Data protection

Data privacy statement for the whistleblower system

1. Responsible person

The entity responsible for the collection, processing and use of personal data within the framework of the whistleblower system is:

Leon Kriese
Starnberger Weg 1
68219 Mannheim
Germany

Email: info@narilo.de
Telephone: +49 179 1320150

All inquiries regarding data protection or the exercise of your rights can be addressed directly to the data controller.

2. Purpose of data processing

Personal data will be processed exclusively for the following purposes:

  • Review and processing of reports of possible misconduct, violations or abuses

  • Protection of whistleblowers

  • Fulfillment of legal obligations

  • Initiation of necessary measures after review of the notification

3. Categories of processed data

We process the following personal data:

a) Data provided by the whistleblower

  • Name, contact details (if provided)

  • Information on possible witnesses, victims or accused persons

  • Details of the reported misconduct

  • Further information voluntarily provided by the whistleblower

b) Special categories of personal data (only if provided voluntarily)

  • Health-related data

  • Data on ethnic origin

  • Information on religious or philosophical beliefs

  • Information on sexual orientation

c) Data automatically collected when visiting the form

  • IP address

  • Date and time of access

  • Browser type and version

  • Operating system used

4. Legal basis for processing

  • Consent of the whistleblower (Art. 6 para. 1 lit. a GDPR)

  • Fulfillment of a legal obligation (Art. 6 para. 1 lit. c GDPR)

  • Legitimate interest in ensuring the functionality and security of the whistleblower system (Art. 6 para. 1 lit. f GDPR)

5. Disclosure to third parties

Personal data will only be disclosed to third parties in the following cases:

  • With the express consent of the whistleblower

  • If required by law (e.g., authorities, lawyers, internal consultants)

  • To service providers who are necessary for the operation of the whistleblower system (contract data processing)

All third parties are contractually obligated to comply with the GDPR.

6. Storage and Deletion

  • Data will only be stored for as long as necessary to process the request.

  • The data will be deleted once the purpose for which it was collected has ceased to exist or statutory retention periods have expired.

7. Rights of data subjects

Whistleblowers and other affected persons have the following rights under the GDPR:

  • Information about the processed data

  • Correction of inaccurate data

  • Deletion of personal data

  • Restriction of processing

  • Objection to the processing

  • Data portability

  • Complaint to a supervisory authority

8. Data security

We have implemented technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data. Only authorized personnel have access to the data, and it is treated confidentially.

9. Anonymous tips

Tips can also be submitted anonymously. For maximum security, we recommend using your browser's incognito mode.