Whistleblower Protection Act (HinSchG)
Dear Ladies and Gentlemen, dear employees,
We hereby inform you about the new requirements for reporting violations of legal regulations under the Whistleblower Protection Act (HinSchG). The Whistleblower Protection Act came into force on July 2, 2023. This law regulates the protection, in particular, of natural persons who have obtained information about violations in connection with their professional activity or in the run-up to a professional activity and report or disclose this information to the reporting offices provided for under this law (whistleblowers). By making such a report, you contribute to the prevention, detection, and elimination of errors within our corporate group. You are often the first to notice when something goes wrong in one of our companies.
Internal Reporting Office
We therefore encourage you to contact our internal reporting office with suspicious matters in connection with or in the run-up to your professional activity, providing as specific information as possible. We take the requirements for the protection of whistleblowers seriously and assure you that you do not have to fear any disadvantageous measures as a result of or following a justified report. In accordance with our legal obligation, we provide you with our internal whistleblower reporting system. You can report information about violations within the meaning of the HinSchG via this protected channel. Please note: A deliberately false report can have criminal consequences. Information on whistleblower protection for employees Internal reporting system. You can find detailed information about our internal reporting offices on our homepage www.karl-verpackungen.de. For specific questions regarding whistleblower protection, you will find the contact details for direct communication with our Whistleblower Protection Act officer under the heading “Contact Person” on that page. Reports of violations can be submitted anonymously by placing them in the designated mailboxes. These are located at:
• Plant 1: in the rear employee entrance area to the printing department
• Plant 2: in the corridor of the employee entrance area
Reporting Violations
As soon as your report has been received, you will receive an acknowledgment of receipt. The reports will then be reviewed. You will receive feedback on the measures we are taking to rectify the grievance with your help. Which matters can be reported?
You can report information about violations to our internal reporting office. Information about violations includes reasonable suspicions or knowledge of actual or potential violations within our companies or at another entity with which you are or were in contact due to your professional activity (e.g., customers and suppliers), which have already been committed or are very likely to occur, as well as attempts to conceal such violations. This covers violations through acts and/or omissions within the scope of a professional, entrepreneurial, or official activity that are unlawful and/or abusive and concern regulations or legal areas that fall within the material scope of the HinSchG. Reports about purely private misconduct that the whistleblower learns about in connection with their professional activity, however, are not protected.
The material scope of the Whistleblower Protection Act is regulated in Section 2 HinSchG. It includes, among other things, the reporting of information on the following violations:
• Violations that are subject to criminal penalties,
• Violations that are subject to fines, provided that the violated regulation serves to protect life, limb, or health or to protect the rights of employees or their representative bodies,
• Other legal violations of federal or state legislation as well as certain directly applicable legal acts of the EU and the European Atomic Energy Community, such as consumer protection and data protection.
This list is not exhaustive. The legal text of Section 2 HinSchG is attached to this letter.
Confidentiality
We handle your personal data and the personal data of the persons affected by the report confidentially. Personal data is processed in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act. Furthermore, according to Section 8 HinSchG, we are obliged to protect the identity of the whistleblower as well as the persons affected by the report to a large extent. This means that personal data will only be known to the responsible persons at the internal reporting office and may only be disclosed in legally defined exceptional cases (Section 9 HinSchG). The identity of persons who report grossly negligent or intentionally false information is not protected from disclosure in accordance with the HinSchG.
No Disadvantages from Reporting Violations
You will not suffer any disadvantages as a result of a justified report of violations. The Whistleblower Protection Act offers comprehensive protection, which we take very seriously. Processing of personal data: The internal reporting office processes personal data of the whistleblower and other persons named in the report in accordance with the legal basis of Art. 6 Para. 1 Sentence 1(c) GDPR, Section 10 HinSchG, insofar as this is necessary to carry out the reporting procedure and corresponding follow-up measures. In particular, the information provided by you within the framework of the whistleblower system will be processed for the purpose of verification, for internal investigations (including disclosure to external lawyers, auditors, or other professionals bound by professional secrecy, as well as to affected group companies) and, if necessary, for disclosure to state authorities.
REPORTING OFFICE
According to Art. 14 GDPR, if your data is collected without your knowledge (for example, because you are involved as an accused person in the procedure to clarify the report), you have the right to be informed about the storage, the type of data, the purpose of processing, and the identity of the controller and, if applicable, the whistleblower (provided the report was not submitted anonymously). However, if there is a significant risk that such information would jeopardize our ability to effectively investigate the allegation or gather the necessary evidence, this information may be postponed according to Art. 14 Para. 5 Sentence 1 lit. b) GDPR for the period during which this danger exists. The information must be provided as soon as the reason for the postponement no longer applies.
