Information sheet on the processing of personal data
We review the protection of personal data and its confidentiality on an ongoing basis. In doing so, we comply with the provisions of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR") as well as national data protection regulations.
Please read this information on data protection carefully before sending a report.
The purpose of the system regarding the reporting of abuses and irregularities ("WHISTLEBLOWING") and its legal basis
The whistleblowing system (BKMS® System) serves to receive and manage reports of actions or omissions at Hochland Romania SRL (hereinafter referred to as "Hochland") that may be considered abusive, immoral or in breach of national or European legal regulations. This includes the illegal acquisition, utilization and betrayal of trade secrets of Hochland. This system ensures a secure and confidential sending of reports.
The processing of personal data through the BKMS® System is based on Article 6(1)(f) of the GDPR and the legitimate interest of the company to detect and prevent irregularities and similar, in order to avert damage to the company, employees and customers.
The organisation responsible for processing personal data
Hochland Romania, in its function as data controller, is the organisation responsible for the processing of personal data within the meaning of the GDPR.
If you have any questions or requests concerning your personal data, please contact the data protection officer appointed by the company:
Hochland Romania SRLStr. N.Titulescu 3A545400 SighișoaraRomania
Email: protectiadatelor@hochland.com
The whistleblowing system is administered by Hochland SE, which is authorised and cooperates with EQS Group GmbH, a company that specialises in this field and has its headquarters in Germany, Berlin, Bayreuther Straße 35, postcode 10789.
The personal data entered in the whistleblowing system is stored in a database operated by EQS Group GmbH in a high-security data centre. The data can only be viewed by Hochland Romania. Neither EQS Group GmbH nor third parties can access this data. This is ensured by a certified process and appropriate technical and organisational measures.
All data is encrypted with multiple levels of password protection. Access to this is limited to a very small circle of specifically authorised recipients of Hochland Romania.
If you have any questions or requests concerning the processing of your personal data, please contact the data protection officer appointed by Hochland Romania using the above-mentioned methods.
Personal data
Use of the whistleblowing system is voluntary. When reports are sent via this system, the following personal data is collected:
- Name, should you choose to disclose your identity*
- Position with Hochland Romania and
- Names of the persons involved and other personal data provided in the report.
*anonymous reports are investigated by the company in so far as they are credible and have sufficient evidence to justify such action. Please take into consideration that these may not be as effective as those coming from named persons.
Confidential management of reports
Only a small circle of specifically authorised and specially trained Hochland Romania employees will be able to access the reports received. The reports are always treated confidentially. These Hochland employees will evaluate the reports and conduct any necessary investigation.
During the resolution phase regarding a report or during a special investigation, it may be necessary to disclose it to other employees of Hochland Romania or employees of Group companies, for example if the report indicates an incident in another Group company, as well as to external legal advisors (e.g. lawyers). Another Group company may be located in a country outside the European Union or the European Economic Area and may therefore be subject to different rules regarding the confidentiality of personal data. We will always ensure that the regulations regarding the confidentiality of data are observed when disclosing reports in the course of the investigation process.
All persons who have access to data are obligated to confidentiality by law, statute and contract.
If it appears necessary to resolve the report or if a legal requirement exists to do so, state authorities, including executive authorities, administrative authorities or courts may gain access to this data.
Information concerning the reported persons
In principle, we are obligated by law to inform the reported persons of the report made, unless this would jeopardise further investigations. To the extent permitted by the nature of the investigation and/or the law, your identity will not be disclosed.
Data subject's rights
Within the limits and conditions set out in the GDPR, you and the persons named in the report may exercise the following rights:
- Access regarding the data in accordance with Article 15 GDPR;
- Rectification of the data in accordance with Article 16 GDPR;
- Erasure of the data in accordance with Article 17 GDPR;
- Restriction of data processing in accordance with Article 18 GDPR;
- Data portability in accordance with Article 20 GDPR;
- Objection to the processing in accordance with Article 21 GDPR;
- To not be subject to a decision based solely on automated processing in accordance with Article 22 GDPR;
If an objection is filed, we will immediately check to what extent the stored data is still required to resolve a report. Data that is no longer required must be immediately erased. In addition, you have the right to lodge a complaint with the national authorities responsible for monitoring and processing personal data. They can be contacted at the following address http://www.dataprotection.ro.
Retention of personal data
Personal data will be retained for as long as it appears necessary to clarify the report made and to evaluate the report, or if the company has a legitimate interest, or if this is required by law. After the report has been resolved, this data will be deleted in accordance with the legal requirements.
Decisions based solely on automated processing of data–profiling
Your personal data will not be the subject of a decision based solely on automated processing.
Use of the whistleblowing portal
Communication between your device and the whistleblowing system takes place only via an encrypted connection. Your IP address will not be stored during your use of the whistleblowing system. To maintain the connection between your device and the BKMS® system, a cookie is placed on your device, which only contains the session ID (session cookie). This cookie is only valid until the end of the session and expires when the browser is closed.
You have the possibility to set up a secured postbox in the whistleblowing system, which is secured by a pseudonym/user name and an individual password. This lets you send the reports to the designated Hochland Romania employee securely and either giving your name or anonymously. For security reasons, this system only stores data in the whistleblowing system. This system does not provide the usual communication by email.
Transmission of attachments
When you submit a report or an addition to a previously submitted report, you have the option of sending attachments. If you want to send an anonymous report, please consider the following security recommendations: Files may contain hidden personal data that could put your anonymity at risk. Please delete such data before sending. If you cannot delete this data or if you are not sure how to do so, copy the text of the attachment into the report text or send the printed document anonymously to the contact address published on the platform, mentioning the reference number you received at the end of the reporting process.
Version: 26.10.2020
