Home - BKMS System

Data protection information

The protection of personal data is very important to the Evangelical Church in Germany (EKD). It has therefore taken technical and organisational precautions to ensure that the EKD and the service providers it commissions comply with the statutory provisions. We use your data exclusively within the framework of the Church Law on Data Protection of the Evangelical Church in Germany (DSG-EKD), which implements the provisions of the General Data Protection Regulation of the European Union (GDPR) within Protestant churches. Please read this information on data protection law carefully before submitting a report.

Responsible party and data protection officer

The party responsible for data protection in the whistleblowing system is:

Reporting office in accordance with the Whistleblower Protection Act
Evangelical Church in Germany (Evangelische Kirche in Deutschland – EKD)
EKD Church Office
Herrenhäuser Straße 12
30419 Hannover, Germany
+49 (0) 511 - 2796 - 236

www.bkms-system.com/EKD

The EKD Church Office has appointed a local data protection officer. Inquiries regarding data protection can be sent to datenschutz-kirchenamt@ekd.de.

The whistleblowing system is operated by a specialised company, EQS Group GmbH, Karlstraße 47, D-80333 Munich in Bavaria, Germany, on our behalf.

Personal data

Personal data and information entered into the whistleblowing system are stored in a database of a high security data centre operated by EQS Group GmbH. Our organisation alone can see the data. EQS Group GmbH and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organisational measures.

All data are stored encrypted with multiple levels of password protection according to a system of permissions so that access is restricted to a very small selection of expressly authorised persons.

Purpose and legal basis of the whistleblowing system

The whistleblowing system (BKMS^® System) serves for securely and confidentially receiving, processing and managing reports concerning compliance and legal violations. We will process your personal data if it is necessary to fulfil legal obligations.

The legal bases for the processing of personal data are Section 10 of the Whistleblower Protection Act (HinSchG) in conjunction with Section 6(1) DSG-EKD. Section 6(1) DSG-EKD stipulates that data processing is only lawful if a legal provision authorises or orders the processing of personal data. The relevant legal provision in this case is Section 10 HinSchG. In accordance with Section 10 HinSchG, the reporting offices are authorised to process personal data insofar as this is necessary to fulfil the tasks specified in Sections 13 and 24 HinSchG. In addition, the processing of specific categories of personal data is also permitted if this is necessary for the fulfilment of their tasks. In this case, the reporting offices must take specific and appropriate measures to protect the interests of the data subjects. We have a legitimate interest in the processing of personal data for preventing and discovering violations within the organisation, for checking the lawfulness of internal processes and protecting the integrity of the organisation.

Type of collected personal data

Use of the whistleblowing system is voluntary. We collect the following personal data and information when you submit a report using the whistleblowing system:

your name, if you choose to reveal your identity,
whether you are employed at our organisation, and
the names and other personal data of persons whom you list in your report, if applicable.

Confidential handling of reports

Incoming reports are received by a small selection of expressly authorised and specially trained employees and always handled confidentially. The employees evaluate the matter and carry out any further investigation that may be required by the specific case.

During the processing of a report or the conducting of a special investigation, it may become necessary to disclose reports to additional employees of our organisation or employees of the affiliated member churches or member church institutions. We always ensure that the applicable data protection regulations are complied with when sharing reports.

All persons who receive access to the data are obligated to maintain confidentiality.

Information about the accused party

We are legally obliged to inform accused parties of any reports received against them as soon as the disclosure of this information no longer jeopardises the investigation. Your identity as a whistleblower will not be disclosed unless we are legally bound to do so.

Access, rectification, blocking, erasure

You may contact us free of charge if you have any questions about the collection, processing or use of your personal data and its rectification, blocking and erasure. We would like to point out that you have the right to rectification of incorrect data or erasure of personal data if this right does not contradict a retention period.

Appeal to the data protection officer

Any person may contact the responsible data protection officer if they believe that their rights have been violated during the collection, processing or use of their personal data by church bodies. This only applies to the collection, processing or use of personal data by church courts if they are acting in their own capacity as administrative bodies.

Nobody shall be disciplined or penalised for reporting facts that are likely to raise suspicion that the Church Data Protection Act or another legal provision on data protection has been violated. Employees of church bodies do not have to use the official channels to report to the data protection officer.

