1. About us
2. Personal data processed by us
In principle, the whistleblower system internal hotline can be used - to the extent permitted by law - without providing your personal data. However, you can voluntarily disclose your personal data as part of a whistleblowing procedure. This applies in particular to information about your identity, such as your first and last name, country of residence, telephone number and e-mail address.
In principle, we do not request or process any special categories of personal data (so-called sensitive data or particularly sensitive personal data), such as information about your ancestry or ethnic origin, your religious and/or ideological beliefs, your membership in trade unions or your sexual orientation. However, you may voluntarily disclose such special categories of personal data when contacting us.
Your statement may also contain personal data of third parties to which you refer. The data subjects will be given the opportunity to comment on this information. In this case, we will inform the data subjects about the declaration. In doing so, however, we will ensure confidentiality, as the data subject will not receive any information about your identity - to the extent permitted by law. Your information will therefore be used while maintaining your anonymity.
3. Purpose and legal basis of processing
You can contact us via the internal whistleblower system to report compliance or legal violations. We process your personal data to review your report via the whistleblower system and to investigate suspected compliance or legal violations. In this context, we may have questions for you. For this purpose, we will communicate with you exclusively via the whistleblower system internal reporting office - unless you have expressly consented to other forms of communication. The confidentiality of the information you provide is our highest priority and is therefore guaranteed.
Your personal data will be processed in accordance with and on the basis of your consent when making a report via the whistleblowing system internal hotline - (Article Ab. 1, letter a GDPR). Furthermore, we process your personal data to the extent necessary to comply with our legal obligations. This relates in particular to the reporting of matters relevant under criminal law, competition law and employment law (Article 6, Ab. 1, Letter c GDPR). Your personal data will also be processed if this is necessary to safeguard the legitimate interests of CYBERLEGIS, our client or a third party (Article 6, Ab. 1, Letter f GDPR). We have a legitimate interest in processing personal data to prevent and detect breaches within our client's companies, to check the lawfulness of internal procedures and to protect their integrity.
If you provide us with special categories of personal data (e.g. sensitive data), we process them on the basis of your consent (Article 9, Paragraph 2, Letter a GDPR).
We intend to use your personal data only for the purposes stated above. Otherwise, we will obtain your prior consent.
4. Technical execution and security of your data
The whistleblower system internal hotline offers the possibility of anonymous communication. Your
CYBERLEGIS takes appropriate technical and organizational measures to ensure data protection and confidentiality and continuously adapts them to the advancing technical development. The data you provide is also stored in a specially secured database, ensuring client separation. CYBERLEGIS encrypts all data stored in the database according to the latest state of the art.
5. Disclosure of personal data
CYBERLEGIS is an internationally active law firm operating in various countries within and outside the European Union. All legal regulations for compliance with the GDPR are adhered to by CYBERLEGIS according to the state of the art.
The stored data can only be processed by specially authorized persons within CYBERLEGIS. All persons authorized to review data expressly undertake to maintain confidentiality.
In order to fulfill the above purpose, it may be necessary for us to share your personal data with external entities inside and outside the European Union, such as law firms or law enforcement or competition authorities.
If we share your personal data within the Group or externally, internal data protection regulations and/or corresponding contractual agreements ensure a consistent level of data protection. In any case, CYBERLEGIS remains responsible for the data processing.
Finally, we disclose your personal data to our client - internal reporting office within the scope of technical execution to the extent described above. If you have any questions regarding the processing of your data, please contact CYBERLEGIS at email@example.com.
6. Duration of storage
We store personal data as long as this is necessary for the processing of your message or as long as we have a legitimate interest in storing your personal data. Storage may also take place in order to comply with legal obligations, such as storage obligations, if this is provided for under European or national laws. All personal data will then be deleted, blocked or anonymized.
7. Your rights
If you have provided us with your personal data, you have the right to information, rectification and erasure with regard to this personal data. You may also restrict the processing or request that it be transferred to another controller. Furthermore, you are entitled at any time to refuse the processing of your personal data for reasons related to your particular situation. You are entitled to revoke your consent at any time. If you revoke your consent, this will not affect the lawfulness of the processing carried out until then on the basis of the consent.
You exercise these rights by notifying the CYBERLEGIS data protection team at firstname.lastname@example.org. If you exercise your right to rectification, erasure or restriction of your personal data, we are obliged to inform all recipients to whom we have disclosed your personal data about this rectification, erasure or restriction of processing, unless this is impracticable or involves an unreasonable effort. CYBERLEGIS will inform you of these recipients upon request.
Finally, if you consider that the processing of your personal data infringes the GDPR, you are entitled, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the member state or federal state of your residence, workplace or the alleged infringement.