Whistleblower Form

If you, as a whistleblower, submit a notice via the EMCO homepage, you must give your consent to the processing of your data in advance by ticking the box at the end of the data protection notice. Please read the data protection notices below very carefully before submitting a whistleblower report.

Notes on data protection in the whistleblower system of EMCO

In the following we would like to inform you about the collection, processing and use of personal data in the context of the whistleblower system if you submit a report by phone, letter, form on the EMCO website or appear in person. Therefore, please read these data protection notices very carefully before you submit a report.

I. Purpose of the whistleblower system and data processing

The whistleblower system is used to receive and process reports of (suspected) legal or serious internal rule violations in a secure and confidential way.

The processing of personal data in the context of the whistleblower system is based on EMCO's legitimate interest in the detection and prevention of grievances and the associated averting of damage and liability risks for EMCO (Art. 6 Para. 1 lit. f GDPR). In addition, the EU Whistleblower Directive requires the establishment of a whistleblower system in order to give employees and third parties the opportunity to provide protected information about legal violations in the company.

If the received information concerns an EMCO employee, the processing also serves to prevent criminal offenses or other legal violations in connection with the employment relationship.

The processing of your identification data takes place on the basis of a consent to be given (Art. 6 Para. 1 lit. a GDPR). As a rule, the consent can only be withdrawn within one month of receipt of the report, as EMCO is obliged in certain cases under Article 14 (3) (a) GDPR to inform the accused of the allegations made against them and the investigations carried out within one month to inform. This also includes the storage, the type of data, the purpose of the processing, the identity of the person responsible and - if legally required - the reporting party, so that it is no longer possible to cease data processing or delete the identification data. The withdrawal period can be shortened; E.g. if the type of report requires the immediate involvement of an authority or a court; because as soon as a disclosure to the authority or the court has been made, the identification data are in the procedural files of EMCO as well as the authority or the court.

II. Processing of your personal data

  • Your name, if you disclose your identity,
  • Your contact details, if you provide them to us,
  • the fact that you have made a report via the whistleblower system,
  • whether you are employed by EMCO and
  • if applicable, names of persons and other personal data of the persons named in the report.

The data submitted to the whistleblower system is encrypted and stored with multiple levels of password protection, so that access is restricted to a very small group of expressly authorized EMCO employees. These authorized employees check the reported facts and, if necessary, carry out further case-related clarification of the facts; all data will be always treated confidentially. However, if you knowingly post false information with the aim of discrediting a person (denunciation), confidentiality cannot be guaranteed.

In certain cases, EMCO is obliged under data protection law to inform the accused person of the allegations made against them. This is required by law if it is objectively certain that the provision of information to the accused person can no longer impair the specific information clarification at all. Your identity as a reporter will not be disclosed - as far as legally possible - and it will also be ensured that no conclusions can be drawn about your identity.

As part of the processing of reports or an investigation, it may be necessary to pass on information to other EMCO employees or employees of EMCO subsidiaries, e. g. if the references relate to processes in subsidiaries of EMCO.

If it is necessary for the clarification, a transfer to a subsidiary of EMCO in a country outside the European Union or the European Economic Area can be made on the basis of suitable or appropriate data protection guarantees to protect those affected. Please note that not all third countries have an adequate level of data protection recognized by the European Commission. For data transfers to third countries in which there is no adequate level of data protection, we ensure that the recipient either has an adequate level of data protection (e.g. adequacy decision by the EU Commission or agreement of socalled EU standard contractual clauses of the European Union with the recipient) or express consent of our users.

We always make sure that the relevant data protection regulations are complied with when forwarding information. If there is a corresponding legal obligation or a requirement under data protection law for the clarification of the information, law enforcement authorities, antitrust authorities, other administrative authorities, courts and international law and auditing firms commissioned by EMCO come into question as further possible recipient categories. Anyone who has access to the data is obliged to maintain confidentiality.

Personal data will be kept for as long as the clarification and final assessment requires, a legitimate interest of the company or a legal requirement exists. This data will be then deleted in accordance with the legal requirements. The duration of the storage depends in particular on the severity of the suspicion and the reported possible breach of duty.

III. Your rights

According to European data protection law, you and the persons named in the report have the right to information, correction, deletion, restriction of processing and, in certain cases, the right to data transfer. You can also object to the processing of your personal data for reasons that arise from your particular situation, provided that the data processing is carried out in the public interest or on the basis of a weighing of interests. The objection can be made informally and should, if possible, be sent to the contact details listed in this data protection notice.

If the right of objection is exercised, we will immediately check to what extent the stored data is still required, in particular for processing a report. Data that is no longer required will be deleted immediately. You can also revoke your consent at any time. In this context, please note the information under "Purpose of the whistleblower system and data processing". You also have the right to lodge a complaint with the Austrian data protection authority of the Republic of Austria under the following link: (www.dsb.gv.at).

IV. Your contact person

You can find the contact person for exercising your rights and further information on the following website www.emco-world.com or at info.at@emco-world.com.

Our legal department is at your disposal at any time as your contact for data protection-related issues:

EMCO GmbH
Legal Affairs
Salzburger Straße 80
5400 Hallein
 

Whistleblower Agreement confirmation

The processing of your identification data takes place on the basis of a consent to be given (Art 6 Para. 1 lit. a GDPR). As a rule, the consent can only be withdrawn within one month of receipt of the notification.

