Skip to content
Logo BBDO
menu icon
Logo BBDO

ADDRESS

Königsallee 92 40212 Düsseldorf

+49 (0) 211 1379-0

Whistleblower

Directive Whistleblower Protection Act – Omnicom Holding Germany

1. Purpose of the Directive

There is a risk for every organisation that from time to time something will go wrong or that employees will unknowingly or knowingly behave in an unethical or illegal manner. A culture of openness and accountability is essential to prevent such situations from occurring or to manage them if they do occur.

It is very important to us to receive tips about potential misconduct and to encourage reporting of potential misconduct without fear of sanction or discrimination.

This policy applies to all employees, trainees, interns, board members, managers, freelancers and other employees (hereinafter collectively referred to as “employees”).

In addition, the policy applies mutatis mutandis to all other persons entitled to report, such as applicants, former employees, all business partners such as suppliers, service providers and customers, shareholders, commercial agents, intermediaries and all other relevant stakeholders who have knowledge of misconduct in the company.

2. How can potential misconduct be reported?

We welcome whistleblowers to first report a whistleblower internally to give us the opportunity to internally investigate and remedy potential misconduct. This can be reported in person or in writing to the appropriate supervisor or human resources department. It may be possible to find a solution quickly and effectively.

2.1. CONFDNT whistleblowing system

Whistleblowers can also report potential misconduct via our whistleblowing system CONFDNT. Tips can be given as follows:

  • Online via our website or by telephone via our hotline:
  • BBDO Group Germany:
  • https://bbdo.confdnt.com
  • Tel. DE: +49 8914379869
  • Tel. EN: +49 89143770094

The website for notices and the hotline for notices are provided by the provider CONFDNT.

The following options can be selected for a notice via the notice web page:

  • Anonymous – No data on the identity of the whistleblower is recorded, but the status of the processing of the whistleblowing can still be tracked anonymously at any time via a QR code or a link. In this way, further additional information on the facts of the case can be provided anonymously.
  • Confidential – Whistleblowers can provide contact details, e.g. their email address, and will then be kept informed about the status of their whistleblowing. The contact data and identity of the whistleblower are processed exclusively by CONFDNT and not forwarded to the company. CONFDNT acts as an anonymisation level between the whistleblower and the company.
  • Transparent – The contact details or identity of the whistleblower are passed on by CONFDNT to the company, enabling direct communication.

2.2. External references to the competent authorities

You can also always contact the relevant authorities in case of potential misconduct.

2.3. Anonymous or confidential references

The company will also follow up on anonymous tips as long as this does not jeopardise the priority processing of anonymous reports. A proper investigation could be more difficult or impossible in these cases if no further supplementary information can be obtained.

The CONFDNT system provides the possibility to give confidential information without revealing the identity of the whistleblowers to the company. A confidential tip thus combines the advantages of anonymity with the possibility of communication.

2.4. Telephone advice and personal meeting

Telephone tips or tips given during a personal conversation are recorded with the consent of the person giving the tip or the conversation is recorded. The person giving the information will then be provided with the record of the conversation for review and correction, and he/she can confirm the record by signing it.

3. Who can report potential misconduct?

All current and former employees, applicants, business partners, shareholders, commercial agents, intermediaries and other relevant stakeholders who have knowledge of misconduct in the company are entitled to report.

4. What can and should be reported?

All grievances within the company, all misconduct by employees, all potential violations of applicable law and/or company policies, including the respective suspicion, can and should be reported. This includes, but is not limited to:

  • Fraud and misconduct in relation to accounting or internal accounting controls
  • Corruption, bribery and venality
  • Banking and financial crime
  • Auditing offences
  • Money laundering, financing of terrorist activities
  • Prohibited insider trading
  • Infringements of cartel or competition law
  • Violations of data protection law
  • Betrayal of secrets or breaches of confidentiality
  • Falsification of contracts, reports or records
  • Misuse of company assets, theft or embezzlement
  • Violations of human rights
  • Discrimination against employees
  • Health and safety risks
  • Environmental hazards

4.2. Reasonable suspicion

All cases where there is reasonable suspicion that an incident relevant under this Directive has occurred should be reported. It is in the interest of the company to report even suspected cases, even if not 100% sure.

4.3. Concrete and conclusive

Each report should be as specific as possible with background, events, reasons, names, dates, places and documents if available. Personal opinions should be identified as such.

4.4. Good faith or abuse

A tip should be made in good faith. Whistleblowers who report in good faith will not be subject to disciplinary action. Those who deliberately misuse the system must expect disciplinary measures.

4.5. Obligation to inform

Employees who believe that a matter constitutes a criminal offence or could cause serious damage to the company or third parties have a duty to inform the company.

5. What happens after a report?

5.1. Acknowledgement of receipt

Whistleblowers will receive an acknowledgement within seven days, unless the report was anonymous.

5.2. Editing the note

Every tip-off is treated confidentially and in compliance with data protection laws. Impartial officers assess reports and forward valid ones for investigation. The name of the whistleblower is disclosed only with consent.

