Skip to main content
Icon Contact

Data Protection Regulations

Notes on data processing for this website in acc. with Art. 13 of the EU General Data Protection Regulation (GDPR) when collecting personal data for the affected person

(Version: GDPR 2.1 from May 2024)

motan holding gmbh is responsible for this website and, as provider of a teleservice, must notify you at the start of your visit about the type, scope and purpose of collection and usage of personal data in a precise, transparent, comprehensible and easily accessible form, using clear and simple language. These contents must be available to you at all times.

The security of your data and compliance with data protection regulations is very important to us. Processing of personal data is subject to the provisions of European and national laws currently in force.

The following data protection notices are intended to show you how we handle your personal data and how you can contact us:

motan holding gmbh                      

Stromeyersdorfstr. 12                                             

78467 Constance

Germany

Tel.: +49 7562 760

E-Mail: info@motan.com

CEO: Sandra Füllsack

Commercial register: Freiburg HRB No. 381128
 

Our data protection officer

Sven Lenz

Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG

Bahnhofstraße 50

87435 Kempten

Germany

 

If you have any questions regarding data protection or any further concerns related to data protection regulation, please send an e-mail to the following e-mail address:

A. General

For reasons of comprehensibility, we will make no gender-specific differentiation. In the interests of anti-discrimination, relevant terms apply for all genders. With regard to terms used, such as “personal data” or “processing” thereof, refer to Art. 4 GDPR.

The personal data processed within this website include

  • master data (such as the name and address of customer),
  • usage data (such as the pages visited on our website), and
  • content data (such as entries made in online forms).

B. Specific

data protection notices
We guarantee only to process your data gathered in conjunction with the processing of your requests and for internal purposes, as well as to provide services requested or provide content.
 

Bases for data processing

We process your personal data exclusively in compliance with the relevant data protection regulations and on the basis of the following legal bases:

-Processing to fulfil our services and execute contractual measures

Art. 6 para. 1 lit. b) GDPR

-Processing to fulfil our legal obligations

Art. 6 para. 1 lit. c) GDPR

-Consent

Art. 6 para. 1 lit. a) and Art. 7 GDPR

-Processing to safeguard our legitimate interests

Art. 6 para. 1 lit. f) GDPR
 

Transmission of data to third parties

Please note that transmission of data may occur when using our website if you select offered services using the “Cookie Consent Tool” provided on the website. If you do not select a service, no data is transmitted to third parties.

Within the framework of website hosting, the relevant service provider can gain access to your data. These data protection notices contain information about the web hosting service that we use.

Your data is passed on to third parties only in accordance with legal requirements. For example, we only pass on your data when required for contractual purposes, or on the basis of legitimate interests in the economic and effective operation of our business.

If we engage subcontractors to provide our services, we take relevant legal precautions and apply the requisite technical and organizational measures to ensure the protection of personal data in accordance with the applicable statutory provisions.
 

Transmission of data to a third country or an international organization

Those countries in which the GDPR is not directly applicable legislation are regarded as third countries. Fundamentally, this includes all countries outside of the EU or the European Economic Area.

Please note that transmission of data to a third country may occur when using our website if you select offered services using the “Cookie Consent Tool” provided on the website. If you do not select a service, no data is transmitted to a third country.

This takes into account the adequacy decision of the EU Commission. This states that this refers to a secure third country or a secure international organisation that provides an appropriate level of security.

The following applies for the transmission of data to the USA: An adequacy decision from the EU Commission (Data Privacy Framework) has been in existence since July 2023, which declares the USA to be a third country with a data privacy level comparable to that of the EU. .The adequacy decision can now be used as the basis for data transmission to certified organizations in the USA.

The US services used have certification within the framework of the Data Privacy Framework. Details are available for the individual services.
 

Storage period for your personal data

We adhere to the fundamentals of data economy and data avoidance. This means that we only store your data for as long as required to fulfil the purposes specified above or for the diverse retention periods required by law. Should the purpose cease to apply, or after expiry of the relevant periods, your data is blocked or deleted as a matter of course, in accordance with the statutory provisions.
 

