Herzlich willkommen! Wir haben erkannt, dass Sie ggf. eine andere Sprache benötigen.
ContinueWeiter

Privacy policy

Our company takes the protection of personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this data protection declaration.

Personal data (hereinafter referred to as "data") is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly Internet presence, including its contents and the services offered there.

Pursuant to Art. 4 item 1. of Regulation (EU) 2016/679, i.e. the Basic Data Protection Regulation (hereinafter referred to only as "DSGVO"), "processing" shall mean any operation or set of operations carried out with or without the aid of automated procedures in connection with personal data, such as collection, recording, organisation, filing, storage, adaptation or alteration, reading, querying, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, deletion or destruction.

With the following data protection declaration we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or together with others about the purposes and means of processing. In addition, we inform you in the following about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.

1. Information about us as responsible persons

Responsible provider of this website in the sense of data protection law is:

ARTS Holding SE, Airport Center Dresden, Hermann-Reichelt-Str. 3, 01109 Dresden

2. Rights of users and data subjects

With regard to the data processing described in more detail below, the users and data subjects have the right

  • to obtain confirmation as to whether or not data relating to him/her are being processed, information on the data processed, further information on the data processing and copies of the data (see also Art. 15 DSGVO)
  • the correction or completion of incorrect or incomplete data (see also Art. 16 FADP);
  • to the immediate deletion of data relating to them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary pursuant to Art. 17 para. 3 DSGVO, to the restriction of processing in accordance with Art. 18 DSGVO;
  • to the receipt of data concerning them and provided by them and to the transfer of such data to other providers/responsible parties (cf. also Art. 20 DSGVO);
  • to lodge a complaint with the supervisory authority if they are of the opinion that data concerning them is being processed by the provider in breach of data protection provisions (cf. also Art. 77 DSGVO).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or the restriction of processing that is carried out on the basis of Articles 16, 17 (1), 18 FADP. However, this obligation does not apply if such notification is impossible or involves disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.

Likewise, in accordance with Art. 21 DSGVO, users and data subjects have the right to object to the future processing of data relating to them, provided that the data is processed by the provider in accordance with Art. 6 para. 1 letter f) DSGVO. In particular, an objection to data processing for the purpose of direct marketing is permitted.

3. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any legal storage obligations and no other information on individual processing methods is provided below.

Server data

For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or to our web space provider by your Internet browser. These so-called server log files are used to record, among other things, the type and version of your Internet browser, the operating system, the website from which you have switched to our Internet presence (referrer URL), the website(s) of our Internet presence that you visit, the date and time of the respective access and the IP address of the Internet connection from which our Internet presence is used.

This data is temporarily stored, but not together with other data about you.

This storage takes place on the legal basis of Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the improvement, stability, functionality and security of our Internet presence.

The data will be deleted after seven days at the latest, unless further storage is required for evidential purposes. Otherwise, the data are completely or partially excluded from deletion until the final clarification of an incident.

Cookies

a) Session cookies/session cookies
 

We use so-called cookies with our Internet presence. Cookies are small text files or other storage technologies that are stored on your terminal device by the Internet browser you use. Through these cookies, certain information from you, such as your browser or location data or your IP address, is processed to an individual extent.  
This processing makes our Internet presence more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our Internet presence in different languages or the offer of a shopping basket function.

The legal basis for this processing is Art. 6 para. 1 lit. b.) DSGVO, insofar as these cookies process data for the purpose of contract initiation or contract processing.
If the processing does not serve the purpose of contract initiation or contract processing, our legitimate interest lies in the improvement of the functionality of our Internet presence. The legal basis is then Art. 6 para. 1 lit. f) DSGVO.
These session cookies are deleted when you close your Internet browser.

b) Third party cookies
 

Where appropriate, our website may also use cookies from partner companies with whom we cooperate for the purposes of advertising, analysis or the functionality of our website.
Please refer to the following information for details on this, in particular on the purposes and legal basis for processing such third-party cookies.
 
c) Possibility of removal
 

You can prevent or restrict the installation of cookies by adjusting your Internet browser settings. You can also delete already stored cookies at any time. However, the steps and measures required for this depend on the Internet browser you are actually using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. With so-called Flash cookies, however, processing cannot be prevented by the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the Flash Player you are actually using. If you have any questions, please also use the help function or documentation of your Flash Player or contact the manufacturer or user support.
If you prevent or restrict the installation of cookies, however, this may mean that not all functions of our website can be used to their full extent.

