Privacy

Privacy policy of Stöbich Holding GmbH & Co. KG

 - Whistleblower system iwhistle® -

1. Data protection
Stöbich Holding GmbH & Co. KG as well as all companies of the Stöbich group of companies ("we", "our") are obliged to implement and operate an anonymous whistleblower system according to the EU Directive 2019/1937. We use the whistleblower software iwhistle® to implement this directive.

We, Stöbich Holding GmbH & Co. KG as well as all companies of the Stöbich Group, attach particular importance to compliance with data protection laws. We fully comply with the relevant data protection laws, in particular the EU General Data Protection Regulation and the Federal Data Protection Act (new). Personal data is processed exclusively on the basis of the relevant laws and takes place only for the purposes stated under No. 4. The data will only be processed in accordance with the provisions of this privacy policy.

2. Responsible entity
The entity responsible for data processing is

Stöbich Holding GmbH & Co. KG
Pracherstieg 6
38644 Goslar

Phone: 05321/5708-0
Mail: info@stoebich.com

Managing directors: Jörg Schiebel, Peter Stahl, Wolfgang van Pels

3. Data collecton
In principle, the whistleblower system can be used anonymously. When reporting infringements via "iwhistle®", the following personal data will be processed if you nevertheless provide it:

  • personal data of the person submitting a report (e.g. name, contact details)
  • personal data of the persons affected by an incident (e.g. name and description of actions of affected persons).
  • If you include attachments with your report, please note: Files may contain hidden personal data (e.g., author) that compromise anonymity. Remove this data before sending or copy the text of the attachment to the message text.

4. Purpose of data processing
The processing of personal data within the framework of the iwhistle® system is based on our legitimate interest in the detection and prevention of wrongdoing and the associated prevention of damage and liability risks for us (Art. 6 para. 1 lit. f GDPR) in conjunction with Sections 30, 130 Act on Regulatory Offences).

If a tip received relates to one of our employees, the processing also serves to prevent criminal offenses or other legal violations related to the employee relationship (Art. 88 GDPR).

5. Data transmission
In the course of processing a report or in the course of an investigation, it may be necessary to pass on information to employees of the Stöbich Group, e.g. if the information relates to transactions in subsidiaries.

In the event of a corresponding legal obligation or data protection law requirement for the clarification of the information, further categories of recipients may include law enforcement authorities, antitrust authorities, other administrative authorities, courts and legal and auditing firms commissioned by us.

6. Data transfer to a third country
If necessary for the clarification, a transfer to third countries may take place. This transfer will then take place on the basis of suitable or appropriate data protection guarantees for the protection of data subjects (Art. 44 ff DSGVO).

7. Deletion periods
The personal data stored by us will be deleted or anonymized after the purposes mentioned in No. 4 no longer apply or after the expiry of any statutory retention periods.

8. Recht der betroffenen Personen
At any time, you can receive information free of charge (Art. 15 GDPR) about your personal data stored by us, as well as the source, recipient and purpose of data processing. You also have the right to request rectification (Art. 16 GDPR), blocking (Art. 18 GDPR) or erasure (Art. 17 GDPR) of your data. This excludes data that is required to be stored on the basis of statutory provisions or is required for the proper processing and clarification of the received notice. You have the right to object to the processing of your data (Art. 21 GDPR), as well as the right to data portability (Art. 20 GDPR).

Right to object
In the case of data processing based on Art. 6 para. 1 lit. f) ("Legitimate Interest"), you have the right pursuant to Art. 21 para. 1 GDPR to object to the processing of your personal data at any time for reasons arising from your particular situation, unless this serves to fulfil a contract, a legal obligation or the protection of vital interests.

You have the right to revoke your consent to the processing of personal data at any time with effect for the future. Processing that took place before the revocation is not affected by this. To protect your rights (also from No. 7), you can contact us in writing or text form, at the address stated in No. 2. If you believe that your rights are not fully protected in the handling of your personal data, you have the right to lodge a complaint with the supervisory authority responsible for you.

9. Data protection officer
We have appointed a data protection officer. The latter can be contacted for all questions relating to the protection of personal data via the following contact details:

Kämmer Consulting GmbH
Axel Vogelsang
Nordstr. 11
D-38106 Braunschweig

E-Mail: dsb-team@kaemmer-consulting.de

10. Obligation to provide personal data
Since the message in the whistleblower system can be made anonymously, there is no obligation to provide personal data.