Code of conduct

Data Protection

How we handle your data and your rights 

Information according to Article 13, 14 and 21 of the General Data Protection Regulation (GDPR) 

The following is to inform you about the processing of your personal data in the context of using the NETZSCH Whistleblower System. In addition, we inform you about the claims and rights to which you are entitled under the data protection regulations.

1. Who is responsible for data processing and whom can I contact?

Responsible entity is:

You can contact our Data Protection Officer at:

Dr. Georg Schröder
c/o Erich NETZSCH B.V. & Co. Holding KG
95100 Selb, Germany

Tel.: +49 9287 75-0
Fax: +49 9287 75208
E-Mail: datenschutz‎@‎NETZSCH.com  

2. For what do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act ( German BDSG). The purpose of the data processing is the implementation of the EU Whistleblower Directive (EU 2019/1937) and of Section 25a (1) Sentence 6 No. 3 German Banking Act (KWG) within the NETZSCH Group.

The legal basis results from your consent according to Article 6 (1) lit. a GDPR. The processing is necessary for the fulfillment of your submission in the NETZSCH Whistleblower System. Usage is also possible anonymously at any time. Your data will be disclosed exclusively and only to the extent necessary for the processing of the matter. The NETZSCH Whistleblower System enables you to contact us and report indications of compliance and legal violations. We process your personal data to review the report you make through the whistleblower system and investigate the alleged compliance and legal violations. Since the NETZSCH Whistleblower System is about the matter and not the person, the data is generally processed anonymously, or pseudonymously. As a rule, it is only used in the event of questions about the facts of the case. Whatever the case, negative consequences for the person making the report is to be ruled out. The system is not allowed to be used for false accusations. The reporting of knowingly false information is prohibited.

4. Which data are processed?

The NETZSCH Group collects and stores the information you provide when reporting the incident. This is in particular the following data:

  • First and last name
  • E-mail (not mandatory, anonymous use is possible)

5. Who gets my data?

Your data will only be disclosed to the internal departments of the NETZSCH Group involved in the technical and administrative support of the NETZSCH Whistleblower System. To the extent necessary to fulfill the purpose stated above, specially authorized persons from our subsidiaries may also be entitled to inspect the data. This is particularly the case if the investigation of their report is carried out in the country concerned. All persons authorized to inspect data are expressly obliged to maintain confidentiality.


In order to fulfill the purpose mentioned above, it may also be necessary for us to transfer your personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.


If we transfer your personal data within the Group or externally, a uniform level of data protection is ensured by means of internal data protection regulations and/or corresponding contractual agreements. In all cases, responsibility for data processing remains with the company.

6. How long will my data be stored?

We store your personal data as long as it is necessary for the investigation of the facts. Immediately after the case has been closed, all personal data stored by us will be deleted, unless there are legal storage obligations, e.g. the German Fiscal Code (AO) and the German Commercial Code (HGB). These storage periods are up to 10 years.

7. Will data be transferred to a third country or to an international organization?

Your personal data will be processed exclusively within the European Union, unless this is necessary for the fulfillment of legal regulations.

8. Which data protection rights do I have?

Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to deletion under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to deletion, the restrictions pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply. In addition, there is a right to complain to a data protection supervisory authority of your choice (Article 77 DSGVO in conjunction with Section 19 of the German Federal Data Protection Act (BDSG)). You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by it.

9. To what extent is there automated decision making - including profiling - in individual cases?

Decision making based exclusively on automated processing - including profiling - does not take place.

Information about your right to object according to Article 21 DSGVO

10. Individual case-related objection on the grounds of your particular situation

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you that is carried out on the basis of Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on these provisions within the meaning of Article 4 No. 4 GDPR that we use for credit assessment or advertising purposes.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

11. Right to object to processing of data for direct marketing purposes

In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made free of formal requirements and should be addressed to the following address: