Data Protection Notice

Thank you for visiting our website and its subpages (hereinafter referred to as website). As a matter of course, we will protect your personal data, especially when it comes to sensitive topics such as our whistleblower system. Below, we would like to provide information about how we process your personal data. The website is published by HENSOLDT AG (hereinafter referred to as HENSOLDT).

1 Data controller

Please contact the following office for questions, requests for information, applications, complaints or criticism regarding our data privacy practices:

Willy-Messerschmitt-Str. 3
82024 Taufkirchen

Our data protection officer is responsible for the proper implementation of data privacy policies. Please contact the data protection officer directly if you have any concerns regarding the processing of your personal data.

Email: dataprotection (at) 

2 Collection, processing and storage of personal data

We only collect, process and store your personal data if permitted by law or if you have given your consent. We obtain this data in two ways: Either you have provided us with the data or we collect it when you use our services.

2.1 Data you share with us
Generally, you can use our website without providing any personal information. In general, our whistleblower system may be actively used without providing personal data. However, you may include documents, images or similar documents with your tip, but such data may be personally identifiable. If you allow a response to a message, we will generate personal login information for you, which is technically speaking personal data, however we do not know your identity. This login information is used so that you can add to your information as well as view responses. Detailed information on the whistleblower system can be found in the item "Use of the whistleblower system" of this Data Privacy Policy.

2.2 Data we receive when you use our services
Some data is collected automatically and for technical reasons when you visit our website. This data is temporarily saved in the server's main memory. The following information is collected without your intervention and stored in the main memory until it is automatically deleted:

  • The IP address of the requesting computer
  • Date and time of access
  • Amount of data sent
  • Browser type and version
  • Operating system

We will process the above data for the following purposes:

  • To ensure that the connection to our website can be established smoothly
  • To ensure convenient use of our website
  • To detect and block attacks

The legal basis for data processing is provided by Art. 6 (1) p. 1 lit. f GDPR. Our legitimate interest is based on the processing purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person and we will not match it to incoming messages. The above data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, we use cookies when you visit our website. Please see Section 3 of this Data Privacy Policy for more detailed explanations.

2.3 Disclosure of data
As a matter of principle, we do not transmit personal data to third parties. If, in individual cases, data is transferred to third parties, you will find the relevant information in this Data Privacy Policy. We take appropriate measures and carry out regular checks to ensure that the data we collect cannot be viewed or accessed by unauthorised third parties.

3 Use of cookies

3.1 Explanation of terms
Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, etc.). Cookies store information generated in connection with the particular end device used. However, that does not mean we acquire a direct knowledge of your identity. We use cookies to make the information offered by us easier for you to use. Below are the different types of cookies we use.

3.2 Types of cookies
On these pages we only use technically necessary cookies, which are required to identify your browser session. These cookies contain a unique identifier that allows us to offer the whistleblower system distributed over several sub-pages. These cookies are automatically deleted each time the browser window is closed (session cookies).

3.3 Use of cookies on our website
The data processed by the cookies necessary for the operation of a website are required to protect our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR.

Cookie “cookieconsent_status“:
This cookie is set and receives the content "dismiss" when you confirm the cookie banner with "OK". It is used so that the cookie notice is no longer displayed. These cookies expire after one year.

A session ID is stored in this cookie to recognise your browser within a session. It is created as soon as you click on "Provide a tip" or "Retrieve answer" or "Login". The cookie contains a 32-character string for this purpose and allows you to view or edit your tip across several pages. This cookie is automatically deleted when the browser is closed.

4 Use of the whistleblower-system

With our whistleblower system, you can provide anonymous tips on various topics such as corruption, money laundering or fraud. You can use the system without providing personal data.

For maximum anonymity vis-à-vis third parties, please also use a public internet connection and not a personal end device or a suitable anonymisation system.

We only process data that you actively and voluntarily provide to us. You do not have to provide a name or contact details - your tip will nevertheless be checked and processed. Several text fields are available for entering your information. Please make sure that you do not enter any personal data in the text fields that you do not wish to disclose (especially your identity).

The data you submit is transmitted and stored in the whistleblower system in fully encrypted form. Only the HENSOLDT case supervisor can access the information and decrypt it. For technical reasons, a carefully selected service provider may have access to the system for operation and maintenance. It is technically possible for persons other than your personal case supervisor to view or process your case but only in justified exceptional cases and only with the involvement of several responsible persons.

Depending on the information provided, data may be disclosed if public authorities are called in or have to be called in for an investigation.

If you allow follow-up questions or replies, you will receive a user ID and must set your own password which allow you to view replies or follow-up questions.

In the context of follow-up questions or replies, we receive statistical data from the system regarding the date the tip was created or modified.

The legal basis for the processing of this data is either consent according to Art. 6 (1) lit. a GDPR, if you allow responses, or our legitimate interest in such notifications and corresponding tracking according to Art. 6 (1) lit f GDPR.

5 Your rights

Of course, you retain control over all personal data that you provide to us when visiting our website and using our services. You have the following rights, which you can exercise free of charge. However, please note that in the case of anonymous tips, it is usually not possible to exercise these rights, as we cannot verify your identity and match it with the whistleblower. In order for us to carry out an effective identity check, you will need to provide us with information about yourself and the tip you provided by some other means. In addition, it will generally not be possible to provide information on personal data relating to you if you are named or possibly accused in a tip-off. The same applies to other rights such as objection, rectification or deletion.

5.1 Right to information
You have the right to obtain information about your personal data stored by us at any time.

5.2 Right to revoke consent granted
You have the right to revoke your consent to the processing of personal data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing. The revocation of consent will not affect the lawfulness of the processing carried out on the basis of consent until revocation.

5.3 Right to object
If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right, at any time, to object to this processing with effect for the future on grounds arising from your particular situation.

If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

5.4 Right to data portability
You have the right to request a transfer of your personal data from us to another entity if your personal data is processed on the basis of consent.

5.5 Right to rectification, erasure or restriction of processing
You have the right to have your personal data corrected, deleted or the processing restricted.

5.6 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority or our company if you have a reason for such complaint. To exercise your rights against our company, please contact the person listed at the beginning of this Data Privacy Policy.

The supervisory authority responsible for our company is the
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach
Tel.: +49 (0) 981 180093-0, Fax: +49 (0) 981 180093-800
Email: poststelle (at) 

6 Duration of storage

Unless required by law, we will store your tip for up to two months after the completion of our investigation. Once this point is reached, your data is completely anonymised and only processed further in the form of statistical data, provided no further storage is required. In principle, it is conceivable that data relating to a tip-off may be stored for a longer period of time, e.g., by authorities for criminal prosecution; however, we do not have any control over this.

Technical data that is generated when establishing a connection to the website, such as the IP address, is stored for a minimum of 30 seconds and a maximum of 15 days for the purpose of detecting and blocking attacks.

7 Automated decision-making

No automated decision-making takes place using the personal data collected.

8 Data security

We use the popular SSL (Secure Socket Layer) protocol in conjunction with the highest encryption level supported by your browser.

You can see whether an individual page of our website is encrypted from the closed image of the key or the lock symbol in the bottom status bar of your browser.

We also take suitable technical and organizational security measures in order to protect your data against chance or deliberate manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our security measures are improved continuously to keep pace with technical developments.