Data Protection Notice
Thank you for visiting our website www.hensoldtopenline.net and its subpages (hereinafter referred to as website). As a matter of course, we will protect your personal data, especially when it comes to sensitive topics such as our whistleblower system. Below, we would like to provide information about how we process your personal data. The website www.hensoldtopenline.net is published by HENSOLDT AG (hereinafter referred to as HENSOLDT).
1 Data controller
Please contact the following office for questions, requests for information, applications, complaints or criticism regarding our data privacy practices:
Our data protection officer is responsible for the proper implementation of data privacy policies. Please contact the data protection officer directly if you have any concerns regarding the processing of your personal data.
Email: dataprotection (at) hensoldt.net
2 Collection, processing and storage of personal data
We only collect, process and store your personal data if permitted by law or if you have given your consent. We obtain this data in two ways: Either you have provided us with the data or we collect it when you use our services.
2.1 Data you share with us
2.2 Data we receive when you use our services
Some data is collected automatically and for technical reasons when you visit our website. This data is temporarily saved in the server's main memory. The following information is collected without your intervention and stored in the main memory until it is automatically deleted:
- The IP address of the requesting computer
- Date and time of access
- Amount of data sent
- Browser type and version
- Operating system
We will process the above data for the following purposes:
- To ensure that the connection to our website can be established smoothly
- To ensure convenient use of our website
- To detect and block attacks
2.3 Disclosure of data
3.1 Explanation of terms
3.2 Types of cookies
On these pages we only use technically necessary cookies, which are required to identify your browser session. These cookies contain a unique identifier that allows us to offer the whistleblower system distributed over several sub-pages. These cookies are automatically deleted each time the browser window is closed (session cookies).
The data processed by the cookies necessary for the operation of a website are required to protect our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR.
This cookie is set and receives the content "dismiss" when you confirm the cookie banner with "OK". It is used so that the cookie notice is no longer displayed. These cookies expire after one year.
A session ID is stored in this cookie to recognise your browser within a session. It is created as soon as you click on "Provide a tip" or "Retrieve answer" or "Login". The cookie contains a 32-character string for this purpose and allows you to view or edit your tip across several pages. This cookie is automatically deleted when the browser is closed.
4 Use of the whistleblower-system
With our whistleblower system, you can provide anonymous tips on various topics such as corruption, money laundering or fraud. You can use the system without providing personal data.
For maximum anonymity vis-à-vis third parties, please also use a public internet connection and not a personal end device or a suitable anonymisation system.
We only process data that you actively and voluntarily provide to us. You do not have to provide a name or contact details - your tip will nevertheless be checked and processed. Several text fields are available for entering your information. Please make sure that you do not enter any personal data in the text fields that you do not wish to disclose (especially your identity).
The data you submit is transmitted and stored in the whistleblower system in fully encrypted form. Only the HENSOLDT case supervisor can access the information and decrypt it. For technical reasons, a carefully selected service provider may have access to the system for operation and maintenance. It is technically possible for persons other than your personal case supervisor to view or process your case but only in justified exceptional cases and only with the involvement of several responsible persons.
Depending on the information provided, data may be disclosed if public authorities are called in or have to be called in for an investigation.
If you allow follow-up questions or replies, you will receive a user ID and must set your own password which allow you to view replies or follow-up questions.
In the context of follow-up questions or replies, we receive statistical data from the system regarding the date the tip was created or modified.
The legal basis for the processing of this data is either consent according to Art. 6 (1) lit. a GDPR, if you allow responses, or our legitimate interest in such notifications and corresponding tracking according to Art. 6 (1) lit f GDPR.
5 Your rights
Of course, you retain control over all personal data that you provide to us when visiting our website and using our services. You have the following rights, which you can exercise free of charge. However, please note that in the case of anonymous tips, it is usually not possible to exercise these rights, as we cannot verify your identity and match it with the whistleblower. In order for us to carry out an effective identity check, you will need to provide us with information about yourself and the tip you provided by some other means. In addition, it will generally not be possible to provide information on personal data relating to you if you are named or possibly accused in a tip-off. The same applies to other rights such as objection, rectification or deletion.
5.1 Right to information
You have the right to obtain information about your personal data stored by us at any time.
5.2 Right to revoke consent granted
You have the right to revoke your consent to the processing of personal data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing. The revocation of consent will not affect the lawfulness of the processing carried out on the basis of consent until revocation.
5.3 Right to object
If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right, at any time, to object to this processing with effect for the future on grounds arising from your particular situation.
If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
5.4 Right to data portability
You have the right to request a transfer of your personal data from us to another entity if your personal data is processed on the basis of consent.
5.5 Right to rectification, erasure or restriction of processing
You have the right to have your personal data corrected, deleted or the processing restricted.
5.6 Right to lodge a complaint
The supervisory authority responsible for our company is the
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach
Tel.: +49 (0) 981 180093-0, Fax: +49 (0) 981 180093-800
Email: poststelle (at) lda.bayern.de
6 Duration of storage
Unless required by law, we will store your tip for up to two months after the completion of our investigation. Once this point is reached, your data is completely anonymised and only processed further in the form of statistical data, provided no further storage is required. In principle, it is conceivable that data relating to a tip-off may be stored for a longer period of time, e.g., by authorities for criminal prosecution; however, we do not have any control over this.
Technical data that is generated when establishing a connection to the website, such as the IP address, is stored for a minimum of 30 seconds and a maximum of 15 days for the purpose of detecting and blocking attacks.
7 Automated decision-making
No automated decision-making takes place using the personal data collected.
8 Data security
We use the popular SSL (Secure Socket Layer) protocol in conjunction with the highest encryption level supported by your browser.
You can see whether an individual page of our website is encrypted from the closed image of the key or the lock symbol in the bottom status bar of your browser.
We also take suitable technical and organizational security measures in order to protect your data against chance or deliberate manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our security measures are improved continuously to keep pace with technical developments.