Privacy policy

Data protection is important to C.W.G. Whistleblowing GmbH and the statutory data protection provisions are therefore always implemented and complied with in an up-to-date manner.

Therefore, we also explain our handling of your personal data here.

Who is the responsible entity?

Responsible entity in the sense of the data protection laws is

C.W.G. Whistleblowing GmbH
Georgenstraße 27
82054 Sauerlach
phone: +49(0) 6261- 84694-70

Collection and storage of personal data as well as type and purpose of their use

When visiting the website

When you visit our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which the access is made (referrer URL),
  • The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring a comfortable use of our website,
  • Evaluation of system security and stability, and
  • for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

Contact by e-mail

If you contact us electronically (by e-mail), the personal data you send us will be collected. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no legal retention obligations to the contrary. After expiry of the retention period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract and/or there is no continued legitimate interest on our part in its storage. Please note that you should only send e-mails to us in encrypted form in order to protect the confidentiality of your request from third parties. If communication via PGP is desired, please let us know.

Handling your personal data

Your personal data will be processed solely by C.W.G. Whistleblowing GmbH and will not be passed on to third parties - without your prior consent. We take all necessary technical and organizational security measures to store your personal data in such a way that they are protected against unauthorized access and misuse.

If there is any transfer of your personal data to third parties, it will only be for the purposes listed below. We will only disclose your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 (1) p. 1 lit. a DSGVO,
  • the disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f DSGVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c DSGVO, as well as
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.

Our employees are obliged to observe the regulations of the BDSG and the DSGVO as well as the various relevant state laws on data protection when handling data.

To protect the security of your data during transmission, we use encryption methods (e.g. SSL) via HTTPS. Our servers are secured by means of firewall and virus protection. Back-up and recovery as well as role and authorization concepts are a matter of course for us. 

Data protection is important to C.W.G. Whistleblowing GmbH. Therefore, the data we process is hosted exclusively by servers in Germany. In addition, the security of the data is also important to us. That is why our development partner, EGOTEC AG, has certified its processes and the software products developed from them in accordance with DIN ISO 27001.


For the web application, we use cookies for each login of the customer or whistleblower. The mere submission of a comment by the whistleblower works without cookies. When the whistleblower subsequently submits a comment, a login is required, which is why cookies are mandatory again. Cookies are files that your browser stores on your end device when you visit our website. They are used to store data of your visit and for recognition as well as for statistical collection, improvement and guarantee of the operation of our website. The legal basis for this is § 6 para. 1 lit f DSGVO. Temporary cookies are deleted after you leave the website. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies will result in the login and thus the complete web application not working.

Cookies are not used for purposes other than those mentioned above, this exclusion also refers to the use of cookies from other websites.

How long will the data be stored?

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated herein or as stipulated by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.

Your rights to information, correction, blocking, deletion and objection

In accordance with Art. 15 DSGVO, you have the right to obtain information about your personal data stored by C.W.G. Whistleblowing GmbH at any time. In accordance with Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

Likewise, according to Art. 16 DSGVO, you have the right to immediate correction, blocking or, apart from the mandatory data storage for business processing, according to Art. 17 DSGVO, the right to delete your personal data. According to Art. 18 DSGVO, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO; Please also contact our data protection officer ().

To ensure that a block on data can be taken into account at any time, this data must be kept in a blocking file for control purposes. You can also request that the data be deleted, unless there is a legal archiving obligation. If such an obligation exists, we will block your data upon request.

You can make changes or revoke consent in accordance with Article 7 (3) DSGVO by notifying us at any time with effect for the future. To do so, you can contact us directly at the above contact details or also by e-mail to

In accordance with Art. 77 DSGVO, every data subject also has the right to lodge a complaint with the respective competent supervisory authority if he or she is of the opinion that the processing of his or her personal data violates data protection regulations. The state data protection authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach

Change to our privacy policy

We reserve the right to occasionally adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Questions for the data protection officer

If you have any questions about data protection at C.W.G. Whistleblowing GmbH, please email us at or contact our data protection officer directly:

C.W.G. Whistleblowing GmbH
Georgenstraße 27
82054 Sauerlach


Status October 2021