The protection and confidentiality of personal data is an integral part of the architecture of each whistleblowing system.

This service is designed to avoid any possible process of personal data via the whistleblowing system and metadata, which could result in tracing the whistleblower's identity in the course of data processing. IP addresses and metadata of the whistleblower will therefore, if technically not mandatory, not be recorded and not further processed. This service does not use any tracking technologies or third-party cookies.

This service uses, among others, Secure Socket Layer (SSL) technology - the industry standard for encryption in the internet - in order to ensure the safety of the data provided by whistleblowers. This internet encryption standard encrypts data during the transfer from the computer of the whistleblower to the server of the service.

Whistleblowers, who wish to remain anonymous, can further increase the technical safety by noting the following information:
  • do not disclose personal information (e.g.: own name, relationship to the accused) or any information as such in the message, that could lead to the conclusion of the identity;
  • do not use the service from company or authorities-owned networks or other networks that may monitor the internet use.

Note on data protection
Employees, customers, or business partners of the ANDRITZ Group can report violations of compliance regulations via "iWhistle". Reports can be submitted via the following reporting channels:

  • Insider trading
  • Bribery, corruption, conflicts of interest
  • Anti-competitive conduct, market abuse
  • Export controls
  • Personnel-related topics in breach of the law, particularly discrimination, harassment, bullying
  • Breach of data protection regulations
  • Facts relevant to procurement
  • Fraud, accounting fraud, breach of trust, money laundering, misappropriation of business and trade secrets
  • Other serious offenses
Information is only exchanged between departments if this would be exceptionally necessary to process a specific case.

The infrastructure of the system, including websites and database, is operated by the service provider iComply GmbH, located in 55116 Mainz, Große Langgasse 1A. iComply GmbH is contractually bound to strict confidentiality and to comply with all data protection requirements.

What personal data and information is collected and processed?
When reporting violations via "iWhistle", personal data: 

  • Of the person submitting a report (e.g. name, contact details) (optional/voluntary!) and
  • of the persons affected by an incident (e.g. description of the actions of affected persons)

entered in the respective reporting form or transmitted via the protected mailbox are collected and processed. The data is processed by the responsible department in order to review the reported incidents, initiate and conduct investigations, and take remedial action as necessary.

As part of the reviews, investigations and remedial actions to be taken, it may be necessary to share information about a reported incident with employees of other departments such as the Legal Department or with the management of Muster GmbH, other Muster companies, external consultants (e.g. legal advisors) or the competent authorities. We may also be required to report a reported incident to the relevant authorities and to the affected individuals.

How long will personal data be stored?
The personal data and information you provide will be retained for as long as knowledge of them is necessary to process the report and, if applicable, to initiate sanctions, or for as long as the data must be retained by law. If a notification proves to be unfounded, the notification together with any personal data contained therein will be deleted immediately.