Allianz SE Privacy Notice for SpeakUp
Protecting your privacy is a top priority for us. Please read this notice carefully.
This Allianz Privacy Notice outlines Allianz SE’s (“Allianz”, “we”, “our” or “us”) policy regarding personal information (i.e., data which can be linked/attributed to an individual person, “Personal Data”) obtained by Allianz through SpeakUp and subsequent compliance investigations.
With our whistleblowing reporting channel, “SpeakUp”, we provide a means for reporting specific incidents of compliance violations e.g. (non-exhaustive list): fraud, theft, corruption, violations of gifts & entertainment policies and procedures, antitrust violations, financial irregularities or breaches of accounting or tax provisions, falsification and/ or manipulation of company business and/ or financial records, any kinds of discrimination or harassment, potential conflict of interest.
This Privacy Notice sets out which kind of Personal Data will be collected, processed, and used, for which purposes, to whom this Personal Data may be shared and which rights you, as the data subject, have in this regard.
1. Who is the data controller?
A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files.
Allianz SE, the German-based holding of the Allianz Group, located in Koeniginstrasse 28, 80802 Munich, Germany, is the data controller as defined by relevant data protection laws and regulations. In the event that an alleged violation involves other Allianz Group companies, the other Allianz Group companies will also be data controllers to the extent it is necessary to address the alleged violation. A list of the Allianz Group companies can be found here:
The SpeakUp system is stored in a database operated by Business Keeper GmbH, an independent operator located in 10789 Berlin, Bayreuther Str. 35, on behalf of Allianz. All data is encrypted, password-protected and stored at a secure location, so that access to the content of the reports on SpeakUp is limited to only authorized employees at Allianz Group.
2. What Personal Data will be collected?
We will collect and process various types of Personal Data about you to fulfill the purposes of this notice, including:
- Surname and first name
- Contact information (e.g., email address, phone number)
- Business relationships
- Affiliation with Allianz
- Information about any complaints(s) made by or about you
- Information about any current or former investigations in which you may be involved or concerned
- Information to enable the investigation of improper or allegedly criminal activities, or breach of the Allianz Code of Conduct
Allianz encourages you to disclose your identity when you submit a suspected compliance violation. Many investigations can be conducted more quickly and efficiently if the name of the whistleblower is known, since the specialist handling the report can get in touch with the whistleblower directly. However, SpeakUp protects the anonymity of reporters who do not want to reveal their identity. When setting up your secured postbox, you may select a pseudonym/user name and password. As long as you do not enter data which makes it possible to draw conclusions about your identity, your report will be kept anonymous through numerous technical and organizational measures such as encryption.
The information you report may contain Personal Data about other individuals and will be evaluated by Allianz. It may result in the initiation of internal or external investigations and may have other negative consequences for those affected. You should therefore only provide information which you assume to be correct to the best of your knowledge and is relevant to the alleged compliance violation. As long as your report is made in good faith and to your best knowledge, you will not face negative consequences for speaking up.
However, giving knowingly false or misleading information may have consequences for you. The intentional dissemination of false information is liable to criminal prosecution in many countries. In general, please do not provide us with information that is subject to prosecution in your country.
3. For which purposes do we process and use your Personal Data?
We will process your Personal Data for the purpose of providing a global whistleblowing reporting channel to our employees, shareholders, customers and the general public, and to investigate and address improper conduct, including alleged criminal activities (e.g., fraud) and violations of the Allianz Code of Conduct.
Allianz takes appropriate steps to make careful use of the information reported, applying the highest standards of confidentiality, care and caution. The Compliance function is primarily responsible for processing reports received through SpeakUp. Once a report is submitted, our Compliance function will receive the information and check whether an in-depth investigation is required. An investigation may be conducted by internal or external investigation specialists depending on the alleged violation. External specialists are contractually or legally bound by confidentiality obligations to protect Personal Data processed on behalf of Allianz. Audit, Legal and HR functions are also frequently involved in the compliance investigation process. In significant cases, the Board of Management is informed promptly and is updated on important findings.
The general rule is that SpeakUp should only be used to submit reports related to the compliance categories listed above. However, if the content of your report does not fall under any of the compliance categories, we will forward your report to the responsible Allianz function, provided we deem it necessary and appropriate. For instance, reports on personal matters may be sent to the HR function.
4. On which legal bases do we collect, process and use your Personal Data?
We use the following legal bases for the collection, processing and use of your personal data:
- Consent. We rely on your consent to disclose your identity in the event you are a whistleblower. As you enter information into the SpeakUp system, you will be asked for your consent to the collection, processing and use of your Personal Data as described above. You retain your right to withdraw your consent to disclose your identity to the affected persons, but please note that your withdrawal will only be possible within one month of the reporting. We may also need to disclose your identity to other third parties as described in Section 5. If you do not want Allianz to collect, process or use your Personal Data, you may submit a report anonymously.
- Legal Obligation. We will process Personal Data to comply with legal obligations to which we are subject (e.g., for maintaining and providing whistleblowing services to our employees).
