Privacy
We take data protection seriously.
Competent person for data processing and contact data:
Boll & Kirch Filterbau GmbH
Siemens Straße 10 - 14
D-50170 Kerpen, Germany
Phone: +49(0)2273-562-0
Fax: +49 (0)2273-562-223
E-mail address : info@bollfilter.com
Please find the details of our privacy policy here:
Information on data protection in the whistleblower system of Boll & Kirch Filterbau GmbH
In the following, we would like to inform you about the collection, processing and use of personal data if you report information to us about a violation of laws or company rules within the meaning of the Whistleblower Protection Act, which you have obtained in connection with or prior to your professional activity, and use our online whistleblower portal at https://boll.online-hinweisgeber.de/en . Therefore, please read this data protection information very carefully before submitting an online report.
We would like to point out that every whistleblower is free to choose whether to contact an internal reporting office (accessible via our whistleblower system) or an external reporting office (federal or state).
Siemens Straße 10 - 14
D-50170 Kerpen, Germany
Phone: +49(0)2273-562-0
Fax: +49 (0)2273-562-223
E-mail address : info@bollfilter.com
Please find the details of our privacy policy here:
Information on data protection in the whistleblower system of Boll & Kirch Filterbau GmbH
In the following, we would like to inform you about the collection, processing and use of personal data if you report information to us about a violation of laws or company rules within the meaning of the Whistleblower Protection Act, which you have obtained in connection with or prior to your professional activity, and use our online whistleblower portal at https://boll.online-hinweisgeber.de/en . Therefore, please read this data protection information very carefully before submitting an online report.
We would like to point out that every whistleblower is free to choose whether to contact an internal reporting office (accessible via our whistleblower system) or an external reporting office (federal or state).
Potential violations should preferably be reported within the company. This is expressly stipulated in the HinSchG.
In addition, however, there is also the possibility of reporting to an external reporting office, for example to the external reporting office set up at the Federal Office of Justice, or to reporting offices set up at the state level. In the case of an external report, the whistleblower shall ensure that the possible negative consequences of the external report for the company and for the persons involved are kept to a minimum. Further information on the Federal External Reporting Office at the Federal Office of Justice (BfJ) can be found at https://www.bundesjustizamt.de/DE/MeldestelledesBundes/MeldestelledesBundes_node.html .
INTRODUCTION
Data protection is very important for Boll & Kirch Filterbau GmbH and the entire group of Bollfilter companies. We also understand that privacy is very important to you. This Privacy Notice explains how we protect and use information we collect through our online whistleblower portal and, in certain circumstances, disclose excerpts of the content of the report.
Data protection is very important for Boll & Kirch Filterbau GmbH and the entire group of Bollfilter companies. We also understand that privacy is very important to you. This Privacy Notice explains how we protect and use information we collect through our online whistleblower portal and, in certain circumstances, disclose excerpts of the content of the report.
Certain information, which (may) also contain personal data that we collect, is necessary to fulfil our legal obligations under the Act for Better Protection of Whistleblowers (Whistleblower Protection Act – HinSchG), others are necessary so that we can technically operate this online portal set up for this purpose, with which we provide you with an internal reporting channel within the meaning of the Whistleblower Protection Act.
Until the entry into force of the aforementioned Whistleblower Protection Act (HinSchG), which transposes the EU Whistleblower Directive into national law, we rely on our legitimate interest within the meaning of Art. 6 paragraph 1 sentence 1 lit. f GDPR in the detection and prevention of grievances in the companies of our group that are punishable by criminal penalties or fines or violate EU law or national laws. Another legitimate interest is to prepare for the upcoming entry into force of the Whistleblower Protection Act and to provide an appropriate and functional whistleblower system at this time.
1. Controller and Data Protection Officer
The person responsible for this web-based whistleblower portal is
The person responsible for this web-based whistleblower portal is
Boll & Kirch Filterbau GmbH Siemensstraße 10 – 14
50170 Kerpen
Phone: +49(0)2273-562-0
Fax: +49 (0)2273-562-223
Email address: info@bollfilter.com
50170 Kerpen
Phone: +49(0)2273-562-0
Fax: +49 (0)2273-562-223
Email address: info@bollfilter.com
You can reach our Data Protection Officer by e-mail at datenschutz@bollfilter.com
You gan get to the overall privacy notice of the Boll-website, through which you can reach this whistleblower portal, here: https://www.bollfilter.com/privacy-policy
The whistleblower system is operated by Boll & Kirch Filterbau GmbH in accordance with Section 14 (2) of the HinSchG with its affiliated companies (other Bollfilter companies) as a joint reporting office.
