Privacy

Safe!hints is our whistleblower system. Employees, customers, business partners or other whistleblowers can use safe!hints to report suspected violations of laws and internal rules to the internal reporting office. Safe!hints is part of our compliance management system. 

 

Who is responsible for data processing?

The controller for the processing of your personal data is (hereinafter also referred to as the organization):

Werner & Pfleiderer Industrielle Backtechnik GmbH, Frankfurter Straße 17, 71732 Tamm, info@wpib.de; represented by Dipl.-Kfm. Jürgen Horstmann, Dipl.-Kff. Carola Landhäuser, Stefan Tielker und Dieter Knost. 


In accordance with our legal obligation, we have appointed a data protection officer whom you can contact at any time with questions about data protection. You can reach him/her at 

Biehn & Professionals GmbH
IT- Sicherheit und Risikomanagement
Wiesenstraße 32
33397 Rietberg-Mastholte
Fon: 02944-97971–0
E-Mail: datenschutz@wp-l.de

What data is processed? 

The use of safe!hints is voluntary. 

When breaches are reported via "safe!hints", personal data (e.g. name, contact details, photos, reported facts, etc.) of the person submitting the report is processed.

- the person submitting a report (whistleblower)

- the person affected by a report (reported person)

- and the other persons named in a report (e.g. witnesses/third parties)

who are entered in the respective notification form. 

What do we process your data for and on what legal basis? 

The above-mentioned data is processed for the purpose of detecting and preventing serious misconduct and avoiding and defending against particularly drastic or existence-threatening legal consequences and damage both for our organization (criminal prosecution, claims for damages, reputational damage, supervisory measures) and for our employees.

The legal basis for the processing is a legal obligation pursuant to Art. 6 para. 1 lit c GDPR to comply with the requirements of the EU Whistleblower Directive of 23.10.2019 (EU 2019/1937) and the Whistleblower Protection Act (HinSchG).

Who receives my data? 

As part of the audits, investigations and remedial action to be taken, it may be necessary to provide information on a reported incident to external advisors (e.g. legal advisors) or to the competent authorities. 

The infrastructure of the system, including websites and database, is operated by Biehn & Professionals GmbH, Wiesenstraße 32, 33397 Rietberg-Mastholte, Germany, on our behalf in accordance with Art. 28 GDPR, which in turn uses a specialized software subcontractor. Biehn & Professionals GmbH is contractually obliged to maintain strict confidentiality and to comply with all data protection requirements. In addition, our external data protection officer is subject to a special statutory duty of confidentiality.

 

What data protection rights are you entitled to? 

You have the right, upon request and free of charge, to receive information about the personal data stored about you, its origin and recipients and the purpose of the data processing. If we process your data on the basis of our legitimate interest, you have the right to object to the processing if there are legitimate reasons arising from your particular situation (right to object). You also have the right to rectification of inaccurate personal data, the right to erasure of personal data, the right to restriction of processing of personal data and the right to data portability. You can contact us at any time with regard to this and other questions on the subject of personal data. Finally, you have the option of lodging a complaint with the supervisory authority if you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way. 

 

How long will the personal data be stored? 

Personal data is stored for as long as required for clarification and final assessment or as required by law. This data is then deleted in accordance with legal requirements. If a report proves to be unfounded, the report and the personal data it contains will be deleted immediately. The reports and notifications are regularly deleted after 6 months. A final assessment is also stored for documentation purposes.