Newsletter

If you register for our free newsletter, the data requested from you for this purpose, i.e. your e-mail address and - optionally - your name and address, will be transmitted to us. At the same time we save the IP address of the internet connection from which you access our website as well as the date and time of your registration. During the further registration process, we will obtain your consent to send you the newsletter, describe the content specifically and refer you to this data protection declaration. We use the data collected in the process exclusively for sending the newsletter - they are therefore in particular not passed on to third parties.

The legal basis for this is Art. 6 para. 1 lit. a) DSGVO.

You can revoke your consent to receive the newsletter at any time with effect for the future in accordance with Art. 7 para. 3 DSGVO. To do so, you only need to inform us of your revocation or click on the unsubscribe link contained in every newsletter.

Contact enquiries / Contact possibility

If you contact us via contact form or e-mail, the data you provide will be used to process your request. The provision of the data is necessary for processing and answering your enquiry - without the provision of this data, we cannot answer your enquiry or can only answer it to a limited extent.

The legal basis for this processing is Art. 6 para. 1 lit. b) DSGVO.

Your data will be deleted if your enquiry has been finally answered and the deletion is not opposed by any legal storage obligations, as for example in the case of a possible subsequent contract processing.

Subscription of articles

If you publish contributions on our Internet pages, we also offer you the option of subscribing to any subsequent contributions by third parties. In order to be able to inform you about these subsequent contributions by e-mail, we process your e-mail address.

The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent to this subscription at any time with effect for the future in accordance with Art. 7 para. 3 DSGVO. To do so, you only need to inform us of your revocation or click on the unsubscribe link contained in the respective e-mail.

Online job applications / publication of job advertisements

We offer you the opportunity to apply for a job with us via our website. With these digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application procedure.

By submitting the application form you agree that ARTS Holding SE, ARTS Experts GmbH, ARTS Solutions GmbH and ARTS Technik GmbH may access the transmitted data and make them available to potential employers in the form of an application dossier.

The legal basis for this processing is § 26 para. 1 sentence 1 BDSG in conjunction with Art. 88 para. 1 DSGVO.

If an employment contract is concluded after the application procedure, we will store the data you provide during the application process in your personnel file for the purpose of the usual organisational and administrative process - this is, of course, in compliance with the more extensive legal obligations.

The legal basis for this processing is also § 26 para. 1 sentence 1 BDSG in conjunction with Art. 88 para. 1 DSGVO.

If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 para. 1 lit. a) DSGVO. However, you can of course revoke your consent at any time in accordance with Art. 7 Para. 3 DSGVO by making a declaration to us with effect for the future.

 

LinkedIn

We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. This may result in increased risks for users in that, for example, subsequent access to user data may be made more difficult. We also have no access to this user data. The access option lies exclusively with LinkedIn. The LinkedIn Corporation is certified under the Privacy Shield and has therefore undertaken to comply with European data protection standards

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active 

You can find LinkedIn's privacy policy at

https://www.linkedin.com/legal/privacy-policy 

 

Facebook

To promote our products and services and to communicate with interested parties or customers, we operate a company presence on the Facebook platform.

On this social media platform we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The data protection officer of Facebook can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970 

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the DSGVO. This agreement, from which the mutual obligations arise, can be accessed via the following link:

https://www.facebook.com/legal/terms/page_controller_addendum 

The legal basis for the processing of personal data which is carried out as a result and which is reproduced below is Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the analysis, communication, sales and advertising of our products and services.