You gan get to the overall privacy notice of the Boll-website, through which you can reach this whistleblower portal, here: https://www.bollfilter.com/privacy-policy
The whistleblower system is operated by Boll & Kirch Filterbau GmbH in accordance with Section 14 (2) of the HinSchG with its affiliated companies (other Bollfilter companies) as a joint reporting office.
2. System provider
We provide our online whistleblowing system https://boll.online-hinweisgeber.de/en of the provider iComply GmbH, Große Langgasse 1A, DE-55116 Mainz, Telefon +49 6131 27626 80, E-Mail kontakt@iwhistle.de, through OK MEDIA Webconsulting UG (Haftungsbeschränkt), Untergasse 2, 65474 Bischofsheim. Hosting takes place in Open Telekom Cloud (ISO/IC 27001) under the strictest security precautions and exclusively in Germany.
We provide our online whistleblowing system https://boll.online-hinweisgeber.de/en of the provider iComply GmbH, Große Langgasse 1A, DE-55116 Mainz, Telefon +49 6131 27626 80, E-Mail kontakt@iwhistle.de, through OK MEDIA Webconsulting UG (Haftungsbeschränkt), Untergasse 2, 65474 Bischofsheim. Hosting takes place in Open Telekom Cloud (ISO/IC 27001) under the strictest security precautions and exclusively in Germany.
Data processed for the provision of the online reporting portal
a. Which data is processed and for what purpose?
Each time our online whistleblowing system is accessed, our system (i.e. the web server) automatically records information from the system of the user's calling computer or terminal device that can enable identification.
a. Which data is processed and for what purpose?
Each time our online whistleblowing system is accessed, our system (i.e. the web server) automatically records information from the system of the user's calling computer or terminal device that can enable identification.
The following data is collected and temporarily stored:
- Date and time of access
- IP address of the user- Host name (Internet server provider) of the accessing computer
- Website from which the website was accessed (so-called referrer URL)
- Websites accessed via the website
- Visited page on our website
- Message as to whether the retrieval was successful
- Amount of data transferred
- Information about the browser type and version used
- Operating system of the user's terminal device
- Date and time of access
- IP address of the user- Host name (Internet server provider) of the accessing computer
- Website from which the website was accessed (so-called referrer URL)
- Websites accessed via the website
- Visited page on our website
- Message as to whether the retrieval was successful
- Amount of data transferred
- Information about the browser type and version used
- Operating system of the user's terminal device
The temporary storage of data is technically necessary for the course of your visit to our online portal in order to enable its provision. These are not used for any other purpose and are immediately deleted or completely anonymized at the end of the portal visit.
b. On what legal basis is this data processed?
The processing of the data takes place on the basis of Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in providing a user-friendly, easily accessible and functional internal way for our employees and other reporters to report information about violations under the Whistleblower Protection Act. The provision of the internal reporting channel itself corresponds to a legal obligation to which we as an employee are subject under the Whistleblower Protection Act, and the implementation of this obligation to provide this obligation through an online whistleblower portal corresponds to our legitimate interest in a simple internal reporting option described above.
The processing of the data takes place on the basis of Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in providing a user-friendly, easily accessible and functional internal way for our employees and other reporters to report information about violations under the Whistleblower Protection Act. The provision of the internal reporting channel itself corresponds to a legal obligation to which we as an employee are subject under the Whistleblower Protection Act, and the implementation of this obligation to provide this obligation through an online whistleblower portal corresponds to our legitimate interest in a simple internal reporting option described above.
c. Are there other recipients of the personal data besides the responsible person?
The parties mentioned under point 2 "System providers" have a theoretical possibility to view the personal data collected and processed by us about https://boll.online-hinweisgeber.de/en . However, access is expressly not contractually provided for or even excluded and is secured by an order processing contract in accordance with Art. 28 GDPR. During transmission, there is a TLS end-to-end encryption of the data, including the metadata of files, whereby neither system operators nor third parties have access to the encryption key.
The identity of a whistleblower may only be disclosed in the company to the persons responsible for receiving reports or taking follow-up measures and the persons assisting them in the performance of these tasks. Disclosure to law enforcement or other authorities will only take place if we are obliged to do so, e.g. by official or court order, Otherwise, the identity of the whistleblower will only be passed on with their prior, express consent.
The parties mentioned under point 2 "System providers" have a theoretical possibility to view the personal data collected and processed by us about https://boll.online-hinweisgeber.de/en . However, access is expressly not contractually provided for or even excluded and is secured by an order processing contract in accordance with Art. 28 GDPR. During transmission, there is a TLS end-to-end encryption of the data, including the metadata of files, whereby neither system operators nor third parties have access to the encryption key.
