Whistleblower Information of Mitsubishi Chemical Group EMEA ("MCG EMEA")
Within the European Union, the so-called Whistleblower Directive (EU Directive on the protection of persons who report breaches of Union law 2019/1937) ("Directive") applies and obliges public and private organisations as well as public authorities to establish safe whistleblowing channels. Furthermore, the local national laws of each EU Member State apply as an implementing act of the Directive.
I. Who can be a whistleblower?
Whistleblowers are persons who report or disclose information about violations. The personal scope of application is intended to be broad and includes all persons who have obtained information about violations in connection with their professional activities, in particular:
- Employees, including those whose employment relationship has already ended, job applicants, trainees, temporary workers;
- Self-employed persons providing services, freelancers, contractors, subcontractors, suppliers, business partners and their employees;
- Shareholders and persons on governing bodies.
II. Which violations can be reported by whistleblowers?
The Directive provides protection for people who report breaches of EU law in certain areas - such as public procurement, financial services, product safety, transport safety, environmental protection, food, public health, consumer and data protection. Furthermore, national laws can define further areas of protection.
In addition, all regulations that address the implementation of European legal standards are covered.
- public procurement,
- financial services and combating money laundering and terrorist financing,
- product safety,
- road safety,
- environmental protection,
- nuclear safety,
- public health,
- food and feed safety, animal health and welfare,
- consumer protection,
- protection of privacy and personal data and security of network and information systems
- violations of EU competition rules,
- infringements to the detriment of the EU's financial interests and against corporate tax rules; and
- violations directed at obtaining a tax advantage contrary to the object or purpose of the applicable corporate law.
It is our company policy not only to investigate the above violations, but also to investigate and resolve any violations of applicable law and company policies without reservation.
III. What are the reporting channels?
If you would like to submit a report, our Safecall hotline is at your disposal. You can find the applicable hotline number on the Safecall poster. Here, anonymous and non-anonymous reports are possible. In both cases, these are not visible to us. Your report will be forwarded from the Safecall Portal to the EMEA Compliance Office for further processing.
You can also send your report directly to the EMEA Compliance Office at email@example.com.
You will receive an acknowledgement of receipt within 7 days and a final assessment on follow-up measures taken and their justification after 3 months at the latest.
In addition, you have the option of submitting your report to external reporting offices of the competent authorities.
Whichever way you choose, you can find out about the status of the procedure at any time. To do so, approach the EMEA Compliance Office or Safecall.
IV. Are Whistleblowers protected?
Whistleblower protection is guaranteed at MCG EMEA. In particular, MCG EMEA will ensure that you are protected from any reprisals.
Take advantage of the opportunities to report violations to the EMEA Compliance Office. You will help ensure that MCG EMEA is a group that complies with existing laws and regulations at all times, is a good employer and does not damage the group's reputation.
We take the issue of data protection and confidentiality very seriously and follow the provisions of the EU General Data Protection Regulation (“GDPR”) as well as applicable national data protection regulations. Please read this data protection information carefully before submitting a report.
Purpose of the processing and legal basis
The reporting system is used to receive, process and manage information on compliance violations in a secure and confidential manner. The processing of personal data as part of the reporting process is based on the legitimate interest of our company in the detection and prevention of wrongdoing and thus in the prevention of damage to the controller, its employees and customers. The legal basis for this processing of personal data is Article 6 (1) lit. f GDPR.
The processing of the reporting party's identification data is based on consent to be given (Art. 6 (1) lit. a GDPR). The voluntary nature of the consent is given by the fact that the notice can also be given anonymously instead. However, the revocation of consent can generally only take effect within one month after the report has been made, as the controller is obliged in certain cases under Art. 14 (3) lit. a GDPR to inform the accused person of the allegations made against him or her and the investigations carried out within one month, including the storage, the type of data, the purpose of the processing and the identity of the controller and, if applicable, the whistleblower, and it is then no longer possible to stop the data processing of the whistleblower's identification data. In addition, the processing of the data has already progressed so far after that point that deletion is no longer possible. However, the revocation period may also be shortened, sometimes considerably. This is the case if the nature of the notification requires the immediate involvement of an authority or a court. As soon as we have disclosed the name to the authority or court, it is in our procedural files as well as with the authority or court and can no longer be deleted.
The data controller for data protection is:
Controller: Mitsubishi Chemical Europe GmbH, Schiessstraße 47, 40549 Düsseldorf
The reporting system is operated by a specialist company, Safecall Limited, Loftus House, Colima Avenue, Sunderland SR5 3XB, United Kingdom ("Safecall"), on behalf of the data controller.
Personal data and information entered into the reporting system are stored in a database operated by Safecall in a high-security computer centre in the United Kingdom. The inspection of the data is only possible for a limited group of employees of the data controller. This is ensured in a certified procedure by comprehensive technical and organisational measures.