Establishment of contact

Personal data is processed within the framework of establishing contact by electronic means. The information you provide is stored exclusively for the purposes of processing the request and for potential follow-up questions.

 

We are happy to inform you of the legal basis for this:

  • Processing to fulfil our services and execute contractual measures

Art. 6 para. 1 lit. b) GDPR

 

We hereby advise you that it is possible for e-mails to be read or changed in an unauthorised and undetected manner when using this transmission channel. We also call your attention to the fact that we use software to filter unwanted e-mails (spam filter). The spam filter can reject e-mails that have been incorrectly identified as spam due to specific characteristics.

What are your rights?

a) Right to information

You have the right to obtain information about your saved data, free of charge. On request, will inform you in writing which of your personal data we have stored. This also includes the origin and recipients of your data and the purpose of data processing.

b) Right to correction

You have the right to demand correction of your data stored with us, if this is incorrect. This may include demanding restriction of processing when contesting the accuracy of your personal data, for example.

c) Right to block

You may also block your data. These data must be placed in a block file for monitoring purposes to allow blocking of your data to be taken into account.

d) Right to erasure

You may demand the deletion of your personal data insofar as no statutory retention periods apply. Insofar as such an obligation applies, we will block your data as requested. If the relevant statutory conditions exist, we will also delete your personal data without a demand to do so on your part.

e) Right to data portability

You are authorized to demand that we provide personal data that we have transmitted, in a format that permits transmission to another authority.

f) Right of appeal to a regulatory authority

You have the option of approaching one of the data protection regulatory authorities to lodge an appeal.

The data protection authority responsible for us:

 

The Baden-Württemberg State Commissioner for Data Protection and Freedom of Information

Postal address: Postfach 10 29 32, 70025 Stuttgart, Germany

Office address: Lautenschlagerstraße 20, 70173 Stuttgart, Germany

Telephone +49 711 615541–0

Fax: +49 711 615541–15

E-mail: poststelle@lfdi.bwl.de

Web: https://www.baden-wuerttemberg.datenschutz.de

 

Click on the following link to open the appeal form:

www.baden-wuerttemberg.datenschutz.de/online-beschwerde

 

Note: An appeal can also be lodged with any data protection regulatory authority within the EU.

 

g) Right to object

At any time, for reasons arising from your specific situation, you may object to the processing of your data in accordance with Art. 6 para. 1 subsections e) and f); this also applies for profiling based on these provisions.

motan holding gmbh then ceases to process your personal data, unless it can provide proof of compelling, legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.

Where personal data are processed to conduct direct advertising, you have the right to object to processing of personal data concerning you for the purposes of such advertising at any time; this also applies to profiling insofar as this is in conjunction with such direct advertising. If an objection is raised, we will no longer process your personal data for the purposes of direct advertising. Sending us a pertinent e-mail is sufficient.

h) Right of rescission

You may rescind your consent to processing of your data with future effect, without specifying any reasons and at any time. This rescission has no detrimental effect on you. Sending us a pertinent e-mail is sufficient.

However, such rescission does not affect the legality of processing that has taken place up to the time of rescission, on the legal basis of Art. 6 para. 1 subsection a) GDPR.

To assert your rights as an affected person, send us an e-mail to the e-mail address specified for the responsible body or for the data protection officer.
 

Protection for your personal data

We adopt state-of-the-art contractual, technical and organizational security measures to ensure compliance with data protection legislation and thereby to protect processed data against incidental or intentional manipulation, loss, destruction, or against access by unauthorized persons.

These security measures include the encrypted transfer of data between your browser and our server. 256-bit SSL (AES 256) encryption technology is used for this.

