EAG

WHISTLEBLOWER SYSTEM

Whistleblower System



Whistleblower System of Energieanlagen Greifswald GmbH



General Information


The following information provides a simple overview of what happens to your personal data when you use our whistleblower system. We ensure compliance with laws and regulations through an appropriate compliance organization, legally secure processes, and other measures for the prevention and response to possible rule violations. To achieve this, we have introduced a reporting system. Our employees (including applicants and interns), shareholders, as well as employees of contractors, subcontractors, and suppliers can use the whistleblower system to report information about possible violations of legal requirements or internal regulations ("report") and contribute to their clarification and prosecution.

1. Controller


Responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:

Energieanlagen Greifswald GmbH
Eckhardsberg 5
17498 Greifswald

2. Hosting


This website is hosted by an external service provider (host). The personal data collected on this website is stored on the servers of the host. This includes the data you enter into the system; other data (log files such as IP address, location, used browser, etc.) is not collected. The use of the host is for the fulfillment of legal requirements (Art. 6 Para. 1 lit. c GDPR) and in the interest of a secure, fast, and efficient provision of our whistleblower system by a professional provider (Art. 6 Para. 1 lit. f GDPR). Our host will process your data only to the extent necessary to fulfill its obligations and will follow our instructions regarding this data. We have concluded a contract for order processing with our host to ensure the data protection-compliant processing.

3. Type and Scope of Data Processing


When you submit reports through the whistleblower system, your information from the form, including the contact details provided by you, will be stored for processing the request and for follow-up questions if necessary. To submit a report, you must enter at least a brief description of the incident; all other information is voluntary. After receiving a report, we are obligated to review it and, if necessary, initiate follow-up measures. In the course of this process, we may, under certain circumstances and in compliance with legal requirements, process additional data to clarify the incident.

4. Purpose and Legal Basis


Your data will be processed for the following purposes, based on the following legal bases:

5. Storage Duration


We will store your data until the clarification of the respective incident. Legal provisions, especially retention periods, remain unaffected.

6. Disclosure of Data


We will only disclose your data if there is a legal basis for this. In the course of the clarification process and for initiating follow-up measures, the data may be forwarded to the following recipients:

7. Data Subject Rights


Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke previously given consent at any time. The legality of the data processing carried out before the revocation remains unaffected.

Right to Object to Data Collection in Special Cases (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data for reasons that arise from your particular situation, including profiling based on these provisions. The respective legal basis on which a processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data affected unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims (objection under Art. 21 Para. 1 GDPR).

Right to Lodge a Complaint with the Supervisory Authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work, or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.

Information, Deletion, and Correction
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing at any time, as well as a right to correction or deletion of this data. For this purpose and for further questions about personal data, you can contact us at any time using the address provided in the legal notice.

Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time using the address provided in the legal notice. The right to restrict processing exists in the following cases:
If you have restricted the processing of your personal data, this data may only be processed – apart from its storage – with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

Profiling
Automated decision-making, including profiling, does not take place.

Submit a Report:
Please note the following:
Please send your report to:
compliance@eag-mv.de