Whistleblower-System

To provide the highest degree of security for your data, the whistleblower system is hosted exclusively in an ISO 27001-certified data center located in Germany. We also ensure the technical safeguarding of your data by using only the latest encryption technologies and SSL certificates so that only the Data Controller and its Processors may access your data.
You can find more information about data protection here.

The topics of the compliance-relevant reporting areas are “Data Protection & Information Security “, “Human- and Environmental Rights Violation (Supply Chain) “, and “Other Compliance Violation”.
The individual contents of the respective reporting categories can be found in the attached information texts.

If you are aware of any violations, breaches or mismanagement related to the above, please report your concerns through one of the above-mentioned reporting categories.

In its efforts to investigate and address violations of the law or internal corporate procedures, SARIA has set up an international Compliance Organization consisting of several sub-units defined by their respective geographical or organizational scopes. Your reports will be submitted to the dedicated compliance staff part of the aforementioned sub-units. Individual agreements subject to domestic labor law ensure that the Compliance Officer responsible for your concerns may act as an independent body capable to neutrally follow-up on each of your reported concerns.

SARIA’s Compliance Organization is available to anyone who can provide information about misconduct violating either directly the law or any other type of internal corporate guideline. Therefore, the scope of availability is not limited to employees but specifically includes customers, suppliers, and other third parties.

When using SARIA’s Integrity Line, it is possible to submit reports anonymously. If you choose this option, anonymity is technically guaranteed by the system. If you choose to report misconduct via other channels, the compliance staff trusted with following up on your allegations will ensure anonymity. In addition to the measures concerning technical data protection, the staff of the Compliance Organization is either subject to professional confidentiality requirements or has been otherwise obligated to maintain confidentiality. Your identity will only be disclosed to the Compliance Organization and other persons within SARIA with your consent. Whistleblowers are therefore entirely free to decide whether to disclose their identity to certain parties or to remain completely anonymous.

The Compliance Officer responsible to observe the legality of the conduct of the legal entity in which the violation is alleged to have occurred is responsible for processing the report. The Compliance Officer will examine the information received and carry out an initial legal assessment. Based on the conclusions of the initial legal assessment, the Compliance Organization initiates an investigation if necessary. Once the facts of the case have been fully revealed, evaluations and potential follow-measures are developed and enacted.

SARIA will ensure that the whistleblower will not be adversely affected in any way by SARIA as a result of any information given in good faith. Insofar as the whistleblower themself has participated in violations of internal guidelines, SARIA will consider the whistleblower’s contribution in averting potential corporate damages for the assessment of any punitive measures.

What matters is that you assumed the contents of your report to be true at the time you filed the report. Any report should be based on good faith and free of any abusive intention. If, after clarification of the facts, your report proves to be unjustified, you will not have to fear any form of sanctions. SARIA protects you against any disadvantages resulting from a report.

Even in cases where you are involved in the violation to be reported, we encourage you to report the facts of the misconduct in question. SARIA will ensure that no employee is disadvantaged in any way because of making a report in good faith. If the whistleblower themself has taken part in the misconduct reported, SARIA will consider the whistleblower’s contribution in averting potential corporate damages for the assessment of any punitive measures.

Reports may be submitted to the Compliance Organization in writing, electronically by e-mail, by telephone, or personally in verbal form. The contact details of the Compliance Organization responsible for your concerns can be found here.

Germany:
SARIA International GmbH
c/o Corporate Compliance
Norbert-Rethmann-Platz 1
59379 Selm
02592 210 238
compliance.saria@saria.de

Reports may also be submitted via the internet-based whistleblowing portal SARIA Integrity Line, available at https://saria.integrityline.org/index.php.

To submit a whistleblower report through the internet-based whistleblowing portal, access the following link https://saria.integrityline.org/index.php.

A reporting process can be initiated by performing the following four steps:

On the following page you may freely decide whether to file a report anonymously or not. If you decide to disclose your identity, you are required to insert your contact information. To complete the second step, you will be asked to read and confirm that you took note of the data privacy notice.

Subsequently, you are required to submit the facts of the case you wish to report to the Compliance Organization. Voluntarily, you may decide to add the following information:

In the final step, you are asked to check and confirm the information. In addition, the whistleblower is informed of the possibility of calling up the SARIA Integrity Line again after ten working days to follow up on the responses or queries from the unit responsible for processing the incident and, if necessary, to submit further information on the incident. For this purpose, anonymous whistleblowers are offered an anonymous mailbox. An incident number is assigned for access to the whistleblower’s personal and protected mailbox, with the help of which the whistleblower can maintain communication with the responsible office related to the report with the aid of a password selected by the whistleblower.

After sending your report to the Compliance Organization, you will immediately receive an automatically generated notification of receipt. The duration of the material feedback on the outcome of the Compliance investigation may not exceed a time of three months and generally depends on factors such as the seriousness of the allegation and the involved labor necessary to conduct a thorough investigation as a result of your report.

If you submit a report via SARIA’s Integrity Line, the data submitted is protected by encryption and can only be read by the Compliance Organization in charge of investigating your incident report. Your IP address is only used momentarily to be able to respond to your report and will no longer be available afterwards, as it is not part of any logs if you choose to report anonymously.

Furthermore, to ensure that accessing SARIA’s Integrity Line cannot be traced, we recommend accessing the whistleblowing portal in a trusted environment and by using your browser’s so-called private mode.

There is no storage of time data, geo data, or other metadata. Your login data for your personal and confidential e-mail account to stay in contact with the Compliance Organization, which is set up when submitting your report, is encrypted using a hash code and cannot be viewed by anyone but you.

The operational security of the servers is ensured by IT service providers whose implemented information security management is certified according to ISO 27001.

No. The use of the Integrity Line or SARIA’s Compliance Organization is free of charge.