Privacy Policy


The whistleblowing system is operated by a law firm specialised in this field, Schindhelm Rechtsanwaltsgesellschaft mbH, on behalf of Schwering & Hasse Elektrodraht GmbH.

We would hereby like to inform you about how we will process your data and the information you provide via the SHWire Whistleblowing Solution. If you have any questions or suggestions regarding this data protection declaration, the processing of your data or any other concerns, please feel free to contact us at any time. 

Responsible:
Schwering & Hasse Elektrodraht GmbH
Pyrmonter Straße 3-5
32676 Lügde
Germany
E-mail: info@sh-wire.de

The data protection officer is Mr. Thomas Werning, who can be reached at the following contact details:

werning.com GmbH
Dieselstraße 12
32791 Lage
Germany
E-mail: datenschutz@synflex.de
Tel.: +49 5232 980 4700


Data processing within the internal whistleblowing system ("Whistleblowing")

You have the option of using our internal whistleblowing system. In doing so, you should not provide any personal data about yourself. Communication takes place solely via the whistleblowing system and your protected mailbox. You can access this via the link and the password generated for you, which will be displayed to you when you have submitted a whistleblowing. 

Depending on the content of your contribution, however, your message may contain personal data of third parties. Personal data that is clearly irrelevant or irrelevant to a message will not be collected or will be deleted immediately if it was collected unintentionally.

Unless you voluntarily provide personal information, you will remain anonymous to us.


Data processing on the website

When you visit our website, the following usage data is temporarily collected on the web server of the whistleblower system: 

•    IP address of the requesting computer;
•    Date and time of access; 
•    Name and URL of the retrieved file;
•    Message as to whether the call was successful;
•    Identification data of the browser/operating system used; 
•    Website from which the access was made and 
•    Name of the Internet access provider.

The data is not stored. The IP address is immediately shortened to ensure an anonymous visit to the website. 

In addition, we set a session cookie, which is technically necessary for the language settings and information about a login. This is deleted again after the session.

We secure our website with technical and organisational measures to protect your data against loss, destruction, access, modification or distribution by unauthorised third parties. For example, we use an encryption process on our website. The information you enter in your note is transmitted from your computer to our server and vice versa via the Internet using TLS (Transport Layer Security) encryption technology. You can recognise this by the closed padlock symbol in the status bar of your browser and in the address bar (https://). 


Purpose of the processing

The whistleblower system gives Synflex Group employees and also third parties the opportunity to point out grievances without themselves becoming visible. In particular, this concerns the following facts within the company: 

•    criminal offences or misconduct;
•    serious and obvious violations of applicable law and/or international agreements as well as of the Supply 
      Chain Due Diligence Act;
•    serious threats or endangerment of the public interest of which the whistleblower has personal knowledge;
•    Violation of our Code of Conduct; and 
•    threats to the health of employees.


Legal basis for the processing:

The processing of the data serves the fulfilment of a legal obligation (Art. 6 para. 1 p. 1 c) GDPR), which follows from the so-called Whistleblower Directive (Directive (EU) 2019/1937 on the protection of persons who report infringements of Union law) and national laws of the EU member states based on this (Art. 12 et seq. HinSchG). In addition, the data processing also serves to fulfil the obligations under the Supply Chain Sourcing Obligations Act to set up a complaints procedure (Art. 8 LkSG) and thus also to fulfil a legal obligation (Art. 6 para. 1 p. 1 c) GDPR).

The data processing is also carried out in the legitimate interest of the Synflex Group or the respective company to be informed about illegal and reportable events and to be able to clarify them internally (Art. 6 para. 1 p. 1 f) GDPR). This applies in particular to the processing of your data that you provide to us when reporting violations of our Code of Conduct.


Storage periods

The notifications are checked and answered within the legally specified time limits. The deletion of the data depends on the result of the examination: 

  1. Personal data that are obviously not relevant or unsubstantiated for the processing of a specific notification are not further processed and deleted immediately.
  2. Check revealed no violation: deletion without delay, as a rule within 2 weeks after the check has been completed.
  3. Check revealed a violation to be clarified internally: deletion immediately after clarification, as a rule within 4 weeks after final internal clarification of the case. 
  4. Examination resulted in cause for the initiation of official or legal proceedings (e.g. through criminal charges or application for the issuance of a temporary injunction): with the legally binding conclusion of the proceedings, whereby the retention periods are determined according to the respective applicable legal regulations. In Germany, periods of up to 30 years may apply to the retention of notices and judgments. In the event of such longer retention periods, we provide for appropriate security measures (e.g. restriction of information, separation/restriction of processing).

Recipients of the data

After receipt of your report, it and the data contained therein will be received by Schindhelm Rechtsanwaltsgesellschaft mbH, Hanover (“Schindhelm”) commissioned by us to check the plausibility of the report and, if necessary, also forwarded to persons in the company responsible for processing reports. If necessary, the data will also be made available to other third parties (lawyers, experts and auditors) for analysis and investigation purposes. If necessary, authorities and courts may also be involved. 

For this purpose, all reports made by Schwering & Hasse Elektrodraht GmbH are made available anonymously so that the management has a comprehensive overview of the current incidents. In doing so, Schindhelm ensures that the protection of whistleblowers is guaranteed.

In addition, your data will be transferred to service providers who support Schindhelm in the operation of the website and the related processes within the scope of commissioned processing pursuant to Art. 28 GDPR. These service providers work strictly according to instructions and they have been contractually obligated accordingly.


Transmission of data to countries outside the European Union

In individual cases, the data collected may also be made available to recipients outside the European Union, insofar as this is absolutely necessary to process the notifications received, in particular to determine the materiality of the infringements. Prior to the transfer of personal data, all measures necessary to ensure that the level of protection for natural persons guaranteed by the GDPR is not undermined shall be taken.


Your rights

According to the data protection regulations of the GDPR, you have certain rights: 

•    Right to information: You can request information about which personal data we have stored about you at
      any time.
•    Right to rectification: If you believe that we have stored personal data about you that is incorrect, you can ask
      us to correct this data at any time.
•    Right to erasure and restriction of processing: Similarly, under certain conditions, you can request that we
      restrict or erase the processing of your personal data.
•    Right to data portability: In addition, you have the right to receive your data in a structured, common and
      machine-readable format and to have us transfer your data to someone else.
•    Right to object: Where we process your data in individual cases on the basis of our legitimate interest, you
      have the right to object to the processing of your data on grounds relating to your particular situation. We
      will stop processing unless we can demonstrate compelling legitimate grounds for processing that override
      your interests, rights and freedoms.
•    Right of withdrawal: If you have given us consent, you also have the right to withdraw this consent at any 
      time with effect for the future. The lawfulness of the data processing based on your consent remains 
      unaffected until you exercise your right of revocation.

You can assert these rights against Schwering & Hasse Elektrodraht GmbH as well as against the respective company to which you are making your reference.

In addition to these aforementioned rights, you generally have the right to complain to the competent data protection supervisory authority.