iWhistle is our whistleblowing system. Employees, customers, business partners, patients, clients, residents or other persons providing information can use iWhistle to report suspected violations of laws and internal rules to the internal reporting office.
Who is responsible for data processing?
Barmherzige Brueder Oesterreich
as an institution of the Catholic Church Austria (Katholische Kirche Oesterreich)
Taborstrasse 16, 1020 Vienna, AUSTRIA
together with its other following institutions as its own data controller:
A.oe. Krankenhaus der Elisabethinen Klagenfurt GmbH
Voelkermarkterstrasse 15-19, 9020 Klagenfurt am Woerthersee, AUSTRIA
FN 220009 v, ATU 56210415;
Care Solutions GmbH
Parkgasse 12, 9300 St. Veit/Glan, AUSTRIA
FN 339332 v, ATU 65461412
Krankenhaus der Barmherzigen Brueder Eisenstadt GmbH
Johannes von Gott-Platz 1, 7000 Eisenstadt, AUSTRIA
FN 569976 a, ATU 7758003
Wiener Dialysezentrum GmbH
Kapellenweg 37, 1220 Vienna, AUSTRIA
FN 291821 z, ATU 63395711
What data is processed?
The use of iWhistle is on a voluntary basis. In the case of tips, the following personal data is processed
- Whistleblower: name (if you disclose your identity), contact details (if you provide them)
- Persons affected by incidents: First name and surname, information about incidents and suspicions of violations of laws and regulations
- Witnesses and/or third parties named in the notice (e.g. customers, suppliers, colleagues or business partners): first and last name, contact details.
What do we process your data for and on what legal basis?
The above-mentioned data is processed for the purpose of uncovering and preventing serious misconduct and avoiding and averting particularly drastic legal consequences and damages that threaten the existence of our organisation (criminal prosecution, claims for damages, damage to our image, supervisory measures) as well as for our employees. The legal basis for the processing is our legal obligation pursuant to Art. 6 para. 1 lit c DSGVO to comply with the requirements of Section 10 of the Whistleblower Protection Act (HinSchG).
Who receives my data?
In the course of audits, investigations and remedial measures to be taken, it may be necessary to transmit information on a reported incident to external advisors (e.g. legal advisors) or to the competent authorities.
The technical operation of iWhistle is carried out by the specialised software service provider iComply GmbH, Große Langgasse 1a, DE-55116 Mainz, on our behalf.
What data protection rights do you have?
You have the right to request information free of charge about the personal data stored about you, its origin and recipient and the purpose of the data processing. If we process your data on the basis of our legitimate interest, you have the right to object to the processing if there are legitimate grounds arising from your particular situation (right of objection). In addition, you have the right to correct incorrect personal data, the right to delete personal data, the right to restrict the processing of personal data, the right to data portability. You can contact us at any time about this and other questions on the subject of personal data. Finally, you have the option of lodging a complaint with a data protection supervisory authority if you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way.
How long is the personal data stored?
The documentation of whistleblowing and personal data contained therein are generally deleted three years after the conclusion of the procedure. The documentation may be kept longer in individual cases in order to fulfil the requirements under the Whistleblower Protection Act (HinSchG) or other legal provisions, as long as this is necessary and proportionate. A final assessment is also stored for documentation purposes.