right within the meaning of Art. 6 (1) point a of the GDPR to withdraw at any time, without detriment to himself or herself, any or all consent that has been given, without this affecting the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.
Please address the withdrawal of consent and any objection in writing to:
DEWE Brünofix GmbH
Fabrik für Metallchemie
Pruppacher Weg 8
D-91126 Rednitzhembach
E-Mail: datenschutz@bruenofix.de
Automated decision-making and profiling
No automated decision-making processes as per Art. 22 GDPR or other profiling measures as per Art. 4 No. GDPR are used.
Up-to-dateness and amendment of this information obligation in accordance with Art. 13 and Art. 14 GDPR
This data protection information is currently valid and is dated February 2023. It may be necessary to change this information due to, among other things, changes in legal or official requirements. You can access and print out the current data protection information at any time on the website https://www.bruenofix.de/informationspflicht/.