Data protection information relating to the whistleblowing system
Before you report an incident, please read carefully these instructions regarding data protection laws for the BKW whistleblowing system:
Purpose, legal basis and responsibilities
The whistleblowing system serves as a secure and confidential means of submitting reports about suspected or actual violations against the BKW Code of Conduct or other internal regulations, and unlawful acts to the BKW Compliance Office. All reports are received and processed in accordance with a standardised process.
The BKW Group is not obliged to offer a whistleblowing system, and the target groups of the system (primarily employees and suppliers) are not obliged to use it. By using the system, you voluntarily and explicitly consent to the use of your data.
This data protection declaration and the use of data within the whistleblowing system are based on Swiss data protection legislation.
Responsible authority for inquiries: Compliance BKW, Viktoriaplatz 2, CH-3013 Bern (marked “Confidential”) or s_compliance@bkw.ch
What personal data and information will be collected and processed?
When we receive a report via the BKW whistleblowing system, we process:
- The full name of the whistleblower (unless the report was submitted anonymously)
- Other personal data and information that were voluntarily disclosed in the report
- Other data and information entered into the input mask of the whistleblowing system
We only process data that is relevant to your report and only to the extent that is technically and legally required (e.g. submission date as meta information).
Cookies
The whistleblowing system does not use any tracking or other cookies that could disclose the origin or identity of the whistleblower. A session cookie is used to recognise the user during an ongoing session.
Data transfer and storage
All data are encrypted and stored in a high-security data centre in Switzerland. The data transfer from the whistleblower to the data centre server and the communication between the data centre server and the authorised examiner at BKW also use an encrypted connection. Neither the data centre nor the software provider have access to the data.
How are the personal data and information processed and who has access to it within the BKW Group?
All data are processed within secured systems. Whenever supplementary data are required to process an incident, they are treated at the highest security level within the BKW Group.
Any data and information you submit can be viewed, processed and used by the following persons who are responsible for investigating and handling the incident:
- Compliance Manager
- Internal or external experts (called in on a case-by-case basis and upon approval from Compliance)
- Managers (on a case-by-case basis and upon approval from Compliance)
- The BKW Management if the incident is particularly important to BKW (e.g. in case of potential damage to the reputation of BKW, a threat of legal or regulatory sanctions, financial damage or involvement of a manager in the incident), on a case-by-case basis and upon approval from Compliance
All involved persons must treat report contents in the strictest confidence. Personal data can be submitted to the police, investigating authorities or other authorities if necessary or legally required.
ICT staff, such as system administrators, have no access to the content of the whistleblowing system or internal data storage.
Note that all persons whose identity you disclose via the whistleblowing system may have to be informed about the content of your report at some point (transparency, rights of the other party). Any person about whom you provide any information has the right to describe the situation from their own point of view.
The identity of the whistleblower is usually not disclosed. In cases where we have no choice but to disclose the identity of the whistleblower (e.g. during criminal proceedings) if available, we endeavour to provide them with the greatest possible protection.
The data and information you provide will be retained as long as they are required to process the report or as long as required by law.
Declaration of explicit consent to data processing
It is virtually impossible to determine the development of a report in advance. There is always a possibility that personal data will be collected.
During the course of the investigation, it may be necessary to process particularly sensible personal data or carry out profiling activities in accordance with data protection legislation.
BKW is committed to data protection principles. It only processes data in the ways described above if this is absolutely necessary or if the reporter voluntarily submits the corresponding information to the system.
Right to access and rectification (rights of persons involved)
Upon request, BKW will disclose the type, scope, etc. of processed data to the involved parties in accordance with data protection legislation and all other applicable laws. If any data on record are incorrect, they can be corrected, changed, locked or deleted in accordance with relevant regulations. You also have the right to lodge a complaint with the supervisory authority.
Consent/withdrawal
Whistleblowers can request that their own personal data be withdrawn (opt-out). This request will be granted if no other, higher interests (e.g. ongoing criminal proceedings) prevent or forbid this. Reports cannot be withdrawn once submitted.
Third parties cannot assert any data protection rights with respect to submitted and processed data relating to them.