Discover our brand worlds

Privacy policy:

The Reich GmbH whistleblower system

1 Introduction

With this information on data processing, we would like to inform you as the "data subject" about how we process your personal data and what rights you are entitled to under data protection law. In doing so, we are fulfilling our information obligations under Art. 12 and Art. 13 of the General Data Protection Regulation (hereinafter referred to as "GDPR").

2 Person responsible for data processing

Responsible for data processing is
Reich GmbH
Ahornweg 37
35713 Eschenburg
Telephone: +49(0)2774-9305-0
Fax: +49(0)2774-9305-90
Represented by the managing director: Steffen Bender

If you have any questions about how we handle your personal data, please do not hesitate to contact us at any time by e-mail at datenschutz@reich-web.com .

3 Data protection officer

You are also welcome to contact our data protection officer with any questions you may have:
Bechtle GmbH
Walter-Bruch-Straße 8
44263 Dortmund
E-mail: datenschutz@reich-web.com

4 Data processing as part of the whistleblower protection system

4.1 Purposes of processing your personal data and type and scope of data processing

In the following, we would like to inform you about the personal data collected during the use of our whistleblower protection system.
We use the information you provide in the context of the whistleblower system for purposes such as reviewing and documenting the reports, for further investigations (including disclosure to external lawyers, auditors or other professionals bound by professional secrecy as well as to affected Group companies) and, if necessary, for disclosure to government agencies (such as law enforcement agencies, public prosecutors or courts).

You have the option of submitting your report anonymously. This means that you do not have to disclose any information about your identity, such as your name, when submitting your report. Further communication
communication to clarify the incident will then also take place anonymously. We will then only process the data you provide in the report and in further communication.

The data collected includes:

  • Your name (if you disclose your identity)
  • Your contact details (if you provide them)
  • The time of your notification
  • Names or other personal data of persons you specify in the notification
  • Other personal data that you may enter in the free text fields of the registration form

We guarantee that all whistleblowers will be treated confidentially. Your concern as well as your identity, should you have disclosed it, will be treated confidentially by us, and we will protect you as the reporting person!

The notification you submit may contain personal data of third parties. Data subjects will be given the opportunity to comment on the report. We will then inform the person concerned about this report. Your identity will continue to be protected. As far as legally possible, no details of your identity will be provided so that your anonymity is preserved.

4.2 Legal basis of the processing

Reich GmbH is subject to the legal obligation to set up and operate a whistleblower reporting centre in accordance with Section 12 of the German Whistleblower Protection Act (HinSchG). The legal basis for the processing of your personal data is the fulfilment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with Art. 10 sentence 1 HinSchG and Art. 9 para. 2 lit. b GDPR. § 10 S. 1 HinSchG and pursuant to Art. 9 para. 2 lit. b GDPR in conjunction with. § 10 p. 2 HinSchG.

If it is necessary to disclose information relating to your identity or information that allows conclusions to be drawn about your identity in order to take follow-up measures, this information may only be disclosed to competent authorities in accordance with Section 9 (2) HinSchG, such as law enforcement authorities or courts, or on the basis of your express consent in accordance with Section 9 (3) HinSchG. In all cases, you will be informed in advance of any disclosure of your personal data.
If you have intentionally or grossly negligently reported incorrect information on offences, your identity is not protected in accordance with Section 9 (1) HinSchG. Your personal data will then be processed as part of the report on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this case is to process reports received via our whistleblower system and to enable the persons named in this report to comment on this false statement and to inform them about the data processing.

4.3 Recipients or categories of recipients of the personal data

Your personal data will be treated confidentially and may only be passed on if this is necessary and legally permissible. As your personal data is processed to verify and document the reports and internal investigations, we will pass on your personal data to the persons involved. This may include, among other things, disclosure to external lawyers, auditors or other professionals bound by professional secrecy and affected Group companies.
If, in addition, it is necessary to disclose information about your identity or information that allows conclusions to be drawn about your identity in order to take follow-up measures, this will only be done in accordance with Section 9 HinSchG. Accordingly, disclosure is only permitted if it is directed to state authorities, such as law enforcement agencies, public prosecutors or courts, or with your express consent.

You will be informed in advance of any disclosure of your personal data, insofar as this is permitted under Section 9 HinSchG para. 2 and does not jeopardise investigations, enquiries or legal proceedings.
Every person who receives access to the data is obliged to maintain confidentiality.
As part of the operation of our whistleblowing system, data is transmitted to service providers who are obliged to comply with the applicable data protection requirements as part of order processing.

4.4 Duration of storage

Your personal data will only be processed by us for as long as is necessary for the above-mentioned purposes. If the data is no longer required, it will be deleted. In accordance with Section 11 (5) HinSchG, we will delete the documentation of your report no later than three years after completion of the procedure, as long as longer storage is not required to fulfil requirements under the HinSchG or other legal provisions.

4.5 Data transfer to third countries or international organisations

When operating our whistleblowing system, data is generally not transferred to countries outside the European Union, so-called third countries. If a transfer is nevertheless necessary in individual cases, it will only take place on the basis of a legal basis and suitable guarantees such as an adequacy decision, standard contractual clauses or your express consent.

5 Obligation to provide data

There is no obligation to provide data. The provision of information via our whistleblowing system is voluntary. All data that you provide via the online reporting form will be collected.

6 Automated decision-making

No automated decision-making pursuant to Art. 22 GDPR takes place in the operation of the whistleblowing system. If procedures for automated decision-making are used in individual cases, you will be informed separately by us if this is required by law.

7 Rights of data subjects

You have a right to information (pursuant to Art. 15 GDPR) from the controller about the personal data concerning you as well as to rectification (pursuant to Art. 16 GDPR), erasure (pursuant to Art. 17 GDPR) and to restriction of processing (pursuant to Art. 18 (1) GDPR). You also have the right to object to the processing (pursuant to Art. 21 GDPR) and the right to data portability (pursuant to Art. 20 GDPR).

To do so, please contact the above-mentioned controller or data protection officer by email at datenschutz@reich-web.com.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you are of the opinion that the processing of your personal data is not lawful.
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority.
The competent supervisory authority for data protection issues is for example 

The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163
65021 Wiesbaden
E-mail: poststelle@datenschutz.hessen.de
Website: https://www.bfdi.bund.de/DE/Home/home_node.html