Privacy policy
Privacy Policy Whistleblower System
We are pleased that you are visiting our whistleblower system. The whistleblower system is used to report violations of applicable laws and internal policies within our organization. This helps us to clarify and prosecute such violations. In the following, we provide information on the collection of personal data when using the whistleblower system. Personal data is any data that can be directly or indirectly related to you personally.
Person responsible for data processing
Responsible person according to Article 4 (7) General Data Protection Regulation (GDPR) is MAGNESIA GmbH cf. the legal notice.
Assigned Service Provider:
The website is provided with the support of Althammer & Kill GmbH & Co. KG, Roscherstr. 7, 30161 Hannover, www.althammer-kill.de, which acts on our behalf and can therefore also view (receive) your data to the extent necessary. A corresponding order processing agreement has been concluded.
Contact details of (external) data protection officer:
datenschutz_magnesia@magnesia.de
Informational use
For the informational use of our websites, we only collect the personal data that your browser automatically transmits to us, such as:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- the amount of data transferred in each case and the access status (file transfered, file not found, etc.)
- Web page from which the request comes
- Browser type / version / language
- Operating system and its interface
- Language and version of your browser.
Storage period:
No personal data is stored, as the second half of the IP is omitted. An identification of the computer or the user is excluded in this way. The anonymous data is deleted after 30 days.
Legal basis of data processing:
The above data is technically necessary to display our websites and to ensure stability and security, according to Article 6 (1) (f) GDPR.
Whistleblower system
Use of the whistleblower system is voluntary. However, please note that the information you share about yourself, other employees, customers, suppliers and other cooperation partners may lead to corresponding consequences for those reported. Therefore, please deliberately share only information that is correct and complete to the best of your knowledge.
In doing so, we process the data that you provide to us: Your name and contact details, the name and other details of persons reported, details of the circumstances of the report including the specific or general facts, misconduct observed including circumstances relevant to criminal law, details of time, place and date. In the reporting form itself, the correct organization must be selected, the subject line and the field Your message to us. In addition, you can upload files such as pdf, png, and jpg. Furthermore, during further processing, there may be further storage of questions and answers to the facts of the case, if necessary, data on natural persons.
If you wish to report anonymously, you must enter a password known only to you. Our service provider will then send you a randomly selected access number. Keep this data safe, because - to ensure anonymity - it cannot be reset or retransmitted. Please note: Anonymous reports should be processed, but the person responsible is not legally obliged to do so. You can log in to the whistleblower system with your access data at any time after the initial entry and call up the current status of the communication. Our timely responses are also included here.
The data is first checked by our service provider and then forwarded to our ombudsperson. Everything else is controlled from here, including questioning and access by other persons. Access to the data is strictly limited to those persons who really need to have access; the need-to-know principle applies. Access is only ever granted if it is necessary and required, or if mandatory legal regulations require transfer or disclosure to authorized bodies.
Contracted Service Providers:
Althammer & Kill GmbH & Co. KG, Roscherstr. 7, 30161 Hannover, www.althammer-kill.de is used as a processor for the provision of the system, the anonymous communication option and the forwarding to the ombudsman or the person responsible in the management. Data will only be viewed by the latter to the extent necessary and required.
Storage period:
The data in the whistleblower system will only be stored as long as necessary and required, at the latest three years after the conclusion of the procedure according to §11 para. 5 HinSchG. Access may be blocked before then, so that only limited access would be available. If mandatory legal provisions stipulate a longer storage period, or if a longer period is necessary in individual cases due to legitimate interests, this principle may be deviated from.
Legal basis of data processing:
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. c) GDPR in conjunction with. §10 HinSchG and Art. 6 para. 1 lit. f) GDPR and §26 para. 1 Federal Data Protection Act. The legitimate interest lies in the detection and clarification of possible misconduct by stakeholders, the protection of the company's interests through ad hoc measures to prevent further damage, and the assertion of claims for damages and other possibilities for punishment.
Processing of your personal data in countries outside the EU and the EEA (third countries)
A processing of your personal data in states outside the European Union and the European Economic Area in the whistleblower system does not take place.
Your rights
You have the following rights with respect to us regarding personal data concerning you:
- Right to information,
- Right to rectification or deletion,
- Right to restriction of processing,
- Right to data portability,
- Right to complain to a supervisory authority.
Right of objection
Insofar as we base the processing of your personal data on the balance of interests (legal basis is then Article 6 (1) (f) GDPR), you can object to the processing. This is the case if the processing is not necessary for the fulfillment of a contract with you, which is addressed by us in each case in the explanation of the individual data processing and functions on our websites further up in this privacy policy. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds based on which we will continue the processing.
How to contact us regarding your rights
To exercise your rights you can contact us at any time. It is best to use the following contact details from the legal notice.
Data security
We use technical and organizational security measures to protect personal data that we receive or collect, against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments. The transmission of your personal data is encrypted using SSL technology (https) to prevent access by unauthorized third parties.