Data protection declaration for the whistleblower reporting portal
Contents:
1. General
2. Your Rights
3.Purpose of Processing
4. Duration of storage
5. Security of the Website
6. Log files and access data
7. Contact option via email
8. Contact via contact form
9. Processors
1. General
This data protection declaration is intended to inform the users of this website or whistleblower reporting point about the type, scope and purpose of the collection and use of personal data by the operator. The operator takes your data protection very seriously and treats your personal data confidentially and in accordance with legal regulations. The operator of this website or digital whistleblower reporting office and the responsible office referred to below is the
Tobias Lange – Management Consultancy
Berner Heerweg 246, 22159 Hamburg
Owner: Tobias Lange
Telephone: 040 57 00 39 25
Email: info@tl-datenschutz.de
Contact person for data protection in the responsible office:
Tobias Lange (tobias.lange@tl-datenschutz.de)
This data protection declaration applies to the following websites of the responsible body:
https://www.meldestelle.hinweis.digital
Changes in the organization of the operator, the further development of technologies and changes to the website or the entire website of the operator can lead to updates to this data protection declaration at any time. We recommend that you read the data protection declaration again at regular intervals. Definitions of the terms used (e.g. "personal data" or "processing") can be found in Art. 4 DS-GVO. In addition to the GDPR, the legal basis is also the BDSG, the TTDSG and the requirements of Article 13 of the Telemedia Act. We do not collect any data from you on the website. In principle, you can visit this website without providing any personal data. Tobias Lange Management Consulting works in a network with other companies, service providers, lawyers, etc. Personal data will not be passed on unless this is required by law or consent has been given. Tobias Lange Management Consulting ensures that cooperation partners comply with the current data protection regulations in the aforementioned sense.
2. Your Rights
If you are data subject within the meaning of Article 4 No. 1 GDPR, you have the following rights with regard to the processing of your personal data. The legal text of the rights listed below can be found here: GDPR Act
According to Art. 15 GDPR, you have the right to request confirmation from the responsible body as to whether personal data is being processed and to receive free information about the personal data stored about you.
According to Art. 16 GDPR you have the right to demand the immediate correction of incorrect personal data. You also have the right, with regard to processing, to request the completion of incomplete personal data.
According to Art. 17 GDPR, you have the right to demand that the responsible body delete your personal data immediately if one of the reasons stated in Art. 17 GDPR applies and if the processing is no longer necessary.
According to Art. 18 GDPR you have the right to request the restriction of processing if one of the conditions specified in Art. 18 GDPR is met.
According to Art. 20 GDPR, you have the right to receive your personal data in a structured, common and machine-readable format, and you have the right, insofar as not restricted in Art. 20 GDPR, to transfer this data to another person responsible without hindrance to be transmitted by us. You have the right to revoke your consent to the processing of personal data at any time. The revocation only has an effect for the future. Please address the revocation to the contact details given above for the responsible body.
According to Art. 21 GDPR, you have the right to object to the processing of your personal data at any time. If the requirements for an effective objection are met, the personal data may no longer be processed.
In addition to other administrative or judicial remedies, you have the right to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data violates the provisions of the GDPR. The complaint can be made online on the website of the supervisory authority. Responsible supervisory authority is:
The Hamburg data protection officer
Ludwig-Erhard-Strasse 22, 7th floor
20459 Hamburg
Phone: 040 / 428 54 – 4040
Fax: 040 / 428 54 – 4000
Email: mailbox@datenschutz.hamburg.de
Web: https://datenschutz-hamburg.de
3. Purpose of Processing
Personal data transmitted to us will only be processed for the purpose for which you provided the data. A processing, in particular a transfer for other purposes, does not take place.
4. Duration of storage
Personal data will be deleted as soon as their storage is no longer required to fulfill the original purpose and there are no longer any statutory retention periods. The final duration of the storage of personal data depends on the statutory retention periods. After expiry of the legal deadlines, the corresponding data will be deleted. If there are retention periods and there is no longer a purpose for processing the data, the processing of the personal data will be restricted.
5. Security of the Website
The operator of the website makes it available in accordance with current technical standards and updates the website regularly. It is pointed out that absolute security against errors and unauthorized access, especially when using criminal energy, cannot be guaranteed. In order to protect the transmitted data in the best possible way, SSL encryption is used. You can recognize such encrypted connections by the prefix "https://" in the page link in the address line of your browser.
The website is not based on any CMS system. The display is made using forms from other management systems. The operator of the website updates the code of the site as well as updates, if applicable, promptly, in particular security updates, and regularly informs itself about possible security risks.