 

Your personal data is protected within the framework of the following items (excerpt):

a) Guarantee of confidentiality for your personal data

We have adopted various measures for entry, admission and access control to guarantee the confidentiality of your personal data stored with us.

b) Guarantee of integrity for your personal data

We have adopted various measures for forwarding and input control to guarantee the integrity of your personal data stored with us.

c) Guarantee of availability for your personal data

We have adopted various measures for order and availability control to guarantee the availability of your personal data stored with us.

The security measures in use are continually being improved in accordance with technological developments. Despite these precautionary measures, the insecure nature of the Internet means that we are unable to guarantee the security of your data transfer to our website. Consequently, you perform any type of data transfer at your own risk.
 

Protection of minors

Persons not yet 16 years of age may only provide us with personal information with the express permission of parents/legal guardians. Such data are processed in accordance with these data protection guidelines.
 

Server log files

The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us. The data:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name for the accessing computer
  • Time of server query
  • IP address

These data are not merged with other sources of data.

The basis for data processing is, in accordance with Art. 6 para. 1 lit. f) GDPR our legitimate interest.
 

Online applications using a form

We provide a careers area on our website for applicants, where we announce job vacancies. It is possible to use an online form to apply for these positions. Applicants are forwarded to a subpage to do this. Admission to the application procedure requires applicants to use the form to provide us with all personal data required for sound and well-informed evaluation and selection.

This required information includes general personal information (name, address, contact details by phone or by electronic means) and service-specific proof of the qualifications required for a position. Health-related information may also be required. Particular attention must be paid to this with regard to labour and social legislation, in the interest of social protection for the application.

When you submit the form, state-of-the-art encryption will be applied to your data that is transmitted to us. This data will be used exclusively for application processing purposes.

The legal basis for processing is Art. 6 para. 1 lit. b) GDPR, whereby running through the application procedure represents the initiation of a contract of employment. Insofar as the application procedure includes querying specific categories of personal data for the purposes of Art. 9 para. 1 GDPR (e.g. health data, such as information about the level of severe disability) for applicants, processing takes place in accordance with Art. 9 para. 2 lit. b) GDPR, meaning that we thereby exercise the rights arising from labour law and the right to social security and social protection and can comply with our obligations.

On this basis, or alternatively, processing of specific data categories may also be based on Art. 9 para. 1 lit. h) GDPR, if this takes place for purposes of health care or occupational healthcare, for the evaluation of the applicant’s ability to work, for medical diagnosis, care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector.

Should the application not be selected in the course of the evaluation described above, or should an applicant withdraw their application prematurely, their data provided will be erased within four months from the date of a corresponding notification. This period is determined on the basis of our legitimate interest in answering any follow-up questions regarding the application and to comply with any reporting requirements arising from the regulations on equality of treatment for applicants.

You will only be included in our pool of applicants to fill future positions if you grant your consent.

Should an application be successful, the data provided will be processed further on the basis of Art. 6 para. 1 lit. b) GDPR for the purposes of establishing the employment relationship.
 

Cookies

Cookies are small text files that are stored locally in the cache of your Internet browser. Cookies enables recognition of the Internet browser, for example. The files are used to assist the browser to navigate through the website and to allow use of the full scope of all functions.
 

Cookie Consent Tool

In order to obtain effective user consent for cookies requiring such consent and cookie-based applications, we use a “Cookie Consent Tool”.

This website uses the Cookie Consent Tool from websedit AG – Internetagentur, Seestr. 35, 88214 Ravensburg.

When users call up the page, the Cookie Consent Tool is displayed in the form of an interactive user interface, where consent can be granted for specific cookies and/or cookie-based applications by ticking boxes. When using the tool, all cookies/services requiring consent are only loaded if the corresponding user grants the relevant consent by ticking boxes. This ensures that cookies of that type are only loaded on the corresponding user terminal if consent is granted.

The tool sets technically required cookies to save your cookie preferences. This categorically excludes the processing of personal user data.

