Notice guideline


1. Introduction

1.1 Purpose of this Policy

Compliance with the law is the basis of all our activities, and we see honest, ethical and compliant behavior as the foundation of our corporate success. To this end, we have established certain internal policies in which we specify rules of conduct for specific areas (e.g. our ). We expect all employees to adhere to our high standards and all employees are also committed to these standards accordingly.

Nevertheless, there is a risk for every organization that something will go wrong from time to time, or that employees will unknowingly or knowingly engage in unethical or illegal behavior. A culture of openness and accountability is essential to prevent such situations or to manage them if they do occur.

In order for us to live up to this claim, it is important to learn about potential misconduct and to put a stop to it. Accordingly, it is very important to us to receive information about potential misconduct and to encourage people to report potential misconduct without fear of sanctions or discrimination.

The central message of this Policy is:

Whistleblowers are protected from sanctions, reports are treated confidentially, and the identity of whistleblowers is not disclosed if they wish to do so and it is legally possible. All plausible reports will be investigated and action will be taken as appropriate.

1.2 Contents of this Policy

Anonymous Reports:

  • How can potential misconduct be reported?
  • Is the confidentiality of the whistleblower's identity guaranteed?
  • Who can report potential misconduct?
  • What can be reported?
  • What happens after a report or how are reports processed?
  • How are whistleblowers protected?
  • What about data protection?

1.3 To Whom Does this Policy Apply?

This policy applies to all employees, trainees, interns, board members, managers, freelancers and other employees (hereinafter uniformly referred to as "employees "). In addition, this Policy applies mutatis mutandis to all other parties entitled to report, namely applicants, former employees, all business partners such as suppliers, service providers and customers, shareholders, sales representatives, intermediaries and all other relevant stakeholders who have knowledge of misconduct within the company or at suppliers and subcontractors.

1.4 Precedence of Mandatory Local Law

Mandatory local law remains unaffected by this Policy. If this Policy conflicts with mandatory local law, mandatory local law will of course take precedence.

2. How can Potential Misconduct be Reported?

Internal reports: Potential misconduct can be reported internally. Questions can also simply be asked or concerns communicated regarding the legal compliance or ethical compatibility of certain corporate activities.

External Reports: However, information on potential misconduct can also be provided externally to the responsible authorities. We welcome whistleblowers to make an internal report first to allow us to quickly investigate and remedy potential misconduct internally, but whistleblowers are not required to make an internal report first before contacting the appropriate authorities with an external report. In the case of an external report, the whistleblower must ensure that the possible negative consequences of the external report for the Company and for the persons involved are kept to a minimum.

2.1 Company Internal Reports

  • Supervisor Potential misconduct can be reported in the traditional manner to the responsible supervisor. Whistleblowers may contact the supervisor in person or put the matter in writing. A personal meeting may also be held if the whistleblower so desires. It may be possible to find a solution quickly and effectively.
  • Compliance.One Whistleblowing System Whistleblowers can also report potential misconduct through our whistleblowing system Compliance.One. Reports can be made as follows:
    • Online via our website for reports: REPORT
    • By telephone via our hotline for reports: +3197010256016 +3197010259320 +498914367571
  • The website for reports and the hotline for reports are provided by our external service provider Compliance.One. Potential whistleblowers should be able to find the whistleblowing system easily. The link to the whistleblowing system is therefore published in all relevant places (e.g. on the intranet, in notices and in communications with suppliers/service providers).
  • In case of a report via the website for reports, one of the following options can be chosen:
    • Anonymous No data on the identity of the whistleblower is recorded, but the status of the processing of the report can still be tracked anonymously at any time via a QR code or a link. In this way, further supplementary information on the facts of the case can also be provided anonymously.
    • Confidential Whistleblowers can provide contact details, e.g. their e-mail address, and are then kept up to date on the status of their report and the employee handling the report can ask queries about the facts, which can simplify and speed up the clarification of the matter. In the case of a confidential report, the contact data and the information on the identity of the whistleblower are processed exclusively by the provider of the whistleblowing system Compliance.One and are not forwarded to the employee handling the report. This is clearly contractually agreed with Compliance.One and Compliance.One is not allowed to forward this information to the Company. Compliance.One acts as an anonymization level between the whistleblower and Company and the employee handling the report in the Company.
    • Transparent In the case of a transparent whistleblowing, the contact data or information on the identity of the whistleblower is passed on by the provider of the whistleblowing system Compliance.One to the employee handling the report and direct communication can take place between the whistleblowers and the employee handling the report in the Company.

