Written reports by post to:
atarax Unternehmensgruppe, Luitpold-Maier-Str. 7, D-91074 Herzogenaurach
At the request of the whistleblower, it is also possible to report via these channels within a
reasonable
period of time in the context of a confidential personal meeting
.
Rules of procedure for the complaints procedure pursuant to § 8 of the Supply Chain Due Diligence Act (LkSG)
I. Purpose and scope of application
The law on corporate due diligence to prevent human rights violations in
supply chains (Supply Chain Due Diligence Act – LkSG), which came into force on January 1, 2023, is intended
to better protect human rights and the environment in the global economy. To meet these objectives
, we have established an effective complaints procedure in accordance with § 8 LkSG. This is intended to
LkSG should be avoided or recognized at an early stage in order to avoid possible negative consequences for those
affected
. Through the complaints procedure, business partners, customers and other third parties can
provide information on violations of human rights and environmental obligations and the associated risks,
anonymously if desired. Human rights obligations include, among other things, the prohibition of
child labor, protection against slavery and the prohibition of disregard for occupational safety. The
environmental aspects include, on the one hand, substances that pose a risk to people and the environment and, on
the
other hand, actions or circumstances that may lead to human rights violations. In
the following, we have described the reporting channels, responsibilities and the exact procedure for a
report.
II. Reporting channels
In order to guarantee the greatest possible protection for whistleblowers and those affected, we have set up an
independent
confidential reporting office, the atarax group of companies.
The following communication channels are available to ensure complete confidentiality:
Whistleblower telephone hotline: +49 160 96210839 (Monday - Friday, 8:30 a.m. - 5:00 p.m.,
except on public holidays)
Written reports by post to:
atarax Unternehmensgruppe, Luitpold-Maier-Str. 7, D-91074 Herzogenaurach
At the request of the whistleblower, it is also possible to report via these channels within a
reasonable
period of time in the context of a confidential personal meeting
.
III. Procedure
The following is a description of the exact procedure for reporting a case.
a) Receipt of the report
After the report has
been received,
the person providing the information will receive confirmation of receipt from the reporting office within the
specified time. This also applies to
case of an anonymous report by post, provided that a reporting channel intended for the submission of anonymous
reports
is used, e.g. via a third party (lawyer or authorized person), or another anonymous
contact option is provided.
b) Examination,
clarification of the facts and remedial measures
The report is then carefully checked for
plausibility. If further information is required, the reporting office will, if possible,
contact the person providing the information in order to obtain further information.
If
concrete evidence of a violation, an internal investigation may be initiated, as well as
other appropriate follow-up or remedial measures (e.g. improvement of internal processes)
.
The information will be processed in a fair and confidential manner, in particular
with regard to the identity of the person providing the information, and in compliance with data protection
requirements
. Furthermore, the principle of proportionality is observed.
Discrimination or
punishment of the person providing the information due to a complaint about an actual or suspected violation
will not be tolerated. For this purpose, we have set up an independent reporting office and the
possibility to make an anonymous report.
If possible, contact will be maintained with the persons providing
the information
possible, contact is maintained with the persons providing the information in accordance with the respective legal
requirements and, if necessary, the facts of the case are
discussed. In addition, the persons providing the information are informed in a timely manner about the progress of
the proceedings.
Information provided is only passed on to those persons who must be involved in the processing of the report
to the extent that this is absolutely necessary for the investigation of the facts.
All incoming
information is documented, stored and deleted in accordance with the legal provisions.
c) Effectiveness control
Our
complaint procedure is regularly reviewed for effectiveness and improved as necessary.
Transparency and information obligations for whistleblowers and other persons involved in the matter
within the framework of the whistleblower system according to the General Data Protection Regulation (GDPR)
With this document, we would like to inform you about the processing of your personal data by ORTLIEB
Sportartikel GmbH and all participating companies and the rights to which you are entitled under data protection law
.
Responsible body/data protection
The responsible body for data processing is the respective participating company to which the report
refers.
