Data Protection Declaration
A. Website Privacy Statement
B. Data Protection Directive for Social Media Appearances
C. Data Protection Information for Applicants
__________________________
Applicable as of: 05/2025
A. Website Privacy Statement
We process personal data (hereinafter referred to as “data“) of the user only for the purpose of hosting a functional and convenient website and disclosing our contents and services.
The term “process“ shall include collect, use, disclose and/ or store. In principal, “personal data” - pursuant to the General Data Protection Regulation (hereinafter referred to as “GDPR”) - shall be considered as all data enabling the identification of a natural person. The precise definitions of the terminology are set out in Article 4 GDPR.
The text presented below constitutes in particular the nature, extent, purpose, duration and the legal basis for processing personal data whereby the purpose and the means of processing personal data is determined by us alone or jointly with others as is the usage of possible third-party components which are applied for optimization and improvement of quality in use – the respective third parties process data solely on their own responsibility.
_________________________________________
I. Information on the responsible entity
II. Rights of the user
III. Information relating to data processing
_________________________________________
I. Information on the responsible entity
Pursuant to the GDPR and other national member states` laws of data protection respectively any other legal protection regulation, the responsible entity (hereinafter referred to as “provider“) is:
Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Deutschland
Phone: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com
The external data protection officer of the responsible entity is:
Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen
Phone: +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
E-Mail: dsb@datcq.de
II. Rights of the user
With regard to the processing of personal data, reproduced below by the provider, the user shall obtain the following rights:
1. The right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, detailed information on these data as well as further information and copies of the data in accordance with Article 15 GDPR.
2. The right to obtain rectification of inaccurate personal data concerning him or her respectively the right to have incomplete personal data completed without undue delay in accordance with Article 16 GDPR.
3. The right to obtain the erasure of personal data concerning him or her without undue delay in accordance with Article 17 GDPR respectively, if further processing is necessary, as laid out in Article 17 GDPR paragraph 3, the user shall have the right to obtain restriction of data processing in accordance with Article 18 GDPR.
4. The right to receive the personal data concerning him or her which he or she has provided in accordance with Article 20 GDPR as well as the right to transmit those data to other responsible entities.
5. The right to lodge a complaint with the supervisory authority in accordance with Article 77 GDPR, in case the users considers that the processing of their personal data by the provider infringes the General Data Protection Regulation.
_________________________
6. The right to object, at any time, to the future processing of their personal data by the responsible entity which is based on point (f) of Article 6 (1) in accordance with Article 21 GDPR. This objection may in particular be raised to the processing of their data for the purpose of direct marketing.
_________________________
7. Furthermore the provider is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18 GDPR to each recipient to whom the personal data has been disclosed. This obligation does not exist if it proves impossible or involves disproportionate effort. The customer shall be informed on disclosures of these recipients.
III. Information relating to data processing
Where detailed information on data processing has not been provided hereafter, the user data being processed by the provider shall be erased or locked as soon as the purpose of storing is no longer available and where there is no other legal ground for retaining the respective data.
Server data
Among others, the following data which is submitted to the provider respectively the webspace provider by the internet browser of the user is collected for communications and safety reasons during a visit to the website (so-called server log files):
- Browser type and version;
- Used operating system;
- Website from which the user visited the providers website (Referrer URL);
- Website which is visited by the user;
- Date and time of access;
- Internet protocol (IP) address of the user.
Furthermore, the data are temporarily stored. The data are not retained in combination with other personal data of the user. The legal basis for the temporary storage is Article 6 paragraph 1 (f) GDPR being based on the legitimate interest in improving the stability, functionality and safety of the website.
The data are deleted after a period of no more than seven days. Data which need to be retained due to the purpose of providing proof are excluded from erasure until the incident has finally been clarified.
Cookies
1. Cookies
The provider uses so-called cookies on his website. Cookies are small text files or other storage technologies which are placed on the terminal device and stored by the user’s internet browser. These cookies process, within an individually defined scope, certain information from the user, such as browser and location data as well as IP address values.