2.2 External Reports to the Competent Authorities

You can also always contact the relevant authorities in the event of potential misconduct.

2.3 Anonymous Reports

The Company will also investigate anonymous reports, even if there may be no legal obligation to do so.

The Company expressly does not encourage anonymous reports, as a proper investigation may be more difficult or impossible if no further supplementary information on the respective facts can be obtained from the whistleblower. It may also be more difficult to determine whether a report is credible and plausible in the case of anonymous reports.

The whistleblowing system Compliance.One provides the possibility to give confidential information without revealing the identity of the whistleblowers to the employee handling the report in the Company, since the identity of the whistleblowers in the case of a confidential information is only known to the provider of the whistleblowing system Compliance.One and Compliance.One will not and may not reveal the identity of the whistleblowers to the Company. A confidential report thus combines the advantages of anonymity with the possibility of communication between the whistleblower and the Company.

2.4 Reports via Telephone and Personal Meeting

Reports via telephone or reports given during a personal conversation are recorded with the consent of the person providing the report or the conversation is recorded. The person providing the report will then be provided with the call log for review and correction, and he/she can confirm the log by signing it.

3. Who Can Report Potential Misconduct?

All current and former employees of our Company, and all applicants, business partners such as suppliers, service providers and customers, shareholders, sales representatives, intermediaries, and all other relevant stakeholders who have knowledge of misconduct in the Company are entitled to report.

4. What Can and Should be Reported?

4.1 All Potential Grievances

All grievances within the Company, any misconduct by employees, all potential violations of applicable law and/or Company guidelines, etc., including the respective suspicion, can and should be reported.

This includes, but is by no means limited to, the following areas in particular:

  • Fraud and misconduct relating to accounting or internal accounting controls,
  • Corruption
  • Bribery and venality,
  • Banking and financial crime,
  • Auditing offenses,
  • Money laundering
  • Financing of terrorist activities,
  • Prohibited Insider Trading,
  • Violations of antitrust law,
  • Violations of competition law,
  • Violations of data protection law
  • Betrayal of secrets,
  • Breaches of confidentiality obligations,
  • Falsification of contracts, reports or records,
  • Misuse of company assets, theft or embezzlement,
  • Environmental hazards, common hazards, hazards to the health or safety of our employees, and similar cases.
  • Harassment, especially sexual harassment
  • Child and forced labour
  • Information security
  • Human rights or environmental risks that have arisen as a result of the economic activities of a company in its own business sector or of a direct supplier. 

Violations or suspected violations by any employee, including the Company's executive bodies and managers, can and should be reported. The same applies if a third party commits an act that is directed against our Company (for example, attempted bribery by service providers and suppliers).

4.2 Reasonable Suspicion

All cases where there is a reasonable suspicion that an incident relevant under this Policy has occurred should be reported. Not in all cases will it be clear to the whistleblower whether a particular action or behavior constitutes wrongdoing or a violation of law and/or Company policy. The whistleblower should carefully consider this before making a report. However, it is clearly in the Company's interest for a suspected case to be reported, even if whistleblowers are not 100 percent certain that it is indeed a case of maladministration where the Company must intervene. It is better to report once too often than to conceal a grievance. In case of doubt, the potential whistleblower can discuss the case or his/her suspicion in abstract terms with the compliance officer or his/her supervisor without naming names and agree whether it is a relevant case to be reported.

4.3 Concrete and Conclusive

Each report should be as specific as possible. The whistleblower should provide as detailed information as possible about the facts to be reported, so that the person handling the case can assess the matter correctly. In this context, the background, the course of events and the reason for the report as well as names, dates, places and other information should be provided. Documents should be provided if available. Personal experiences, possible prejudices or subjective opinions should be identified as such. In principle, the whistleblower is not obligated to conduct his own investigations; an exception may apply if he is obligated to do so under his employment contract.

