Privacy Policy
The following data protection information provides you with details of the personal data processed in the whistleblowing system (Art. 4 No. 1 GDPR) as well as the purposes and legal bases on which this processing (Art. 4 No. 2 GDPR) takes place. This information is also used to comply with the data protection information obligations incumbent on those responsible under Articles 12, 13 GDPR when data is collected from the person concerned (in this case the user of the whistleblowing system).
Information according to Art. 13 GDPR
Identity of the person responsible according to Art. 4 Nr. 7 GDPR
The data protection of the whistleblowing system is taken over by the
Lowell Financial Services GmbH, Am EUROPA-CENTER 1b, 45145 Essen,
in joint responsibility with the following companies:
- Deutsche Multiauskunftei GmbH, Am EUROPA-CENTER 1b, 45145 Essen
- GFKL Collections GmbH, Berliner Str. 93, 40880 Ratingen
- GFKL PayProtect GmbH, Am EUROPA-CENTER 1b, 45145 Essen
- INKASSO BECKER Wuppertal GmbH & Co. KG, Friedrich-Engels-Allee 32, 42103 Wuppertal
- Lowell Digital Hub GmbH, Hardenbergstraße 32, 10623 Berlin
- Lowell Group Management GmbH, Hörlgasse 12/15, A-1090 Wien
- Lowell Holding GmbH, Am EUROPA-CENTER 1b, 45145 Essen
- Lowell Inkaso Servis d.o.o., Zupanijska 21, HR-31000 Osijek
- Lowell Inkasso Service GmbH, Regensburger Straße 3, A-4020 Linz
- Lowell Inkasso Service GmbH, Bahnhofstraße 14, CH-9424 Rheineck
- Lowell Service Center GmbH, Scheuten-Solar-Straße 1, 45881 Gelsenkirchen
- Proceed Collection Services GmbH, Am EUROPA-CENTER 1b, 45145 Essen
- Sirius Inkasso GmbH, Berliner Str. 93, 40880 Ratingen
- Tesch Inkasso Finance GmbH, Berliner Str. 93, 40880 Ratingen
- Tesch Inkasso Forderungsmanagement GmbH, Ahlefelder Str. 51, 51645 Gummersbach
- Tesch Service GmbH, Ahlefelder Str. 53, 51645 Gummersbach
- Zyklop Inkasso Deutschland GmbH, Berliner Str. 93, 40880 Ratingen
Towards you as a user of the portal, we, Lowell Financial Services GmbH, assume in the internal relationship of joint responsibility also for the above-mentioned companies the fulfilment of rights of affected persons, in particular according to Art. 12-21 GDPR.
However, under Art. 26 (3) GDPR, they are free to assert these rights also against the co-responsible party.
Data protection officer
The data protection officer of Lowell Financial Services GmbH assumes the tasks for all companies involved on the basis of internal regulations and can be contacted by post at Lowell Financial Services GmbH, data protection officer, Am Europa-Center 1b, 45145 Essen or by e-mail at datenschutz@lowellgroup.de.
Categories of personal data processed:
The use of the whistleblowing system is voluntary. The processing of the reports is always carried out in strictest confidentiality!
If you submit a report via the whistleblowing system, we collect the following personal data and information:
- name (if you disclose your identity)
- relationship with Lowell (if you disclose it)
- other personal data of the persons mentioned in the notification (e.g. name, position)
The IP address of your computer is not saved while you are using the whistleblowing portal.
Processing purposes
The collection of personal data and its processing by Lowell Financial Services GmbH pursues the following purposes:
- Reception, processing and administration of notices of violations of legal regulations for the protection of fair competition, employee protection and other compliance regulations (e.g. StGB, AGG)
- Reception, processing and administration of notices of breaches of Lowell Group internal compliance rules by employees
- operation of a warning system
- fulfilment of legal obligations to provide information, notification, disclosure and retention
Information on data origin
Personal data about the data subject is collected from the data subject or whistleblower (user of the whistleblowing system).
