Privacy policy
We take data protection and confidentiality very seriously and adhere to the provisions of the EU General Data Protection Regulation (GDPR) as well as current national data protection regulations. Please read this information on data protection law carefully before submitting a report.
The TU Dresden whistleblowing system (BKMS® System) serves the purpose of securely and confidentially receiving, processing and managing reports concerning significant violations of valid statutory and internal rules and policies at TU Dresden. The processing of personal data as part of the BKMS® System is based on the legitimate interest of TU Dresden in detecting and preventing abuses and thereby averting damage to TU Dresden, its members and associate members. The legal foundation for this processing of personal data is Article 6 (1) (1) (e), (2) and (3) GDPR in connection with Section 4 (1) No. 3 Saxon Data Protection Implementing Law (SächsDSDG) and Sections 331 et seq. Criminal Code and / or other criminal offences, Article 6 (1) (1) (c), (2) and (3) GDPR in connection with Section 12 (1), Section 1 and Section 13 (1) Sentence 2 General Equal Treatment Act (AGG) (discrimination, harassment) and Article 6 (1) (1) (e), (2) and (3) GDPR in connection with Section 4 (1) No. 3 SächsDSDG and criminal offences (physical harassment, assault or verbal abuse), Article 6 (1) (1) (e), (2) and (3) GDPR in connection with Section 79 Sentence 3 SächsHSFG and Sections 16 et seq. “Charter on Ensuring Good Scientific Practice, Preventing Scientific Misconduct and Handling Violations” (Satzung zur Sicherung guter wissenschaftlicher Praxis, zur Vermeidung wissenschaftlichen Fehlverhaltens und für den Umgang mit Verstößen) (violations of good scientific practice) and Article 6 (1) (1) (a) GDPR (consent of the reporting person to reveal identity or for advice on the abovementioned areas).
The whistleblowing system is operated on behalf of TU Dresden by a specialized company, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin in Germany.
Personal data and information entered into the whistleblowing system are stored in a database operated by EQS Group GmbH in a high-security data center. Only authorized individuals at TU Dresden have access to the data. EQS Group GmbH and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organizational measures.
Processing of personal data
For what purposes is personal data processed?
For the purposes of receiving and clarifying specific suspected cases of violations of regulations relating to TU Dresden, personal data of the persons to which the report relates shall be processed in the following areas: corruption, property-related crimes and other crimes; scientific misconduct; harassment, discrimination, violence; further significant violations of legal provisions; advice in the abovementioned areas. Whistleblowers remain anonymous unless they deliberately disclose their identity.
Who is responsible for data processing and who can individuals affected by these issues contact?
TU Dresden
Felicitas Roth, Anti-Corruption Officer
Email: antikorruptionsbeauftragte@tu-dresden.de
Sigrid Flade, Office for Good Scientific Practice
Email: gute.wiss-praxis@tu-dresden.de
Anja Wiede, Complaints Office in cases of harassment, discrimination and violence
Email: beschwerden-diskriminierung@tu-dresden.de
Legal Office
Email: justitiariat@tu-dresden.de
TU Dresden
The data protection officer
Jens Syckor
01062 Dresden, Germany
Email: informationssicherheit@tu-dresden.de
Which personal data is processed?
Use of the whistleblowing system is voluntary. We collect the following personal data and information when you submit a report using the whistleblowing system:
- Your name, if you choose to reveal your identity
- Whether you are employed at TU Dresden
- Where applicable, the names and other personal data of persons whom you list in your report.
For how long will personal data be stored?
As a general rule, personal data will be erased within two years of conclusion of the investigation. We may only store your data for a longer period of time, but only for the duration required to review any necessary further legal steps, such as disciplinary proceedings or the initiation of criminal proceedings. Personal data associated with reports which are considered to be baseless by the case manager responsible for processing the report will be erased without undue delay. The question of whether to archive data remains unaffected by the matter of an obligation to erase the data.
Will personal data be transmitted to third parties?
As a general rule, sharing personal data concerning the data subject to third parties is not permitted. The right to view evidence in criminal proceedings remains unaffected by this. Personal data concerning the data subject may be transmitted for the purpose of investigating crimes.
What rights do data subjects have in principle?
TU Dresden is legally obligated to inform data subjects that a report concerning them has been submitted once the disclosure of this information no longer jeopardizes the further investigation of the report. Where legally permissible, the identity of the whistleblower will not be disclosed.
The data subjects fundamentally have the following rights:
1) Right of access (Art. 15 GDPR)
The data subjects have the right to receive information about the data processed concerning them and the potential recipients of these data at any time. They are entitled to receive an answer within one month of receipt of their request for information.
2) Right to rectification, erasure, restriction and right to object (Art. 16 to 18, 21 GDPR)
The data subjects may request from TU Dresden the rectification or erasure of their personal data and the restriction of processing at any time. Data subjects also have the right to object.
3) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Data subjects may contact the data protection officer at TU Dresden at any time or, in the case of a complaint pursuant to Art. 77 GDPR, the competent supervisory authority for data protection matters. The competent supervisory authority is:
Saxony Data Protection Officer
Dr Juliane Hundert
Devrientstr. 5
01067 Dresden, Germany
Email: saechsdsb@slt.sachsen.de
In order to assert these rights, notifying the Data Protection Officer in text form is sufficient.
Using the whistleblowing system
You can set up a secured postbox within the whistleblowing system with an individually chosen pseudonym/login name and password. This enables you to send reports to the responsible case manager at TU Dresden either by including your name or in an anonymous, secure way. This system only stores data inside the whistleblowing system, which makes it particularly secure. It is not a form of regular e-mail communication.
Note on sending attachments
When submitting a report or an addition, you can simultaneously send attachments to the responsible case manager at TU Dresden. If you wish to submit an anonymous report, please note the following security advice: Files may contain hidden personal data that could jeopardize your anonymity. Please remove all such information before sending a file. You can find general information on removing hidden data in Microsoft Office or PDF documents on the TU Dresden Compliance website. If you are unable to delete such data or are unsure of how to do so, copy the text of your attachment into your report text or send the printed document anonymously, citing the reference number received at the end of the reporting process. Please use the address provided in the company details for processing the specific category to which your report relates.
Version: September 2022