4.4 Good Faith or Abuse of the Whistleblowing System

Every report should be made in good faith. If a review of the report reveals, for example, that there is no reasonable suspicion or that the facts are insufficient to substantiate a suspicion, whistleblowers who submit a report in good faith will not be subject to disciplinary action. The situation is different for whistleblowers who deliberately misuse the whistleblowing system to submit false reports; such whistleblowers must expect disciplinary action. Impairment of the whistleblowing system through, for example, manipulation, cover-up or breach of agreements regarding confidentiality may also result in disciplinary measures. Measures that can be considered are, for example, warnings or dismissals. In addition, this may have consequences under civil or criminal law.

4.5 Obligation to Report

If employees have reason to believe that a matter relating to the Company constitutes a criminal offense or is likely to result in serious damage to the Company or third parties, they have a duty to inform the Company. This duty to inform does not apply if the facts are already known to the Company or if there is no duty to testify under the Code of Criminal Procedure.

5. What Happens After a Report or How are Reports Processed?

5.1 Confirmation of Receipt

The whistleblower will receive confirmation of receipt within seven days of receipt of his/her report, unless he/she has submitted the report anonymously. When using our whistleblower system Compliance.One, the confirmation of receipt and the status of processing can be retrieved via the QR code or link to the respective report, even in the case of an anonymous report.

5.2 Processing of the Report

Any report will be treated confidentially and in accordance with the applicable data protection laws. An impartial reporting officer and a deputy reporting officer have been appointed within the Company to process the reports. Once a report has been received, the reporting officer carries out an initial check of the plausibility and relevance of the report. If the reporting officer is of the opinion that further investigations should be carried out, he/she documents this and forwards the information to the unit(s) within the Company responsible for the further investigation. These then carry out the internal investigations. The name of the whistleblower will only be communicated and disclosed within the Company if the whistleblower has given his or her express approval. All employees are obliged to support the unit(s) responsible for the investigation in its inquiries and to cooperate to the best of their ability in clarifying the suspicion. They are obligated to maintain confidentiality. The information obtained is documented, with only the necessary data being collected and processed. The investigation will be conducted as quickly as reasonably possible. The unit(s) responsible for internal investigations shall keep the reporting officer informed of the progress of the investigation. The whistleblower will be informed by the reporting officer about the progress of the procedure and will receive feedback on the processing status or the measures taken in connection with the report within an appropriate timeframe, at the latest within three months of receipt of the report.

5.3 Conclusion of the Investigations and Measures

The unit(s) responsible for internal investigations shall inform the relevant decision-makers after the investigation has been completed if a report proves to be accurate and relevant. The relevant decision-makers are persons who have the power to act within the Company to remedy, prosecute, punish, etc. grievances. As a rule, this will be the managing director(s). The relevant decision-makers then decide on the measures necessary in the interests of the Company, based on the facts ascertained. Insofar as necessary on the basis of the results determined, the competent governmental authorities are informed and involved and the relevant information is transmitted to them. If a report turns out to be false or cannot be sufficiently substantiated with facts, this is documented accordingly and the procedure is discontinued immediately. There must be no consequences for the employees concerned; in particular, the matter is not documented in the personnel file. The Company will also endeavor to use the results and suggestions of any investigation to correct any misconduct to the extent possible under existing circumstances.

5.4 Complaint About the Way the Report was Handled

The Company attaches great importance to ensuring that all reports are comprehensively processed and appreciated, and that they are always dealt with fairly and appropriately. If whistleblowers are not satisfied with the way a report has been handled, they can contact their supervisor, the Compliance Officer or the management directly (depending on who was involved in the handling of the report).