You can reach the supervisory authority at:

The EKD Data Protection Officer
Lange Laube 20
30159 Hannover, Germany
Telephone: + 49 (0)511 768128-0
Fax: + 49 (0)511 768128-20
Email: info@datenschutz.ekd.de

Retention period for personal data

The data retention period is based on the storage and cassation guidelines (https://www.kirchenrecht-ekd.de/document/3432) in conjunction with the EKD Archive Act (https://www.kirchenrecht-ekd.de/document/7636).

Use of the whistleblowing system

Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and the BKMS^® System, a cookie is stored on your computer that merely contains the session ID (a session cookie). This cookie is only valid until the end of your session and expires when you close your browser.

It is possible to set up a secured postbox within the whistleblowing system with an individually chosen pseudonym / user name and password. This allows you to send reports to the respectively responsible employee either by name or in an anonymous, safe way. This system only stores data inside the whistleblowing system, which makes it particularly secure. It is not a form of regular e-mail communication.

Note on sending attachments

When submitting a report or an addition, you can simultaneously send attachments to the responsible employee. If you wish to submit an anonymous report, please take note of the following security advice: Files may contain hidden personal data that could jeopardise your anonymity. Please remove all such information before sending a file. If you are unable to remove such data or are uncertain about how to do so, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the footer, citing the reference number received at the end of the reporting process.

Version: 08 November 2023

Accessibility statement

The EKD endeavours to make its websites and mobile applications accessible in compliance with the Federal Act on Barrier-Free Access to Federal Websites and Mobile Applications (Web Accessibility Act – WZG) BGBl. I. No. 59/2019 as amended.

This statement applies to: https://www.bkms-system.com/EKD

Status of compatibility with the requirements

This web application has been WACA certified on behalf of EQS Group GmbH (now EQS Group GmbH) and has been awarded the WACA certificate version WCAG 2.1 – AA in Silver on 30 November 2023. The ‘Web Content Accessibility Guidelines – WCAG 2.1’ conformance level AA has therefore been fulfilled to a very high degree. All content and functionalities are accessible to all users. Optional extended functionality is also generally accessible but some users may find that these features cannot be operated in an ideal manner. These features are subject to continuous review and improvement by the EQS Group GmbH.

The following is a summary of the issues that prevented a ‘Gold Certification’ (WCAG 2.1 – AA in Gold):

Page 1 ‘Introduction’

The quote is shown as a div element, which is not a standard quote field. However, it should not restrict accessibility.
The image of the person does not have any descriptive alternative text for the quote. However, this should not significantly restrict accessibility since this would be non-essential information relating to the personal details in the quote text.
The pre-selection of country and language is not optimal but does not restrict accessibility.
Specifying the customer’s name in the page title would be better according to the evaluation.
Depending on the country which is selected, the language parameters are adjusted in the HTML lang attribute (e.g. de-AG, de-AF), which is not ideal. Ideally, the language parameters should remain as de-DE on a German webpage. However, no real effects were noticeable in the review.

Page 2 ‘Security page’

No complaints.

Page 3 ‘Category page’

No complaints.

Page 4 ‘Report page’

No complaints.

Page 5 ‘Set up a postbox’

No complaints.

Page 6 ‘Print view’

No complaints.

Page 7 ‘Do not set up a postbox’

No complaints.

Page 8 ‘Overview of postbox’

No complaints.

Page 9 ‘Communication step view’ (postbox area)

No complaints.

Page 10 ‘Send addition’ (postbox area)

When sending an addition after submitting a report, a text field needs to be completed again, which is marked with a star denoting a required field. It is not possible to submit an addition with the field empty. The informative nature of the error message has been assessed as suboptimal here; however, thanks to the required field stars, the attributes “required” and “aria” are largely sufficient.

Preparation of the accessibility statement

This statement was prepared on 09 November 2023.

The statement was prepared based on an evaluation carried out by a third party.

This statement was last reviewed on 21 February 2023.

Feedback and contact details

Should you find any deficiencies relating to compliance with the accessibility requirements, please contact:

Reporting office in accordance with the Whistleblower Protection Act
Evangelical Church in Germany (Evangelische Kirche in Deutschland – EKD)
EKD Church Office
+49 (0) 511 - 2796 - 236

We will then deal with your request internally and take the necessary steps.

Reporting office of the Evangelical Church in Germany (Evangelische Kirche in Deutschland - EKD) in accordance with the Whistleblower Protection Act

Confidential submission of reports in accordance with the Whistleblower Protection Act