The legal basis may also be the user's consent pursuant to Art. 6 para. 1 lit. a DSGVO to the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 Para. 3 DSGVO.

When our online presence is called up on the Facebook platform, user data (e.g. personal information, IP address etc.) are processed by Facebook Ireland Ltd. as operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as to create user profiles. Using these profiles, Facebook Ireland Ltd. is, for example, able to promote the interests of users within and outside of Facebook. If the user is logged into his or her account on Facebook at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.

In the event that the user contacts Facebook, the user's personal data entered on this occasion will be used to process the request. The user's data will be deleted by us, provided that the user's inquiry has been finally answered and there are no legal storage obligations, e.g. in the case of a subsequent execution of the contract.

Facebook Ireland Ltd. may also use cookies to process the data.

If the user does not agree with this processing, it is possible to prevent the installation of cookies by adjusting the browser settings accordingly. Already stored cookies can also be deleted at any time. The settings for this depend on the respective browser. In the case of flash cookies, processing cannot be prevented by the browser settings, but by the corresponding setting of the flash player. If the user prevents or restricts the installation of cookies, this can lead to the fact that not all Facebook functions can be used to their full extent.

More details on the processing activities, their prevention and the deletion of data processed by Facebook can be found in the Facebook data policy:

https://www.facebook.com/privacy/explanation 

It is not excluded that the processing by Facebook Ireland Ltd. may also take place via Facebook Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has subjected itself to the "EU-US Privacy Shield" and thereby declares compliance with EU data protection regulations when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active 

 

Instagram

To promote our products and services and to communicate with interested parties or customers, we operate a company presence on the Instagram platform.

On this social media platform we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The Instagram data protection officer can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970 

We have regulated the joint responsibility in an agreement regarding the respective obligations within the meaning of the DSGVO. This agreement, from which the mutual obligations arise, can be accessed via the following link:

https://www.facebook.com/legal/terms/page_controller_addendum 

The legal basis for the processing of personal data which is carried out as a result and which is reproduced below is Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the analysis, communication, sales and advertising of our products and services.

The legal basis may also be the user's consent pursuant to Art. 6 para. 1 lit. a DSGVO to the platform operator. The user can revoke this consent for the future at any time by notifying the platform operator in accordance with Art. 7 Para. 3 DSGVO.

When our online presence is called up on the Instagram platform, user data (e.g. personal information, IP address etc.) is processed by Facebook Ireland Ltd. as the platform operator in the EU.

This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes as well as to create user profiles. For example, Facebook Ireland Ltd. may use these profiles to promote the interests of users inside and outside Instagram. If the user is logged into his or her account on Instagram at the time of access, Facebook Ireland Ltd. may also link the data to the respective user account.

In the event that the user contacts Instagram, the personal data of the user entered on this occasion will be used to process the request. The user's data will be deleted by us, provided that the user's inquiry has been finally answered and no legal storage obligations, e.g. in the case of a subsequent execution of the contract, stand in the way.

Facebook Ireland Ltd. may also use cookies to process the data.

If the user does not agree with this processing, it is possible to prevent the installation of cookies by adjusting the browser settings accordingly. Already stored cookies can also be deleted at any time. The settings for this depend on the respective browser. In the case of flash cookies, processing cannot be prevented by the browser settings, but by the corresponding setting of the flash player. If the user prevents or restricts the installation of cookies, this can lead to the fact that not all Facebook functions can be used to their full extent.

For details on processing activities, their prevention and the deletion of data processed by Instagram, please refer to Instagram's Data Policy:

https://help.instagram.com/519522125107875 

It is not excluded that the processing by Facebook Ireland Ltd. may also take place via Facebook Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.

Facebook Inc. has subjected itself to the "EU-US Privacy Shield" and thereby declares compliance with EU data protection regulations when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active 

 

XING 
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Each time one of our pages containing XING functions is called up, a connection to XING servers is established. As far as we are aware, no personal data is stored in the process. In particular, no IP addresses are stored or usage behavior evaluated.

