Privacy

CrefoSupply is our complaints system in accordance with the German Supply Chain Due Diligence Act (LkSG). Employees, customers, business partners or other whistleblowers can use CrefoSupply to report suspected violations of laws and internal rules to the internal reporting centre. CrefoSupply is part of our compliance management system.

Who is responsible for data processing?
Creditreform Aschaffenburg Schurk KG
Magnolienweg 31
63741 Aschaffenburg
Tel: 0 60 21 / 34 01 22
Fax: 0 60 21 / 34 01 20
E-Mail: info@aschaffenburg.creditreform.de

Our data protection officer

Creditreform Compliance Services GmbH

Hammfelddam 13

41460 Neuss

E-mail: datenschutz@aschaffenburg.creditreform.de

What data is processed?
The use of CrefoSupply is voluntary. The following personal data is processed in the event of reports:

a) Whistleblower: name (if you disclose your identity), contact details (if you provide them)
b) Persons affected by incidents: First name and surname, information about incidents and suspected violations of the law and rules
c) Witnesses and/or third parties named in the tip-off (e.g. customers, suppliers, colleagues or business partners): First name and surname, contact details

What do we process your data for and on what legal basis?
The above-mentioned data is processed for the purpose of detecting and preventing serious misconduct and avoiding and defending against particularly drastic or existence-threatening legal consequences and damage both for our organisation (criminal prosecution, claims for damages, reputational damage, supervisory measures) and for our employees and other stakeholders. The legal basis for the processing is Art. 6 para. 1 lit c GDPR for compliance with the requirements of the LkSG. The obligation to set up a complaints procedure arises specifically from Section 8 LkSG. As we operate this complaints procedure on a voluntary basis, we refer alternatively to the legal basis of legitimate interest pursuant to Art. 6 para. 1 lit f GDPR. The data is entered exclusively on a voluntary basis by the complainant and the data is processed exclusively for the purpose of dealing with the enquiry in question. In this respect, the interests of the data subjects coincide with our interests in the prevention and clarification of grievances, which is why a balancing of interests is regularly positive.

Who receives my data?
The platform is operated and administered by Creditreform Compliance Services GmbH (hereinafter referred to as CCS). However, Creditreform Aschaffenburg Schurk KG is exclusively responsible for the operational processing of the information, so that CCS has no access to data from complaints submitted.

As part of the checks, investigations and remedial action to be taken, it may be necessary to pass on information about a reported incident to employees of other departments or other Creditreform companies, to external advisors (e.g. legal advisors) or to the competent authorities. We may also be obliged to report a reported incident to the competent authorities and the persons concerned.
CrefoSupply is operated on our behalf by the specialised software service provider iComply GmbH, Große Langgasse 1a, DE-55116 Mainz. iComply GmbH is contractually obliged to maintain strict confidentiality and to comply with all data protection requirements. The data centre operator has no access to data of any kind; it is used exclusively to store the application and the data stored in it.

What data security measures does CrefoSupply have in place?
Personal data and information entered in CrefoSupply is stored in a database operated by iComply GmbH in an ISO/IEC 27001-certified data centre in Germany. The data can only be viewed by Creditreform Aschaffenburg Schurk KG. iComply GmbH and other third parties have no access to the data. This is guaranteed by comprehensive technical and organisational measures in a certified procedure. All data is encrypted and stored with multi-level password protection, so that access is restricted to a very narrow circle of expressly authorised persons. Communication between your end device and CrefoSupply takes place via an encrypted connection. The IP address of your end device is not stored during use.

What data protection rights are you entitled to?
You have the right, upon request and free of charge, to receive information about the personal data stored about you, its origin and recipients and the purpose of the data processing. If we process your data on the basis of our legitimate interest, you have the right to object to the processing if there are legitimate reasons arising from your particular situation (right to object). In addition, you have the right to rectification of inaccurate personal data, the right to erasure of personal data, the right to restriction of processing of personal data and the right to data portability. You can contact us at any time regarding this and other questions on the subject of personal data at: datenschutz@aschaffenburg.creditreform.de

Finally, you have the option of lodging a complaint with the supervisory authority if you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way.

How long will the personal data be stored?
Personal data is stored for as long as required for clarification and final judgement or for as long as the company has a legitimate interest or is required by law. This data is then deleted in accordance with legal requirements. If a report proves to be unfounded, the report and the personal data it contains will be deleted immediately.