English
Whistleblower Protection Act
Data protection information
Data protection notice for the VENTREX – Whistleblowing System
The protection of your personal data is of utmost importance to us. As a company, we guarantee compliance with data protection regulations and ensure the confidentiality and security of your information within the framework of the VENTREX reporting system.
Controller for Data Processing

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is


VENTREX Automotive GmbH
Johann-Sebastian-Bach-Gasse 1-5
8010 Graz
E-Mail: dsgvo@ventrex.com

Regarding personal data that whistleblowers know go beyond what is necessary to follow up on reports, whistleblowers are considered independent data controllers within the meaning of the GDPR (Section 8 (4) (1) HSchG, Austrian Whistleblower Protection Act). This designation also applies to authorities processing data received due to a report.
Purpose and legal basis of the processing
The reporting system was designed to offer a straightforward process for reporting compliance and legal breaches in areas of significant public interest, ensuring whistleblowers are safeguarded against potential reprisals. The personal data you provide allows us to verify the reported information and investigate suspected violations.

We process the personal data, provided by you, to fulfill legal obligations concerning whistleblower protection based on Art. 6 para. 1 lit. c GDPR and local data protection laws.
Personal Data
We only process personal data voluntarily submitted by you as a whistleblower. It is possible - within legal constraints - to use the reporting system without providing personal data. Your IP address and location will not be stored if you submit an anonymous report.

However, you have the option to voluntarily disclose personal data as part of the whistleblowing process, such as information about your identity, name, country of residence, phone number, or email address. If your report refers to third-party personal data, affected individuals will be informed and given the opportunity to comment, ensuring confidentiality by safeguarding your identity, to the extent legally possible.

Additionally, it might be necessary to transfer your personal data to external entities like authorities, courts, police, law firms, or competition authorities, within or outside the European Union, in compliance with our legal obligations to investigate incidents.
Duration of Storage
We retain personal data only for the duration necessary to process your information or if there is a legitimate interest in storing the data. European or national laws might require data retention to fulfill legal obligations.

Data not required for processing will neither be collected nor stored. If necessary, it will be deleted immediately. Following the investigation's conclusion, all reports and associated data will be archived for 5 years. After this period, all data will be irrevocably deleted or anonymized.
Your Rights
Rights of data subjects as per Articles 15 to 21 GDPR do not apply to individuals affected by a report in accordance with Section 8 (9) HSchG, if it is essential for the whistleblower's protection or the investigation (e.g., right to information, access, erasure, objection). General data protection regulations apply to reports beyond the scope of the Austrian Whistleblower Protection Act.

If you believe that we have violated Austrian or European data protection laws while processing your data, thereby infringing your rights, you have the right to lodge a complaint with the Austrian Data Protection Authority at Barichgasse 40 - 42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at
VENTREX Automotive GmbH