Legal basis of the processing
Possible legal bases for the processing are:
- Art. 6 I lit. f) GDPR as far as the detection and prevention of abuses and thus the prevention of damage to Lowell, its employees and customers is concerned.
Criteria for storage duration
Personal data are processed until the collection or - in the case of further processing - the further processing purpose is fully achieved. If the purpose is fully achieved, the data will be deleted. The data controller also has a checking and deletion concept which ensures that the deletion obligations are checked regularly.
Recipients of personal data
- special employees (close circle of expressly authorised and specially trained employees of the compliance organisation of Lowell Financial Services GmbH)
in case of need and as far as the processing of the notification requires, in strictest confidentiality and in compliance with data protection regulations:
- other employees of Lowell Financial Services GmbH or employees of other group companies (e.g. if the references refer to transactions in subsidiaries), these may also be based in Austria, Switzerland or Croatia
- representatives of legal and tax advisory professions
- authorities, in particular courts, public prosecutors
- detectives
Your rights as data subject
- right of access, rectification, erasure, restriction of processing and transferability of data
- Right to object to processing operations based on the legitimate interests of the controller or a third party (Art. 6 I lit. f) GDPR)
Right of appeal in data protection matters to a supervisory authority
According to Art. 77 GDPR, you have the right to complain to a supervisory authority in matters of data protection if you believe that your personal data is being processed unlawfully. The address of the supervisory authority responsible for our company is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4,
40213 Düsseldorf
https://www.ldi.nrw.de/metanavi_Impressum/
Further data protection information
Encryption / Use of cookies
- The communication between your computer and the whistleblowing system takes place via an encrypted connection (SSL).
- To maintain the connection between your computer and the whistleblowing system, a cookie is stored on your computer which only contains the session ID (so-called null cookie). The cookie is only valid until the end of your session and becomes invalid when you close your browser.
Entries via the whistleblowing portal
With the whistleblowing portal we offer the possibility for the whistleblower to contact us.
The following data is collected in a structured manner (selection): consent to provide the name; country in which the incident occurred; relationship with our company; other notification; involvement of managers; duration/duration of the incident (including time details); pseudonym/user name and password (secured postbox)
The following data is recorded in an unstructured way (free text field): subject; name; description of the incident; country in which the incident occurred; company affected; division/department affected; relationship to the company; information on other notificating/involvement of managers
Use of the whistleblowing portal
It is possible to set up a secured postbox in the whistleblowing system using a self-selected pseudonym/user name and password. In this way you can send reports to the responsible employee of Lowell Financial Services GmbH by name or anonymously and securely. With this system, the data is stored exclusively in the whistleblowing system and is therefore specially secured; it is not a normal e-mail communication.
Notes on sending attachments
When submitting a declaration or sending a supplement, you have the possibility to send attachments. If you wish to submit a report anonymously, please note the following security advice:
Files may contain hidden personal data that could endanger your anonymity. Please remove this data before sending. If you are unable to remove this data or are unsure, copy the text of your attachment to your message text or send the printed document anonymously to the address listed in the footer, quoting the reference number you will receive at the end of the message process.
Information to the accused person
According to Art. 14 GDPR, we are obliged to inform the accused persons that we have received a tip about them as soon as this information no longer jeopardises the follow-up of the tip. The identity of the whistleblower will not be disclosed - as far as legally permissible.
Whistleblowing portal
The whistleblowing system - the certified BKMS® Compliance Systems - is operated by a specialised company, EQS Group GmbH, Karlstraße 47, 80333 Munich in Germany, on behalf of Lowell within the scope of an order processing pursuant to Art. 28 GDPR.
Personal data and information entered into the whistleblowing system are stored in a database operated by EQS Group GmbH in a high-security data centre. Access to the data is only possible for Lowell. EQS Group GmbH and other third parties have no access to the data. This is guaranteed in the certified procedure by comprehensive technical and organisational measures.
All data is encrypted and stored with multi-level password protection and is subject to an authorisation concept, so that access is restricted to a very narrow circle of explicitly authorised persons at Lowell.