dc Portal
Login area
dc Marketplace
Solution finder
dc Docs
Software manual
dc Brandshop
Brand webshop
dc AG
Von-Linde-Str. 11
95326 Kulmbach
Germany
About us
Customer Service
service@dc.ag
+49 9221 9652-100
Customer Login
Contact
hello@dc.ag
+49 9221 9652-100
Say hello

Whistleblower System

We use the Trusty whistleblower system to securely and confidentially receive and process information about suspected violations to the detriment of the organization.

Go to the whistleblower system at dc.trusty.report
Information Obligation within the Whistleblower System
The following section contains information about the collection, processing, and use of personal data in connection with the whistleblower system. The processing of personal data within Trusty is based on the legitimate interest of the organization in detecting and preventing violations and the associated avoidance of damages and liability risks for the organization. If a report concerns an employee of the organization, processing also serves to prevent criminal offenses or other legal violations in connection with the employment relationship.
Data Protection Information according to Art. 13, 14 GDPR
Your personal data according to Art. 4 No. 1 GDPR includes all information that relates to or can be related to you. The following information informs you about the processing of your data within the scope of whistleblower management.

1. Name and Contact Details of the Responsible Entity

The data controller in terms of data protection law is dc AG Von-Linde-Str. 11 95326 Kulmbach. You can find more information about our company, details of the authorized representatives, and further contact options in our legal notice on our website: www.dc.ag/en/imprint
 

2. Our Data Protection Officer 

We have appointed a data protection officer in our company. 
You can reach them at the following contact details:

ITs Hein GmbH
Andreas Hein
Kulmbacher Str. 27b
95460 Bad Berneck
E-Mail: info@dc.ag
 

3. Collection and Storage of Personal Data; Type, Purpose, and Use

3.1 Categories of Personal Data
In principle, the use of the whistleblower system is – as far as legally permissible – possible without providing personal data. However, you may voluntarily disclose personal data during the whistleblower process, in particular:
  • Identity information
  • First and last name
  • Residence
  • Contact details such as telephone number or e-mail address
  • Content data
  • Meta/communication data
  • any other data provided
As a rule, we do not request or process special categories of personal data, e.g. information on racial and/or ethnic origin, religious and/or ideological beliefs, trade union membership, or sexual orientation. However, due to free text fields in the reporting form, such special categories of personal data may be voluntarily disclosed by you. 
The information you provide may also contain personal data of third parties to whom you refer in your report. The persons concerned will have the opportunity to comment on the reports. In this case, we will inform the persons concerned about the report. Your confidentiality is maintained in this case as well, as the person concerned – as far as legally possible – will not be given any information about your identity and your report will be used in such a way that your anonymity is not compromised.

3.2 Source of Personal Data 
We collect personal data directly from the whistleblower (by provision) and from the accused person. The data is provided via an online form using the whistleblower system. 

3.3 Purpose and Legal Basis
The whistleblower system enables you to contact us and report compliance and legal violations. We process your personal data to review the report you made via the whistleblower system and to investigate the suspected compliance and legal violations. It may be necessary for us to ask you follow-up questions. For this, we use only the communication via the whistleblower system. The confidentiality of the information you provide is our top priority. 
The corresponding processing of your personal data is based on your consent given when submitting the report via the whistleblower system (Art. 6 para. 1a European General Data Protection Regulation, GDPR). 
Furthermore, we process your personal data as far as necessary to fulfill legal obligations. This includes, in particular, reports of facts relevant to criminal, competition, and labor law (Art. 6 para. 1c GDPR). 

Finally, the processing of your personal data takes place if this is necessary to protect the legitimate interests of the company or a third party (Art. 6 para. 1f GDPR). We have a legitimate interest in processing personal data to prevent and detect violations within the company, to review internal processes for their legality, and to maintain the integrity of the company.

If you disclose special categories of personal data to us, we process them on the basis of your consent (Art. 9 para. 2 lit. a GDPR). 

We also use your personal data in anonymized form for statistical purposes. 

We do not intend to use your personal data for purposes other than those listed above. Otherwise, we will obtain your prior consent. 
 

3.4 Technical Implementation and Security of Your Data

The whistleblower system provides an option for anonymous communication via an encrypted connection. After submitting a report, you will receive access data to the mailbox of the whistleblower system, so you can continue to communicate with us securely and, if desired, anonymously. 
To ensure data protection and confidentiality, we take appropriate technical measures. The data you provide is stored in a specially secured database by the provider of the whistleblower system. All data stored in the database is encrypted according to the current state of the art. 
 

3.5 Duration of Storage 

The collected data is stored as long as necessary in compliance with statutory retention periods (according to § 11 HinSchG-E: The documentation is deleted two years after the conclusion of the procedure).
 

4. Disclosure of Personal Data

Access to the stored data is only possible for specially authorized persons within the company. If necessary to fulfill the above-mentioned purpose, specially authorized persons of our affiliated companies may also be entitled to access. This is particularly the case if the investigation of your report is carried out in the affected country. All persons authorized to access are expressly obliged to maintain confidentiality. 
We only transfer your personal data for the purposes described above. In particular, your data is transferred to the following recipients:
  • Authorities: e.g. courts, law enforcement agencies
  • External reporting offices
  • Service providers we use within the framework of order processing relationships
  • Joint controllers with us
 

5. Your Rights as a Data Subject 

As a data subject, you have various rights:

Right of Withdrawal: You can revoke any consent you have given us at any time. Data processing based on the revoked consent may then no longer be continued in the future. 
 
Right of Access: You can request information about your personal data processed by us. This applies in particular to the purposes of data processing, the categories of personal data, if applicable, the categories of recipients, the storage period, if applicable, the origin of your data, and, if applicable, the existence of automated decision-making including profiling and, if applicable, meaningful information about its details. 
 
Right to Rectification: You can request the correction of incorrect or the completion of your personal data stored by us. 
 
Right to Erasure: You can request the deletion of your personal data stored by us, unless its processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims. 
 
Right to Restriction of Processing: You can request the restriction of the processing of your personal data if you contest the accuracy of the data or the processing is unlawful, but you oppose its erasure. You also have this right if we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims. Furthermore, you have this right if you have objected to the processing of your personal data. 
 
Right to Data Portability: You can request that we provide you with your personal data that you have provided to us in a structured, commonly used, and machine-readable format. Alternatively, you can request the direct transfer of the personal data you have provided to another controller, where technically feasible.
Right to Lodge a Complaint (Supervisory Authority): You have the right to complain to a data protection supervisory authority about the processing of personal data by us, e.g. if you believe that we are processing your personal data unlawfully. 

Our competent data protection supervisory authority is: 
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) 
Promenade 18, 91522 Ansbach 
Phone: +49 (0) 981 180093-0 
E-Mail: poststelle@lda.bayern.de
 

6. Your Right to Object

If we process your personal data on the basis of legitimate interests, you have the right to object to this processing. If you wish to exercise your right to object, a notification in text form is sufficient. You are welcome to write to us, send a fax, or contact us by e-mail. You can find our contact details under point 1 of this data protection notice.
 

7. Data Processing Online

Personal data, including the IP address of website visitors, is also processed via our website at dc.trusty.report. Additional data protection information can therefore be found online at www.dc.ag/en/privacy-policy