The processing allows the provider to operate his website in a more user-friendly, effective and safer manner.
The processing is justified by the legitimate interest of the provider to optimize the functionalities of the website as well as by regulatory compliance and is based on Article 6 paragraph 1 (f) GDPR.
The "session" cookies are deleted as soon as the users close their browser.
2. Third-party cookies
The provider`s website may also use third-party cookies. These third-parties are partner companies of the provider with the objective of cooperating with regard to arising advertising, analysing or functionality tasks of the website. If this is the case, the purpose and legal basis of the respective processing is cited in the following provisions.
3. Erasure possibilities
The user may prevent or restrict the installation of cookies via a respective setting of the browser. Already stored cookies may also be deleted at any time. The settings which are required for this purpose depend on the respective browser. If flash cookies are used, processing cannot be prevented via browser settings but via the respective flash player setting. If the user prevents or restricts the installation of the cookies, the user may not be able to completely utilize all functions of the website.
Contact requests
If the user wishes to establish a contact with the provider - via contact form or e-mail – the personal data which is entered by the user on this occasion is used for processing the request. Entering the data is necessary for replying to inquiries, if the data are not entered, the reply will either be impossible or only to a limited extent.
If the purpose of the contact request is to fulfill a contract or to implement pre-contractual measures, the legal basis shall be Article 6, paragraph 1 (f) GDPR.
The data of the user are deleted without undue delay once the inquiry of the user has been conclusively replied to and deletion is not prevented by the legal obligation to retain it for other purposes, such as subsequent contract administration.
The legal basis may also be the user’s consent in accordance with Article 6, paragraph 1 (a) GDPR. In the context of the contact form the user may be asked to express consent to the aforementioned processing and reference shall be made to this data protection declaration.
The users shall have the right to withdraw their consent to creating a customer account at any time by notifying the provider in accordance with Article 7, paragraph 3 GDPR. The personal data processed in this context are deleted as soon as processing is no longer necessary.
Google Maps
The provider uses the component “Google Maps” of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”, for providing directions to the site respectively displaying nationwide dealers.
When visiting a site with the "Google Maps" component, a connection to a server at Google is established for displaying the map. Through this connection, Google can recognize from which website a request is sent and to which IP address the display of the directions is transmitted.
The legal basis shall be in accordance with Article 6 paragraph 1 (a) GDPR. The users can revoke their consent for the future at any time by changing the settings of the cookies on the website according to Article 7 paragraph 3 GDPR.
_____________________
In the event that data is transferred to the USA, the processing is based on an adequacy decision by the EU Commission in connection with Google’s participation in the so-called "Data Privacy Framework":
In addition, so-called Standard Contractual Clauses are in place between the provider and Google:
https://privacy.google.com/businesses/compliance/#!#gdpr
_____________________
The use of "Google Maps" and the information obtained via "Google Maps" is subject to the Google Conditions of Use as well as the additional terms and conditions for Google Maps.
Google provides further information, in particular on the options for preventing the use of data, under the following links:
https://policies.google.com/privacy
Matomo
This website uses the software "Matomo" to analyze website visits. The processing takes place on the controller’s own server.
The following visitor information is processed:
- Anonymized IP address
- Operating system
- Browser type
- Language
- Accessed webpage
- Time spent on the website
- Frequency of website visits in the last 24 hours
To collect this data, the software uses a method called device fingerprinting. The device data is processed in anonymized form and is changed every 24 hours.
The legal basis for this is Article 6(1)(f) of the GDPR. The legitimate interest of the provider lies in the analysis and optimization of the website.
If the user does not agree to this processing, they have the option to opt out of the analysis of their website visit. By clicking the following link:
No tracking because of disabled JavaScript or activated ad blocker.
a cookie will be placed on the user’s device that will prevent future data storage for analysis purposes.
Please note: If the user deletes cookies in their browser settings, the opt-out cookie is usually deleted as well and may need to be reactivated.