Should personal data (such as the IP address) be processed for the purposes of saving, assigning, or logging cookie settings, this takes place in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in user-specific and user-friendly consent management for cookies, fully compliant with legislation, and consequently in a legally-compliant design of our web presence.

Moreover, a further legal basis for processing is Art. 6 para. 1 lit. c GDPR As a responsible body, we are subject to the legal obligation to make the use of cookies that are not technically required dependent on the relevant user consent.

You can find more information about the operator and the configuration options for the Cookie Consent Tool located in the corresponding user interface on our website.
 

Website hosting

To host our website and display the website contents, we use the system provided by the following provider: weber.digital GmbH, Bahnhofstraße 16, 72336 Balingen, Germany

All data collected on our website is processed on the provider’s servers.

We have concluded a task processing contract with the provider, which ensures that the data of visitors to our page will be protected and prohibits unauthorised forwarding of data to third parties.

The data protection notices for weber.digital GmbH are located here: https://www.weber.digital/#expertise
 

Google Tag Manager

We use the Google Tag Manager service from Google. “Google” is a group of companies and consists of the companies Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as well as other companies affiliated to Google LLC.
 
Google Tag Manager is an auxiliary service and only processes personal data for technically necessary purposes. Google Tag Manager deals with loading of other components that may also collect data. Google Tag Manager does not access this data. 
 

Insofar as this is legally required, we have obtained your consent to the processing of data as described above in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG. You may rescind your granted consent at any time, to take effect in the future. To exercise your rescission, deactivate this service in the Cookie Consent Tool provided on the website or in the configuration options in the data protection notices.

 

Data may be transmitted to a third country (in this case, the USA) or an international organization. An adequacy decision from the EU Commission (Data Privacy Framework) has been in existence since July 2023, which declares the USA to be a third country with a data privacy level comparable to that of the EU. .The adequacy decision can now be used as the basis for data transmission to certified organizations in the USA. As evidenced by the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

 
You can find further information about Google Tag Manager in the Google data privacy regulations: https://policies.google.com/privacy?hl=de&gl=de  

Google Analytics 4 (with cookies, without UserIDs, without Google Signals)

On our website, we use Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This allows us to analyse user behaviour on our website.

As standard, the use of Google Analytics 4 requires the use of cookies. Cookies are text files that are stored on your terminal device and enable analysis of your use of a website. The information collected by cookies about your use of the website (including the IP address transmitted from your terminal device, with the final digits truncated, see below) are normally transmitted to a Google server, where they are stored and processed. Information is also transmitted to the servers of Google LLC, headquartered in the USA. There, the information is processed further and data is collected for internal purposes.

When using Google Analytics 4, the final digits of the IP address transmitted from your terminal device when using the website are automatically truncated as standard and the IP address is only collected and processed in this way.

Google uses this and other information on our behalf to evaluate your use of the website, to compile reports about your website activities or your user behaviour, and to provide us with further services in conjunction with your website use and Internet use. The data collected in the course of the use of Google Analytics 4 is retained for two months and is then erased.

Google Analytics 4 uses a special “demographic characteristics” function to permit the creation of statistics with statements about age, gender, and interests of website users based on an evaluation of interest-related advertising, and including third-party provider information. This enables the determination and differentiation of user groups on the website for the purposes of aligning marketing campaigns optimised for specific target groups. it is not possible to assign the data collected using “demographic characteristics” to a specific person, and it can therefore not be assigned to you personally. The data collected using the “demographic characteristics” function is retained for two months and is then erased.

All types of processing described above, in particular the setting of Google Analytics cookies to store and export information on the terminal device that you use to access the website, only take place if you have granted express consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. Without your consent, Google Analytics 4 is not used while you are using the website. You may rescind your granted one-time consent at any time, to take effect in the future. To exercise your rescission, please deactivate this service in the Cookie Consent Tool provided on the website or in the configuration options in the data protection notices.

We have concluded a task processing contract with Google for our use of Google Analytics 4.