- Legitimate Interest. We have a legitimate interest to ensure that violations of applicable laws or regulations and violations of the Allianz Code of Conduct are appropriately addressed in a timely manner to protect Allianz as well as our employees, shareholders, customers, and the general public from the results and effect of illegal or improper conduct.
5. Who will have access to your Personal Data?
We will ensure that your Personal Data is processed in a manner that is compatible with the purposes specified above.
For the specified purposes, your personal data may be disclosed to the following parties who operate as third party data controllers:
- In the event that an alleged violation involves other Allianz Group companies, the responsible function in these companies will be notified; and
- Authorized external specialists (e.g., outside counsel, auditors, forensic experts, etc.).
For the stated purposes, we may also share your personal data with the following parties who operate as data processors under our instruction:
- Authorized agents, contractors, and service providers.
Finally, we may share your Personal Data in the following instances:
- Allianz may also be required by law to provide certain government agencies, including, without limitation, government investigation agencies or courts with information about reported compliance violations. If we are obligated to provide such information, as well as in the event of confiscations, we are not able to withhold the Personal Data obtained by Allianz via SpeakUp or the subsequent compliance investigation.
- In certain instances, Allianz may not be obligated to share Personal Data with government agencies, but has the legal right to do so voluntarily. Please let us know if you do not want us to voluntarily share your Personal Data, including your identity, with government agencies (unless this disclosure is necessary to safeguard the legitimate interests of Allianz).
- It is frequently required by law that accused persons and witnesses named in a report that alleges a compliance violation have to be notified and heard. These persons will have the opportunity to present their view about the report during the course of the investigation. In the case of non-anonymous reporting, the affected persons may have legal rights to information, which may require us to disclose your name absent an overriding interest. Please let us know if you do not want us to give your name as the whistleblower. You retain your right to withdraw your consent to disclose your identity to the affected persons, but note that your withdrawal will only be possible within one month of the reporting.
6. Where will your Personal Data be processed?
Your personal data may be processed both inside and outside of the European Economic Area (EEA) by the parties specified above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them.
Whenever we transfer your personal data for processing outside of the EEA to another Allianz Group company, we will do so on the basis of the binding corporate rules (BCRs) of Allianz known as the Allianz Privacy Standard (APS) which establish adequate protection for personal data and are legally binding on Allianz Group companies. The public version of the APS and the list of Allianz Group companies that comply with them can be accessed on Allianz.com.
Where the APS does not apply, we will instead take steps to ensure that the transfer of your personal data outside of the EEA receives an adequate level of protection as it does in the EEA. You can find out what safeguards we rely upon for such transfers (e.g., Standard Contractual Clauses) by contacting us as detailed below.
7. What are your rights in respect of your Personal Data?
To the extent permitted by applicable data protection laws and regulations, you have the right to:
- Access your Personal Data held about you and to learn the origin of the data, the purposes and ends of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
- Update and correct your Personal Data so that it is accurate;
- Request the deletion of your Personal Data if it is no longer needed for the purposes indicated above;
- Obtain your Personal Data in an electronic format;
- Restrict the processing of your Personal Data in certain circumstances, for example; where you have contested the accuracy of your Personal Data, for the period enabling Allianz SE to verify its accuracy;
- Object to the processing of your Personal Data on specific grounds relating to your particular situation that override our compelling legitimate grounds for the processing;
- Withdraw your consent at any time where your Personal Data is processed with your consent, without affecting the lawfulness of processing based on consent before its withdrawal and on processing done based on other legal basis (e.g., legitimate interest); and
- File a complaint with us and/or the relevant data protection authority.
You may exercise these rights by contacting us as detailed in Section 9, below, providing your name, email address, and purpose of your request. Note these are not absolute rights, but we will comply fully with our legal obligations.
8. What security measures have we implemented to protect your Personal Data?
Allianz has implemented reasonable technical and organizational security measures (e.g., access controls, encryption, physical security such as locked offices, etc.) to protect your Personal Data collected by Allianz via SpeakUp and any subsequent compliance investigations against unauthorized access, misuse, loss or destruction.
9. How long do we keep your Personal Data?
We will only retain your Personal Data as long as it is necessary to investigate and resolve the compliance violation reported, including the remediation of any shortcomings discovered and the handling of any ensuring litigation. Your Personal Data will be stored for longer if further retention is required by legal, regulatory or contractual obligations, or if it is permitted by law.
10. How can you contact us?
If you have any queries about how Allianz SE uses your Personal Data, you can contact us by post or email via the details specified below:
Group Data Protection Officer
80802 Munich Germany
If your query is about how other Allianz Group companies use your Personal Data, you can contact the details listed in this Section 10 and we will forward your request to the Data Protection Officer of the applicable Allianz Group company accordingly.
11. How often do we update this Privacy Notice?
We regularly review this Privacy Notice. We will inform you when there is an important change that may have an impact on the processing of your Personal Data.
This privacy notice was last updated in April 2022.