Social Media Integration
On the website the provider uses a link to the social networks listed below. The legal basis is laid out in Article 6, paragraph 1 (f) GDPR. The legitimate interest of the provider is justified by improving the quality in use of the website.
The plugins are integrated via a linked graphic. The users are only redirected to the service of the respective social network if they click on the corresponding graphic. After the customer has been redirected, information about the user is collected by the respective network. First of all, this is data like the IP address, date, time and visited page. If the user is logged into the user account of the respective network, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to its user account, the user must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
The following social networks are linked by the provider:
Facebook - Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland.
Datenschutzerklärung: https://www.facebook.com/policy.php
Instagram- Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland.
Datenschutzerklärung: https://help.instagram.com/519522125107875
YouTube - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
Datenschutzerklärung: https://policies.google.com/privacy
TikTok - TikTok Technology Limited, The Sorting Office, Ropemaker Place, Dublin 2, Irland.
Datenschutzerklärung: https://www.tiktok.com/legal/privacy-policy?lang=de
B. Data Protection Directive for Social Media Appearances
So-called social media platforms are used by us for endorsing our products and services as well as for communicating with interested parties or costumers.
The text presented below provides you in particular with information regarding the nature, scope, purpose and duration as well as the legal ground for the processing of personal data during a visit to one of our company presentations on a social media platform or in case you are contacting us via such a platform.
The term “processing” shall specifically include the collection, use, distribution and/ or storage. Pursuant to the General Data Protection Regulation (hereinafter referred to as “GDPR”) the term “personal data” shall in principle include all data which may be used for the identification of a natural person.
The precise definitions of the terminology are set out in Article 4 GDPR.
_________________________________________
I. Information on the joint responsible entity
II. Rights of the user
III. Information on data processing
_________________________________________
I. Information on the joint responsible entity
The joint entity responsible for all below mentioned social media platforms shall be
Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Deutschland
Tel: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com
- hereinafter referred to as “provider -
together with the respective below mentioned platform operator in accordance with Article 26 GDPR.
The external data protection officer of the responsible entity is:
Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen
Tel.: +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
E-Mail: dsb@datcq.de
_________________________
Facebook and Instagram
With respect to the social media platform “facebook” and “Instagram” the provider shall share joint responsibility with
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
The data protection supervisor of facebook may be reached via a contact form
https://www.facebook.com/help/contact/540977946302970
The joint responsible entities have defined the respective obligations regarding the GDPR in an agreement which can be obtained via the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
_________________________
TikTok
On the social media platform “TikTok,” the provider is jointly responsible with:
TikTok Technology Limited
The Sorting Office
Ropemaker Place
Dublin 2, Ireland
TikTok’s Data Protection Officer can be contacted via the following form:
https://www.tiktok.com/legal/report/DPO/de
The joint controllers have defined their respective obligations under the GDPR in an agreement. This agreement is available at the following link:
https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en
II. Rights of the user
Notwithstanding the details of this agreement, you may assert your rights in accordance with the framework of the GDPR towards each individual responsible entity.
With regard to the processing of personal data, reproduced below by the responsible entity, the user shall obtain the following rights:
1. The right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, detailed information on these data as well as further information and copies of the data in accordance with Article 15 GDPR.
2. The right to obtain rectification of inaccurate personal data concerning him or her respectively the right to have incomplete personal data completed without undue delay in accordance with Article 16 GDPR.
3. The right to obtain the erasure of personal data concerning him or her without undue delay in accordance with Article 17 GDPR respectively, if further processing is necessary, as laid out in Article 17 GDPR paragraph 3, the user shall have the right to obtain restriction of data processing in accordance with Article 18 GDPR.
4. The right to receive the personal data concerning him or her which he or she has provided in accordance with Article 20 GDPR as well as the right to transmit those data to other responsible entities.
5. The right to lodge a complaint with the supervisory authority in accordance with Article 77 GDPR, in case the users considers that the processing of their personal data by the provider infringes the General Data Protection Regulation.
