Privacy
iWhistle is our whistleblower system. Through iWhistle, employees, customers, business partners, or other informants can report suspicions of violations of laws and internal rules to the internal reporting office. iWhistle is part of our Compliance Management System.
Who is responsible for data processing?
The entity responsible for processing your personal data is (hereinafter also referred to as the Organization):
Fahrzeug-Werke LUEG AG, Universitätsstraße 44-46, 44789 Bochum, datenschutz@lueg.de
What data is processed?
The use of iWhistle is voluntary. In the case of reports, the following personal data is processed:
- Informants: Name (if you disclose your identity), contact details (if provided)
- Individuals affected by incidents: First and last name, information about incidents, and suspicion of legal violations and rule breaches
- Witnesses and/or third parties mentioned in the report (e.g. customers, suppliers, colleagues, or business partners): First and last name, contact details
For what purpose and on what legal basis do we process your data?
The above-mentioned data is processed for the purpose of detecting and preventing serious misconduct, avoiding and defending against particularly impactful or existential legal consequences and damages for both our organization (criminal prosecution, damages claims, reputational damage, regulatory measures) and our employees. The legal basis for processing is a legal obligation according to Art. 6 para. 1 lit b GDPR to comply with the requirements of the EU Whistleblower Directive of October 23, 2019 (EU 2019/1937) and the national implementing laws.
Who receives my data?
In the course of investigations and remedial measures, it may be necessary to disclose information about a reported incident to external consultants (e.g. legal advisors) or relevant authorities. iWhistle is operated on our behalf by the specialized software service provider iComply GmbH, Große Langgasse 1a, DE-55116 Mainz.
What data protection rights do you have?
You have the right to request free information about the personal data stored about you, its origin, recipients, and the purpose of data processing. If we process your data based on our legitimate interests, you have the right to object to the processing for reasons arising from your particular situation (right to object). Additionally, you have the right to correct inaccurate personal data, the right to delete personal data, the right to restrict the processing of personal data, and the right to data portability. For these matters and other questions regarding personal data, you can contact us at any time. Finally, you have the option to lodge a complaint with the supervisory authority if you believe that the processing of your data violates data protection laws or your data protection rights have been violated in any way.
How long will the personal data be stored?
Personal data will be retained for as long as necessary for the investigation and final assessment or as required by law. After that, these data will be deleted in accordance with legal requirements. If a report is found to be unfounded, the report, along with the personal data contained therein, will be promptly deleted. Reports and notifications are regularly deleted after 6 months. For documentation purposes, a final assessment is also stored beyond this period.