Data protection information
In the following, we would like to explain to you what data we collect about you and what we do with this data. We also inform you about your data protection rights and explain who you can contact with questions about the protection of your data.
About us
Responsible for the operation of the portal (service provision), data security, the processing of general inquiries, the acceptance of information concerning them and the implementation of follow-up measures concerning them:
AMEVIDA SE
Kurt-Schumacher-Str.
100
D-45881 Gelsenkirchen
Tel.: 0209 / 7070-0
E-mail: dialog@amevida.de
Management Board: Dr. Matthias Eickhoff
You can also use this portal to submit information concerning subsidiaries of AMEVIDA SE. These companies are responsible for the implementation of follow-up measures. These are
AMEVIDA Freiburg GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
Postal address:
AMEVIDA Freiburg GmbH
Waldkircher Str. 28
79106 Freiburg im Breisgau
Tel.: 0761-5599-0
E-mail: info@amevida-freiburg.de
AMEVIDA Touristik GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
AMEVIDA Finance GmbH
Kurt-Schumacher-Str.
100
45881 Gelsenkirchen
Phone: +49 209 7070-0
E-mail: dialog@amevida.de
Managing Director: Dr. Matthias Eickhoff
If you have any questions about this data protection information, the processing of your data, your rights or other concerns in the area of data protection, our data protection officer will be happy to help you.
Contact details of the data protection officer:
AMEVIDA SE
The Data Protection Officer
Kurt-Schumacher-Str.
100
D-45881 Gelsenkirchen
Tel.: 0209 / 7070-0
E-mail: datenschutz@amevida.de
Scope of application
This data protection information applies to the whistleblower portal amevida.hinweisgeber-systeme.de. It is aimed at visitors to this website and whistleblowers who submit a report in accordance with the Whistleblower Protection Act.
Do I have to enter my data?
When you visit our website, user data is automatically stored. Some of the data collected is necessary for the use of a website. In addition, we also process your data to protect our legitimate interests after balancing our interests. This enables us to continuously improve the services we offer you or to comply with legal requirements. On the following pages, you can find out the background to our interests and whether and how you can object to the use of your data or deactivate its use yourself.
You will be asked to enter your data in order to provide a reference. You can decide for yourself whether you wish to take advantage of this offer and provide your data.
We also ask you to pass this information on to the people you involve in the use of our services, such as family members or authorized representatives.
Processing purposes, legal bases and processed data
We distinguish between different types of processing, which we describe below.
Service provision
In order to visit and use our website, your data must be collected. We process this data to protect our legitimate interest in providing a functioning website (Art. 6 (1) (f) GDPR).
Data security
Every access to our website is stored and analyzed in a log file. We process this data for data security purposes. The processing is carried out to protect our legitimate interest in being able to guarantee data security (Art. 6 para. 1 lit. f) GDPR).
Processing of general inquiries
We process the data that you give us when you have a question or request. This also includes, for example, the data you send us by e-mail. The processing of your data is necessary so that we can process your request. It is done to protect our legitimate interest in answering your questions and concerns (Art. 6 para. 1 lit. f) GDPR).
Acceptance and processing of tips
We process your data to fulfill our obligations under the Whistleblower Protection Act (HinSchG). Accordingly, we are obliged to receive and investigate reports of (suspected) breaches of the law. We therefore process your data to protect our legitimate interests in fulfilling legal requirements (Art. 6 para. 1 lit. f) GDPR). As part of the investigation of the reported cases, we may interview reporting or named persons. Information and statements may be passed on to other affected bodies or authorities or used in court. Whether disclosure is necessary and legally permitted is examined separately in each individual case.
Upon receipt of your report, you will receive a confirmation of receipt in your login area. Within a maximum of three months of receipt of the report, you will then receive feedback from the persons responsible for the tasks of the internal reporting office about the follow-up measures planned or already taken and the reasons for these follow-up measures (such as internal inquiries or investigations). As you have provided your e-mail address, you will be informed of any current processing status in your login area and also by e-mail.
