Data Protection

 Data Privacy Policy
The whistleblower system is operated by a law firm specializing in this area, Schindhelm Rechtsanwaltsgesellschaft mbH, on behalf of Ensinger GmbH, for the Ensinger Group companies listed in the legal notice. 
In the interest of transparency under data protection law, the following policy explains the details of the whistleblower system we use and to inform you about the handling of whistleblower reports received and about the type, scope and purpose of the collection and use of data. 
If you have any further questions on our information, the data protection and the processing of your personal data, you can contact us directly at any time. We are also available to you at any time in the event of requests for information, suggestions or complaints. 
Ensinger GmbH
Rudolf-Diesel-Straße 8
71154 Nufringen
Ensinger GmbH has appointed an external data protection officer. You can reach him at:

Dr. Christian Borchers 
Datenschutz Süd GmbH
Wörthstraße 15 
97082 Würzburg, Germany

Phone +49 931 304976 0 
Fax +49 931 304976 10

and by email at and at

Data Processing by Means of the internal Whistleblowing System ("whistleblowing")
You have the option of using our internal whistleblower system. You are not expected to enter any personal data about yourself. Communication takes place solely via the system and by using a password assigned by you. Depending on the content of your contribution, however, your report may contain personal data of third parties. Personal data that is clearly irrelevant or irrelevant to a report will not be collected or deleted immediately if it was collected accidentally.
Unless you voluntarily provide personal information, you will remain anonymous to us.
Data processing on the website
When you visit our websites, the following usage data is temporarily collected on the web server of the whistleblower system: 
  • Requested element
  • Called URL
  • Date and time of the request
  • Protocol used
  • Time zone difference from Greenwich Mean Time (GMT)
  • HTTP status code
  • IP address
The IP address is immediately shortened to ensure an anonymous visit of the website. The data is stored for 7 days.
A technically necessary session cookie is installed for the language settings and information about the login, which is deleted after the session.
To protect your data from unwanted access as comprehensively as possible, we take technical and organizational measures. We use an encryption procedure on our site. Your data is transferred from your device to our server and vice versa via the Internet using TLS encryption. You can recognize this by the fact that the lock symbol is closed in the status bar of your browser and the address bar begins with https://.
Purpose of processing
The whistleblower system gives employees of the Ensinger Group and also third parties the opportunity to inform on grievances without themselves becoming involved. This may include but is not limited to the following issues within the company: 
  • Crimes or Misconduct;
  • Serious and flagrant violations of applicable law and/or international agreements;
  • Serious threats or hazards to the public interest of which the whistleblower has personal knowledge;
  • Violating a code of conduct of the company as well as
  • Hazards to employee health.
Legal bases for the processing
The processing of the data serves the fulfilment of a legal obligation (Art. 6 para. 1 p. 1 c) GDPR), which follows from the so-called Whistleblower Directive (Directive (EU) 2019/1937 on the protection of persons who report infringements of Union law) and national laws of the EU member states based on this, for Germany from § 10 Whistleblower Protection Act. 

The data processing is also carried out in the legitimate interest of the company to be informed about illegal and reportable events and to be able to clarify these internally (Art. 6 para. 1 p. 1 f) GDPR).

Data identifying the whistleblower will only be passed on by the internal reporting office for the purpose of conducting internal investigations on the basis of your consent and insofar as the passing on is necessary for follow-up measures (§ 9 (3) Whistleblower Protection Act).

Storage periods
The notifications are checked and answered within the legally determined deadlines. 

Personal data that are obviously not relevant or unsubstantiated for the allegations or processing of a specific report are not processed further and are only kept for the purpose of complying with the storage periods.

Pursuant to § 11 (5) of the Whistleblower Protection Act, all receipts must be stored for up to 3 years after the conclusion of the proceedings. Documentation may be kept longer to meet requirements under the Whistleblower Protection Act or other legislation as long as this is necessary and proportionate.
Recipient of the data
The data collected will be received by Schindhelm Rechtsanwaltsgesellschaft mbH, Osnabrück ("Schindhelm"), the company commissioned by us, for the purpose of checking the plausibility of the report and, if necessary, also forwarded to persons within the company responsible for processing reports and, if applicable, also made available to other third parties (lawyers, experts, and auditors) for analysis and investigation purposes. If necessary, authorities and courts may also be involved.  
To this end, all reports are made available to Ensinger GmbH to enable the management of the corporate group having a comprehensive overview of current incidents. In this context, Schindhelm Rechtsanwaltsgesellschaft mbH ensures that the protection of whistleblowers is guaranteed.
In addition, your data will be transferred to service providers who support Schindhelm Rechtsanwaltsgesellschaft mbH in the operation of the website and related processes within the scope of order processing pursuant to Art. 28 GDPR. The service providers work strictly according to instructions and have appropriate contractual obligations.
Transfer of Data to Countries outside the European Union
The collected data may be made available to recipients outside the European Union on a case-by-case basis to the extent that this is urgently required for processing the incoming notifications, including but not limited to determining the heaviness of the violations. Prior to the transfer of personal data, all measures necessary to ensure that the level of protection for individuals guaranteed by the GDPR is not undermined shall be taken.

You have certain rights based on the applicable data protection regulations – including but not limited to the GDPR and the corresponding regulations in the applicable law of a Member State of the European Union. You can assert these rights against Ensinger GmbH:

You can request information about the personal data stored about you in accordance with Art. 15 GDPR.

You can request the correction of incorrect personal data in accordance with Art. 16 GDPR.

You may request erasure pursuant to Article 17 GDPR or restriction of the processing of your personal data pursuant to Article 18 GDPR and you may request to receive your personal data provided by you in a structured, commonly used and machine-readable format pursuant to Article 20 GDPR.

If you have given us your consent, you also have the right to revoke this consent at any time with effect for the future.

You also have the option of contacting the competent supervisory authority in the event of complaints about the handling of your personal data.