Privacy Policy for Whistleblower Portal

State: 2024-08-13

This English translation of the privacy policy is a service for the visitors of the website. The content of the German version of the Privacy Policy for Whistleblower Portal (Datenschutzerklärung zum Hinweisgebermeldeportal) is authoritative.

Data Protection acc. to EU General Data Protection Regulation (GDPR)
The protection of personal data has a high priority for esd electronics gmbh. This privacy statement informs the visitors of our Whistleblower Portal which data are collected for which purpose and for which usage.

In accordance with general data protection regulations, the national data protection acts of the members states and other related data policy provisions, the responsible operator of this website is:

esd electronics gmbh
Vahrenwalder Str. 207
30165 Hannover – GERMANY
Phone: +49 511-37298-0
Email: support@esd.eu
Website: www.esd.eu

Contact details of the data protection officer: dataprotection@esd.eu or at the postal address of the person responsible with the addition “Attn. Data protection officer"

Purpose of the Processing of special Categories of personal Data

Types of data
Reference Data
Personal data voluntarily included in the notice, such as name or other identifying information.

Technical Data
In order to operate the reporting system, technical data of the end device used by the reporting person (IP address, browser version, operating system) is processed by the processor to the extent necessary.

Purpose of the Collection

Provision of an internal reporting office through which grievances or unlawful behavior in the company can be reported and processed confidentially.

Legal Basis (pursuant to Art. 6 / 9 GDPR)

The processing of personal data takes place on the legal basis of Art. 6 para. 1 lit. c) GDPR and Art. 9 para. 2 lit. g) GDPR in conjunction with § 10 HinSchG, insofar as this is necessary to fulfill the task of the reporting office.

Recipients of the Data

Whistleblowing Data
Internal reporting office:
Persons who are responsible for receiving and processing the reports and the persons who support them in fulfilling these tasks have access to the incoming reports. Access authorizations are assigned according to the "need-to-know" principle.

Other recipients:
If necessary, the processor or the data protection officer may be granted access, as well as other internal departments that may become active as part of follow-up measures.

Technical Data
Internal reporting office:
Persons who are responsible for receiving and processing reports and the persons who support them in fulfilling these tasks have access to incoming reports. Access authorizations are assigned according to the "need-to-know" principle.

Intention to forward to a third Country or international Organization

No data from the whistleblower reporting portal is forwarded to third countries or international organizations.

Duration of Data Storage

The data collected will be deleted after 3 years following expiry of the regular limitation period in accordance with Section 195 of the German Civil Code (BGB), unless ongoing proceedings require storage beyond this period.

Obligation to provide personal Data (e.g. due to legal or contractual Regulations) / Necessity

Consequences of Non-compliance (Failure to provide the required Data)

There is no obligation to provide personal data.

Existence of automated Decision-making

In this context, we do not use automated decision-making.

Origin of the Data (if not collected directly from the Data Subject)

Reference Data
Direct collection:
The whistleblower's data is collected directly from the data subject. Other personal data of third parties may be processed if they are part of the report.

Technical Data
Direct collection:
The data is collected directly from the data subject.