Further information on data protection and the XING Share button can be found in the XING privacy policy at: www.xing.com/app/share.

Linking Social-Media via graphic or text link

We also advertise on our website presences on the social networks listed below. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents that when a website with a social media application is called up, a connection is automatically established to the respective server of the social network to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user forwarded to the service of the respective social network.

After the user is forwarded, information about the user is collected by the respective network. It cannot be excluded that the data collected in this way is processed in the USA.

This is initially data such as IP address, date, time and visited page. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the user's specific visit to the user's personal account. If the user interacts via a "share" button of the respective network, this information can be stored in the user's personal user account and published if necessary. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our site through links:

Facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave., Palo Alto, CA 94304, USA.

Privacy Policy: https://www.facebook.com/policy.php 

EU-US Privacy Shield certification https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active 

 

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy 

EU-US Privacy Shield Certification https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active 

 

Facebook-Social-Plug-in

In our Internet presence we use the plugin of the social network Facebook. Facebook is an internet service of facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is in turn operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as "Facebook" only.

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active 

guarantees Facebook that the data protection regulations of the EU will also be observed when processing data in the USA.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in improving the quality of our Internet presence.

Further information about the possible plug-ins and their respective functions can be found on Facebook at

https://developers.facebook.com/docs/plugins/ 

ready for you.

If the plug-in is stored on one of the pages you visit on our website, your Internet browser will download a representation of the plug-in from the Facebook servers in the USA. For technical reasons, it is necessary for Facebook to process your IP address. In addition, however, the date and time of your visit to our website are also recorded.

If you are logged in to Facebook while visiting one of our Internet pages equipped with the plug-in, the information collected by the plug-in on your specific visit will be recognized by Facebook. Facebook may assign the information collected in this way to your personal user account there. For example, if you use the "Like" button on Facebook, this information is stored in your Facebook user account and may be published on the Facebook platform. If you wish to prevent this, you must either log out of Facebook before visiting our website or prevent the loading of the Facebook plug-in from being blocked by using an add-on for your Internet browser.

Facebook keeps further information about the collection and use of data as well as your rights and protection options in this regard in the sections on

https://www.facebook.com/policy.php 

available data protection information.

 

Google Analytics

We use Google Analytics in our Internet presence. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

Through the certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active 

guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA.

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.

Usage and user-related information, such as IP address, place, time or frequency of the visit to our website, is transferred to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymisation function. With this function Google shortens the IP address already within the EU or EEA.

The data collected in this way is in turn used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.

Google states that it will not link your IP address to other data. Google also keeps a record of your IP address under

https://www.google.com/intl/de/policies/privacy/partners 

will provide you with further information on data protection law, for example on the possibilities of preventing the use of data.

In addition, Google offers under

https://tools.google.com/dlpage/gaoptout?hl=de 

a so-called deactivation add-on together with further information on this. This add-on can be installed with all common internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. Whether and which other web analysis services are used by us, you will of course also find out in this data protection declaration.

Google AdWords with conversion tracking

In our internet presence we use the advertising component Google AdWords and the so-called conversion tracking. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter only referred to as "Google".

Through the certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active 

guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA.

We use conversion tracking to advertise our offer in a targeted manner. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.

If you click on an advertisement placed by Google, the conversion tracking system we use stores a cookie on your end device. These so-called conversion cookies lose their validity after 30 days and do not serve for your personal identification.

If the cookie is still valid and you visit a particular page of our website, both we and Google can evaluate that you have clicked on one of our ads placed on Google and that you have subsequently been redirected to our website.

Google uses the information collected in this way to create statistics about your visit to our website. We also receive information about the number of users who clicked on our advertisement(s) and the pages of our website that were subsequently called up. However, neither we nor third parties who also use Google AdWords are able to identify you in this way.

You can also prevent or restrict the installation of cookies by means of the appropriate settings in your Internet browser. At the same time you can delete already stored cookies at any time. However, the steps and measures required for this depend on the Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support.