Section 2 Material Scope
(1) This Act applies to the reporting (Section 3 Paragraph 4) and disclosure (Section 3 Paragraph 5) of information regarding
1. Violations that are subject to criminal penalties,
2. Violations that are subject to fines, provided that the violated regulation serves to protect life, limb, or health or to protect the rights of employees or their representative bodies,
3. Other violations of federal and state legal regulations as well as directly applicable legal acts of the European Union and the European Atomic Energy Community a) for combating money laundering and terrorist financing, including in particular the Money Laundering Act and Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006 (OJ L 141, 5.6.2015, p. 1), as amended by Regulation (EU) 2019/2175 (OJ L 334, 27.12.2019, p. 1), in the currently valid version,
b) with requirements for product safety and compliance,
c) with requirements for road safety concerning road infrastructure safety management, safety requirements in road tunnels, and admission to the occupation of road haulage operator or road passenger transport operator (bus and coach companies),
d) with requirements for ensuring railway operational safety, e) with requirements for maritime safety concerning European Union regulations for the recognition of ship inspection and survey organizations, the liability and insurance of carriers of passengers by sea, the approval of marine equipment, maritime accident investigation, seafarers’ training, the registration of persons on board passenger ships in maritime transport, as well as European Union regulations and procedural rules for the safe loading and unloading of bulk carriers,
f) with requirements for civil aviation safety in terms of averting dangers to operational and technical safety and in terms of air traffic control,
g) with requirements for the safe transport of dangerous goods by road, rail, and inland waterway, h) with requirements for environmental protection, i) with requirements for radiation protection and nuclear safety,
j) for promoting the use of energy from renewable sources and energy efficiency,
k) for food and feed safety, organic production and labeling of organic products, protection of geographical indications for agricultural products and foodstuffs including wine, aromatized wine products, and spirits, as well as guaranteed traditional specialties, the placing on the market and use of plant protection products, as well as animal health and animal welfare, insofar as they concern the protection of agricultural livestock, the excerpt from Section 2 HinSchG: Material Scope:
protection of animals at the time of killing, the keeping of wild animals in zoos, the protection of animals used for scientific purposes, as well as the transport of animals and related operations,
l) on quality and safety standards for organs and substances of human origin, human and veterinary medicinal products, medical devices, and cross-border healthcare, m) on the manufacture, presentation, and sale of tobacco products and related products,
n) for regulating consumer rights and consumer protection in connection with contracts between entrepreneurs and consumers, as well as for the protection of consumers in the area of payment accounts and financial services, price indications, and against unfair commercial practices,
o) for the protection of privacy in electronic communications, for the protection of the confidentiality of communications, for the protection of personal data in the area of electronic communications, for the protection of the privacy of users’ terminal equipment and information stored in such terminal equipment, for protection against unreasonable harassment through advertising by means of telephone calls, automatic calling machines, fax machines, or electronic mail, as well as regarding calling line identification and restriction and inclusion in subscriber directories,
p) for the protection of personal data within the scope of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1; L 314, 22.11.2016, p. 72; L 127, 23.5.2018, p. 2) according to Article 2 thereof,
q) for information technology security within the meaning of Section 2 Paragraph 2 of the BSI Act of digital service providers within the meaning of Section 2 Paragraph 12 of the BSI Act, r) for regulating the rights of shareholders of stock corporations, s) for the statutory audit of public-interest entities according to Section 316a Sentence 2 of the Commercial Code, t) for accounting including the bookkeeping of companies that are capital market-oriented within the meaning of Section 264d of the Commercial Code, of credit institutions within the meaning of Section 340 Paragraph 1 of the Commercial Code, financial services institutions within the meaning of Section 340 Paragraph 4 Sentence 1 of the Commercial Code, investment firms within the meaning of Section 340 Paragraph 4a Sentence 1 of the Commercial Code, institutions within the meaning of Section 340 Paragraph 5 Sentence 1 of the Commercial Code, insurance companies within the meaning of Section 341 Paragraph 1 of the Commercial Code, and pension funds within the meaning of Section 341 Paragraph 4 Sentence 1 of the Commercial Code,
4. Violations of federal and uniformly applicable regulations for contracting authorities regarding the procedure for awarding public contracts and concessions and regarding legal protection in these procedures upon reaching the respective relevant EU threshold values,
5. Violations covered by Section 4d Paragraph 1 Sentence 1 of the Financial Services Supervision Act, unless otherwise provided for in Section 4 Paragraph 1 Sentence 1,
6. Violations of tax law norms applicable to corporations and commercial partnerships,
7. Violations in the form of agreements aimed at obtaining a tax advantage in an abusive manner that runs counter to the goal or purpose of the tax law applicable to corporations and commercial partnerships,
8. Violations of Articles 101 and 102 of the Treaty on the Functioning of the European Union as well as violations of the legal regulations mentioned in Section 81 Paragraph 2 Number 1, 2 Letter a and Number 5 as well as Paragraph 3 of the Act against Restraints of Competition.
9. Violations of the provisions of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) (OJ L 265, 12.10.2022, p. 1),
10. Statements by civil servants that constitute a violation of the duty of loyalty to the constitution. (2) This Act also applies to the reporting and disclosure of information
About
1. Violations against the protection of the financial interests of the European Union within the meaning of Article 325 of the Treaty on the Functioning of the European Union
and
2. Violations of internal market rules within the meaning of Article 26 Paragraph 2 of the Treaty on the Functioning of the European Union, including European Union rules on competition and state aid going beyond Paragraph 1 Number 8