Information on data protection
General information
We take data protection and confidentiality very seriously and adhere to the provisions of the EU General Data Protection Regulation (GDPR) as well as current national data protection regulations. Please read this data protection information carefully before submitting a report.
Responsible party and data protection officer
The whistleblowing system is centrally offered to all subsidiaries of the entire Erwin Hymer Group SE. The party responsible for the whistleblowing system is
Erwin Hymer Group SE
Holzstr. 19
D-88339 Bad Waldsee
Telephone: +49 7524 999 9342
Email address: compliance@erwinhymergrpup.com
If you have questions or comments about data protection (such as access or updates to your personal data), you can also contact our data protection officer.
Stefan Fischerkeller
DDSK GmbH
Dr.-Klein-Str. 29; D-88069 Tettnang
Telephone: +49 7542 949 21 00
Email address: datenschutz@erwinhymergroup.com
Processing scope
Types of information and categories of involved persons
The whistleblowing system is designed such that it is unnecessary to collect your information as a whistleblower. You can also submit reports without naming the persons involved. This is recommended in particular if you do not wish to share your name with us and sharing this information could allow your identity to be guessed. If you submit a report via the whistleblowing system that references individual persons and allow yourself to be identified in this way, we process the following personal data and information:
- Your first and last name
- Whether you are employed by Erwin Hymer Group SE
- Whether you are employed by a service provider, supplier or other business partner
- Potentially the names of persons and other personal data concerning persons named by you in your report
Purpose and legal basis for the processed data
Purpose within the scope of a legitimate interest (ours or a third party’s) (Art. 6(1)(f) GDPR)
The whistleblowing system serves for securely and confidentially receiving, processing and managing reports of violations against laws, legal regulations and our internal policies.
The processing of personal data within the framework of the whistleblowing system is based on the legitimate interest of our company in discovering and preventing malpractice and thereby preventing damage to Erwin Hymer Group SE, all affiliated companies, employees and customers.
Purpose within the scope of your consent (Art. 6(1)(a) GDPR)
The whistleblowing system is offered as an additional option for submitting reports. When you submit a report via the whistleblowing system, you can voluntarily choose to share your personal data:
- Your name
- Potentially whether you are employed by Erwin Hymer Group SE
This consent can be revoked in writing at any time with effect for the future without specifying reasons. The revocation must be directed by email to: compliance@erwinhymergroup.com. Refusing or revoking this consent will not result in any disadvantages for you. The legality of the data processing that has taken place prior to the revocation remains unaffected.
Processing of reports
To protect the integrity and confidentiality of your reports, Erwin Hymer Group SE uses a web-based system from EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin, Germany.
Personal data and information entered into the whistleblowing system are saved in a database operated by EQS Group GmbH in a high-security data centre. Only the Group Compliance Officer and the head of the Legal department have access to the data. EQS Group GmbH and other third parties do not have access to the data. This is ensured by extensive technical and organisational measures within the certified process.
All data are encrypted and saved with multi-level password protection so that access is limited to a very small number of people, consisting exclusively of the authorised persons named above.
Processing of your reports
Incoming reports are exclusively received by the Group Compliance Officer of Erwin Hymer Group SE and always handled confidentially. The Group Compliance Officer of Erwin Hymer Group SE evaluates the issue and carries out further investigations on a case-by-case basis, possibly in cooperation with the head of the Legal department.
Recipients and sharing of data
As part of the processing of a report or a special investigation, it can be necessary to share information with additional employees of Erwin Hymer Group SE or employees of other group companies as well as investigative authorities, such as if the reports refer to incidents at subsidiaries. The latter may be based in countries outside the European Union or the European Economic Area (e.g. Great Britain), which may have different regulations about the protection of personal data. We will always ensure that the applicable data protection regulations are complied with when sharing reports.
All persons who receive access to the data are obligated to maintain confidentiality.
Processing of data and information about the accusedWe are legally obligated to inform accused parties of any reports received against them as soon as the disclosure of this information no longer jeopardises the investigation. The basis for this is Art. 14(5)(b) GDPR, according to which the information does not have to be shared if it would at least seriously impede realisation of the processing objectives. Your identity as a whistleblower will not be disclosed unless we are legally bound to do so.
Use of the whistleblowing portal
Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and the whistleblowing system, a cookie is stored on your computer that merely contains the session ID (a so-called session cookie). The cookie is only valid until the end of your session and expires when you close your browser.
Setting up a postbox
You can set up a secured postbox with your pseudonym/user name and password of choice in the whistleblowing system. This allows you to send reports to the respectively responsible employee of Erwin Hymer Group SE or subsequently the examiner of the report either by name or in an anonymous, safe way. In this system, data are stored exclusively in the whistleblowing system and are thus especially secure; this is not a regular form of email communication.
Notes on sending attachments
When you submit the report or additional information, you have the option of sending attachments to the Group Compliance Officer of Erwin Hymer Group SE or subsequently to the examiner of the report. If you submit a report without sharing your personal data, please note the following security advice:
Files can contain hidden personal data that could reveal your identity. Remove such data before sending. If you are unable to remove these data or are uncertain about how to do so, copy the text of your attachment into your report text or send the printed document confidentially to the address listed in the footer, citing the reference number received at the end of the reporting process.
Consequences of not sharing personal data
Sharing of your personal data is fundamentally not required. If you do not disclose your personal data or data concerning the accused, Erwin Hymer Group SE will be unable to draw conclusions concerning your identity. Processing of your report is therefore also possible without personal data.
Retention periods
Personal data are retained for as long as necessary to clarify the situation and perform a final assessment or for as long as a legitimate interest exists on the part of the company or retention is required by law. After the report processing is concluded, the data will be deleted in accordance with statutory requirements.
If a report cannot be conclusively resolved, it will be further maintained within the whistleblowing system (depending on the quality of the report). If any personal data is involved, your data will be removed from the report in this case.
Your rights as data subject
You have the right to access to personal data concerning you. You can contact us at any time with a request for access. In the event of an access request not made in writing, we ask for your understanding that we may need to request verification from you proving that you are the person you claim to be.
You also have a right to correction or erasure or to restriction of the processing, if the respective right is granted you by law.
In the case of processing based on consent, this consent can be revoked at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Finally, you have a right to object to the processing within the scope of the legal provisions. Please direct any objections to: compliance@erwinhymergroup.com
A right to data portability also exists within the framework of data protection law. You also have the right to lodge a complaint with a supervisory authority.