Whistleblowing System

Legal errors and irregularities can be reported in this whistleblower system. Information on violations of legal regulations has a high priority and enables the company management to react quickly. This is the only way the company can correct irregularities and prevent them in the future. To enable the reporting of violations and the issuing of notices, the company uses a whistleblower system. This system offers employees, suppliers and other partners or persons related to the company the opportunity to report violations via a secure online platform. Incoming reports are seriously investigated and dealt with accordingly. Whistleblowers who act in good faith and seek to promote proper conduct and help resolve misconduct are guaranteed the greatest possible protection and confidentiality under the law. Whistleblowers may also submit information anonymously. Even as an anonymous whistleblower, communication with the company is guaranteed. To do so, after submitting the information, create your own anonymous access to the information with the possibility of communicating with the company and exchanging data. The presumption of innocence always applies to all persons concerned until the violation has been proven.

System & Security

The whistleblowing platform used by our company is the White Sparrow whistleblowing system of MKM Compliance GmbH. The system ensures that submitted reports are only transported in encrypted form. They are processed in a highly secure environment and - if desired by the whistleblower - anonymously. This means that in the case of anonymous reports, no e-mail address, telephone number or other technical data is recorded and stored that would allow conclusions to be drawn about the whistleblower. The metadata required for the transmission are subsequently deleted. The IT systems, servers and data centres are certified according to DIN ISO 27001/2, ISO 22301 and 27018, are located in Germany and are maintained exclusively by German companies. The processing of all data complies with the regulations of the General Data Protection Regulation (GDPR). The data is stored in a database where only the persons designated by the company have access to the data. With the White Sparrow whistleblower system, reports can be submitted online around the clock, seven days a week, worldwide, in several languages.

Why should I submit a report?

Violations of laws or codes of conduct harm the company and all employees. By reporting such violations, you enable the company to react promptly and concretely. Integrity, respect and responsibility are core values of companies that not only affect sustainable economic success, but also the well-being of each individual in the team. By using the whistleblower platform, companies respect the legally required protection of whistleblowers and thus create a confidential and protected environment that grants the whistleblower control and transparency. The whistleblower is informed via the platform about the measures taken and can enter into an exchange with the company - also anonymously.

Submit report

Frequently asked questions

Who can submit a report?

In general, all employees of a company can report violations, including interns, freelancers or temporary workers. If the company opens the system for this purpose, business partners, suppliers, former employees or job applicants can also submit reports. Regardless of the whistleblower's position, all of these groups are afforded the confidentiality and protection afforded by the law.

Is my report really confidential?

We keep your identity and the reported violation absolutely confidential. The information will only be shared within the company with a small group of people for the purpose of investigation. You can choose to reveal your identity or remain anonymous. Depending on the legal situation, companies may not be legally obliged to process anonymous reports. However, serious reports will usually always be considered. Since the information you pass on to us may lead to investigations and (possibly criminal) consequences for the persons concerned, the information you report must, in your opinion, be true. The reporting of intentionally false facts or false suspicions may result in criminal consequences for the whistleblower and may be reported to the police. In this case, you are not protected as a whistleblower. However, you will not face any consequences if you provide your information to the best of your knowledge and in good faith, even if the information later turns out to be false. Your motives for reporting are irrelevant as long as you believe them to be true. Please note that as a whistleblower you may not disclose information if you are yourself subject to a legally mandated professional duty of confidentiality, such as a doctor or tax advisor. In addition, those who learn of the report may, under certain circumstances, be legally obliged to release reported information in full to government agencies. This may be the case, for example, if there are legal constraints on the involvement of authorities in areas affected by a report. Likewise, the company may be compelled by investigating authorities (e.g. in the course of a search) or a court to disclose information and the identity of the whistleblower.

How do I submit a report?

In order for a notice to be correctly checked and processed, it is important that you provide as specific information as possible and describe the violation as precisely as possible. To do this, it is best to answer the questions Who? - What? - Where? - How? and When? In order to ensure a speedy clarification, it would be helpful if you were available for further questions. It is up to you whether you communicate directly via the whistleblower system or by telephone or e-mail. When communicating via the whistleblower system, you remain anonymous. To do this, you create an anonymous account yourself after submitting the report. You will automatically be instructed to do so after submitting the report. This account can then be used for two-way communication with the company. You should also note that the report will be reviewed by persons who may not have expertise in your field. So please try to describe the facts as clearly and factually as possible. If you have any further questions about the procedure or the White Sparrow whistleblowing system, you can email the White Sparrow team at incident@mkm-compliance.de with your questions. We will be happy to provide you with non-binding and confidential information about the reporting process.

How does the reporting process work?

1. On the next few pages, you will first be asked to describe the violation in as much detail as possible and to provide important information. Information such as your name or position is not mandatory. 2. If you provide your name and a means of contact, you will receive feedback on the follow-up measures taken within three months at the latest. 3. Please understand that processing may take time, depending on the scope of the information. We take your concerns seriously and would like to examine them with due diligence. However, queries can also be addressed to you beforehand. These can be addressed to you directly via the system without revealing your identity. 4. During the investigation, those involved who are required will be asked for their assistance. Depending on the information reported, the company may be obliged to involve state authorities such as public prosecutors or supervisory authorities. - If these authorities legally compel the company to provide all information on the report, the identity of the whistleblower would also have to be disclosed. 5. The whistleblower receives information on how and with what follow-up measures the investigation was concluded.

What safety standards are met?

The White Sparrow whistleblowing system is provided by MKM Compliance GmbH as an independent partner. The information is collected with the help of a software developed in a highly secure banking environment and stored in technically highly secure data centres in Germany without access from abroad. The reported information is stored exclusively on servers in data centres that are certified according to DIN ISO 27001/27002, ISO 22301 and 27018, SOC 1, SOC 2 and SOC 3. On these servers, the metadata that is absolutely necessary for transmission, such as IP addresses or network and device specifications, is only stored for a short time and then deleted without the companies or MKM Compliance employees having access to it. In addition, the system is set up in such a way that an IP address cannot be linked to a submitted report. This means that even access to the data means that it is no longer possible to assign it to a report. It is up to you to decide whether you will remain anonymous or whether you will provide personal information. In any case, the contents of the report are transmitted securely in encrypted form.

What other reporting channels are there?

A report can be submitted on this platform or via e-mail at incident@mkm-compliance.de. Information received by email is entered manually as a new tip in the whistleblowing system of the company concerned by employees of MKM Compliance GmbH who are sworn to secrecy. If the company concerned enables further options for submitting a report, it may have published this itself.