Furthermore, Google also offers cookies under

https://services.google.com/sitestats/de.html 

https://www.google.com/policies/technologies/ads/   

http://www.google.de/policies/privacy/ 

provides further information on this subject and in particular on the possibilities of preventing the use of data.

Google Remarketing or "similar target groups" component of Google

We use the remarketing or "similar target groups" function in our Internet presence. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google" only.

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active 

guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA.

We use this feature to serve interest-based, personalized advertising on third-party websites that also participate in Google's advertising network.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimisation and economic operation of our Internet presence.

In order to enable this advertising service, Google stores a cookie with a sequence of numbers on your end device during your visit to our website via your Internet browser. This cookie records both your visit and the use of our website in anonymised form. Personal data will not be passed on in this process, however. If you subsequently visit the website of a third party who also uses Google's advertising network, it is possible that you will see advertisements that are related to our website or to our offers there.

To disable this function permanently, Google offers the following options for the most common Internet browsers

https://www.google.com/settings/ads/plugin 

a browser plugin.

Likewise, the use of cookies from certain providers can be prevented, e.g. via

http://www.youronlinechoices.com/uk/your-ad-choices 

or

http://www.networkadvertising.org/choices/ 

can be deactivated by opt-out.

Cross-device marketing allows Google to track your usage across multiple devices, so you may see interest-based, personalized advertising even if you switch devices. However, this requires that you have agreed to link your browsing history to your existing Google Account.

Links

Our homepage contains links to other websites. We have no influence on whether their operators comply with the data protection regulations. Please note the disclaimer.

Notes

Should you have any further questions regarding data protection at ARTS Holding SE, please feel free to contact us by e-mail at datenschutz@arts.eu. We assure you that we will always mark any significant changes to our information on data protection that lead to a weaker level of protection and publish them in an appropriate form.

Whistleblower Protection Act 

The ARTS Group is committed to complying with ethical standards. Compliance with laws and regulations is essential for sustainable business activities and is a matter of course for us. A corporate culture characterised by values is not only a requirement for us, but also for our environment.

The implementation of the HinSchG is a legal obligation that potentially affects many groups of people and, above all, sensitive data. For this reason, data protection requirements also arise when setting up an internal reporting centre.

In accordance with the provisions of the Whistleblower Protection Act, we are committed to ensuring that all information relating to possible violations of laws, guidelines or internal company policies is treated with the utmost confidentiality.

In particular, the following can be reported:

  • non-compliance or the threat of non-compliance with internal company compliance requirements (ARTS Compliance Guidelines)
  • Non-compliance or the threat of non-compliance with legal requirements
  • Complaints or information on all human rights and environmental risks or all human rights and environmental breaches of duty under the LkSG
  • Information in accordance with the applicable national legislation implementing the European Union's Whistleblower Protection Directive 2019/1937.

The transmission of such information is carried out in compliance with all applicable data protection regulations. We encourage all whistleblowers to report their concerns in confidence via the channels provided, as we ensure that their identity remains protected and there is no risk of reprisals.

Information on compliance violations can be submitted via our anonymous parlabox reporting centre.

Handling guide

Further information:

As part of our compliance obligations, we would like to inform you about the Whistleblower Protection Act (HinSchG), which has been in force since 2023 and which we at ARTS take seriously and comply with in full.

Overview

The Whistleblower Protection Act aims to protect individuals who report breaches of Union law (also known as "whistleblowing"). The regulation sets minimum standards for the protection of whistleblowers in a variety of areas, including public health, consumer protection, data protection and financial services.

Who is a whistleblower?

Whistleblowers are individuals who report information about illegal or harmful activities that occur in a work context. These can be employees, but also freelancers, temporary workers, interns, volunteers and job applicants.

Protection of whistleblowers

The HinSchG guarantees comprehensive protection for whistleblowers. It prohibits retaliation, including dismissal, demotion, harassment and discrimination. It also grants whistleblowers the right to effective legal protection, including access to comprehensive information and counselling.