Data is transmitted to a third country (in this case, the USA) or an international organization. An adequacy decision from the EU Commission (Data Privacy Framework) has been in existence since July 2023, which declares the USA to be a third country with a data privacy level comparable to that of the EU. .The adequacy decision can now be used as the basis for data transmission to certified organizations in the USA. As evidenced by the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

In order to guarantee compliance with the level of data protection in Europe when transmitting any data from the EU or the EEA to the USA and during potential further processing, Google invokes the standard contractual clauses of the European Commission, which we have contractually agreed with Google.

Further legal notices regarding Google Analytics 4, including a copy of the specified standard contractual clauses, are located here: policies.google.com/privacy and here: https://policies.google.com/technologies/partner-sites
 

Usage of videos from YouTube

We use the YouTube implementation function to display and playback videos from the provider “YouTube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Insofar as this is legally required, we have obtained your consent to the processing of data as described above in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG.

You may rescind your granted consent at any time, to take effect in the future. To exercise your rescission, deactivate this service in the Cookie Consent Tool provided on the website or in the configuration options in the data protection notices.

Data is transmitted to a third country (in this case, the USA) or an international organization. An adequacy decision from the EU Commission (Data Privacy Framework) has been in existence since July 2023, which declares the USA to be a third country with a data privacy level comparable to that of the EU. .The adequacy decision can now be used as the basis for data transmission to certified organizations in the USA. As evidenced by the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

According to notices from “YouTube”, cookies are set with the purpose of gathering video statistics, improving user-friendliness, and prohibiting illegal or abusive behaviour. If you are logged in with Google, your data is assigned directly to your account when you click on a video. If you do not want to be assigned to your YouTube profile, you must log out before activating the button.

Google stores your data (including data for users not logged in) as a usage profile and evaluates this. You have the right to object to the creation of these user profiles, whereby you are required to contact YouTube to exercise this right. Regardless of the playback of embedded videos, a connection to the Google network is established each time the website is called up, which can trigger further data processing procedures without our intervention. You can find further information about data privacy at “YouTube” in the provider’s privacy policy: https://www.google.de/intl/de/policies/privacy
 

Supportnet registration

On our website, we offer access to our intranet via Supportnet. Only partners/employees can register for this. Registration is checked and then approved or denied. Data is stored for 90 days after denial. In the case of approval, data is retained for as long as you are registered. Send us an e-mail to erase/deregister.
 

Friendly-Captcha (bot/spam protection)

Our website uses the service “Friendly Captcha”. This service is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Friendly Captcha is a data protection friendly application, used to make navigating our website through automated programs and scripts (so called “bots”) harder.

For this purpose, we have integrated a code by Friendly Captcha for contact forms, so that website visitors’ end devices can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The end device then uses certain system resources to solve the calculation task and sends the result back to our web server. The server then contacts the server of Friendly Captcha through an interface and receives notice, whether the task was completed successfully. Depending on the result, we are able to apply safety rules to requests made to our website and, for example, keep processing them or deny them.

Data acquired during this process is only used to grant the above described protection from spam and bots. Friendly Captcha does not create or read cookies on a visitor’s end device. IP addresses are only saved in hashed form, meaning they are one-way encrypted. Neither us nor Friendly Captcha can infer an individual’s identity from them.

Legal basis for the procedure is our legitimate interest to protect our website from access by bots, as well as the protection from spam and attacks like mass requests. Article 6(1)(f) GDPR.

You can find further information in Friendly Captcha’s Privacy Policy for End Users :https://friendlycaptcha.com/de/legal/privacy-end-users/

 

Newsletter

If you subscribe to our e-mail newsletter, we will regularly send you information about our offerings. Personal data is collected for this purpose. Your e-mail address is the only mandatory information required to send the newsletter. The specification of any other information is voluntary. Such information is used to allow us to address you personally.

We use this data for our own advertising purposes, in the form of the e-mail newsletter, and for tracking insofar as you have expressly consented to this as follows: “Yes, I would like to subscribe to the newsletter and I agree to tracking.”