All data is encrypted and stored with multiple levels of password protection, so that access is limited to a very narrow circle of recipients who are expressly authorised.
Data Protection Officer
The data controller has appointed a data protection officer. Data subjects can contact the data protection officer directly:
TÜV Technische Überwachung Hessen GmbH
Business Assurance Geschäftsfeld Data Protection & Information Security
Robert-Bosch-Str. 16 64293 Darmstadt
Nicolas Kurze (Nicolas.Kurze@tuevhessen.de)
Type of personal data collected
Use of the reporting system is on a voluntary basis. When you submit a report via the reporting system, we collect the following personal data and information:
- your name, provided you disclose your identity,
- your contact details, if you provide them
- that you have submitted a report via the reporting system
- whether you are employed by the data controller and
where applicable, names of persons and other information and personal data of the persons you name in your notification.
Confidential treatment of information
Incoming information is received by a narrow circle of expressly authorised and specially trained employees of the Compliance Organisation of the responsible party and is always treated confidentially. The employees of the Compliance Organisation examine the facts of the case and, if necessary, carry out a further case-related clarification of the facts.
Any person who gains access to the data is obliged to maintain confidentiality.
In the course of processing a report or in the course of a special investigation, it may be necessary to pass on information to other employees of the person responsible or employees of other group companies, e.g. if the information relates to events in a subsidiary.
In addition, your personal data will be forwarded to third parties or authorities in individual cases for further investigations if it is necessary to clarify unlawful conduct or for legal prosecution. However, this only happens if there are concrete indications of unlawful or abusive behaviour.
The disclosure of this data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims, unless your rights and interests in the protection of your personal data are overridden, Art. 6 para. 1 lit. f GDPR. If we are obliged to disclose this information under the laws of the member states, the disclosure is made on the basis of Art. 6 para. 1 lit. c) GDPR.
The above-mentioned groups of recipients may also be based in countries outside the European Union or the European Economic Area, in which different regulations for the protection of personal data may exist. We always ensure that the relevant data protection regulations are complied with when passing on information.
Information of the accused person
In accordance with Art. 14 of the GDPR, we are legally obliged to inform third parties that we have received a tip-off about them and that we are processing your personal data as soon as this information
no longer jeopardises the follow-up of the tip-off. Your identity as a whistleblower will not be disclosed - as far as legally permissible.
Confidentiality cannot be guaranteed if false information is knowingly posted with the aim of discrediting a person (denunciation).
Data subjects' rights
According to GDPR, you and the persons named in the notice have the right to information, correction, deletion, restriction of processing and the right to object to the processing of your personal data. If the right of objection is exercised, we will immediately check the extent to which the stored data is still required for the processing of a notice. Data that is no longer required will be deleted immediately. You also have the right to lodge a complaint with the competent supervisory authority.
Retention period of personal data
Personal data will be stored as long as it is required for the clarification and final assessment of the information or if there is a justified interest of the company or if this is required by law. After the processing of the information has been completed, this data is deleted in accordance with the legal requirements.
Use of the reporting system
Communication between your computer and the reporting system takes place via an encrypted connection (SSL). The IP address of your computer is not stored during the use of the reporting system. To maintain the connection between your computer and the reporting system, a cookie is stored on your computer that only contains the session ID (so-called zero cookie). The cookie is only valid until the end of your session and becomes invalid when you close your browser.
You can securely send reports to the responsible staff member by name or anonymously. With this system, the data is stored exclusively in the reporting system and is therefore particularly secure; it is not an ordinary e-mail communication. You will be assigned an individual code per report. For more details, please visit the Safecall’s data processing terms at Data Processing Schedule (safecall.co.uk).
Notes on sending attachments
When submitting a report or sending a supplement, you have the option of sending attachments to the responsible officer. If you wish to submit a report anonymously, please note the following security advice: Files may contain hidden personal data (so-called metadata, e.g. by whom the file was last saved) that endanger your anonymity. Remove this data before sending. If you are unable to remove this data or are unsure, copy the text of your attachment to your message text or send the printed document anonymously using the reference number you will receive at the end of the message process.
ETHICS HOTLINE COUNTRY-SPECIFIC NUMBERS
|0800 892 0328
|Canada (English or French Canadian)
|1 877 599 8073 / 1 877 564 9624
|012 800 7233 2255 (Golden Lines)
|013 800 7233 2255 (Barak)
|014 800 7233 2255 (Bezeq)
|001 866 863 2403 / 001 844 671 9161
|0372 741 942
|0800 004 996
|00800 4488 20729
|0800 915 1571
|United States (English)
|1 877 564 9624
OTHER REPORTING OPTIONS
Anonymous online reporting via: www.safecall.co.uk/report
Non-anonymous e-mail reporting to the Chief Compliance Officer of MCG EMEA: firstname.lastname@example.org