Processed data
Data | Service provision | Data security | Processing of general inquiries | Acceptance and processing of tips |
IP number | x | x | ||
Name of the retrieved file | x | |||
Amount of data transferred | x | |||
Called website | x | |||
Referrer URL (the previously visited website) | x | |||
Search terms that led Internet users to our website | ||||
User agent sent by your browser | x | x | ||
Date and time of retrieval | x | |||
Information about the browser used (type, version, resolution (inner window size), language) | x | |||
Cookie on/off | x | |||
Java-Script on/off | x | |||
Installed plugins | ||||
Salutation, name | x | x | ||
E-mail address | x | x | ||
Further contact details (address, telephone, fax) | x | |||
Subject, topic, request | x | x | ||
Content of the message/notification | x | x | ||
Date of receipt of the message/registration | x | x | ||
Involved company | x | |||
Time and place of the event | x | |||
Affected and involved persons | x | |||
Attached documents | x | |||
Captcha to differentiate between humans and computers | x | |||
Password for user login | x |
Other processing purposes
In addition, the above-mentioned data is used for the following purposes in the context of balancing interests (Art. 6 para. 1 lit. f) GDPR). The interests are listed below:
- Should a security incident occur in our company in which your data is affected, we are obliged to report the case to the data protection supervisory authority responsible for us (Art. 33 GDPR). As it is in our legitimate interest to comply with this statutory reporting obligation as quickly as possible, it is possible that your personal data may be processed as part of the investigation of the relevant security incident. The reports of these security incidents to data protection supervisory authorities do not contain any of your personal data.
- As it is in our interest to ensure the security of our systems, we regularly carry out security and effectiveness tests in the course of which your above-mentioned data may be processed.
- As it is in our interest to resolve legal disputes, we process your data for a specific purpose in such a case. It is also in our interest to retain evidence in the event of legal disputes until all relevant statutory limitation periods pursuant to Sections 195 et seq. BGB have expired. For this purpose, we retain the relevant data about you in accordance with these limitation periods. The deletion periods cannot be predicted as a general rule, as they depend on the respective subject matter of the dispute and the corresponding statutory limitation period, which can be up to 30 years. The regular limitation period is 3 years.
- In addition, it is in our interest to investigate suspicious cases and to pass on relevant information to law enforcement authorities in the event of concrete criminal suspicion.
- We carry out audits, internal audits and other control measures (e.g. monitoring by the data protection officer), as it is in our legitimate interest to comply with legal regulations, to create transparency about our business processes, to constantly optimize these processes and to prevent and identify actions that are detrimental to our business. This may involve processing documents or files that contain your personal data.
- We process your data to test IT systems and software products and to carry out migrations. The processing is carried out to fulfill our legitimate interest in checking the correctness of new products or the correctness and completeness of migrations.
Deletion periods
The data processed for the purpose of data security will be deleted 14 days after collection.
The data processed for the purpose of handling general inquiries will be deleted after the final processing of the inquiry.
Measures derived from reports under the HinSchG and their clarification do not contain any personal reference, which is why they are not subject to a deletion period. The documentation of a report is deleted 3 years after completion of the procedure at the reporting office.
In order to preserve evidence, we retain data within the framework of the statutory statute of limitations pursuant to Sections 195 et seq. BGB (German Civil Code). The storage period for your data may extend beyond the period specified above. The statutory limitation periods can be up to 30 years. The regular limitation period is 3 years.
Origin of the data
No data is collected from third parties.
Information about automated individual decisions
No automated individual decisions are made.
Which bodies receive your data?
The following list shows which entities receive your data ("data recipients"). You can read about the specific data in the relevant sections of this declaration. Your data is sometimes passed on due to legal or contractual obligations. In other cases, we use selected vicarious agents and service providers who work for us as processors (in accordance with Art. 28 GDPR) and may be granted access to your data to the extent necessary. Processors are subject to numerous contractual obligations and, in particular, may only process your personal data on our instructions and exclusively for the fulfillment of the orders received from us.
- Auditors
- the company responsible for receiving and processing the notification (company involved)
- Data Protection Officer
- Service provider for the destruction of data carriers
- E-mail provider of the recipient (for communication by e-mail)
- IT service provider
- Persons responsible for taking follow-up measures and the persons assisting them in the performance of these tasks
- Lawyers, law enforcement authorities, public prosecutor's office, courts, opposing lawyers, state or federal criminal investigation office (in the event of legal disputes and concrete criminal suspicion)
- Telecommunications service provider (if we communicate by telephone)
- Shipping service provider (for written communication)
Data recipients in non-EU countries
Your rights
You have the legal right to:
- Information about the personal data stored about you (Art. 15 GDPR)
- Correction and completion of your data available to us (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Revocation of consent given (Art. 7 GDPR) with effect for the future. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected.
- You also have the right to express your point of view and to challenge a decision based on automated processing (Art. 22 GDPR).
- You have the right to object to the processing of your data to protect our legitimate interests or the legitimate interests of third parties (Art. 21 GDPR) - You have the right to object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions within the meaning of Art. 4 para. 4 GDPR.
- Objection to direct marketing - You have the right to object to the processing of your data for the purpose of direct marketing at any time and without giving reasons.
To exercise these rights, you can contact us using the contact details above.
You also have the statutory right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).