_________________________
6. The user may generally object at any time to the future processing of their personal data, which is carried out by a controller on the basis of Article 6(1)(f) GDPR, in accordance with Article 21 GDPR. In particular, the objection may be made against processing for direct marketing purposes.
_________________________
7. Furthermore the provider is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17 (1) and Article 18 GDPR to each recipient to whom the personal data has been disclosed. This obligation does not exist if it proves impossible or involves disproportionate effort. The customer shall be informed on disclosures of these recipients.
III. Information on data processing
The below-mentioned social media platforms are used by the provider for endorsing its products and services as well as for communicating with interested parties or costumers.
The legal ground for processing the respective personal data on the below-mentioned social media platforms shall be Article 6 paragraph 1 (f) GDPR and shall apply to each reproduction. The legitimate interest of the provider is justified by the analysis, communication, sale and promotion of its products and services.
The consent of a user which is given to the platform operator in accordance with Article 6 paragraph 1 (a) GDPR may also be the legal ground for personal data processing. The users shall have the right to withdraw their consent with future effect at any time by notifying the platform operator in accordance with Article 7 paragraph 3 GDPR.
Facebook and Instagram
When accessing the provider's online presence on the platforms "facebook" and "Instagram," user data (e.g., personal information, IP address, etc.) is processed by Meta Platforms Ireland Limited, which operates both platforms in the EU. These user data allow the provider to obtain statistical information on the visits of his company presence on “facebook” and “Instagram”.
Meta Platforms Ireland Limited uses this data in particular for market research and advertising purposes, as well as for creating user profiles. These profiles enable Meta Platforms Ireland Limited, for example, to display interest-based advertising to users both within and outside of Facebook and Instagram. If the user is logged into their “facebook” or “Instagram” account at the time of access, Meta Platforms Ireland Limited can also link the data to the respective user account.
If the user contacts the provider via “facebook” or “instagram”, the respectively communicated personal user data are used to process the query. The data of the user are deleted by the provider without undue delay as soon as the query is conclusively answered and deletion is not prevented by the legal obligation to retain it for other purposes, such as subsequent contract administration.
Meta Platforms Ireland Limited might also use cookies for data processing.
In case the user does not consent to the processing, the user may prevent the installation of these cookies via a respective setting of the browser. Already stored cookies may also be deleted at any time. The settings which are required for this purpose depend on the respective browser. If the user prevents or restricts the installation of the cookies, the user may not be able to completely utilize all facebook functions.
Detailed information on data processing, measures to prevent data processing and deleting data which are processed by Meta Platforms Ireland Limited may be found in the privacy policy guidelines of “facebook” or “Instagram”:
https://www.facebook.com/privacy/explanation
https://help.instagram.com/519522125107875
It cannot be excluded that processing by Meta Platforms Ireland Limited or by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025 also takes place in the USA.
TikTok
When accessing the provider’s online presence on the “TikTok” platform, user data (e.g. personal information, IP address, etc.) is processed by TikTok Technology Limited, which operates the platform in the EU. This data is used by the provider to obtain anonymized statistical information regarding the usage of its company profile on TikTok.
TikTok Technology Limited uses this data in particular for market research and advertising purposes, as well as for creating user profiles. These profiles enable TikTok Technology Limited, for example, to display interest-based advertising to users both within and outside of TikTok. If the user is logged into their TikTok account at the time of access, TikTok Technology Limited can also link the data to the respective user account.
If the user contacts the provider via TikTok, the personal data entered in the process will be used to handle the query. The user's data will be deleted by the provider once the query has been fully resolved and no statutory retention obligations (such as in the case of a subsequent contractual relationship) prevent deletion.
Cookies may also be set by TikTok Technology Limited in the course of data processing.
If the user does not agree with this processing, it is possible to prevent the installation of cookies through appropriate browser settings. Previously stored cookies can also be deleted at any time. These settings depend on the specific browser being used. Preventing or restricting the installation of cookies may result in not all functions of TikTok being fully available.