The identity of a whistleblower may only be disclosed in the company to the persons responsible for receiving reports or taking follow-up measures and the persons assisting them in the performance of these tasks. Disclosure to law enforcement or other authorities will only take place if we are obliged to do so, e.g. by official or court order, Otherwise, the identity of the whistleblower will only be passed on with their prior, express consent.
d. How long is the data stored?
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the provision of an online portal, this is the case when the respective session has ended.
The log files are stored for a maximum of 7 days and are directly and exclusively accessible to external administrators of the portal operator. After that, they are only available indirectly via the reconstruction of backups and are permanently deleted after a maximum of four weeks. Any further storage is possible, but in this case the IP address of the user will be deleted or alienated by us, so that an assignment of the calling client is no longer possible and the data contained no longer has any personal reference.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the provision of an online portal, this is the case when the respective session has ended.
The log files are stored for a maximum of 7 days and are directly and exclusively accessible to external administrators of the portal operator. After that, they are only available indirectly via the reconstruction of backups and are permanently deleted after a maximum of four weeks. Any further storage is possible, but in this case the IP address of the user will be deleted or alienated by us, so that an assignment of the calling client is no longer possible and the data contained no longer has any personal reference.
Data collected and (further) processed by a whistleblower during and on the basis of a personalized report in the online whistleblower portal (personalized report)
e. Which data is processed and for what purpose?
The whistleblower portal is our internal reporting office. You can use the displayed registration form to report information to them about violations of laws or company rules that you have obtained in the run-up to or in connection with your professional activity with our group of companies or vis-à-vis us.
e. Which data is processed and for what purpose?
The whistleblower portal is our internal reporting office. You can use the displayed registration form to report information to them about violations of laws or company rules that you have obtained in the run-up to or in connection with your professional activity with our group of companies or vis-à-vis us.
When submitting a personalized report, the following personal data will be processed:·
- the Bollfilter Group company to which your report relates,
- surname and first name,
- Relationship of the whistleblower to us or another company of the Bollfilter Group,
- e-mail address,
- Texts of information given and information communicated in this context.
- Communication with the whistleblower as well as internal and external stakeholders.
- the Bollfilter Group company to which your report relates,
- surname and first name,
- Relationship of the whistleblower to us or another company of the Bollfilter Group,
- e-mail address,
- Texts of information given and information communicated in this context.
- Communication with the whistleblower as well as internal and external stakeholders.
If you send such a report to our internal reporting office, you will receive an acknowledgement of receipt within 7 days to the e-mail address with which you made the report or which you provided to us. At the latest another 3 months later, you will receive feedback that includes the notification of planned and already taken follow-up measures as well as their reasons.
The personal data transmitted with the report (data of the whistleblower) will be stored with the report within the whistleblowing system. This data will only be used to process your report. The purposes of the processing are therefore to enable the transmission of the acknowledgement of receipt as well as to maintain contact with you as the whistleblower and, if necessary, to be able to request further information.
The Internal Reporting Office checks all incoming reports to determine whether they fall within the material scope of the Whistleblower Protection Act and whether they are valid in order to take appropriate follow-up measures (such as conducting internal investigations or handing over the procedure to the competent department or authority). In doing so, the identity of the reporting person shall be known only to the persons responsible for receiving reports or taking follow-up actions and the persons assisting them in carrying out those tasks.
f. On what legal basis is this data processed?
The processing of the data takes place on the basis of Art. 6 para. 1 lit. c GDPR to fulfil our legal obligations under the Whistleblower Protection Act, to which we as a company are subject, whereby § 10 HinSchG expressly permits the processing of personal data required for this purpose.
The processing of the data takes place on the basis of Art. 6 para. 1 lit. c GDPR to fulfil our legal obligations under the Whistleblower Protection Act, to which we as a company are subject, whereby § 10 HinSchG expressly permits the processing of personal data required for this purpose.
According to § 12 paragraph 1 sentence 1 HinSchG, we as an employer are obliged to set up and operate at least one internal office to which employees can turn in order to report information about violations that are subject to the material scope of application of the Whistleblower Protection Act that they have obtained in the run-up to or in connection with their professional activity. With our online portal, we provide our employees and other persons entitled to report such an internal reporting channel and process the information reported in accordance with §§ 10, 13 ff HinSchG.
Until the aforementioned Whistleblower Protection Act (HinSchG) comes into force, we rely on our legitimate interests within the meaning of Art. 6 paragraph 1 sentence 1 lit. f GDPR as described in Section 3 of the introduction of this data protection information as the legal basis for data processing.
g. Are there other recipients of the personal data besides the controller?
