Privacy policy
The Office of the Nuremberg Attorney General processes your personal data in accordance with statutory procedures. Personal data is, for example, information about your identity as well as circumstances associated with you. We observe the highest security standards when collecting, storing, transmitting and otherwise processing your data. With the following information, we would like to inform you about:
- who you can contact to exercise your rights or if you have questions regarding data protection
- The legal basis on which we process your personal data
- how we handle your personal data
- the rights you have under data protection law in relation to the judiciary.
The laws referred to in this privacy policy can be found online at http://www.gesetze-im-internet.de (Federal Law), http://www.gesetze-bayern.de (Bavarian Sate Law) and http://eur-lex.europa.eu/ (European Union Law) in their currently applicable versions.
Responsible parties
Your personal data will be processed by the
Office of the Nuremberg Attorney General
Bayerische Zentralstelle zur Bekämpfung von Betrug und Korruption im Gesundheitswesen (Bavarian Central Office for Combating Fraud and Corruption in the Healthcare Sector)
Südliche Fürther Str. 20
90429 Nuremberg
Email: poststelle@gensta-n.bayern.de
Phone: +49 (0)911/321-2601
There is a designated person responsible for data protection who you can contact if you have any questions regarding data protection law:
Chief Public Prosecutor Dr. Popp
Email: datenschutzbeauftragter@gensta-n.bayern.de
Phone: +49 (0)911/321-2601
This person is exclusively responsible for matters relating to data protection law. This person cannot provide you with any information on the proceedings conducted at the Office of the Nuremberg Attorney General and cannot give you any legal advice.
The web server of the whistleblowing system is on behalf of the Office of the Nuremberg Attorney General operated by a specialised company based in the Federal Republic of Germany, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin. Personal data and information entered into the whistleblowing system is stored in a database operated by EQS Group GmbH in a high-security data centre. The data can be accessed by the Bavarian Central Office for Combating Fraud and Corruption in the Healthcare Sector (ZKG), which is located at the Office of the Nuremberg Attorney General. EQS Group GmbH and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organisational measures.
All data is stored in an encrypted manner with multiple levels of password protection according to a system of permissions so that access is restricted to a very small selection of expressly authorised persons at ZKG.
Type of personal data collected
Use of the whistleblowing system takes place on a voluntary basis. If you submit a report via the whistleblowing system, we collect the following personal data and information:
- Your name, if you choose to reveal your identity
- The names of the companies you have informed us of, if applicable
- The names and other personal data of persons whom you list in your report, if applicable
Purpose of data processing and legal bases
The judiciary has extensive responsibilities. Our proceedings involve almost every conceivable situation in life. Your personal data is only processed where it is necessary for the performance of the tasks of the judiciary or the fulfilment of legal obligations or if you have expressly provided your consent for this.
The legal basis of the data processing procedures related to the performance of the tasks and powers of the organs of the administration of justice is primarily the applicable provisions of the respective rules of procedure (such as the Code of Criminal Procedure), as well as Article 4(1) of the Bavarian Data Protection Act and Article 6(1)(e) of the General Data Protection Regulation (GDPR). Special categories of personal data (e.g. healthcare data) are processed by us on the basis of Article 9(2)(f) GDPR and the respective legal bases to the extent that this is necessary within the scope of our judicial work. Furthermore, the Bavarian Data Protection Act applies to Bavarian judiciary.
Once the procedure is completed, the data may be processed to fulfil other legal obligations, e.g. in order to comply with legal storage obligations.
For purposes other than those mentioned, your personal data will only be processed if there is a legal basis for the respective data processing, for example to perform the task of another authority or if you have expressly agreed to this further processing in advance.
Confidential handling of reports
The judiciary discloses your personal data to its employees and third parties only on the basis of statutory provisions or if you have expressly agreed to this.
a) Within the judiciary, only persons who are entrusted with conducting the proceedings or, after their conclusion, with managing and safekeeping the case files in which your data is relevant to the procedure will be given access to your personal data. These are, for example, the public prosecutors who have to make a decision in the respective proceedings, as well as the employees of the service units that support them.
We use IT-supported specialist procedures (software) into which your data are entered to carry out our tasks. In doing so, we also work with other bodies of the state administration on a statutory basis who process personal data on our behalf. Your personal data will be disclosed to them where necessary.
For proceedings in which costs are incurred, we may transmit your data to the Bamberg state judicial treasury as required so that it can carry out its task of recovering judicial costs.