5.3. Conclusion of investigations

If a tip proves accurate, decision-makers (usually management) determine measures. False or unsubstantiated tips are documented and closed with no consequences.

5.4. Complaint about handling

If whistleblowers are dissatisfied with how a report was handled, they can contact their supervisor or management directly.

6. How are whistleblowers protected?

6.1. Confidentiality

The protection of whistleblowers is ensured by confidential treatment of their identity, unless disclosure is legally required.

6.2. Protection from reprisals

  • Suspension, dismissal or comparable measures
  • Transfer, demotion, salary reduction, change of working hours
  • Refusal of promotion or training
  • Negative performance review
  • Coercion, intimidation, bullying
  • Discrimination or reputational damage
  • Early termination or withdrawal of contracts or licences

7. How are reported persons protected?

7.1. Information

Persons affected are notified of suspicions after investigations, including details of processing, data use, and rights.

7.2. Right to comment

The person concerned must be heard by the body responsible for internal investigations before conclusions are drawn at the end of the procedure explained above, naming the person. If a hearing is not possible for objective reasons, the competent body shall invite the person concerned to formulate his or her arguments in writing.

7.3. Right to erasure

If the suspicion asserted in the notification is not confirmed, the data subject has the right to have his/her data stored by the company in this context deleted.

7.4. Right to complain to the works council

The reported person may exercise his or her right of appeal under sections 84, 85 of the Works Council Constitution Act (BetrVG) and involve the works council.

8. Data protection

8.1. Legal conformity

Personal data provided by whistleblowers or collected in the course of internal investigations are processed in compliance with data protection regulations.

The data collected will only be used for the purposes described in this policy. The data is provided in particular to ensure the legal obligations of the company or compliance within the company. The data is processed on the basis of Section 26 (1) of the German Federal Data Protection Act (BDSG) for the fulfilment of contractual obligations or on the basis of the overriding legitimate interests of the company pursuant to Article 6 (1) f) of the German Data Protection Regulation (DSGVO). These legitimate interests are ensuring compliance in the company, in particular the detection and clarification of wrongdoing in the company, behaviour that is harmful to the company, white-collar crime, etc., as well as the protection of employees, business partners, customers and other stakeholders.

8.2. Information and advice

Whistleblowers are provided with the necessary information on data processing and data protection when the data is collected.

All persons whose data are processed by the company within the framework of the procedure (e.g. whistleblowers, reported persons or persons assisting in the clarification) have the right, pursuant to Art. 15 GDPR, to receive information from the company about the data stored by the company about them and further information, such as the processing purposes or the recipients of the data.

8.3. Retention and deletion

Notices will not be retained longer than is necessary and proportionate to meet the requirements set out in this policy or legal retention periods.

The deletion of the collected data shall generally take place after the conclusion of the internal investigation. However, if criminal, disciplinary or civil court proceedings are instituted as a result of misconduct within the meaning of this Directive or abuse of the whistleblower system, the storage period may be extended until the respective proceedings have been finally concluded.

Personal data that is obviously not relevant for the processing of a specific tip will not be collected or will be deleted immediately if it was collected unintentionally.

8.4. Technical and organisational measures

The data collected and processed as a result of a notice are stored separately from the other data processed in the company. Appropriate authorisation systems and adequate technical and organisational measures ensure that only the persons responsible in each case have access to this data.

8.5. Transfer to third countries

The data is processed exclusively within the EU or the EEA. Only in the case of non-European circumstances may a transfer to unsafe third countries be necessary. In this case, appropriate guarantees are provided in accordance with Art. 46 et seq. DSGVO are provided.

8.6. Data subjects’ rights

All persons whose data are processed by the company within the framework of the procedure have the right to have their incorrect data corrected, the right to have their data completed, the right to have their data blocked or to have their data deleted, provided that the requirements of Art. 16 ff. DSGVO are present. A request for deletion is justified, for example, if the data has been processed unlawfully or the data is no longer needed for the purposes for which it was collected.

8.7. Rights of objection

If data are processed on the basis of legitimate interests of the company, the person concerned by such processing may object to the processing of his/her data by the company at any time on grounds relating to his/her particular situation. The company will then either demonstrate overriding legitimate grounds allowing the processing or it will no longer process the data. For the time of this review, the data required for these purposes will be blocked.

8.8. Data Protection Officer

Persons involved in the procedure, including the whistleblowers themselves, can contact the company’s data protection officer at any time to have it checked whether the rights existing on the basis of the relevant applicable provisions have been observed.

8.9. Right of appeal

If a data subject is of the opinion that the company is not processing the data in accordance with the applicable data protection law, a complaint can be lodged with the competent data protection supervisory authority.

9. Consequences in the event of infringements

A violation of this policy may result in measures under labour law, including termination of employment without notice or, in the case of freelancers, termination of the cooperation without notice. Criminal sanctions and civil law consequences such as compensation for damages are also possible.