Whistleblower protection reporting office

The Whistleblower Protection Act implements the EU Directive 2019/1937, the so-called “Whistleblower Directive”.

For this reason, Consileon Business Consultancy GmbH and Consileon Frankfurt GmbH set up a whistleblower system in form of an internal reporting office, where employees, business partners or other parties professionally associated with Consileon Business Consultancy GmbH or Consileon Frankfurt GmbH can submit reports or information about relevant violations of rules or laws.

Important: Whistleblowers are protected from reprisals under this law. All reported information and personal data are subject to special confidentiality as well as high data protection standards and requirements. The special legal protection of whistleblowers does not apply to reports made intentionally or through severe negligence.

Notes on the procedure:

You can submit reports by phone, in text form by e-mail or in written form to

Phone: +49 721 619016-10
E-Mail: hinweisgeber@consileon.de

Postal address:
Consileon Business Consultancy GmbH
Whistleblower protection reporting office
– Confidential –
Maximilianstraße 5
76133 Karlsruhe

Postal address:
Consileon Frankfurt GmbH
Whistleblower protection reporting office
– Confidential –
Maximilianstraße 5
76133 Karlsruhe

You can also submit these reports in person. If you wish to meet in person, please contact us by e-mail or phone at the above addresses.

You will receive a confirmation of receipt shortly after your report.

Identities are only disclosed to the individuals responsible for receiving reports or for taking any follow-up action.

Please note that, for legal reasons, the above-mentioned reporting office is exclusively responsible for Consileon Business Consultancy GmbH and Consileon Frankfurt GmbH, not for other companies of the Consileon Group.

Instead of contacting the internal reporting office, you can also contact an external federal reporting office with any information. Further information on this reporting office and the possibility of online reporting can be found on the website of the Federal Office of Justice.


Data protection information of the Whistleblower Protection Office

1.Name and contact details of the controller and the company data protection office

This data protection information applies to data processing by:

Consileon Business Consultancy GmbH
Maximilianstraße 5, 76133 Karlsruhe
E-Mail: hinweisgeber@consileon.de
Phone: +49 721 619016-10

Consileon Frankfurt GmbH
Maximilianstraße 5, 76133 Karlsruhe
E-Mail: hinweisgeber@consileon.de
Phone: +49 721 619016-10

You can reach the company data protection officer of both controllers at

E-Mail: natalie.dittrich@consileon.de
Phone: +49 721 381 3452

2. Collection and storage of personal data as well as type and purpose and their use

We provide whistleblowers with the opportunity to use the Whistleblower Protection Reporting Office to provide us with information by telephone, e-mail or in person to clarify suspected cases of breaches of regulations and criminal acts (corruption, bribery, theft, embezzlement, fraud, money laundering, bullying, etc.) and to report such cases.

As part of the whistleblowing process, your personal data will be processed for the following purposes when you submit and process a report:

  • Compliance with the EU Whistleblower Directive and the Whistleblower Protection Act (legal basis Art. 6 para. 1 sentence 1 lit. c GDPR, compliance with a legal obligation)
  • Provision of a reporting option for the whistleblowing process digitally, verbally, by post and in person (legal basis Art. 6 para. 1 sentence 1 lit. c GDPR, compliance with a legal obligation)
  • Processing of reports and, if necessary, consultation with you as the reporting person (legal basis Art. 6 para. 1 sentence 1 lit. c GDPR, compliance with a legal obligation)
  • Checking the plausibility of information (legal basis Art. 6 para. 1 sentence 1 lit. b GDPR, Section 26 BDSG)
  • Clarification of possible misconduct and initiation of investigation proceedings (legal basis Art. 6 para. 1 sentence 1 lit. b GDPR, Section 26 BDSG)
  • Prevention of future misconduct (legal basis Art. 6 para. 1 sentence 1 lit. b GDPR, Section 26 BDSG)
  • Implementation of obligations to cooperate with law enforcement authorities (legal basis Art. 6 para. 1 sentence 1 lit. c GDPR, compliance with a legal obligation)

Whistleblowers can communicate both anonymously and using their personal data.

However, if a notification is not made anonymously, the following personal data will be processed:

  • Inventory data (name, company affiliation, receipt of notification)
  • Contact details
  • Content data of the message
  • Meta/communication data
  • all other data provided as part of the notification

The following personal data of the accused are also processed:

  • Inventory data (name, company affiliation)
  • Contact details, if applicable
  • Content data of the message
  • all other data provided as part of the notification

The data collected will be stored for as long as is necessary in compliance with the statutory retention periods. According to § 11 HinSchG: The documentation will be deleted three years after completion of the procedure. The documentation may be stored for longer in order to meet the requirements of this Act or other legal provisions, as long as this is necessary and proportionate.

3. Disclosure of data to third parties

We only transfer your personal data for the purposes described above.

Your data may be passed on to the following parties:

  • Service providers that we use within the framework of order processing relationships
  • With us jointly responsible
  • Responsible internal employees (e.g. internal investigators)
  • Responsible whistleblowing officer

In special cases where there is a corresponding authorization (e.g. court order):

  • Authorities: e.g. courts, law enforcement authorities

Your data will not be transferred to countries outside the European Economic Area – EEA (third countries).

4. Rights

You have the right:

  • in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future;
  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, and
  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office (Landesbeauftragter für Datenschutz und Informationssicherheit BW).