Internal Reporting Office in Accordance with the Whistleblower Protection Act (HinSchG)

In accordance with the German Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG), we have established an internal reporting office. Internal and external individuals can use this channel to report potential legal violations.

What Can Be Reported?

Reports may include, in particular, information about:

• criminal offenses,
• administrative offenses,
• other violations of applicable laws or internal regulations,

provided they fall within the scope of the Whistleblower Protection Act.

How Can Reports Be Submitted?

Reports can be submitted confidentially through the following contact channel:

Email: whistleblower@js-soft.com

It is possible to submit a report anonymously. However, please note that the sender’s email address will be transmitted with the message.

Confidentiality and Protection

The identity of whistleblowers and of persons named in a report will be treated as confidential.
Access to incoming reports is restricted to authorized personnel within the internal reporting office.
Whistleblowers are protected against discrimination or retaliation within the framework of the statutory provisions.

Procedure

• Receipt of the report will be acknowledged within 7 days.
• The report will be reviewed and appropriately processed.
• The whistleblower will receive feedback on any measures taken or planned no later than 3 months after the report, to the extent legally permissible.

Data Protection

The controller responsible for data processing is:

j&s-soft AG, Max-Jarecki-Str. 21, 69115 Heidelberg.
For information about our Data Protection Officer and further details, please refer to our website: Privacy Policy – j&s-soft

The purpose of the data processing is to receive, review, and process reports and to take any necessary follow-up actions. The legal basis for processing is Art. 6(1)(c) GDPR in conjunction with § 10 HinSchG; additionally, where applicable, Art. 6(1)(f) GDPR to pursue legitimate interests (e.g., investigating violations).

Recipients may include internal authorized personnel, external processors, and competent authorities or courts, if legally required.
Documentation is deleted no later than three years after the conclusion of the procedure, unless longer retention is necessary and proportionate.

You have the right, under applicable law, to obtain information free of charge at any time about your stored personal data, its origin, recipients, and the purpose of processing, as well as the right to request rectification or deletion of this data if applicable.
Please contact our Data Protection Officer or use the general contact details provided on our website.

With regard to the processing of your personal data, you have the right to lodge a complaint with a data protection supervisory authority, such as the authority responsible for us.
A list of German data protection supervisory authorities can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information (www.bfdi.bund.de) under Landesbehörden (Authorities of the federal states) in the service section.