We use the double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you consent to the newsletter being sent. We then send you a confirmation e-mail in which you are requested to click on the relevant link to confirm that you would like to receive the newsletter in the future.

By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a) GDPR When you register for the newsletter, we store your IP address as entered by the internet service provider (ISP), as well as the date and time of registration to allow later tracing of any potential misuse of your e-mail address.

You may unsubscribe from the newsletter at any time by using the link intended for this purpose, or by sending a relevant message to us via e-mail. After you have unsubscribed, your e-mail address will immediately be erased from our newsletter distribution list and included in a block file to ensure the revocation.
 

Sending the newsletter via Inxmail

Our e-mail newsletter is sent by the following provider: Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany

On the basis of our legitimate interest in effective and user-friendly newsletter marketing we forward your information provided when subscribing to the newsletter in accordance with Art. 6 para. 1 lit. f GDPR to this provider so that this provider can send the newsletter on our behalf.

Subject to your consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider also performs a statistical success evaluation of newsletter campaigns with Web Beacons or tracking pixels in the sent e-mails, which can measure the opening rates and specific interactions with the contents of the newsletter. This includes the collection and evaluation of terminal device information (e.g. time of call, IP address, browser type, and operating system). However, the data is not merged with other datasets.

You may rescind your consent to newsletter tracking at any time, to take effect in the future.

We have concluded a task processing contract with the provider, which protects the data of our site visitors prohibits unauthorised forwarding to third parties.
 

Social networks

In addition to this online offering, we also maintain presences in various social media channels, which you can reach via corresponding buttons on our website. If you visit a presence of this type, personal data may be transmitted to the provider of the social network. In addition to the storage of data that you specifically enter in this social medium, it is also possible that further information may be processed by the provider of the social network.

For more information, see our social media data privacy notices
 

Information about the processing of employee data for notifications in the whistleblower system in accordance with Art. 13 GDPR

In accordance with whistleblower protection legislation (HinSchG), we, motan holding gmbh, are obliged to establish and maintain an internal reporting office pursuant to §§ 12-18 HinSchG.

The task of the internal reporting office is to operating reporting channels that can be used by employees and the employers of leased agency workers to contact the internal reporting office to pass on information about infringements.

These notifications are then processed by the internal reporting office in accordance with a statutory procedure. Subsequent actions are taken by the internal reporting office as required. We welcome the notification via our internal reporting office, although it is of course still possible to contact an external reporting office (established by the federal government or an authority).

In the course of a notification to our internal reporting office, we may receive personal data about the reporting person or about a person whose personal data may be processed in the course of the notification. At this point, we provide the information about how we process personal data in the course of processing the notifications submitted in the whistleblower system. This personal data includes, in accordance with Art. 4 Nr. 1 GDPR, all information that is related or may be related to the identity of the whistleblower, especially due to assignment to an ID such as a name or to an organisational or personnel number that allows the identification of a person.

Abridged version:

  • The provision and configuration of an internal reporting office is a statutory requirement. We therefore process personal data in the course of a notification.
  • The data is used for the purposes of processing the notification, including for communication purposes.
  • We comply with data privacy regulations, such as Permissible purpose, transparency, and minimum principle.
  • We erase your personal data as soon as there is no further processing purpose.

If you have any queries about your rights, please contact our data protection officer, Mr. Sven Lenz.

Responsible body for processing your personal data

The responsible body for collecting, processing, and using your personal data is motan holding gmbh, Stromeyersdorfstraße 12, 78467 Konstanz.

Support and processing of notifications is dealt with by our task processor: lawcode GmbH, Universitätsstraße 3, 56070 Koblenz. We have concluded the relevant contracts with this provider.

