Search
Close this search box.

Privacy Policy for the Currenta Group Whistleblower System

Currenta GmbH & Co. OHG, Chemion Logistik GmbH, Netcur GmbH and Tectrion GmbH [Kaiser-Wilhelm-Allee 80, 51373 Leverkusen, Germany] (hereinafter referred to as “Currenta Group”, “us”, “our” and “we”), would like to inform you below, in accordance with Articles 12, 13, 14 and 21 of the General Data Protection Regulation (GDPR), about the handling of your personal data when using our whistleblower system (NAVEX GLOBAL).

Purpose(s) of processing, categories, legal basis and retention periods of personal data

The NAVEX Global Inc. system allows you to contact us to provide information about compliance and legal violations. The purpose of the system is to receive and process reports of potential violations of law or serious internal rules against the Currenta Group in a secure and confidential manner.

Information can be reported as a text message and can also be provided with attachments (e.g. photos or documents). A telephone solution (hotline) is also available. Here it is possible that we have queries for you. For this purpose, we usually use the secure and confidential communication via NAVEX Global.

In the course of this, it is possible that your personal data will also be processed in order to check the notification you have made and to investigate the potential compliance and legal violations. The following personal data may be processed in this process:

  • (contact) whistleblower information
    In principle, the whistleblower system can be used – as far as legally permissible – without providing personal data. However, you may voluntarily provide personal data as part of the whistleblowing process, such as your first and last name, your telephone number and e-mail address, whether you are employed by the Currenta Group or when you can best be reached.
  • Whistleblowing case information
    The facts you report may themselves contain personal data (such as first name, last name, job title, personal location and time data or information that can be traced back to individuals). Your message may contain personal data of third parties, e.g. if you refer to them in your message. If permissible and compatible with the purpose of the collection, we will inform the persons concerned about the notice in order to give them the opportunity to comment on the notice. In this case, as a matter of principle and to the extent legally possible, your confidentiality will be preserved, as the persons concerned will generally not be given any information about your identity and your report will be used in such a way that your anonymity is not jeopardised.
  • Technical system data
    In the course of reporting, further data from you are processed in the system, such as the password assigned by you for your report or the case-related report key assigned by the system.
  • Special categories of personal data
    As a matter of principle, we do not ask for or process any special categories of personal data, such as information on racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership, health data or data on sexual life or sexual orientation. However, due to the free text fields in the system’s form, this information may be provided voluntarily by you.


The processing of personal data for the above purposes is fundamentally based on the legitimate interest of the Currenta Group in detecting and preventing malpractice and the associated prevention of damage and liability risks (Article 6 (1) (f) of the Data Protection Regulation), also in relation to third parties. In particular reference is made in this regard to the prevention and defence of administrative offences and criminal offences within the meaning of §§ 30, 130 of the OWiGw.

Furthermore, we process personal data insofar as this is necessary for the fulfilment of legal obligations. This includes, in particular, information on facts relevant to criminal, competition and labour law (Art. 6 para. 1 lit. c DSGVO).

If a tip-off received relates to an employee of the Currenta Group, the processing also serves to prevent criminal offences or other breaches of the law in connection with the employee relationship. This is governed by Art. 88 para. 1 in conjunction with. § Section 26 para. 1 BDSG.

The processing of your identification data as a whistleblower is based on your consent pursuant to Art. 6 para. 1 lit. a DSGVO. If you disclose special categories of personal data to us, we process these on the basis of your consent (Art. 9 para. 2 lit. a DSGVO). The voluntary nature of the consent is given by the fact that the information can always be provided anonymously. However, a revocation of consent can (in certain cases) only have its full effect within a limited time frame. This results (in certain cases) from the obligation of the Currenta Group pursuant to Article 14 (3) (a) of the GDPR to inform accused persons of the allegations made against them and investigations carried out within one month of receipt of the notification at the latest, provided this does not conflict with the purpose of the collection. The information regularly includes the type of data, the purpose of the processing, the storage period, the identity of the data controller and, if applicable, the person providing the information. From an advanced stage of processing/investigation onwards, it is generally no longer possible to discontinue processing or to delete the identification data of the person providing the information. As soon as information including names has been disclosed to competent authorities or jurisdictions, it will be held in our records as well as by the aforementioned recipients and cannot be deleted without further notice.

Your personal data with us will be stored for a period of time resulting from the necessity to process the matter (resulting from your notice) and then deleted. The duration of the storage depends in particular on the severity of the suspicion and the reported possible breach of duty. Something else applies if applicable legal provisions require otherwise (e.g. in connection with pending legal proceedings), in which case corresponding procedural files are generally retained for 10 years.


Transmission of personal data

Order processing

To a certain extent, we use specialised service providers to process your personal data on our behalf. Our service providers are carefully selected and regularly monitored by us. They only process personal data on our behalf and in accordance with our instructions on the basis of corresponding contracts for commissioned processing.

Transfer to third parties

We may share your personal data with authorities and other investigating bodies, in particular for the purpose of clarifying the facts and assessing the legal consequences.

Transfer to third countries

Your personal data may be transferred to third countries in respect of which the European Union has not found that they provide an adequate level of data protection. Therefore, we use the standard contractual clauses adopted by the European Commission as an appropriate guarantee. You can obtain a copy from our Data Protection Officer (see below).


Information about your rights

You have the following rights in relation to your personal data: the right to access and obtain information about your personal data, the right to request rectification or erasure of your data, the right to request limited processing of your data or to object to such processing altogether. Other rights include the right to portability of your data and the right to complain to the data protection supervisory authorities. You may withdraw your consent at any time without affecting the lawfulness of the processing prior to the withdrawal.

If you have any questions in connection with data protection or wish to exercise your rights, please contact our Group Data Protection Officer:

Group Data Protection Officer of the CURRENTA Group.
E-Mail: [email protected]
Currenta GmbH & Co. OHG
Building C 105
51368 Leverkusen

This data protection declaration was created: 22.04.2022