Personal data will only be transmitted to other authorities of the Bavarian judiciary where it is necessary for the fulfilment of our or their legal duties.
b) We transmit personal data to bodies outside the judiciary in individual cases where it is necessary for the fulfilment of our or their legal duties, such as to:
- Persons involved in the procedure in which your personal data was collected where this is necessary for the execution of the procedure;
- Persons to be consulted in proceedings according to the respective rules of procedure, for example experts or interpreters. Your personal data will be disclosed to witnesses where necessary for the execution of the procedure;
- Other authorities of the Bavarian judiciary where necessary for the fulfilment of their duties;
- Authorities for the fulfilment of our or their legal duties, e.g. to immigration and security authorities;
- Other persons in proceedings concerning the registers kept by the judiciary, such as the commercial register and the land register, in accordance with the provisions applicable thereto, or other persons who are entitled to inspect the files or receive information according to the respective rules of procedure.
Use of the whistleblowing system
Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and BKMS® System, a cookie is stored on your computer that only contains the session ID (session cookie). This cookie is only valid until the end of your session and expires when you close your browser.
It is possible to set up a secured postbox within the whistleblowing system with an individually chosen pseudonym/user name and password. This allows you to send reports to the public prosecutor responsible either by name or in an anonymous, safe way. This system only stores data inside the whistleblowing system, which makes it particularly secure. It is not a form of regular email communication.
Note on sending attachments
When submitting a report or an addition, you can simultaneously send attachments to the responsible public prosecutor. If you wish to submit an anonymous report, please take note of the following security advice:
Files may contain hidden personal data that could jeopardise your anonymity. Please remove all such information before sending a file. If you are unable to remove this data or are uncertain about how to do so, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the footer, citing the reference number received at the end of the reporting process.
Retention period of personal data
Personal data collected within the scope of a procedure are included in the case files. The storage periods for the case files comply with the retention regulation. The retention periods vary depending on the requirements of the different proceedings.
Your rights as a data subject in relation to the Bavarian judiciary
In order to protect your personal data effectively, the data protection law grants you a number of rights that you can assert against the Bavarian judiciary:
a) Right of access, Article 15 GDPR
In accordance with Article 15(1) of the GDPR, you have the right to receive information as to whether or not your personal data is being processed by us. Where this is the case, you are entitled to more information (Article 15(2) GDPR). The right of access is limited by the right of third parties to protect their personal data (Article 15(4) GDPR).
b) Right to rectification, erasure or restriction of processing, Article 16, 17 and 18 GDPR
In accordance with Article 16 of the GDPR, you have the right to request the rectification of inaccurate data and the completion of incomplete data without undue delay, including by means of providing a supplementary statement.
In accordance with Article 17 of the GDPR, you have the right to the erasure of personal data, particularly if the processing of your personal data is not or is no longer permissible. This is the case, for example, when the retention periods for the procedural files concerned have expired, in which case we destroy the files ex officio without being asked to do so anyway.
Under the conditions of Article 18 of the GDPR, you have the right to the restriction of processing of your personal data.
c) Right to object, Article 21 GDPR
In accordance with Article 21 of the GDPR, you have the right (unless a legal obligation to provide certain information is invoked), based on reasons arising from your particular situation, to object to the processing of personal data concerning you. In such case, we may only continue to process your data if there is a compelling reason to do so. A compelling reason may result in particular from laws which require the processing for the enforcement, exercising or defence of legal claims or compel us to continue processing, for example statutory file retention periods or other special statutory regulations.
Should you exercise any of the rights mentioned above, we will check whether the legal requirements for this are met. The aforementioned rights are subject to the respective applicable legal basis in proceedings, particularly the rules of procedure, which may provide for special regulations and restrictions to ensure proper execution of the proceedings and in the interest of the parties to the proceedings.
Your right to lodge a complaint with the state representative for data protection, Article 77 GDPR in connection with Article 20(1) Bavarian Data Protection Act
We take the protection of your personal data seriously. You may contact us at any time with your queries regarding your personal data processed by us. However, you are also welcome to contact the
Bayerischer Landesbeauftragter für den Datenschutz (Bavarian State Representative for Data Protection)
Wagmüllerstrasse 18
80538 Munich
with a complaint. Please note that the state representative for data protection only exercises supervision where the authorities are engaged in administrative matters, i.e. not judicially.
Version: 15 September 2021
