Privacy Statement

Employees, customers, or business partners of Tion Renewables AG can use iWhistle to report violations of compliance regulations, antitrust or corruption law (“Compliance” reporting channel), data protection regulations (“Data Protection” reporting channel) and human rights (“Human Rights” reporting channel). The three reporting channels are strictly separated. The data is only passed on to those persons and departments whose knowledge of the data and its content is necessary for the purpose of processing. The legal department is responsible for processing the reports. Only the employees of the legal department have access to the data. Information is only passed on to other departments if it is necessary for the processing of a specific case. The infrastructure of the system, including the websites and the database, is operated by the service provider iComply GmbH, located in 55116 Mainz, Große Langgasse 1A. iComply GmbH is contractually obliged to maintain strict confidentiality and to comply with all data protection requirements. For this purpose, iComply GmbH carries out commissioned data processing in accordance with Art. 28 GDPR. The data is only processed anonymously and encrypted.

What personal data and information is collected and processed?

When reporting incidents through iWhistle, personal data is collected and processed, including such

  • of the person submitting a report (title, name, address, contact details, telephone number and email) (optional/voluntary!) and
  • of the persons affected by and involved in an incident (titles, names, addresses, contact details, department(s), description of the actions of the persons concerned, necessary data on time, duration, and location of the actions),

entered in the respective reporting form or transmitted via the protected mailbox. The data is processed by the responsible department to review the reported incidents, to initiate and conduct investigations and to take and implement necessary remedial measures. As part of the reviews, investigations, and remedial actions to be taken, it may be necessary to provide information about a reported incident to employees of departments other than the legal department or to the management of Tion Renewables AG, to other Companies of the Tion Group, to external advisors (e.g., legal advisors) or to the competent authorities, as well as to the persons affected.

How long will the personal data be stored?

The personal data and information provided by you will be retained for as long as knowledge thereof is necessary for the processing of the report and, if applicable, for the initiation and enforcement of sanctions or if the data must be retained due to legal requirements. If necessary for the initiation of official or judicial proceedings, the data will also be stored until the conclusion of one or any such proceeding. Should a notification prove to be unfounded, the notification and all personal data contained therein will be deleted immediately.