Further details on data processing activities, how to prevent them, and how to delete data processed by TikTok Technology Limited can be found in TikTok’s Privacy Policy:
https://www.tiktok.com/legal/page/eea/privacy-policy/de
It cannot be ruled out that processing by TikTok Technology Limited also takes place in the USA or other third countries. Further information can be found in TikTok Technology Limited’s privacy policy (see link above) under the section “Our Global Operations and Data Transfers.”
C. Data Protection Information for Applicants
_________________________________________
I. Information on the responsible entity
II. Rights of the user
III. Information relating to data processing
_________________________________________
I. Information on the responsible entity
The responsible entity for data collection and data processing relating to job applications is:
Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Germany
Tel: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com
The external data protection officer of the responsible entity is:
Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich
and Frank Weiß
Katharinenstraße 16
73728 Esslingen
Tel.: +49 (0)711/ 93277955
Fax: +49 (0)711/ 93277956
E-Mail: dsb@datcq.de
II. Rights of the user
Any person concerned shall have the right to have access to the personal data concerning them, the right of rectification of inaccurate data as well as the right of erasure, based on reasons in accordance with Article 17 GDPR if, for example, further processing of the data is no longer necessary for the pursued objective. Furthermore, the user shall have the right to obtain restriction of data processing if one of the conditions set out in Article 18 GDPR is fulfilled as well as the right to transmit those data to other responsible entities in accordance with Article 20 GDPR.
_________________________
In addition, the concerned entity shall have the right to object, at any time, to the future processing of personal data - in particular if the objection is based on a legitimate interest in accordance with point (f) of Article 6 (1) GDPR. An informal notification of opposition mailed to info@uebler.com is sufficient. The data of the user are deleted without undue delay once the notification of opposition is received and deletion is not prevented by the legal obligation to retain it for other purposes or by the legitimate interest in an appropriate legal defense.
_________________________
Any person concerned shall have the right to file a complaint with the relevant regulatory authority if they hold the opinion that the processing of their data violates any data protection regulations. This right of appeal shall in particular be asserted before the regulatory authority of the member state of the concerned person’s residence or workplace or place of suspected infringement.
III. Information relating to data processing
Application process
The recruiters (human resources department, head of department) process the data of the applicant which are required for the application and which are made available for this purpose by the applicant. This includes contact details, all data being relevant to the application (curriculum vitae, certificates, qualifications, responses to questions etc.) and any other data referring to bank details (for reimbursing travel expenses), if applicable. These data shall be collected and processed solely for the purpose of application management.
The legal basis for this shall be Article 6(1)(b) GDPR and, where applicable, Article 9(2)(b) GDPR.
The application data are treated confidentially.
Service providers who might, for example, assist in the areas of personnel selection, IT or archiving and deleting documents and who are bound by instructions might be employed under certain circumstances on the basis of separate contracts.
The data are deleted once it is no longer necessary to store the data, respectively once the legitimate interest in storing data has lapsed - if the deletion is not prevented by the legal obligation to retain it for other purposes.
If no employment contract is concluded, the deletion takes place at regular intervals, at the latest six months after the application procedure is completed. In some cases, individual data are stored for a longer period of time (e.g. for reimbursing travel expenses). The duration of the data storage is subject to statutory retention provisions.
Consent to an extended storage of the data
If the application continues to be of interest, although no employment contract is concluded, the applicant’s data are only further processed if the applicant grants the expressed permission to do so.
If such express consent is granted by the applicant, the application data will be retained in the internal application pool for a period of one year after the application procedure is completed.
At the end of this period the application data are deleted.
The legal basis for the aforementioned processing is point (a) of Article 6 (1) GDPR, respectively point (a) Article 9 (2) GDPR. This consent may be revoked with future effect at any time by informally notifying us in accordance with Article 7, paragraph 3 GDPR.
D. Data Privacy Notice for Whistleblowers
With the following information, we would like to give you an overview of how your personal data is processed by us in the context of the whistleblower system and inform you about your related data protection rights.