Personal information and personal data

When a notification is submitted in the whistleblower system, we collect and process information in digital form. We collect, process, and use your personal data exclusively for the purposes of processing and documenting notifications. Your data is only processed for a purpose differing from that described above insofar as such processing is permitted in accordance with Art. 6 para. 4 GDPR and is compatible with the original purposes. We will inform you in advance of any such further processing of your data.
 

Data and purposes:

Note: notifications can be submitted anonymously and it is not necessary to specify a name.

  • All personal data to be declared in the description, or in the course of processing (potentially including sensitive data such as health data or personal data for a person in the course of the notification) – purpose: Processing and proof of notification.

Optional:

  • First and last name of whistleblower - purpose: Verification and for contact
  • E-mail address - purpose: Communication and discussion
  • Telephone number - purpose: Communication and discussion
  • Address of whistleblower - purpose: Verification and for contact
  • Information about whether whistleblower is employee
  • Data such as text contents / document contents / images / contents of voice message (distorted voice) - purpose: Processing and proof of notification
  • Logs and transcripts of in-person meetings or web meetings, which may include personal data - Purpose: Processing and proof of notification
  • Inclusion of audio or video recordings - purpose: Processing and traceability (only with consent)

Legal basis for processing your personal data

We process your personal data in accordance with Art. 6 para. 1 lit. c GDPR (processing is required to comply with a legal obligation) and use the electronic whistleblower system due to Art. 6 para. 1 lit. f GDPR (the legitimate interest in and implementation of a confidential, secure, and
(ideally) accessible reporting system for the responsible body, i.e. motan holding gmbh, and for the employees).

In accordance with § 10 HinSchG, processing of specific categories of personal data by a reporting office is permitted if required to fulfil your tasks. In this case, the reporting office must take specific and appropriate measures to safeguard the interests of the affected person; § 22 para 2 clause 2 of the Federal Data Protection Act is to be applied.

Storage of a specific recording of a meeting and non-anonymised sound recording of a conversation takes place in accordance with Art. 6 para. 1 lit a) GDPR only with the consent of the affected person.

Transmission of your personal data

Your personal data is only transmitted or disclosed to external offices as prescribed by the rule of law.

Wherever possible, data is only forwarded in anonymised form. However, forwarding personal data may be necessary, or a statutory requirement.

This can include:

  • To an internal office or department for processing
  • To an external reporting office
  • To authorities

Duration of data storage

The documentation of notifications is erased three years after the conclusion of the procedure. It may be possible to retain the documentation for a longer period; to fulfil HinSchG requirements or other legal provisions, insofar as this is required and proportional.

Your data privacy rights - your rights as an affected person

You have the right to obtain information from us about the data we process about you (Art. 15 GDPR). You can also request that we correct incorrect personal data about you (Art. 16 GDPR). Where applicable, you can request that the personal data processed about you be erased (Art. 17 GDPR) or that the processing be restricted (Art. 18 GDPR). In some cases, you also have the right to data portability (Art. 20 GDPR). Under certain circumstances, you can also object to the processing (Art. 21 GDPR).

If you have any questions regarding your rights and regarding the exercise of your rights, please contact the data protection officer Mr. Sven Lenz at kontakt@deutsche-datenschutzkanzlei.de.

You may also receive excerpts or copies to enforce your right to disclosure. Insofar as this is supported in the processing procedure, you may also view your own data and correct this as required.

Complaints about the processing of your personal data

Should you have any concerns or a question regarding the processing of your personal data and information, you can contact the data protection coordinator or the data protection officer Mr. Lenz as detailed below. You may also contact a regulatory authority for data protection.

Datenschutzkanzlei Lenz GmbH & Co. KG

Bahnhofstraße 50, D-87435 Kempten

Telephone: +49 831 930653-00

E-mail: kontakt@deutsche-datenschutzkanzlei-nospam.de
 

Changes to our data protection notes

We reserve the right to make adjustments to our data protection notes at short notice, to ensure that these always comply with current legal requirements, or to make changes to our services. This can affect the introduction of new services, for example. The new data protection notes then apply on your next visit.

Cookies