If you make a report via our whistleblowing system, the personal data you provide will
be processed in order to be able to process your report and, if necessary, take further action. You
the option of making anonymous reports. Which personal data is processed
depends on the content of your report.
We may process your personal data if you are an accused person or otherwise involved in the matter
in order to check the report made via the whistleblower system and to investigate the alleged
compliance and legal violations. The data processed in this context depends on the
specific report in each case and also on the information provided by the whistleblower about you, for example.
The following data may be processed in this context, for example:
Contact details (e.g. private address, mobile and landline numbers if applicable,
email address)
Master data (surname, first name, name affixes, date of birth)
Photos/video recordings
Time recording data
Special types of personal data:
health data
Purposes and legal basis for data processing
When processing your personal data, the provisions of the GDPR, the BDSG and all other
legal provisions (such as the BetrVG, ArbZG, etc.) are always complied with.
If you are a reporting person, your data will be processed on the basis of the information you provide voluntarily
and
in accordance with the statutory provisions of the Whistleblower Protection Act, Art. 6 para. 1 sentence 1 lit. a,
lit. c GDPR
in conjunction with Section 10 of the German Whistleblower Protection Act (HinSchG) and, if you are employed by us,
in accordance with Article 88 of the GDPR in conjunction with Section 26(2) of the German Federal Data Protection
Act (BDSG).
If we provide the whistleblower system without being legally obliged to do so, the
processing of your data is based on Article 6(1)(1)(f) of the GDPR.
In addition, we process your personal data as the data subject, insofar as this is necessary to safeguard the
legitimate
interests of the company or a third party (Art. 6 para. 1 lit. f, lit. c DS-GVO in conjunction with § 10
HinSchG or § 130 OWiG). We have a legitimate interest in processing personal data for the
prevention and detection of violations and abuses reported via the whistleblower system. In addition,
your personal data is processed to the extent necessary to fulfill legal obligations.
Storage period of the data
As soon as your data is no longer required for the above-mentioned purposes and there are no further
storage obligations, they will be deleted.
Recipients of the data/categories of recipients
In our company, we ensure that only those persons receive your data who need it to process the
information submitted via the whistleblower system.
The internal reporting office is taken over by atarax. Further information on the processing of your data can be
found
at https://www.atarax.de/de/datenschutz.
In addition, service providers (e.g. IT service providers) support us in certain cases in fulfilling our tasks.
The necessary data protection agreements have been concluded with all service providers.
Depending on the focus of the report and in order to effectively initiate follow-up measures, the
personal data may be passed on to our relevant specialist departments.
Furthermore, in certain cases prescribed by law, we are obliged to pass on certain information to
agencies, such as investigative authorities.
Transfer to third countries/intended transfer to third countries
Data will only be transferred to third countries (outside the European Union or the European Economic Area)
if this is absolutely necessary for processing the report, if it is required by law or
if you have given us your consent to do so.
We do not (currently) transfer your personal data to any service providers or group companies outside
the European Economic Area.
Rights of the data subject
The rights of you as the data subject are standardized in Articles 15 – 22 of the GDPR.
This includes:
The right of access (Article 15 of the GDPR)
The right to rectification (Art. 16 GDPR)
The right to erasure (Art. 17 GDPR)
The right to restrict processing (Art. 18 GDPR)
The right to object to processing (Art. 21 GDPR)
The right to data portability (Art. 20 GDPR)
If you have voluntarily provided data as a reporting person, you can revoke your consent to any
data processing at any time with effect for the future. To revoke your consent and to assert the
other rights, please contact: compliance@atarax.de. The same applies if you
have questions about data processing in our company. You can also lodge a complaint against data processing
with a data protection supervisory authority.
If we process your data to safeguard legitimate interests, you can object to this processing at any time for reasons
that
arise from your particular situation, you can object to this processing at any time.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds
for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense
of legal claims
.
Automated individual decisions
We do not use purely automated processing to make a decision.