Privacy policy
We take data protection and confidentiality very seriously and adhere to the provisions of the General Data Protection Regulation (GDPR) as well as current national data protection regulations. Please read this information on data protection carefully before submitting a report.
Data controller and data protection officer
The controller responsible for data collection and processing via the complaints system is:
Samsung Electronics Holding GmbH
Am Kronberger Hang 6
65824 Schwalbach / Ts.
Germany
Email: Dataprotection.seg@samsung.com
You can reach the Samsung Electronics GmbH data protection officer at:
European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 1000 Hillswood Drive
Chertsey, Surrey KT16 0PS
United Kingdom
Email: Dataprotection@samsung.com
The complaints system is operated by a specialised company, EQS Group GmbH, Karlstraße 47, D-80333 Munich in Bavaria, Germany, on our behalf.
Personal data
Personal data and information entered into the complaints system are stored in a database of a high security data centre operated by EQS Group GmbH. Only Samsung has access to the data. EQS Group GmbH and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organisational measures.
All data are stored encrypted with multiple levels of password protection according to a system of permissions so that access is restricted to a very small selection of expressly authorised persons.
Purpose and legal basis of the complaints system
The complaints system (BKMS® System) serves for securely and confidentially receiving, processing and managing reports of human rights and environmental risks and violations of human rights of environmental obligations under the German Supply Chain Act (Lieferkettensorgfaltsgesetz – LkSG). We will process your personal data if it is necessary to fulfil legal obligations (Art. 6(1) lit. c GDPR).
Furthermore, your personal data will be processed if it is necessary for the protection of overriding legitimate interests of Samsung or a third party (Article 6(1) lit. f GDPR). The legitimate interest in the processing of personal data lies in the fulfilment of legal obligations. There is a legal obligation to set up a complaints procedure in accordance with Section 8 of the German Supply Chain Act.
Type of collected personal data
Use of the complaints system and disclosure of personal data takes place on a voluntary basis. We collect the following personal data and information when you submit a complaint using the complaints system:
- Your name, if you choose to reveal your identity
- Whether you are employed at Samsung
- The names and other personal data of persons whom you list in your report, if applicable
- The information you enter via the platform.
Confidential handling of reports
Incoming complaints are received by a small selection of expressly authorised and specially trained members of the Risk Management Team of the group of companies and always handled confidentially. The employees of the Risk Management Team evaluate the matter and carry out any further investigation that may be required by the specific case.
While processing a report or conducting a special investigation, it may be necessary to share reports with additional employees of other group companies, e.g. if the reports refer to incidents in subsidiaries. These subsidiaries may be based in countries outside the European Union or the European Economic Area with different regulations concerning the protection of personal data. We always ensure that the applicable data protection regulations are complied with when sharing reports.
All persons who receive access to the data are obligated to maintain confidentiality.
Informing individuals named in the report
We are legally obliged to inform parties named in reports that we have received a complaint against them as soon as the disclosure of this information no longer jeopardises the investigation. Your identity as a complainant will not be disclosed unless we are legally bound to do so.
Rights of the data subjects
Pursuant to European data protection legislation, you and the persons named in the report have a right of access, rectification, erasure and restriction of processing and a right to object to the processing of your personal data. If the right to object to the processing of the personal data is exercised, the necessity of the stored data for the examination of a report will be evaluated immediately. Data that are no longer needed will be erased without undue delay. You also have the right to lodge a complaint with the supervisory authority.
Retention period for personal data
Personal data are retained for as long as necessary to clarify the situation and perform a final assessment or for as long as a legitimate interest exists on the part of the organisation or retention is required by law. After the report processing is concluded, the data will be erased in accordance with statutory requirements.
Use of the complaints system
Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and the BKMS® System, a cookie is stored on your computer that merely contains the session ID (a session cookie). This cookie is only valid until the end of your session and expires when you close your browser.
It is possible to set up a secured postbox within the complaints system with an individually chosen pseudonym/ user name and password. This allows you to send reports to the respectively responsible employee either by name or in an anonymous, safe way. This system only stores data inside the complaints system, which makes it particularly secure. It is not a form of regular e-mail communication.
Note on sending attachments
When submitting a report or an addition, you can simultaneously send attachments to the responsible employee. If you wish to submit an anonymous report, please take note of the following security advice: Files may contain hidden personal data that could jeopardise your anonymity. Please remove all such information before sending a file. If you are unable to remove such data or are uncertain about how to do so, copy the text of your attachment into your report text or send the printed document anonymously to the postal address listed in the footer, citing the reference number received at the end of the reporting process.
Version: 27 November 2023