Data Protection Notice

Please read this data privacy notice carefully before you report a compliance case to the responsible compliance officer:

DEKRA e.V, DEKRA SE, Handwerkstr. 15, 70565 Stuttgart and its affiliated companies, as the respective autonomous responsible parties, are the units responsible for data protection. Protecting your privacy when processing your personal data, as well as the security of all the information you provide us, is a top priority for us. Please read through this data protection information carefully before reporting a Compliance case to the relevant Compliance Officer:

1. Purpose of the Whistleblower System
The purpose of the DEKRA whistleblower system is to safely and confidentially receive, process, and evaluate indications of violations of law and order and of DEKRA Compliance guidelines.

2. The collection and processing of personal data and information.
The primary purpose of the database is the collection of compliance reports as well as their specific processing, investigation and management.
The reporting of a compliance issue and/or misconduct is voluntary. Please note, however, that we are only able to receive and process reports if you confirm that you have read and taken note of this Data Protection Notice and consent to the processing of the reports as described herein. We therefore kindly ask you to consent by checking the confirmation box before clicking on the button “Continue” at the bottom of this Data Protection Notice. You will then be guided to the report intake form.
You may file your report anonymously. However, we encourage you to identify yourself in case further inquiry is necessary for fact-finding. The information provided by you will be treated confidentially in any case.
If you report an incident to the designated Compliance Officer, we will collect the following personal data and information:

a. your name and your contact details (provided you do not want to report anonymously);

b. whether you are employed by DEKRA;

c. the name and other personal data of the persons you name and the subject (e.g. functional specifications, contact details), of your report;

d. a description of the non-compliant conduct as well as a description of the circumstances of the incident, including time and place of the incident, the effected DEKRA entity, and whether management has knowledge of the incident;

e. other Personal Data Potentially Resulting from Further Questions.

The information you provide when reporting a Compliance case will be verified by the relevant employee. If necessary, further investigation of the facts may be carried out, during which you – unless you wish to remain anonymous – may be contacted by the respective employee.

3. How will personal data and information be processed after your report and who may access the personal data and information?

Any personal data, such as your name, your contact details and when appropriate, where you are employed by DEKRA (see number 1 a. and b.), and information that you report to us will be stored in a DEKRA database.

4. Who has access to the personal data and information?
For the purpose of processing your report, the personal data and information may be accessed, processed and used by the appointed compliance officer and the specifically designated employees called in by the compliance officer, departments and technical staff assigned for review or technical consultation.
Personal data and information may also be disclosed to the police and/or other enforcement or regulatory authorities.
In case the relevant bodies that receive and process personal data are located in the US or in another country that does not provide a level of data protection as available in the EU, a contract based on the EU standard contractual clauses will be signed.
Please note that any person that you report to may be notified at an appropriate time that a report has been filed. Your identity will not be disclosed. However, any person you report is entitled to correct your description of the relevant circumstances giving rise to your report.
When DEKRA legal entities are located in the EU, and transfer of personal data and information to a recipient located in the US or any other country occurs, which does not provide an adequate level of data protection (e.g. a level which is comparable to the EU level of data protection), Standard Contractual Clauses between such legal entities shall apply. Please note, any person whose identity you shared with the Compliance Officer, could be notified at an appropriate time that a report has been filed about them. In such a case your identity will not be disclosed. Nevertheless, anyone, about whom you have provided information, is entitled to review and clarify your representation of the facts.

5. How long will the personal data and information be stored?
The personal data you provided will be kept as long as they are necessary to process your report (including any investigations by the competent department) or, if applicable, as long as they are necessary to initiate sanctions or if the data needs to be kept due to legal requirements.

6. Confirmation
I have read and understood the data privacy statement and I consent to the processing of my personal data and information as described therein.

Report a compliance case

Questions and tips on noncompliant behavior. In the event that you would like to remain anonymous, do not submit any personal information, e.g. your name or relationship to the offender. Do not submit any information that can be traced back to you.

Share page