Recipients of the data
Within the EU
Within our company, those internal offices or organisational units receive your data that need it to achieve the above-mentioned purposes, in particular the investigation of reported compliance violations. In addition, within our group of companies, all findings and reports in connection with compliance reports are consolidated in order to be able to check them for specific patterns across countries. Only facts without personal reference are used for this purpose. We store all reports in our database, which is also used for passing on data to official databases. We will only pass on data in such a way that a direct conclusion to your person is not possible (pseudonymised). We do not transfer any data beyond the cases listed above. We use a specialised service provider as a so-called ombudsman to record and process reports of compliance violations in accordance with legal and internal requirements. Your data is subject to the same security standards there as it is with us. The data may only be used within the framework of the contractual agreement, to the extent absolutely necessary and for the purposes specified by us.
Outside the EU
We transfer data to countries outside the EEA, so-called third countries. The transfer takes place for the fulfilment of our contractual and legal obligations or on the basis of a previously granted consent of the data subject. In addition, data is transferred in compliance with the applicable data protection laws, in particular in consideration of Art. 44 et seq. GDPR, e.g. on the basis of adequacy decisions issued by the European Commission or other suitable guarantees (e.g. standard data protection clauses, etc.).