Data protection information for Whistleblowers
BAUER Aktiengesellschaft takes the protection of your personal data very seriously and treats your personal data confidentially, in accordance with the statutory data protection regulations and the company's privacy policy and data protection information.
Below, we provide specific information about the processing of personal data.
Further information on data protection, including the use of our website, can be found in our privacy policy.
We wish to inform you about the processing of your personal data as a whistleblower and the rights to which you are entitled under data protection law.
Who is the controller for data processing and who is the data protection officer?
The controller for data processing is
BAUER Aktiengesellschaft
BAUER Straße 1
86529 Schrobenhausen
Germany
Phone +49 8252 97-0
Fax +49 8252 97-1359
Email: info@bauer.de
You can reach our data protection officer at
BAUER Data protection officer
BAUER Straße 1
86529 Schrobenhausen
Germany
Phone +49 8252 97-0
Fax +49 8252 97-1329
bag-datenschutz@bauer.de
Which of your personal data do we have access to and where does this come from?
If you submit a tip as a whistleblower, we collect the following personal data and information:
- Your name and/or private contact and identification data
- Your professional contact data and data regarding the employment relationship
- If relevant, names of persons and other personal data of the persons you mention in your tip.
For which purposes and on which legal basis are data processed?
We process your personal data in compliance with the provisions of the General Data Protection Regulation (GDPR) as well as the Federal Data Protection Act (BDSG) for the following purposes:
Reviewing and processing your tip and the associated investigation which may be necessary against any accused person(s), communication with authorities and courts in connection with your tip where relevant, communication with contracted international law firms and auditing companies or other investigating persons, as well as other companies in the BAUER Group and affiliated Group companies on the following legal bases:
The collection of your personal data is carried out to comply with a legal obligation (Art. 6 (1)(c) GDPR) to establish a whistleblower system and complaint procedure based on Section 10 of the German Whistleblower Protection Act (Hinweisgeberschutzgesetz, HinSchG) as well as in
accordance with Section 8 of the Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, LkSG).
The collection, processing and forwarding of personal data of persons who are named in the report is carried out in accordance with Section 10 HinSchG and based on the overriding legitimate interest of the controller or a third party (Art. 6 (1)(f) GDPR). BAUER AG has a legitimate interest in detecting, processing, suppressing and imposing penalties on legal breaches and serious violations of duty committed by employees, and thereby preventing associated liability risks and damages for the BAUER Group (Sections 30, 130 OWiG).
Insofar as you grant consent to the processing of personal data in the context of handling the whistleblower process (Art. 6 (1)(a) GDPR), this specific consent is the legal basis for the processing mentioned therein. After granting consent, you have the right to withdraw your consent at any time with future effect without any formal requirements, without affecting the lawfulness of processing based on consent before its withdrawal.
To which recipients will be data be transferred?
Within our company, access to your personal data will be granted to those parties who require the data in order to fulfill our contractual and statutory obligations. Affiliated companies specifically engaged by us to manage the whistleblower system, service providers, contract processors and vicarious agents as well as other third parties may obtain data for the purposes mentioned above. In the context of processing whistleblower tips or in the context of an internal investigation, it may be necessary in justified individual cases to forward tips to other employees of BAUER AG or employees of another Group company affiliated with BAUER AG, for example if the tips relate to subsidiaries of BAUER AG.
If relevant legal obligations exist or in case of a legitimate interest on the part of BAUER AG or a third party in resolving the whistleblower tip, other recipients may include law enforcement authorities, antitrust authorities, other administrative authorities, courts and international law firms and auditing companies engaged by BAUER AG or another Group company affiliated with BAUER AG.
In specific cases, BAUER AG has an obligation under data protection law to inform the accused person of the accusations submitted against them. This is required by law if it can be objectively established that sharing this information with the accused person can no longer negatively impact the actual resolution of the whistleblower tip.
The identity of the whistleblower and third parties mentioned in the tip are kept confidential and unauthorized employees are prevented from accessing them.
Will your data be transmitted to a third country or an international organization?
Transfer of data to locations in countries outside the EU or the EEA (third countries) takes place if this is necessary for the management of the whistleblower system, if this is required by law, if you have granted us your consent or in the context of contract processing. However, such transfers will only occur if the EU Commission has confirmed that the third country maintains an adequate level of data protection, if other adequate data protection guarantees exist (such as standard contractual clauses) or if an exception exists in line with Art. 49 GDPR. You can obtain copies of the suitable or adequate guarantees from the responsible department.
For how long will your data be saved?
We only store your data for as long as this is necessary for resolution and definitive assessment, and beyond this period insofar as country-specific legal, contractual or statutory retention periods apply.
After processing of the tip has concluded, the data will be erased or anonymized according to the country-specific legal requirements. In the case of anonymization, the reference to your identity as the whistleblower will be definitively removed.
Is there an obligation to provide data?
Within the framework of our business relationship, you are only required to provide personal data that is necessary for establishing, implementing and terminating a business relationship, or which we are legally obligated to collect (in particular obligations of identification under money laundering law or review of sanctions lists). Without this data, we may have to refuse to establish a contract or implement a contract, or we may no longer be able to perform an existing contract and have to terminate it.
To what extent do automated decision-making or profiling measures occur in individual cases?
We do not use any purely automated processing operations to make decisions.
Which rights can you assert as a data subject?
You have the right to access information (Section 15 of the GDPR), the right to rectification (Section 16 of the GDPR), the right to erasure (Section 17 of the GDPR), the right to restriction of processing (Section 18 of the GDPR), the right to object against the processing (Section 21 of the GDPR)
and the right to data portability (Section 20 of the GDPR). The restrictions of sections 34 and 35 of the BDSG apply for the right to access information and the right to erasure. To exercise your rights, please contact the data protection officer listed above.
Where processing of personal data is based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You also have the right to lodge a complaint with the data protection officer listed above or with a data protection supervisory authority.
Information regarding your right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time, to processing of your personal data that is based on your consent or our overriding legitimate interests or those of a third party. In this case, the data will no longer be processed. The preceding statement does not apply if we are able to demonstrate compelling legitimate grounds for the processing which override your interests, or if we require your data for the assertion, exercise or defense of legal claims.
Objections can be submitted informally to the data protection officer indicated above.