Whistleblower-Anfrage

In order to process your request, please fill all fields marked with an asterisk (*) correctly.

* In order to be able to process your request, we ask you to fill in all fields marked with a star (*) correctly.

EMCO privacy setting

Privacy Policy | Imprint

We, EMCO GmbH (headquarters: Austria), would like to process personal data with external services. This is not necessary for the use of the website, but enables us to interact even more closely with you. If desired, please make a selection:

Analysis / Statistics

(1 Service)

Anonymous evaluation for error correction, further development and personalised ads.
Google Analytics

Google LLC, USA

 INFO

Other contents

(4 Services)

Integration of additional information
EMCO Career Portal

eRe­crui­ter GmbH, Austria

 INFO
Evalanche

SC-Networks GmbH, Germany

 INFO
Google Maps

Google LLC, USA

 INFO
YouTube

YouTube LLC, USA

 INFO
Accept all Accept selection Accept nothing

Service: Google Analytics

Purpose: Error analysis, statistical evaluation of our website
Processing operations: Collection of connection data, data of your web browser and data on the contents called up; execution of analysis software and storage of data on your end device, anonymization of the collected data; evaluation of the anonymous data in the form of statistics
Storage period: Data on your end device for up to two years
Joint responsible party: Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA
Legal basis for data processing: voluntary, at any time revocable consent
Consequences of non-consent: No direct effect on the function of the website; however, limited possibilities for further development and error analysis
Legal basis for data transfer to the USA: Implementing decision of the EU Commission C/2016/4176 and the Privacy Shield certification

Name Description Storage period
_ga

Used to distinguish users in Google Analytics 4.

 2 Years
_gid

This cookie is used by Google Analytics to store and update a unique value for each page visited.

 1 Day
_gat

Used by Google Analytics to throttle the request rate, which means that the collection of data on high-traffic websites is restricted.

 1 Day
_ga_AW-959191631

Used to maintain the session status.

 2 years
Back

Service: EMCO Career Portal

Purpose: Provision of a career portal
Processing operations: collection and processing of personal data by eRecruiters for application procedures
Storage period: until you leave the website
Joint responsible: eRecruiter GmbH, Am Winterhafen 4, 4020 Linz, Austria
Legal basis for data processing: voluntary consent, revocable at any time
Consequences of non-consent: The career portal is not made available to you.

Name Description Storage period
__RequestVerificationToken

Saves a token for verification of the following requests.

 Session
Back

Service: Evalanche

Purpose: Provision of a form for newsletter registration
Processing operations: Collection of connection data, data of your web browser and data about the contents called up; execution of analysis software and storage of data on your end device, anonymization of the collected data; evaluation of the anonymous data in the form of statistics
Storage period: Data on your end device up to two years.
Jointly responsible: SC-Networks GmbH, Würmstraße 4, 82319 Starnberg
Legal basis for data processing: voluntary, at any time revocable consent
Consequences of non-consent: No direct effect on the functioning of the website

Name Description Storage period
ewafutano

Tracking (anonymous history)

 2 Years
Back

Service: Google Maps

Purpose: To display the map service Google Maps
Processing operations: Collection of connection data, data of your web browser and data on the contents called up; placement of advertising cookies by Google; processing of the collected data by Google
Storage period: until you leave the website
Jointly responsible: Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA
Legal basis for data processing: voluntary, at any time revocable consent
Consequences of non-consent: The Google Maps service is not made available to you.
Legal basis for data transfer to the USA: Implementing decision of the EU Commission C/2016/4176 and the Privacy Shield certification

Back

Service: YouTube

Purpose: Integration of external videos
Processing operations: Collection of connection data, data of your web browser and data about the contents called up; execution of analysis software and storage of data on your end device, anonymization of the collected data; evaluation of the anonymous data in the form of statistics
Storage period: Data on your end device up to one year.
Joint Controller: YouTube LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Legal basis for data processing: voluntary, revocable consent
Consequences of non-consent: No playback of embedded videos.
Legal basis for the data transfer to the USA: Implementing decision of the EU Commission C/2016/4176 and the Privacy Shield certification

Name Description Storage period
yt-remote-device-id

Saves the user settings when retrieving a YouTube video integrated on other websites

 Permanent
yt-remote-connected-devices

Saves the user settings when retrieving a YouTube video integrated on other websites

 Permanent
yt-remote-session-app

Saves the user settings when retrieving a YouTube video integrated on other websites

 Session
yt-remote-cast-installed

Saves the user settings when retrieving a YouTube video integrated on other websites

 Session
yt-remote-session-name

Saves the user settings when retrieving a YouTube video integrated on other websites

 Session
yt-remote-fast-check-period

Saves the user settings when retrieving a YouTube video integrated on other websites

 Session
VISITOR_INFO1_LIVE

Trying to estimate user bandwidth on pages with integrated YouTube videos.

 179 Days
YSC

Registers a unique ID to keep statistics of the YouTube videos that the user has seen.

 Session
GPS

Registers a unique ID on mobile devices to enable tracking based on GPS geographic location.

 1 Day
Back