Information on data protection in the whistleblowing system of the FIXIT GRUPPE
Responsible for the processing of personal data is:
FIXIT TM Holding GmbH Landshuter Street 30 85356 Freising Germany Telephone: +49 8161 602-0 Fax: +49 8161 685-22 E-mail: email@example.com
In principle, it is possible to use the whistleblowing system without providing any personal data. However, you can voluntarily provide personal data within the framework of the whistleblowing process, in particular information on your identity, first and last name, country of residence, telephone number or e-mail address.
The information you provide may also contain personal data of third parties to whom you refer in your information. Data subjects are given the opportunity to comment on the information. In this case, we will inform the persons concerned about the information. In this case, too, your confidentiality will be protected, as the person concerned will not be given any information about your identity - as far as legally possible - and your information will be used in such a way that your anonymity is not jeopardised.
Purpose and legal basis of the processing
The whistleblower system allows you to contact us and report indications of compliance and legal violations. We process your personal data in order to check the report you have made via the whistleblower system and to investigate the alleged compliance and legal violations. In doing so, we may have queries for you. For this purpose, we exclusively use communication via the whistleblower system. In this context, the confidentiality of the information you provide is our top priority.
The corresponding processing of your personal data is based on your consent given when reporting via the whistleblower system (Art. 6 para. 1 lit. a European Data Protection Regulation, DSGVO for short).
Furthermore, we process your personal data insofar as this is necessary for the fulfilment of legal obligations. This includes, in particular, notifications of facts relevant to criminal, competition and labour law (Art. 6 para. 1 lit. c DSGVO).
Finally, your personal data is processed if this is necessary to protect the legitimate interests of the company or a third party (Art. 6 para. 1 lit. f DSGVO). We have a legitimate interest in processing the personal data for the prevention and detection of violations within the company, for checking the legality of internal processes and for maintaining the integrity of the company.
If you disclose special categories of personal data to us, we process them on the basis of your consent (Art. 9 para. 2 lit. a DSGVO).
We do not intend to use your personal data for purposes other than those listed above. Otherwise, we will obtain appropriate consent from you in advance.
Disclosure of personal data
The FIXIT GRUPPE operates internationally and has locations in various countries within and outside the European Union. Access to the stored data is only possible for specially authorised persons within the company. Insofar as this is necessary to fulfil the aforementioned purpose, specially authorised persons from our subsidiaries may also be entitled to inspect the data. This is particularly the case if the investigation of their report is carried out in the country concerned. All persons authorised to inspect the data are expressly obliged to maintain confidentiality.
In order to fulfil the aforementioned purpose, it may also be necessary for us to transfer your personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.
If we share your personal data within the group or externally, a uniform level of data protection is ensured by means of internal data protection regulations and/or corresponding contractual agreements. In all cases, the responsibility for data processing remains with the company.
Duration of storage
We only store personal data for as long as is necessary to process your information or for as long as we have a legitimate interest in storing your personal data. We may also store your data if this is required by European or national law to comply with legal obligations, such as storage obligations. Subsequently, all personal data will be deleted, blocked or made anonymous.
If you have provided personal data, you have the right to information, correction and deletion of the personal data. You may also restrict the processing or request its transfer to another responsible body.
Furthermore, you have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation.
You have the right to revoke your declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. As a rule, consent can only be revoked within one month of receipt of the notification, as the FIXIT GRUPPE is obliged in certain cases under Article 14 (3) (a) of the GDPR to inform the accused person of the allegations made against him or her and the investigations carried out within one month. This also includes the storage, the type of data, the purpose of the processing, the identity of the controller and - insofar as legally required - of the notifier, so that a discontinuation of the data processing or deletion of the identification data is no longer possible. The revocation period may also be shortened in the event of an immediately necessary involvement of an authority or a court. This is because as soon as a disclosure to the authority or the court has been made, the identification data are located both at the FIXIT GRUPPE and in the procedural files of the authority or the court.
You exercise these rights by informally notifying the data controller. If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom we have disclosed the personal data concerning you of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, we will inform you about these recipients.
Finally, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
Status of the data protection information: September 2023