German Whistleblowing Privacy Notice

We would like to inform you about the processing of your personal data when reporting on acts or omissions covered by our German Whistleblower Policy.

Data Controller

The Data Controller (“we”, “us”, “our”) responsible for the processing of your personal data when reporting on an act or omission covered by our Whistleblower Policy is the entity to which the report is addressed to.

Personal information and legal basis

To the extent that this information is included in the report, we might process the following personal data:

  • Name;
  • Address;
  • Relationship with the company to which the report is addressed to;
  • Telephone number;
  • E-mail;
  • Voice message (including its recording, subject to the consent of the reporting person); and
  • Any personal information included in the report (e.g., circumstances of acts and omissions covered by the Whistleblower Policy and information about the persons concerned).

If you have provided your contact details, we will follow up and inform you about the status of the investigation, to the extent that this is requested and/or permitted by the applicable law and our Whistleblower Policy. Your personal data will be processed only to the extent necessary for us to comply with applicable law, including, but not limited to, Section 2 of the German Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG), and our Whistleblower Policy.

To the extent that this is allowed by the applicable data protection law (including, but not limited to, the Regulation (EU) 2016/679 (GDPR) and any other privacy and data protection law applicable at the national level), we might process your personal data for our legitimate interest, namely to review, investigate and evaluate reports as set forth in the Whistleblower Policy.

Unsubstantiated reports and reports not made in good faith and/or not on the basis of reasonable belief or well-founded grounds or reports made despite knowing that the allegations are false will be considered a serious offense and may result in a disciplinary action, up to and including termination of the employment agreement of the Reporter. We may also anonymize the information included in the reports and thereafter use it for statistical purposes.

Origin of the personal data

We might obtain your personal data directly from you or from a third-party reporting through the reporting channels described in our Whistleblower Policy (including e-mail, letter or voice messages).

Recipients

In order to fulfill the purposes stated in our Whistleblower Policy (including review, investigate, evaluate and follow up the reports) the reports will be reviewed by the Whistleblowing Committee, as described in our Whistleblower Policy. We may share information related to the reports to other companies within the LIPPERT Group (some of which are based in the US and other countries that offer an inadequate level of data protection), to the extent that this is required for investigation purposes, provided that there is a legal basis for the data transfer and appropriate transfer mechanisms are in place.

Subject to the anonymization of the personal data therein, we may transfer the information included in the Reports to other companies of the LIPPERT Group (some of which are based in the US and other countries that offer an inadequate level of protection) for statistical purposes. To the extent that this is required by applicable law, we might disclose your personal data with public authorities and institutions.

We may also share your data with trusted partners, for instance email and voice mail service providers, only if there is a legal basis for the data transfer and appropriate transfer mechanisms are in place.

International transfers of data

To the extent that this is necessary for us to carry out the tasks described in our Whistleblower Policy, we may transfer information related to the reports to other companies within the LIPPERT Group (some of which are based in the US and other countries that offer an inadequate level of protection). We may only transfer your data if there is a legal basis for the data transfer and appropriate transfer mechanisms are in place.

Some of our service providers are based in the US and other countries that provide an inadequate level of data protection and consequently your rights might be restricted in these countries.

Data retention

We will store the information included in the reports for as long as this is necessary for the review, investigation, evaluation and follow-up of the report or for so long as is required by applicable law (including, but not limited to, Section 2 of the German Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG)).

Data subject rights

Unless otherwise provided for by applicable law, you may have the right to:

  • access and receive a copy of your data;
  • rectification of your data;
  • erasure of your data;
  • limit the processing of your data;
  • object to the processing of your data;
  • data portability;
  • lodge a complaint with the supervisory authority.

Contact for data protection requests

If you wish to exercise your rights, you can contact us at privacy@lci1.com. If you wish to write to our data protection officer in confidentiality, please use the contact details indicated in the section “Data Protection Officer” below.

Data Protection Officer

Our external data protection officer is:
FIRST PRIVACY BV
Naritaweg 127-137
1043 BS Amsterdam
Netherlands

Changes to the privacy policy

We reserve the right to update this privacy notice at any time. This section provides you with information about the privacy statement version history.

Version Date
Version 2.0 July 2023