Reporting violations

Under the HinSchG, violations can be reported internally within the organisation or externally to the competent authorities. In general, it is recommended that whistleblowers report internally first, if possible and appropriate.

Confidentiality

The HinSchG guarantees the confidentiality of the whistleblower's identity. No one may disclose the identity of the whistleblower without the whistleblower's express consent.

Our commitment

ARTS has established clear and efficient internal procedures for the (anonymous) reporting of violations. We encourage anyone with knowledge of possible breaches of Union law to report them. We ensure that all reports are taken seriously and investigated and that whistleblowers are not penalised.

What can or should be reported

Reportable offences are, for example

Violation of laws or regulations:

  • A manager directs that falsified financial reports be prepared to deceive investors.
  • A department head illegally disposes of hazardous waste in order to save costs.
  • A manager encourages anti-competitive agreements with competitors.

Unethical behaviour:

  • An employee accepts gifts from a supplier, which violates our gift acceptance policy.
  • An employee manipulates internally used performance indicators to fake better performance results.
  • An employee impersonates a member of management in customer contacts in order to gain trust and conclude contracts.

Fraud or corruption:

  • A colleague creates falsified expense receipts in order to enrich themselves.
  • A colleague embezzles company funds by entering fictitious suppliers in the company books and arranging payments to them.
  • A superior manipulates the awarding of contracts in order to favour friends or family members.

Data protection violations:

  • A colleague shares customer information with third parties without the required customer consent.
  • A colleague stores and shares sensitive personal data of customers without sufficient encryption, making the data vulnerable to unauthorised access.
  • A team member posts photos from a company event with visible faces and names of colleagues on a publicly accessible website without obtaining the consent of those affected.

Health and safety risks:

  • Safety regulations are disregarded in your department, e.g. the prescribed protective equipment is not worn, leading to an increased risk of accidents.
  • Management repeatedly ignores reports of faulty machinery in the production department, resulting in a significant safety risk.
  • Despite repeated requests, management refuses to have a defective air conditioning system repaired, resulting in poor air quality and health complaints among employees.

Discrimination or harassment:

  • A supervisor regularly harasses an employee because of their sexual orientation.
  • A colleague is regularly ignored by her superiors and is given less demanding tasks because she is pregnant.
  • A new employee is regularly mocked by their colleagues because of their accent, resulting in a hostile work environment.

What can or should NOT be reported 

Non-reportable offences are, for example

Personal complaints:

  • A colleague is listening to loud music, which disturbs you at work. This is a personal complaint that should rather be clarified directly with the colleague or, if necessary, with your supervisor.
  • A colleague keeps using your office supplies without asking. This is a personal problem that should be clarified directly with the colleague.
  • You are unhappy with the type of coffee provided in the office kitchen. This is a matter of personal taste and should rather be discussed with the employee responsible for such matters.

Unsubstantiated accusations:

  • You feel a:e colleague is involved in inappropriate activities but have no evidence or specific observations to support your suspicions.
  • You suspect that a colleague is stealing customer data, but have no evidence or specific signs to support this suspicion.
  • You believe that a colleague is falsifying their working hours, but have no concrete evidence or indications to support this assumption.

False information:

  • You are dissatisfied with a manager and are considering submitting a report that contains false accusations against him/her. Such deliberate misinformation is not only unethical, but can also have legal consequences.
  • You are frustrated with a colleague and plan to spread false information about him/her to get him/her in trouble.
  • You are angry with a colleague and plan to spread false rumours about him/her to damage his/her reputation.

Please note: A false suspicion in the context of a report or a disclosure can have far-reaching consequences for the reporter. In particular, the protection afforded by the Whistleblower Protection Act does not apply to the whistleblower if it is a case of wilful or grossly negligent disclosure of false information. 

The malicious whistleblower even runs the risk of becoming liable for damages in accordance with Section 38 of the Whistleblower Protection Act.

Our internal reporting centre

The whistleblower reporting system for reporting possible misconduct and/or criminal offences can be found at the following link.