The parties mentioned under point 2 "System providers" have a theoretical possibility to view the personal data collected and processed by us about https://boll.online-hinweisgeber.de/en. However, access is expressly not contractually provided for and can only take place in the context of technical support processing on our express instructions, which are secured by an order processing contract in accordance with Art. 28 GDPR. With each transmission, there is a TLS end-to-end encryption of the data, including the metadata of files, whereby neither system operators nor third parties have access to the encryption key.
h. How long is the data stored?
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of personal data transmitted to us in the context of a personal report, this is the case if the respective
The parties mentioned under point 2 "System providers" have a theoretical possibility to view the personal data collected and processed by us about https://boll.online-hinweisgeber.de/en. However, access is expressly not contractually provided for and can only take place in the context of technical support processing on our express instructions, which are secured by an order processing contract in accordance with Art. 28 GDPR. With each transmission, there is a TLS end-to-end encryption of the data, including the metadata of files, whereby neither system operators nor third parties have access to the encryption key.
h. How long is the data stored?
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of personal data transmitted to us in the context of a personal report, this is the case if the respective
Communication with the whistleblower has ended. The conversation is terminated when the circumstances indicate that the facts in question have been definitively resolved. From this point in time (usually with the provision of feedback to the whistleblower), the processing of this data can be restricted. However, deletion is only considered after expiry of the respective retention obligation.
All reports received by the reporting office must be documented in a permanently retrievable manner in compliance with the confidentiality requirement of the Whistleblower Protection Act, whereby this documentation is deleted 3 years after completion of the procedure.
Rights of data subjects
a. Right of access
In accordance with Article 15 GDPR, you may request information about the personal data processed by us.
b. Right to rectification
If the information concerning you is not (or no longer) correct, you can request correction in accordance with Article 16 GDPR. If your details are incomplete, you can request that they be completed.
c. Right to erasure
In accordance with Article 17 GDPR, you have the right to have your personal data deleted.
d. Right to restriction of processing
In accordance with Article 18 GDPR, you have the right to demand restriction of the processing of your personal data if the conditions are met.
a. Right of access
In accordance with Article 15 GDPR, you may request information about the personal data processed by us.
b. Right to rectification
If the information concerning you is not (or no longer) correct, you can request correction in accordance with Article 16 GDPR. If your details are incomplete, you can request that they be completed.
c. Right to erasure
In accordance with Article 17 GDPR, you have the right to have your personal data deleted.
d. Right to restriction of processing
In accordance with Article 18 GDPR, you have the right to demand restriction of the processing of your personal data if the conditions are met.
e. Right to lodge a complaint
If you believe that the processing of your personal data violates data protection law, you have the right to complain to a data protection supervisory authority of your choice pursuant to Article 77 (1) GDPR. This also includes the data protection supervisory authority responsible for the controller: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Postfach 20 04 44, 40102 Düsseldorf, 0211/38424-0, poststelle@ldi.nrw.de.
If you believe that the processing of your personal data violates data protection law, you have the right to complain to a data protection supervisory authority of your choice pursuant to Article 77 (1) GDPR. This also includes the data protection supervisory authority responsible for the controller: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Postfach 20 04 44, 40102 Düsseldorf, 0211/38424-0, poststelle@ldi.nrw.de.
f. Right to data portability
In the event that the requirements of Article 20 (1) GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract disclosed to you or to third parties. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6 para. 1 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR, but are justified under Art. 6 para. 1 lit. f GDPR and therefore do not meet the requirements for data portability.
In the event that the requirements of Article 20 (1) GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract disclosed to you or to third parties. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6 para. 1 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR, but are justified under Art. 6 para. 1 lit. f GDPR and therefore do not meet the requirements for data portability.
Right to object pursuant to Article 21 (1) of the GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data by us in accordance with Article 6 (1) (f) GDPR, i.e. processing that we base on our legitimate interests. The controller will then no longer process the personal data unless he demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is carried out for the establishment, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data by us in accordance with Article 6 (1) (f) GDPR, i.e. processing that we base on our legitimate interests. The controller will then no longer process the personal data unless he demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing is carried out for the establishment, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.
Changes and updates to the Privacy Policy
We reserve the right to update our Privacy Notice from time to time if changes in the data processing we carry out make this necessary or if the legal framework or its interpretation and application practices that form the basis of our data processing change.
We reserve the right to update our Privacy Notice from time to time if changes in the data processing we carry out make this necessary or if the legal framework or its interpretation and application practices that form the basis of our data processing change.
We therefore ask you to inform yourself at regular intervals about the content of our data protection information.