6. How are Whistleblowers Protected?

6.1 Confidentiality and Secrecy

The protection of whistleblowers is ensured by the confidential treatment of their identity. Confidentiality also applies to all other information from which the identity of the whistleblower can be directly or indirectly deduced. In principle, the name of a whistleblower will not be disclosed; the identity of the whistleblower may be disclosed if the whistleblower permits disclosure or if a corresponding legal obligation exists. Whistleblowers shall be informed before their identity is disclosed, unless such information would jeopardize the relevant investigation. The same applies to confidentiality with regard to whistleblowers as to persons who have assisted in the clarification of a suspicion.

6.2 Protection Against Reprisals

Any person who makes a good faith report or cooperates in the investigation of a suspected report shall not be subject to adverse action or reprisal, or an attempt to take adverse action or reprisal, as a result of the report or cooperation, including, but not limited to, the following adverse action or reprisal:

  • Suspension, termination or similar action;
  • Downgrading or denial of a promotion;
  • Transfer of duties, change of work location, reduction in salary, change in working hours;
  • Refusal to participate in continuing education;
  • negative performance appraisal or issuance of a poor job reference;
  • Disciplinary action, reprimand, or other sanction, including financial sanctions;
  • Coercion, intimidation, bullying or exclusion;
  • Discrimination, disadvantageous or unequal treatment;
  • Failure to convert a fixed-term employment contract into a permanent employment contract in cases where the employee was entitled to expect to be offered a permanent employment contract;
  • Non-renewal or early termination of a fixed-term employment contract;
  • Harm (including damage to reputation), especially on social media, or causing financial loss (including loss of orders or revenue);
  • Recording of the whistleblower on a "black list" on the basis of an informal or formal sector- or industry-specific agreement with the consequence that the whistleblower no longer finds employment sector- or industry-wide;
  • early termination or cancellation of a contract for goods or services;
  • Revocation of a license or permit;
  • Psychiatric or physician referrals.

This may not apply if the person is involved in the incident to be investigated. If a whistleblower or a person involved in the investigation of a suspicion believes that he/she has been subjected to reprisals as a result, he/she must report this to his or her respective superior or, if the superior is or was involved in the potential reprisal, to the Compliance Officer. It shall be presumed that a whistleblower or a person who has cooperated in the clarification of a suspicion, who has suffered a reprisal, has suffered this reprisal due to the whistleblowing or cooperation. It is up to the person who took the adverse action to prove that this action was based on sufficiently justified reasons and does not constitute a reprisal due to the report or cooperation. The Company will not tolerate any discrimination, harassment or similar treatment of whistleblowers or persons involved in the investigation. The Company will consider the circumstances of each case and may take temporary or permanent measures to protect the whistleblower(s) or cooperating persons and to protect the interests of the Company. Any employee or supervisor who dismisses, demotes, harasses, or discriminates against a whistleblower or any person who cooperates in the investigation of a related allegation because of the whistleblower's or person's cooperation or similar action will be subject to disciplinary action, which in the most extreme case may result in dismissal. Protection from reprisal also extends to third parties associated with a whistleblower who could suffer reprisal in a professional context, such as colleagues or relatives of the whistleblower, legal entities owned or worked for by a whistleblower, or with whom the whistleblower is otherwise associated in a professional context.

7. How are Reported Persons Protected?

7.1 Information of the Reported Person

Any person affected by a report shall be notified of the suspicions directed against him/her at the appropriate time, taking into account the requirements of data protection law, unless such notification would significantly impede the progress of the proceedings to establish the facts. The notification shall be made at the latest after the investigation has been completed. The notification usually contains the following information:

  • the details of the submitted report,
  • the purposes of the processing,
  • the legal basis for the processing and the legitimate interests of the Company underlying the processing,
  • the categories of personal data that are processed,
  • the departments informed about the notification and the persons authorized to access the data,
  • the recipients or categories of recipients,
  • the intention to transfer the data to a recipient located in an insecure third country and the legal basis for the transfer,
  • Information on the identity of the whistleblower or the source, insofar as the whistleblower has consented to the disclosure of his/her identity or this is necessary to protect the interests of the data subject,
  • the duration of the storage of the data or the criteria for determining the duration,
  • the rights of the data subject to information, correction, blocking or deletion or any rights of objection,
  • Rights of appeal to the supervisory authority.

