Privacy - Bertelsmann SE & Co. KGaA

Privacy

For the RTL Group Privacy Statement, please click here .

For the RTL Group Hungary Privacy Statement, please click here / Az RTL Magyarország adatkezelési tájékoztatójáért kattintson die

1. Privacy Policy

BERTELSMANN takes data protection and confidentiality very seriously. We follow the provisions of the EU General Data Protection Regulation (EU-GDPR) as well as applicable national data protection regulations. Please read this privacy notice carefully before submitting a report.

2. Controller

The controller responsible for the data protection of the whistleblower system is

Bertelsmann SE & Co. KGaA
Carl-Bertelsmann-Strasse 270
33335 Gütersloh
Phone: +49 (0) 5241-80-0
Fax: +49 (0) 5241-80-62321
Email: Send email

Bertelsmann SE & Co. KGaA (hereinafter referred to as BERTELSMANN) processes personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (hereinafter referred to as "BDSG").

You can reach BERTELSMANN's data protection officer at the above postal address, adding "An den Datenschutzbeauftragten” (to the data protection officer) or at the email address: Send email .

3. Nature of the personal data collected

When you visit this website, information of the calling computer is automatically collected (hereinafter referred to as “Access Data"). This Access Data includes server log files, which usually comprise information about browser type and version, operating system, Internet service provider, date and time, use of the website, previously visited websites and newly accessed websites via the website and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned when the Internet connection is used and the Internet provider can assign it to a person.

Some functions of the website require you to provide BERTELSMANN with personal data. Thus, using the whistleblower system occurs exclusively on a voluntary basis. When you submit a report through the whistleblower system, we collect the following personal data and information:

Your name, if you disclose your identity,
whether you work at BERTELSMANN and
where applicable, the names of persons and other personal data of the persons you mention in your report.

4. Cookies

This website uses cookies. Cookies are small text files that are stored on your computer when you visit a website. The stored cookies are assigned to the browser you are using. If the corresponding website is called up again, the web browser sends back the content of the cookies, thus making it possible to recognize the user. Certain cookies are deleted when you log out or end the browser session ( "transient cookies"). Other cookies are stored for a specified time or permanently ("temporary cookies" or "persistent cookies"). These cookies are erased automatically after a defined period. You can delete the cookies in your browser’s security settings at any time and configure the use of cookies according to your wishes. However, BERTELSMANN points out that if you do so, you may not be able to use all the functions of the website. In principle, cookies are an online identifier without personal reference. The cookies only become personal data if the information generated by the cookies is merged with further data. A distinction can be made between cookies that are necessary for the provision of the website and cookies that are necessary for other purposes such as range measurement, web analysis and market research.

Cookies that are necessary for the provision of the website include, in particular, the following:

Cookies that serve to identify or authenticate the user
Cookies that temporarily store certain user inputs (e.g. the content of an online form)
Cookies that store certain user preferences (e.g. search or language settings)

Cookies that are required for further website purposes (e.g. analysis cookies, cookies for advertising) are not used on this website.

5. Purposes and legal basis of data processing

To ensure the functionality of the website, the performance of security analyses and defense against attacks, server log files are automatically recorded and briefly stored as part of access data on the computer system of the calling device as per section 2 when you enter and use the website. Server log files are not generally stored together with other data. BERTELSMANN uses server log files for statistical evaluations, to analyze and remedy technical faults, to fend off attacks and fraud attempts, and to optimize the functionality of the website. The legal basis for collecting server log files is Art. 6 para. 1 lit. f) GDPR. The functionality of the website, the performance of security analyses and the prevention of dangers are in BERTELSMANN’s legitimate interest.

The whistleblower system (PIT – PeopleIntouch) is used to receive, process and manage information on violations of the BERTELSMANN compliance requirement in a secure and confidential manner. The processing of personal data within the framework of PIT – PeopleIntouch is based on our company’s legitimate interest in detecting and preventing malpractice and thus in preventing damage to BERTELSMANN, BERTELSMANN Group companies, employees and customers. The legal basis for this processing of personal data is therefore Article 6 para. 1 lit. f) EU-GDPR.

6. Confidential treatment of information

Incoming information is received by a narrow circle of expressly authorized and specially trained employees of the BERTELSMANN Compliance Organization and is always treated confidentially. Designated employees of BERTELSMANN’s Compliance Organization examine the facts of the case and, if necessary, perform a further case-related clarification of the facts.

In the course of processing a report or in the course of a special investigation, it may be necessary to pass on information to other BERTELSMANN employees or employees of BERTELSMANN Group companies, e.g. if the information relates to events in subsidiaries. The latter may also be located in countries outside the European Union or the European Economic Area, which may have different rules regarding the protection of personal data. We always ensure that the relevant data protection regulations are complied with when passing on information and that the reporting party’s consent is obtained before passing on information to employees of BERTELSMANN Group companies to deal with the matter. Any per-son who has access to the data is bound to confidentiality.

7. Information of the accused person

We are generally required by law to inform accused persons that we have received a report about them as soon as this information no longer jeopardizes the ability to pursue the report. Your identity as a whistleblower—as far as legally permissible—will not be disclosed.

8. Data subject rights

You have the right to access information about the personal data we have stored on you at any time. If your personal data is incorrect or no longer up to date, you have the right to demand its rectification. You also have the right to request the erasure or restriction of processing of your data in accordance with Art. 17 or Art. 18 GDPR. You also have the right to receive the data you have provided in a common and machine-readable format. (right to data portability).

If you have given your consent to the processing of personal data for certain purposes, you may revoke this consent at any time with future effect. The revocation must be sent to the company at the contact address mentioned in point 1.

Pursuant to Art. 21 GDPR, you also have the right, for reasons arising from your particular situation, to object at any time to the processing of your data, which occurs in accordance with the legal basis of Art. 6 para. 1 lit. f) GDPR.

You also have the option of contacting a data protection supervisory authority and lodging a complaint with them. The competent authority for the company is

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: 0211/ 38424-0
Fax: 0211/ 38424-10
Email: Send email

However, you can also contact the competent data protection supervisory authority for your place of residence.

9. Automated decision-making

No automated decision-making takes place as a result of the processing of your personal data described here.

10. Profiling

No profiling takes place.

11. Retention period of personal data

After calling up the websites, the server log files are stored on the web server and the IP address contained therein is deleted after 2 weeks at the latest. Evaluations during this retention period only occur in the event of an attack.
With regard to the retention periods for information, personal data will be retained for as long as is necessary for the clarification and final assessment of the information or existing contractual and/or statutory obligations have been fulfilled and statutory retention periods do not prevent erasure. The same applies if you revoked your consent.

12. Updating the data protection notice

If this Privacy Policy is changed, notice of the change will be posted in this directive, on the homepage, and in other appropriate places.

Data protection notice status: November 2021