Privacy

In accordance with our obligation under the Whistleblower Protection Act (HSchG), we have set up a digital internal reporting office.
Employees, customers, business partners or other whistleblowers can use it to report suspected breaches of the law securely and confidentially. This is intended to promote the detection and prevention of significant breaches of the law and avert considerable risks and damage.

The internal reporting office is operated with the AdvoWhistle whistleblowing system software from the technology service provider iComply GmbH, Große Langgasse 1A, 55116 Mainz, Germany.
Personal data and information entered into the whistleblowing system is stored in a database operated by the technology service provider in an ISO/IEC 27001-certified data centre. Access to the data is only possible for expressly authorised processors. End-to-end encryption of all data, multi-level password protection, technical and organisational measures and regular certifications ensure that technical service providers, the data centre operator and other third parties have no access to the data.
 
Data processing and purpose

 

The use of AdvoWhistle is voluntary. When submitting a report, AdvoWhistle collects the following personal data and information: 

  • person making the report: name, contact details (optional/voluntary!) 
  • Persons affected by incidents: First name and surname, information about incidents and suspected violations of the law and rules  
  • Witnesses and/or third parties named in the report (e.g. customers, suppliers, colleagues or business partners): first and last name, contact details


The purpose of processing the above data is to fulfil the obligations under the HSchG and to check and process the reports received and to initiate and carry out investigations and, if necessary, take remedial action. As part of the checks, investigations and remedial action to be taken, it may be necessary to pass on information about a reported incident to other departments or competent authorities.
 
Incoming reports are received by a narrow circle of expressly authorised processors and are always treated confidentially.
 
Legal basis

 

The legal basis for the processing of reports that fall within the scope of the Whistleblower Protection Act is the legal obligation pursuant to Art. 6 para. 1 c) GDPR in conjunction with Section 10 of the Whistleblower Protection Act (HSchG).
 
Storage period

Personal data is stored for as long as is necessary for the clarification and final assessment or for as long as the company has a legitimate interest or the data must be retained by law.  This data is then deleted in accordance with legal requirements. If a report proves to be unfounded, the report and the personal data it contains will be deleted immediately. 

Further information on data protection and your rights as a data subject can be found at
https://www.wasserleitungsverband.at/kontakt/datenschutz.html