7.2 Right to Comment

The person concerned shall be heard by the unit(s) responsible for internal investigations before conclusions are drawn at the end of the procedure explained above. If a hearing is not possible for objective reasons, the unit(s) responsible for internal investigations shall request the person concerned to formulate his or her arguments in writing.

7.3 Right to Delete the Data

If the suspicion asserted in the notification is not confirmed, the data subject shall have the right to have his/her data stored by the Company in this context deleted.

7.4 Right to Complain to the Works Council

The reported person may make use of his/her right of appeal pursuant to Sections 84, 85 of the Works Council Constitution Act (BetrVG) and involve the works council.

8. Data Protection

8.1 Legal Compliance and Legal Basis

Personal data provided by whistleblowers or collected in the course of internal investigations are processed in compliance with data protection regulations. The data collected is used exclusively for the purposes described in this Policy. The data is provided in particular to ensure the Company's legal obligations or compliance within the Company. The data is processed on the basis of Section 26 (1) of the German Federal Data Protection Act (BDSG) for the fulfillment of contractual obligations or on the basis of the overriding legitimate interests of the Company pursuant to Art. 6 (1) lit. f) GDPR. These legitimate interests are ensuring compliance in the Company, in particular the detection and clarification of wrongdoing in the Company, of conduct harmful to the Company, of white-collar crime, etc., as well as the protection of employees, business partners, customers and other stakeholders.

8.2 Information and Access

Whistleblowers are provided with the necessary information on data processing and data protection when the data is collected. All persons whose data is processed by the Company in the course of the procedure (e.g. whistleblowers, reported persons or persons assisting in the clarification) have the right, pursuant to Art. 15 GDPR, to receive information from the Company about the data stored about them by the Company and further information, such as the processing purposes or the recipients of the data.

8.3 Retention and Deletion

Reports will not be retained longer than is necessary and proportionate to meet the requirements set forth in this Policy and/or statutory retention periods. The data collected is generally deleted within two months of the conclusion of the internal investigation. If criminal, disciplinary or civil court proceedings are initiated as a result of misconduct within the meaning of this Policy or misuse of the whistleblowing system, the storage period may be extended until the respective proceedings have been legally concluded. Personal data that is obviously not relevant for the processing of a specific report will not be collected or will be deleted immediately if it was collected unintentionally.

8.4 Technical and Organizational Measures

The data collected and processed as a result of a report is stored separately from the other data processed in the Company. Appropriate authorization systems and appropriate technical and organizational measures ensure that only the persons responsible in each case have access to this data.

8.5 Transfer to Third Countries

The data is processed exclusively within the EU or the EEA. Only in the case of non-European circumstances may a transfer to unsafe third countries be necessary. In this case, appropriate safeguards are provided in accordance with Art. 46 et seq. GDPR.

8.6 Data Subject Rights

All persons whose data is processed by the Company within the scope of the procedure have the right to have their incorrect data corrected, the right to have their data completed, the right to have their data blocked or to have their data deleted, provided that the requirements pursuant to Art. 16 et seq. GDPR are met. A request for deletion is justified, for example, if the data has been processed unlawfully or the data is no longer needed for the purposes for which it was collected.

8.7 Rights of Objection

If data is processed on the basis of legitimate interests of the Company, the person concerned by such processing may object to the processing of his or her data by the Company at any time on grounds relating to his or her particular situation. The Company will then either demonstrate overriding legitimate grounds permitting the processing or it will no longer process the data. For the period of this review, the data will be blocked for these purposes.

8.8 Data Protection Officer

Persons involved in the procedure, including the whistleblowers themselves, may contact the Company's Data Protection Officer at any time to have it checked whether the rights existing on the basis of the relevant applicable provisions have been observed.

8.9 Right of Appeal to the Data Protection Supervisory Authority

If a data subject believes that the Company is not processing the data in accordance with applicable data protection law, a complaint may be filed with the competent data protection supervisory authority.

9. Consequences of Violations

Violation of this Policy may result in measures under employment law, including termination of employment without notice or, in the case of freelancers, termination of the cooperation without notice. Criminal sanctions and civil law consequences such as compensation for damages are also possible.

March 23, 2023