_________________________________________
Information about the Responsible Party
Rights of the Employee
Information on Data Processing
Information about the Responsible Party
The responsible party for data processing in connection with the Whistleblower Protection Act is:
Uebler GmbH
Daimlerstraße 22
91301 Forchheim
Germany
Tel.: +49 (0) 9191 7362-0
Fax: +49 (0) 9191 7362-77
E-Mail: info@uebler.com
The external data protection officer of the controller is:
Killian Hedrich
c/o DatCQ GbR
Alexander F. Bräuer, Killian Hedrich and Frank Weiß
Katharinenstraße 16
73728 Esslingen
Tel.: +49 (0)711/93277955
Fax: +49 (0)711/93277956
E-Mail: dsb@datcq.de
Rights of the Whistleblower
The whistleblower has the following rights regarding the processing of their personal data described below:
To request confirmation as to whether personal data concerning them is being processed and to obtain detailed information about this data as well as further information and copies of the data according to Article 15 GDPR.
To request the immediate correction of inaccurate personal data concerning them or the completion of such data according to Article 16 GDPR.
To request the deletion of personal data concerning them according to Article 17 GDPR without undue delay, or alternatively, if further processing is required according to Article 17(3) GDPR, to request a restriction of processing according to Article 18 GDPR.
To receive the personal data concerning them that they provided according to Article 20 GDPR and to request the transfer of this data to other controllers.
To file a complaint with a supervisory authority pursuant to Article 77 GDPR if the whistleblower believes that the processing of their data by the controller violates the GDPR.
_________________________
The whistleblower may generally object at any time to the future processing of their personal data, which is carried out by a controller on the basis of Article 6(1)(f) GDPR, in accordance with Article 21 GDPR. In particular, the objection may be made against processing for direct marketing purposes.
_________________________
The controller is also obligated to inform all recipients of the data to whom personal data have been disclosed of any corrections, deletions, or restrictions on processing carried out according to Articles 16, 17(1), and 18 GDPR. This obligation does not apply if such notification proves impossible or involves disproportionate effort. The whistleblower has the right to be informed about these recipients.
Information on Data Processing
Which specific data are processed and how they are used by the controller depends primarily on the particular whistleblower report.
Data sources
The controller processes personal data received from the whistleblower in the course of the report. Additionally, the controller processes personal data lawfully obtained from third parties (e.g., courts, authorities, offices, or insurers) as necessary for clarification.
Types of data
Within the whistleblower system, the following data are processed:
Information about the accused person (in particular name, first name, title, contact details, position, and employment information) Details about the (alleged) misconduct and related facts.
If reports are made anonymously and the whistleblower does not disclose personal data voluntarily, no personal data about the whistleblower will be collected. Otherwise, personal information such as the name of the reporting person, contact details, and possibly circumstances of the observation may be recorded.
Purposes and Legal Bases
The purpose of data processing within the whistleblower system is to receive and investigate serious suspicions of rule violations, particularly criminal offenses in the areas of economic crime and corruption.
The personal data of the whistleblower is initially processed only with their consent in accordance with Article 6(1)(a) GDPR
In some cases, the processing of personal data in the whistleblower system is carried out on the basis of Article 6(1)(f) GDPR, in order to protect the overriding legitimate interests of the responsible party.
These legitimate interests include the prevention and combatting of corruption, the investigation of serious suspicions of other rule violations, and the protection of employees of the responsible party from potential harm. The responsible party also has a legitimate interest in pursuing legal action against abusive reports.
Data Disclosure
If necessary for the clarification of the matter, personal data may be shared with specific, carefully selected individuals. Each person granted access to the data is bound by confidentiality obligations.
There will be no disclosure or other transmission of personal data to third parties unless required for the purposes of criminal prosecution. If legal provisions or orders from government authorities make it necessary, personal data may be disclosed to such authorities.
Deletion
Personal data will be stored for the duration necessary to investigate and conclusively assess the report. After the investigation is completed, the personal data will be deleted in accordance with legal requirements. In the event of judicial and/or disciplinary proceedings, the data may be retained until the conclusion of the proceedings or the expiration of any applicable appeal periods.