Data protection policy
1. Name and contact details of the data controller
Dreßler Bau GmbH
Gabriel-Dreßler-Straße 7
63741 Aschaffenburg
1.1 Name of the company data protection officer
PRIOLAN GmbH
Lise-Meitner-Straße 12
74074 Heilbronn
You can reach our external data protection officer, Mr Ulrich Jahnke, at the above address or by email at datenschutz@dressler-bau.de
2. EQS Group
Purpose of the whistleblower system and its legal basis
The whistleblower system is used to receive, process and manage information on violations of the compliance/conduct guidelines of Dreßler Bau GmbH and its subsidiaries (hereinafter referred to as “Dreßler”) in a secure and confidential manner. The processing of personal data within the framework of the whistleblower system is based on the legitimate interest of Dreßler to detect and prevent any instances of wrongdoing and thus to prevent the occurrence of damage to Dreßler, its employees and its customers. The legal basis for this processing of personal data is Article 6 (1) S. 1 Letter f GDPR. In addition, the use of the whistleblowing system (or parts thereof) may be based on a legal obligation of Dreßler (e.g. the national implementation laws of the EU Whistleblowing Directive). The legal basis for these cases is Art. 6 (1), S. 1 Letter c GDPR in conjunction with the respective legal obligation.
The whistleblower system is operated by a specialised company, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin in Germany, on behalf of Dreßler.
Any personal data and information entered into the whistleblower system is stored in a database operated by EQS Group GmbH in a high-security data centre. Only Dreßler is allowed to inspect the data. EQS Group GmbH and other third parties have no access to the data. This is guaranteed in a certified procedure by way of comprehensive technical and organisational measures.
All data is encrypted and stored with multi-level password protection, so that access is restricted to a very narrow circle of expressly authorised persons within Dreßler.
Type of personal data collected
The use of the whistleblower system is done so on a voluntary basis. When you submit a report through the whistleblower system, we collect the following personal data and information:
- Your name, if you disclose your identity,
- Whether you are employed by Dreßler and
- If applicable, the names of individuals, as well as other personal data of the individuals you name in your notification.
Confidential treatment of information
Incoming information is received by a narrow circle of expressly authorised and specially trained employees of Dreßler, and is always treated confidentially. The employees of Dreßler examine the facts of the case and, if necessary, carry out a further case-related clarification process pertaining to said facts.
In the course of processing a report, or during a special investigation, it may be necessary to pass on information to other employees of Dreßler or other employees who have a relationship with Dreßler. The latter can also operate in countries outside the European Union or the European Economic Area, where different personal data protection apparatus may exist. We always ensure that the relevant data protection regulations are complied with when forwarding information.
Any person who gains access to the data is obligated to maintain confidentiality.
Notification of the individual subject to accusation
We are, in principle, legally obligated to notify the accused persons that we have received a tip-off about them as soon as this information no longer jeopardises the scope for action when following-up on the tip-off. Your identity as a whistleblower will not be disclosed – as far as legally permissible.
Use of the whistleblower system
Communication between your computer and the whistleblower system takes place via an encrypted connection (SSL). The IP address of your computer is not stored during the use of the whistleblowing system. To maintain the connection between your computer and the whistleblower system, a cookie is stored on your computer that only contains the session ID. The cookie is only valid until the end of your session and becomes invalid when you close the browser.
You have the option of setting up a protected mailbox in the whistleblower system with a pseudonym/user name and password of your own choice. In doing so, you can send messages securely to the responsible Dreßler employee by name (or in anonymous form). With this system, the data is stored exclusively in the whistleblower system and thus enjoys a particularly high level of security; it does not fall within the parameters of ordinary email communication.
Notes on sending attachments
When submitting a notification or sending an attachment, you have the option of sending attachments to the responsible Dreßler employee. If you wish to submit a report anonymously, please note the following security advice: Files may contain hidden personal data that could jeopardise your anonymity. Remove this data before sending any attachments. If you are unable to remove this data or are unsure, copy the text of your attachment to your message text or send the printed document anonymously to the address listed in the footer, quoting the reference number you receive at the end of the messaging process.
In the data protection declarations of EQS Group you will receive further information on the type and scope of data processing. You can obtain further rights, setting options and other information on the protection of your data at: https://www.eqs.bkms-system.com/datenschutzhinweise
3. Data subjects’ rights
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been (or will be) disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, as well as on the existence of an automated decision-making process – including profiling – and, if applicable, meaningful information on the details of such decision-making process;
- correct otherwise incorrect data or supplement personal data without delay in accordance with Art. 16 GDPR as stored by us;
- demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with statutory obligations, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR;
- in accordance with Art. 20 GDPR, you can request that your personal data that you have provided to us be made available in a structured, common and machine-readable format, or you can request its transfer to another controller;
- in accordance with Art. 7 (3) GDPR, you can revoke your consent given to us at any time. This entails the consequence that we may no longer continue the data processing based on this consent in the future, and
- you may register a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
If you would like to make use of your data protection rights, please send an email to datenschutz@dressler-bau.de
4. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) Sentence 1 Letter f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation, or the objection is directed against direct advertising. Should the latter apply, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you wish to exercise your right of revocation or objection, it is sufficient to send an email to datenschutz@dressler-bau.de
5. Topicality of (and amendments to) this data protection policy
Due to the continuous development of our website and the offers it contains, or due to amended legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection policy at any time on the website at https://www.dressler-bau.de/res/upload/Data-protection-policy-643.pdf.
This data protection policy is currently valid as of September 2021.
Data protection information on the duty to inform:
https://www.dressler-bau.de/res/upload/Data-protection-information-on-the-duty-to-inform-0.pdf
