Reporting anti-social behaviour

Notice on the protection of personal data

Please read this privacy notice carefully before reporting anti-social behavior to the Compliance Officer:
DEKRA e.V., DEKRA SE, Handwerkstr. 15, 70565 Stuttgart and its affiliated companies, as the respective independent responsible parties, are the entities responsible for the protection of personal data. The protection of your privacy in the processing of your personal data, as well as the security of all information you provide to us, is our highest priority. Before reporting a case of anti-social behavior to the relevant compliance officer, please read the following data protection information carefully:
1. The purpose of the whistleblower system
The purpose of DEKRA's whistleblower system is to securely and confidentially receive, process and evaluate indications of violations of law and order and DEKRA's compliance guidelines.
2. Collection and processing of personal data and information.
The primary purpose of the database is the collection of reports on anti-social activity, as well as their specific processing, investigation and administration.
Reporting a compliance issue and/or anti-social behavior is voluntary. However, please note that we can only receive and process reports if you confirm that you have read and understood this Data Protection Notice and agree to the processing of reports as described here. Therefore, we kindly ask you to agree by ticking the checkbox before clicking the "Submit" button at the bottom of this page.
You can submit your report anonymously. However, we encourage you to identify yourself in case further investigation is required to establish the facts. In any case, the information you provide will be treated as confidential.
If you report an incident to a designated compliance officer, we will collect the following personal data and information:
  • your name and your contact details (provided you do not wish to report anonymously);
  • whether you are employed by DEKRA;
  • the name and other personal details of the persons you mention and the subject (for example, functional specifications, contact details) of your message;
  • a description of the conduct in violation of the regulations, as well as a description of the circumstances of the incident, including the time and place of the incident, the affected DEKRA entity and whether the management is aware of the incident;
  • other personal data that may result from further questions.
The information you provide when reporting a compliance incident will be verified by the appropriate employee. If necessary, further fact-finding may be carried out, during which - if you do not wish to remain anonymous - you may be contacted by the relevant employee.
3. How will personal data and information be processed after your registration and who can have access to personal data and information?
Any personal data such as your name, your contact details and possibly information about where you are employed by DEKRA (see number 1 a. and b.) and the information you report to us will be stored in the DEKRA database.
4. Who has access to personal data and information?
For the purpose of processing your report, personal data and information may be accessed, processed and used by the designated compliance officer and specially designated employees called by that officer, departments and technical personnel entrusted with inspection or technical consultation.
Personal data and information may also be provided to the police and/or other supervisory or regulatory authorities.
In the event that the competent authorities that receive and process personal data are located in the US or another country that does not provide the level of data protection available in the EU, a contract will be signed based on EU standard contractual clauses.
Please note that any person you report may be notified at an appropriate time that a report has been made. Your identity will not be disclosed. However, any person you report is entitled to correct your description of the relevant circumstances that led to your report.
When DEKRA legal entities are located in the EU and personal data and information are transferred to a recipient located in the US or another country that does not provide an adequate level of data protection (e.g. a level that is comparable to the EU), the standard contractual clauses between these legal entities apply persons. Please note that any person whose identity you have shared with a compliance officer may be notified at an appropriate time that they have been reported. In this case, your identity will not be disclosed. However, anyone about whom you have provided information has the right to review and clarify your statement of facts.
5. How long will personal data and information be stored?
The personal data you have provided will be kept for as long as it is necessary to process your report (including any investigations by the relevant department), or as long as it is necessary to impose sanctions, or as long as the data is necessary to be kept for legal requirements.
6. Confirmation
I have read and understand the privacy statement and I agree to the processing of my personal data and information as stated in it.