Data protection

Privacy policy

 
The company stated in the imprint ("we") is the responsible party for processing the personal data of the users of the whistleblower portal. In the context of providing the portal, we use the whistleblower system of the service provider Vispato GmbH, Hansaallee 299, 40549 Düsseldorf, with whom we have concluded an agreement on order processing. Information on data protection at Vispato is available at https://www.vispato.com/de/fragen-und-antworten and at https://www.vispato.com/de/datenschutz.
 
Our contact details as the responsible party can be found in the imprint of the portal. We collect, store and use your personal data only in accordance with the content of this privacy policy and the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR) and the national data protection regulations.
 
In the event of suspected violations of the law, other breaches of rules or criminal offences, you can anonymously provide information on the suspected cases via the whistleblower portal. The information will then be forwarded to the expressly named contact persons for further handling.
 
The report can be made completely anonymously so that no conclusions can be drawn about the person. Furthermore, the report is stylometrically adapted, i.e. all punctuation marks are removed and all words are written in lower case, so that identification is additionally excluded. All information is encrypted end-to-end. No personal data, such as IP address or location data, is stored on the servers hosted by DATEV.
 
If you wish to be available for queries, you will receive a link to the conversation; together with the key you have specified, you will then be able to access the conversation and answer any queries.
 
If you nevertheless provide personal data, such as your name, on a voluntary basis, the processing of the personal data is based on your consent in accordance with Art. 6 (1) a) DSGVO. The processing is carried out solely for the purpose of receiving and clarifying the suspicious case and the information is deleted after the purpose has ceased to exist.
 
When using the portal, further server-related data may be collected. In this regard, we refer to our general data protection declaration at https://www.equiva.com/datenschutz with the proviso that the function of the portal is limited solely to the reporting of suspicious cases and that no tracking services are used on the information portal or cookies are set in any other way.
 
You have extensive rights with regard to the processing of your personal data. First of all, you have a comprehensive right to information and, if necessary, you can demand the correction and/or deletion or blocking of your personal data. You can also request a restriction of processing and have the right to object. With regard to the personal data you have provided to us, you also have a right to data portability. If you would like to exercise any of your rights and/or receive more information about them, please contact our data protection officer. 
Once you have given your consent, you may freely revoke it at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. If the processing of your personal data is not based on consent but on another legal basis, you can object to this data processing. Your objection will lead to a review and, if necessary, termination of the data processing. You will be informed about the result of the review and - if the data processing is to be continued nevertheless - you will receive more detailed information from us as to why the data processing is permissible.
 

Insofar as we are obliged to do so by data protection regulations, we have appointed a data protection officer to support us in data protection issues. You can reach our data protection officer at the following e-mail address: datenschutz@equiva.com. If you are of the opinion that the processing of your personal data by us does not comply with the applicable data protection regulations, you have the right to lodge a complaint with a supervisory authority. You can also complain to our data protection officer; the data protection officer will then investigate the matter and inform you of the outcome of the investigation.