PRIVACY POLICY – WHISTLEBLOWING SYSTEM
(Updated: 12.12.2023)
PURPOSE OF THIS PRIVACY POLICY:
This Privacy Policy describes which personal data is collected when you use our whistleblowing system SecuReveal (“whistleblowing system“) and how we process this data as the responsible party.
This data protection declaration is addressed to every user of the whistleblower system as well as to potential suspects, witnesses or other third parties named in reports (each “Data subject“).
We process personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and the applicable national data protection laws. Unless otherwise defined in this Privacy Policy, the terms used herein have the same meaning as in the GDPR.
RESPONSIBILITY
QMD Services GmbH
Zelinkagasse 10/3
1010 Vienna, Austria
WHAT PERSONAL DATA WE COLLECT AND FOR WHAT PURPOSES WE USE IT
We process personal data in order to provide you with information about the whistleblower system and to enable the submission and processing of submissions via the whistleblower system.
The following statements are intended to inform you about how we process personal data about you via the whistleblower system and for what lawful purposes we may use it.
Website security
When you visit the whistleblower system via our website, your browser automatically transmits your IP address and other information about the system you are using (such as the browser you are using and the browser version). The processing of this data is necessary in order to make our website available to you correctly on your respective device. The firewall of our processor checks this connection data through automatically generated log files in order to recognise and prevent harmful attacks on our system.
Legal basis: Article 6 (1) (f) GDPR – legitimate interest in maintaining the functionality, stability and security of our website.
Receiving reports via the whistleblower system
The whistleblower system is designed to guarantee whistleblowers the highest possible level of data protection. The whistleblower system can be used anonymously without providing personal data, so that the anonymity of the whistleblower can be fully preserved when submitting a report.
Data is transmitted exclusively using SSL encryption in order to guarantee the security of the data provided by the whistleblower. We do not use any tracking tools or third-party cookies on the website.
The whistleblower system uses special encryption methods to ensure that only the respective whistleblower and our responsible compliance officers have access to the report provided. The data contained in the report is therefore only forwarded within our company to the relevant compliance officer; it is not forwarded to third parties in any other way (with the exception of any forwarding to the competent authorities or courts as well as auditors for further investigation of the facts on which the report is based). In particular, there is no possibility of access to data within the report by our processors.
Depending on the data you provide to us, we process the following personal data:
Legal basis: Art 6 (1) (c) GDPR – fulfilment of a legal obligation, namely the providing of an internal whistleblower system pursuant to Section § 8 in conjunction with Section § 11 of the Whistleblower Protection Act (“HSchG”).
You can also submit reports via our whistleblower system without disclosing your identity. In this case, you will remain anonymous.
Cookies
This website also uses cookies. These are small text files that are stored on your device when you visit our website and store certain information about you.
We only use technically necessary cookies on this website, which are necessary to ensure the proper functionality of the website and the whistleblower system. The use of technically necessary cookies is possible without your consent. However, you can deactivate these cookies at any time via your browser settings.
Legal basis: Article 6 (1) (f) GDPR – legitimate interest in the proper provision of the website and the whistleblowing system.
The following technically necessary cookies are set on the website:
Cookie Name |
Purpose |
Storage duration |
PHPSESSID |
This cookie is necessary to manage your running session. |
Session |
RECIPIENTS OF YOUR PERSONAL DATA
We may disclose your personal data to the following recipients for the above-mentioned purposes:
Your data will only be processed within the EEA and will therefore not be transferred to a third country.
HOW LONG WE STORE YOUR DATA FOR
Log files (see point 3.3 above) are generally stored for a period of three (3) months. Beyond this period, log files are only stored for the purpose of investigating irregularities or security incidents in our systems. For the storage period of cookies, see point 3.4 above.
In general, we only store your personal data for as long as is necessary to fulfil the purpose for which it was collected. Once a report has been investigated, any personal data contained therein will be deleted within 6 months of the end of the investigation, unless investigations lead to disciplinary, legal or regulatory action.
Secondary technical data (IP address of access to the whistleblower system) is processed exclusively in the processor’s firewall and deleted after 24 hours.
YOUR RIGHTS AS A data subject
As a data subject, you have the following rights in particular under the legally defined conditions in accordance with Art. 15 – 21 GDPR with regard to your personal data:
We do not process your personal data for the purpose of making decisions based solely on automated processing, including profiling, which produces legal effects concerning you (Art. 22 GDPR).
To exercise any of the above rights, please send an email to Datenschutz(at)qmdservices.com. You also have the right to file a complaint with the competent supervisory authority if you believe that we have violated your data protection rights or have not adequately implemented your data subject rights. For Austria: Austrian Data Protection Authority, Barichgasse 40-42, A-1030 Vienna, www.dsb.gv.at
UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect legal, technical or business changes. When we update this Privacy Policy, we will take reasonable steps to notify you of the changes made. The date of the “last update” can be found at the beginning of this privacy policy.
OUR CONTACT DETAILS
If you have any questions or other concerns regarding the processing of your personal data by us, please contact Datenschutz(at)qmdservices.com.
Our business address is:
QMD Services GmbH
Zelinkagasse 10/3
1010 Vienna, Austria
Good To Know
QMD Services GmbH
Headquarters
Zelinkagasse 10/3
1010 Vienna, Austria
Tel.: +43 1 533 0077
Operations Office
Am Winterhafen 1
4020 Linz, Austria
Phone
+43 1 5330077
office(at)qmdservices.com