Your browser is outdated!

After spending too much time optimising our website for old browsers, we decided to create a solution that not only saves time, but it is also efficient: please update your browser.

Or download one of the latest browser versions:

Chrome Icon passiv Chrome Icon aktiv Firefox Icon passiv Firefox Icon aktiv Edge Icon passiv Edge Icon aktiv Safari Icon passiv Safari Icon aktiv Opera Icon passiv Opera Icon aktiv
Flugzeug
  1. FACC
  2. Responsibility of the joint controllers

Overview of responsibilities for the FACC Whistleblower System

GeneralProcessing activity 1Processing activity 2
Description of the processing activity
Receiving reports in the whistleblower system;
further processing of reports in the whistleblower system including any investigations and follow-up actions;
Possible nature of the data

Name of the person submitting the report and their position;

names of other people associated with the report and their functions;

other personal data as part of the report;

Name of the person submitting the report and their position;

names of other people associated with the report and their functions;

other personal data as part of the report;
Purposes of processing
Provision of an internal reporting channel in accordance with the HinweisgeberInnenschutzgesetz (HSchG) and for other serious compliance matters;

Initiating investigations into substantiated reports;

setting of remedial measures;

 

Means of processing

Email inbox including Microsoft Outlook application;

telephone hotline;

Microsoft Word application;

Email inbox including Microsoft Outlook application;

telephone hotline;

Microsoft Word application;
Lawfulness of processing

Art 6 para 1 lit c GDPR;

Art. 6 para 1 lit f GDPR;

Art 6 para 1 lit c GDPR;

Art. 6 para 1 lit f GDPR;
Joint controllership


A) FACC AG,

B) FACC Operations GmbH;

C) CoLT Prüf und Test GmbH;

A) FACC AG,

B) FACC Operations GmbH;

C) CoLT Prüf und Test GmbH;

Who is responsible for which data protection obligations?
Art 13 Information to be provided where personal data are collected
AA
Art 14 Information to be provided where personal data have not been obtained from the data subject
A
A
Art 15 Processing requests for information
A
A
Art 16 Processing rectification requests
A
A
Art 17/18/19 Processing of erasure requests or restriction of processing and notification in connection with rectification, erasure, restriction
A
A
Art 20 Processing of requests for handover or transmission
A
A
Art 21 Processing of objections
A
A
Art 22 Automated individual decision-making, & profiling
A
A
Art 7 Abs 3 Processing of withdrawals
A
A
Art 24 Abs 1 in conjunction with Art 32 Determination/documentation/review and updating of technical and organizational measures after risk assessment and, if necessary, PIA (Art 35) and consultation with a supervisory authority/provision of the necessary information (Art 36 para 3)
AA
Art 28 Involvement of processors or sub-processors and their review
A
A

Art 30 Maintaining the record of processing

activities
A
A
Art 33, 34 Process for reportable data breaches
A
A
Art 35 Data protection impact assessment
A
A