During the use of BKMS® Incident Reporting, a text file (called a \"session cookie\") is saved on your computer containing only the number of your session. This is necessary for technical reasons in order to establish the connection to a security-certified server. The \"session cookie\" does no damage to your computer, it does not access your data and has no relation to the contents of your report. If you close all browser windows after submitting your report, the \"session cookie\" will expire and be automatically deleted.
Becoming the trusted industry leader – this is the ambition of dormakaba, which guides us in everything we do.
Helping us to achieve this goal are our corporate values Customer First, Curiosity, Performance, Courage and Trust – the latter also being our overlying brand promise. These values aligned to and underpinned by a consistently legal and ethical approach in all matters, are of essential importance for our sustainable corporate success, and that is why we are asked to adhere to them regardless of where we do business in the world.
Both our Code of Conduct as well as our Supplier Code of Conduct give guidance and manifest the rules by which we do business. In order to preserve the integrity of dormakaba and to avert possible damages, it is important that potential compliance violations are made known. Since we attach great importance to an open corporate culture, every employee and external third parties, such as business partners or suppliers, are encouraged to speak up, if they are aware of compliance risks.
Despite this open culture and the possibility to contact Group Compliance, dormakaba also offers its employees, but also its customers, suppliers and other business partners, a secure whistleblowing portal to point out possible serious compliance violations. In this way, appropriate notifications can be made worldwide and around the clock – securely and anonymously. A submitted note is forwarded to dormakaba Group Compliance, which is responsible for further confidential processing.
As a company, dormakaba can boast more than 150 years of business success – based first and foremost on the trust our partners, employees, and customers set in us. Please help us to hold up these high standards of professionalism by adhering to a spirit of openness and transparency, also when it comes to potential violations of the law or dormakaba's rules and regulations. We have implemented this tool to make it even easier to do this, and I encourage you to use it.
Thank you for your support, and your trust, Riet Cadonau Chairman of the Board dormakaba Group
The submission of reports through this external system is one way of drawing dormakaba's attention to potential compliance violations. This includes violations of the law as well as internal Rules & Regulations.
Perhaps you are aware of harmful behavior or risks which endanger dormakaba. Your report will help identify threats to the company before they materialize, and you will ensure the sustainable success and high reputation of dormakaba.
To submit a report with your name or to submit an anonymous report, click on the "Submit report" button located at the top of this page. The reporting process consists of four steps:
First, you will be asked to read information about the protection of your anonymity and answer a security query.
On the following page, you will be asked about the category of your report.
On the reporting page, you can phrase your report in your own words and answer questions concerning your report in a simple, multiple-choice selection. You can enter up to 5,000 characters into the free text field, which corresponds to a full page. You may also submit a file of up to 10 MB to support your report. Please bear in mind that documents may contain information about you, the author. After you have submitted your report, you will receive a reference number as proof that you successfully submitted this report.
In the next step, you can set up your own secured postbox. This allows you to hear back from your contact at dormakaba, answer questions and keep being updated about the progress of your report if you wish so.
As long as you do not enter any data that could reveal your identity, this external system protects your anonymity at a technical level.
Your report will be forwarded to Group Compliance and will be accessible by a very limited number of initial examiners within Group Compliance only. Depending on the category of your report, Group Compliance may involve additional individuals or departments in the fact finding process. Your report will always be treated strictly confidential in order to investigate the situation discreetly and protect you, the whistleblower.
In your report, you can also specify individuals and departments who you believe ought not to be involved in the fact-finding process (e.g. because they are involved in an incident themselves).
To contact Group Compliance directly, please use the following e-mail address: firstname.lastname@example.org. Please note that your anonymity is not protected technically when you send us an e-mail. If you wish to remain anonymous, please use this electronic system.
How do I receive feedback and remain anonymous at the same time? Why should I set up a postbox?
Protecting whistleblowers is extremely important to dormakaba, regardless of whether you submit your report anonymously or reveal your name. If you want to remain anonymous, the external BKMS® Incident Reporting will protect your anonymity by technical means. The system's anonymity protection function is certified by an independent body.
After receiving an initial report, Group Compliance often requires further information about the situation to investigate and terminate malpractices. The secured postbox allows you to respond to questions from Group Compliance and facilitate the fast, effective investigation of the incident you have reported. You can remain fully anonymous throughout the entire dialogue if you wish so.
