Privacy policy

Privacy Policy Whistleblower System

We are pleased that you are visiting our whistleblower system. The whistleblower system is used to report violations of applicable laws and internal policies within our organization. This helps us to clarify and prosecute such violations. In the following, we provide information on the collection of personal data when using the whistleblower system. Personal data is any data that can be directly or indirectly related to you personally.

Person responsible for data processing

Responsible person according to Article 4 (7) General Data Protection Regulation (GDPR) is Klier Hair Group GmbH cf. our legal notice.

Assigned Service Provider:
The website is provided with the support of Althammer & Kill GmbH & Co. KG, Roscherstr. 7, 30161 Hannover,, which acts on our behalf and can therefore also view (receive) your data to the extent necessary. A corresponding order processing agreement has been concluded.

Contact details of external data protection officer:

Informational use

For the informational use of our websites, we only collect the personal data that your browser automatically transmits to us, such as:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • the amount of data transferred in each case and the access status (file transfered, file not found, etc.)
  • Web page from which the request comes
  • Browser type / version / language
  • Operating system and its interface
  • Language and version of your browser.

Storage period:
No personal data is stored, as the second half of the IP is omitted. An identification of the computer or the user is excluded in this way. The anonymous data is deleted after 30 days.

Legal basis of data processing:
The above data is technically necessary to display our websites and to ensure stability and security, according to Article 6 (1) (f) GDPR.

Whistleblower system

Use of the whistleblower system is voluntary. However, please note that the information you share about yourself, other employees, customers, suppliers and other cooperation partners may lead to corresponding consequences for those reported. Therefore, please deliberately share only information that is correct and complete to the best of your knowledge.

In doing so, we process the following data: Your name and contact details (E-mail and/or telephone number), the name and other details of persons reported, details of the circumstances of the report including the specific or general facts, misconduct observed including circumstances relevant to criminal law, details of time, place and date. In the reporting form itself, the correct organization must be selected, the subject line and the field Your message to us. In addition, you can upload files such as pdf, png, and jpg. Furthermore, during further processing, there may be further storage of questions and answers to the facts of the case, if necessary, data on natural persons.

The data is first checked by our service provider and then forwarded to our ombudsperson. Everything else is controlled from here, including questioning and access by other persons. Access to the data is strictly limited to those people who really need to have access; the need-to-know principle applies. Access is only ever granted if it is necessary and required, or if mandatory legal regulations require transfer or disclosure to authorized bodies. If persons are part of the notification, they must be informed about this within 4 weeks according to Article 14 GDPR for legal reasons, unless there is a justified exception for the case that the investigation is endangered by the information. The information does not include any details. The legal protection of the Whistleblower Protection Act (HinSchG) applies, if it is applicable.

Contracted Service Providers:
Althammer & Kill GmbH & Co. KG, Roscherstr. 7, 30161 Hannover, is used as a processor for the provision of the system and the forwarding to the ombudsman or the person responsible in the management. Data will only be viewed by the latter to the extent necessary and required.

Storage period:
The data in the whistleblower system will only be stored as long as necessary and required, at the latest three years after the conclusion of the procedure according to §11 para. 5 HinSchG. Access may be blocked before then, so that only limited access would be available. If mandatory legal provisions stipulate a longer storage period, or if a longer period is necessary in individual cases due to legitimate interests, this principle may be deviated from.

Legal basis of data processing:
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. c) GDPR in conjunction with. §10 HinSchG and Art. 6 para. 1 lit. f) GDPR and §26 para. 1 Federal Data Protection Act. Our legitimate interest lies in the detection and clarification of possible misconduct by stakeholders, the protection of the company's interests through ad hoc measures to prevent further damage, and the assertion of claims for damages and other possibilities for punishment.

Processing of your personal data in countries outside the EU and the EEA (third countries)

A processing of your personal data in states outside the European Union and the European Economic Area in the whistleblower system does not take place

Your rights

You have the following rights with respect to us regarding personal data concerning you:

  • Right to information,
  • Right to rectification or deletion,
  • Right to restriction of processing,
  • Right to data portability,
  • Right to complain to a supervisory authority.

Right of objection

Insofar as we base the processing of your personal data on the balance of interests (legal basis is then Article 6 (1) (f) GDPR), you can object to the processing. This is the case if the processing is not necessary for the fulfillment of a contract with you, which is addressed by us in each case in the explanation of the individual data processing and functions on our websites further up in this privacy policy. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds based on which we will continue the processing.

How to contact us regarding your rights

To exercise your rights you can contact us at any time. It is best to use the following contact details from the legal notice.

Data security

We use technical and organizational security measures to protect personal data that we receive or collect, against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments. The transmission of your personal data is encrypted using SSL technology (https) to prevent access by unauthorized third parties.