COMPLIANCE

This data protection policy serves to fulfil the information obligations as defined in the General Data Protection Regulation (GDPR) for data processing within the framework of the whistleblowing system. 

1. Purpose of data processing and legal basis

Schneditz-Bolfras Lindtner Rechtsanwälte GmbH & Co KG, Brunnenweg 2/1, 4810 Gmunden, Austria (“SL Lawyers”) as well as HOFER Kommanditgesellschaft, Hofer Straße 1, 4642 Sattledt, Austria (“HOFER”) and ALDI SÜD Kommanditgesellschaft, Michael-Walz-Gasse 18d, 5020 Salzburg, Austria (“ALDI”) and together with HOFER and SL Lawyers (“We”) collect, process and use your personal data. SL Lawyers act on behalf of HOFER and ALDI, respectively.

Personal data are all data that contain individual details about personal or factual circumstances, such as name, address, e-mail address, telephone number, date of birth or other information that allows conclusions to be drawn about a person.

In certain cases, We also collect special categories of personal data as defined in Art. 9 para. 1 GDPR or personal data about criminal convictions and criminal offences as part of investigation measures. This may be the case, for example, if a hint transmitted by you contains relevant data. We process such data only as defined in Art. 9 para. 2 or Art. 10 GDPR.  

The purpose of the data processing is to fulfil the legal protection and due diligence obligations relating to ALDI and HOFER, in particular to comply with the requirements of the Austrian Whistleblower Protection Act, Federal Law Gazette for the Republic of Austria (BGBl) 6/2023 as amended (HinweisgeberInnenschutzgesetz, HSchG), as well as to identify illegalities and irregularities in the company and to create an adequate compliance structure. The data disclosed by you may also be processed in this context for the purposes of exercising, enforcing or defending legal rights.

Insofar as We obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis.

When processing personal data required to perform a contract, Art. 6 para 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to take steps prior to entering into a contract.

Insofar as processing of personal data is necessary to comply with our legal obligations, Art. 6 para. 1 lit. c) GDPR serves as the legal basis. In the context of the Counsel of Trust system, these are in particular the Whistleblower Protection Act (HSchG) as well as the general duties of care under company law to which HOFER/ALDI is subject.

The Counsel of Trust system also serves to prevent illegal acts or irregularities in the company. Insofar as this is in the public interest, Art. 6 para 1 lit. e) GDPR therefore also serves as the legal basis for data processing.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing. In the context of the Counsel of Trust system, We base this in particular on our legitimate interest in identifying irregularities and illegal acts in the company and averting damage to the company as well as to third parties.

2. Your rights

You have the following rights:

• The right to information about the personal data stored about you (Art. 15 GDPR),
• The right to have inaccurate personal data concerning you rectified and, if necessary, to have incomplete personal data completed (Art. 16 GDPR),
• The right to erasure, provided that one of the grounds stated in Art. 17 GDPR applies,
• The right to restrict processing, provided that one of the grounds stated in Art. 18 GDPR applies,
• The right to data portability as defined in Art. 20 GDPR,
• The right to object, provided that the conditions of Art. 21 GDPR are met,
• The right to be notified of a breach of personal data as defined in Art. 34 GDPR,

You have the right to revoke consent granted to use your personal data at any time and without stating a reason. Please note that the data processing carried out up to that point is not affected by this and further data processing may also be subject to a different legal basis.

Please note that your rights to information, rectification, erasure, restriction of processing, your right to object and your right to be notified of a personal data breach may also be restricted in accordance with the stipulations of Section 8 para. 9 HSchG.

3. Right to appeal

If you are of the opinion that the processing of your personal data violates applicable data protection law or that your data protection rights have been violated in any other way, you may appeal to the competent supervisory authority. In Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria.

4. Data security

Your personal data is protected through appropriate organisational and technical precautions. Regardless of this, however, it cannot be ruled out that information, particularly that which you disclose to us via the Internet, may be viewed and used by other persons. Please note that We therefore accept no liability of any kind for the disclosure of information due to errors in data transmission and/or unauthorised access by third parties not caused by us.

We make every effort to ensure that no data breaches occur. If these do occur, We will make every effort to identify them at an early stage and, if necessary, report them to you or to the relevant supervisory authority without undue delay.

5. Use of data

We will not process the provided data for purposes other than those covered by the law or by your consent or otherwise covered by a provision in accordance with the GDPR. Non-disclosure of personal data does not entail any legal consequences, particularly since there is the possibility of anonymous reporting.

Your data will not be kept longer than is necessary to comply with legal obligations.

6. Transmission of data to third parties

To fulfil your order, it may be necessary to transmit your data to third parties, courts or authorities. Your data will only be transmitted on the basis of the GDPR, in particular to fulfil legal requirements or on the basis of your prior consent.

Some of the aforementioned recipients are located outside of your country or process your personal data there. The level of data protection in other countries may not be the same as that in Austria. However, we will only transfer your personal data to countries that the EU Commission has determined to have an adequate level of data protection or We will take measures to ensure that all recipients have an adequate level of data protection.

7. Data controller and contact persons

As the primary contact for all data protection issues, SL Lawyers are available to you at the following contact details:

Schneditz-Bolfras Lindtner Rechtsanwälte GmbH & Co KG
Brunnenweg 2/1, 4810 Gmunden, Austria
T: + 43 7612 656 10 | e-mail: officesymbolsl-rapunktat

You can also address your inquiries to ALDI or HOFER.

Insofar as the personal data concern the sphere of ALDI, the data controller as defined by Art. 4 para. 7 GDPR is ALDI SÜD Kommanditgesellschaft, Michael-Walz-Gasse 18d, 5020 Salzburg, Austria.

Insofar as the personal data concern the sphere of HOFER, the data controller as defined by Art. 4 para. 7 GDPR is HOFER Kommanditgesellschaft, Hofer Strasse 1, 4642 Sattledt, Austria.