Hosting and technical administrator is "netcup GmbH" in 76185 Karlsruhe. The servers operated by the technical administrator are located in 49152 Bad Essen, Saxony, Germany. You can reach this company directly at mail@netcup.de. The technical administrator protects servers and connections according to current technical standards and EU guidelines.
6. Log files/access data
The operator of the website collects data about access to this website based on a legitimate interest (see Art. 6 Para. 1 lit. f. GDPR) and saves this as “server log files” on the website server. The responsible body itself has no access to these log files.
The following data is stored:
- name of retrieved file
- date and time of retrieval
- amount of data transferred
- notification of successful retrieval
- operating system used
- browser and browser type
- the website from which the link was forwarded
- visited pages and requesting domain
- IP addresses
With regard to IP addresses, no end user IP addresses are stored and processed, or these are only stored and processed in an anonymous form. As a result, the website users can no longer be traced and there is no longer any personal reference. For security reasons, e.g. to be able to clarify cases of misuse or to ensure the proper functionality of the website, the technical administrator can also store non-anonymized IP addresses for a maximum period of 30 days. IP addresses stored in this way do not come to the knowledge of the website operator. Processing only takes place for strictly limited purposes of a technically necessary nature or legally legitimate legal prosecution. The legal basis for this storage and processing is Art. 6 Para. 1 lit. f.) GDPR. The operator of the website and the technical administrator protect access to the log files with appropriate technical and organizational means to ensure the security of the data.
The data will only be released to third parties on a legal basis, for example in the event of a court order to release it. If it is no longer necessary to store the log files, they will be irretrievably deleted.
7. Contact option via email
On this page we offer you the opportunity to contact us by e-mail. In this case, the information you provide will be stored and processed for the purpose of processing the contact and under the conditions of this whistleblower registration office. In principle, data will not be passed on to third parties.
When using e-mail services, personal data such as IP address and e-mail address are transmitted. Furthermore, the personal data that you provide us with the request. We work with SSL encryption in e-mail traffic and ensure the security of our e-mail server according to generally accepted standards. We cannot influence the security of your e-mail service.
We would like to point out that encryption with SSL does not represent end-to-end encryption and absolute security cannot be guaranteed. If you contact us via e-mail, we will only process your transmitted data for the purpose you have requested, will not pass them on and, if the purpose has been fulfilled, will delete them if there are no retention periods.
We ask that you be able to send us encrypted, secure e-mails via S/MIME or Open/PGP. You can find the public keys on this website: E-mail keys
8. Contact option via contact form
On our website we offer you the option of contacting us via a contact form. In this case, the information provided by the user will be stored for the purpose of processing the contact, here to process the information you have given, and processed for the purpose for which contact was made with us. A transfer to third parties does not take place. The data is uploaded via a secure SSL connection to the web server of the website operator. No third-party services are used to send and technically process the data contained in the contact form.
We use an M365 Exchange server. The dispatch takes place from the web server of the operator of this site, using a secure SSL connection, directly to the M365 Exchange server. The latter is an encrypted Microsoft server located in the EU. This ensures that the messages, including the attachments, are sent via the contact form in a completely encrypted manner.
If your information is stored or even temporarily stored on the web server in the digital management of this whistleblower registration office, this is always encrypted.
Since we do not know with which service or provider your e-mail account is operated or how it receives it, we will not send you a copy of the information you have provided in a confirmation that you have sent a message via the contact form . For a confirmation, which serves to ensure your security, that your message has been received by us and is being processed, we only process the e-mail address you provided. We will then respond to your request.
The above conditions for sending and receiving e-mails apply here, which generally do not ensure end-to-end encryption. If you want end-to-end encryption in e-mail traffic, please let us know when you send us your request. You can find our public keys on our website: Email Keys
9. Processors
The responsible body uses the following subcontractors as processors to implement this whistleblower reporting center and its technical processing:
DPMS—Data Protection Management
System Owner: Thomas Niersmann
Haagscher Weg 17, 47608 Geldern
The aforementioned processor is obliged to the responsible body by a legally binding contract processing contract (AVV) that meets the requirements of Art. 28 DS-GVO. The processor may use other subcontractors in accordance with the GCU concluded with this and makes use of them. These other subcontractors are also obliged to the processor by an AVV that fulfills Art. 28 DS-GVO and protect data protection in accordance with the statutory provisions. The responsible body checks the processor and their subcontractors at regular intervals and ensures compliance with data protection regulations.