Privacy policy

Privacy Policy Whistleblower System

We are pleased that you are visiting the internal reporting office of your organization. The Althammer & Kill GmbH & Co. KG has been commissioned to take over the tasks of the internal reporting office according to HinSchG. Its simplified purpose is to receive reports of rule violations in your organization, to check them for plausibility, to investigate the facts of the case, and to provide a final report with recommendations for measures to be taken by your organization. In this context, we process your personal data. Personal data is all data that can be directly or indirectly related to you personally.

Person responsible for data processing

Responsible person according to Article 4 (7) General Data Protection Regulation (GDPR) is Althammer & Kill GmbH & Co. KG, see also and

Assigned Service Provider:
For the provision of the system, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, for supporting application software (Exchange-Online) Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, Ireland as an order processor. Data will only be viewed by them to the extent necessary and required.

Contact details of external data protection officer:
Mark Rüdlin
Lerchenstr. 28, 22767 Hamburg
Telefon +49 40 69797280
Telefax +49 40 69797290

Informational use

For the informational use of our websites, we only collect the personal data that your browser automatically transmits to us, such as:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • the amount of data transferred in each case and the access status (file transfered, file not found, etc.)
  • Web page from which the request comes
  • Browser type / version / language
  • Operating system and its interface
  • Language and version of your browser.

Storage period:
No personal data is stored, as the second half of the IP is omitted. An identification of the computer or the user is excluded in this way. The anonymous data is deleted after 30 days.

Legal basis of data processing:
The above data is technically necessary to display our websites and to ensure stability and security, according to Article 6 (1) (f) GDPR.

Whistleblower system

Use of the whistleblower system is voluntary. However, please note that the information you share about yourself, other employees, customers, suppliers and other cooperation partners may lead to corresponding consequences for those reported. Therefore, please deliberately share only information that is accurate and complete to the best of your knowledge.

In doing so, we process the data that you provide to us: Your name and contact details, the name and other details of reported persons, more detailed circumstances of the report including the specific or general facts, observed misconduct including circumstances relevant under criminal law, details of time, place and date. In the reporting form itself, the correct organization must be selected, the subject line and the field Your message to us. In addition, you can upload files such as pdf, png, and jpg. Furthermore, in the course of further processing, there may be further storage of questions and answers to the facts of the case, if necessary, data on natural persons.

The data is primarily processed by the ombudsperson in accordance with § 17 HinSchG. You will receive feedback within the statutory time limits. This is usually followed by an investigation of the facts or other follow-up measures are taken in accordance with § 18 HinSchG. This also involves the exchange of personal data with the organization. Access to data is strictly limited to those persons who really need to have access; the need-to-know principle applies. Access is only ever granted if it is necessary and required, or if mandatory legal regulations require transfer or disclosure to authorized bodies.

Storage period:
The data in the whistleblower system is only stored for as long as necessary and required, at the latest three years after the conclusion of the procedure pursuant to Section 11 (5) HinSchG. If mandatory legal provisions stipulate a longer storage period or if a longer period is necessary in individual cases due to legitimate interests, this principle may be deviated from.

Legal basis of data processing:
The legal basis for the processing of your personal data is Article 6 (1) (c) and (f) GDPR in conjunction with. § 10 HinSchG. The legitimate interest is the investigation of reported violations.

Your rights

You have the following rights with respect to us regarding personal data concerning you:

  • Right to information,
  • Right to rectification or deletion,
  • Right to restriction of processing,
  • Right to data portability,
  • Right to complain to a supervisory authority.

Right of objection

Insofar as we base the processing of your personal data on the balance of interests (legal basis is then Article 6 (1) (f) GDPR), you can object to the processing. This is the case if the processing is not necessary for the fulfillment of a contract with you, which is addressed by us in each case in the explanation of the individual data processing and functions on our websites further up in this privacy policy. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds based on which we will continue the processing.

How to contact us regarding your rights

To exercise your rights, you can contact us at any time. The best way to do this is to use the following contact details:

Data security

We use technical and organizational security measures to protect personal data that we receive or collect, against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments. The transmission of your personal data is encrypted using SSL technology (https) to prevent access by unauthorized third parties.