When setting up your secured postbox, you select your own pseudonym/user name and password. Your report is kept anonymous through encryption and other specialized security measures. You will never be asked for personal information at any time during the reporting process. You are not obliged to enter any data which allows for conclusions to be drawn about your identity.
If you already have a secured postbox, you can access it directly via the “Login” button. First, you will also have to answer a security query.
Information about the organisation
dormakaba International Holding GmbH
DORMA Platz 1, 58256 Ennepetal, Germany
Contact data (phone number, email)
+49 2333/793 0. email@example.com
Individuals with authority to act as representative
Ralf Egidius, Mirja Becker, Alfons Wahlers, Jörg Lichtenberg, Michael Vorhold, Daniel Leprohon
Court of registry and registration no
Local court of Hagen, HR B 10062
(as per Section 27a of the German VAT Act, UStG)
Information on data protection
We take data protection and confidentiality very seriously and adhere to the provisions of the EU General Data Protection Regulation (EU-GDPR) as well as current national data protection regulations. Please read this data protection information carefully before submitting a report.
Purpose and legal foundation of the whistleblowing system
The whistleblowing system (BKMS® Incident Reporting) serves the purpose of securely and confidentially receiving, processing and managing reports concerning violations of the law or of dormakaba's internal Rules & Regulations. The processing of personal data within the framework of the BKMS® Incident Reporting is based on the legitimate interest of our company in discovering and preventing wrongdoing and thereby averting damage to dormakaba, its employees and customers. The legal basis for this processing of personal data is Article 6(1)(f) of the EU-GDPR (General Data Protection Regulation).
The responsible bodies for data protection relating to the whistleblowing system are
1) dormakaba International Holding GmbH and
2) its subsidiaries
as bodies with mutually autonomous responsibility (hereafter also: “dormakaba”). The whistleblowing system is operated by a specialised company, Business Keeper AG, Bayreuther Str. 35, 10789 Berlin in Germany, on behalf of dormakaba.
Personal data and information entered into the whistleblowing system are stored in a database of a high security data centre operated by Business Keeper AG. The data can only be accessed by dormakaba. Business Keeper AG and other third parties do not have access to the data. This is ensured in the certified procedure through extensive technical and organisational measures.
All data are stored encrypted with multiple levels of password protection so that access is restricted to a very small selection of expressly authorised persons at dormakaba Group Compliance.
dormakaba has appointed a data protection officer. Inquiries regarding data protection at dormakaba can be sent to Group Compliance at firstname.lastname@example.org.
Type of personal data collected
Use of the whistleblowing system takes place on a voluntary basis. If you submit a report via the whistleblowing system, we collect the following personal data and information:
your name, if you choose to reveal your identity,
whether you are employed at dormakaba, and
the names and other personal data of persons whom you list in your report, if applicable.
Confidential handling of reports
Incoming reports are received by a small selection of expressly authorised and specially trained employees of dormakaba Group Compliance and always handled confidentially.
During the processing of a report or the conducting of a special investigation, it may become necessary to forward reports to additional employees of dormakaba or employees of other group companies, such as if the reports refer to activities in subsidiaries. The latter may be based in countries outside the European Union or the European Economic Area with different regulations about the protection of personal data. We always ensure compliance with the applicable data protection regulations when sharing reports.
Notification of the persons concerned
We are legally obligated to inform affected parties of any reports received against them as soon as the disclosure of this information no longer jeopardises the investigation. Your identity as a whistleblower will not be disclosed unless we are legally obliged to do so.
Rights of the persons concerned
Pursuant to European data protection legislation, you and the persons named in the report have a right of access, rectification, erasure, restriction of processing and objection to processing of your personal data. If the right to object to the processing of the personal data is invoked, the necessity of the stored data for the examination of a report will be evaluated immediately. Data that are no longer needed will be deleted at once. You also have the right to appeal with the supervisory authority.
Retention period of personal data
Personal data is retained for as long as necessary to clarify the situation and perform a final assessment or for as long as a legitimate interest exists on the part of the company or retention is required by law. After the report processing is concluded, the data will be deleted in accordance with statutory requirements at least. We reserve the right to carry out stricter deletion routines that exceed the legal requirements, e.g. to meet requirements of any relevant works agreements.
Use of the whistleblowing portal
Communication between your computer and the whistleblowing system takes place over an encrypted connection (SSL). Your IP address will not be stored during your use of the whistleblowing system. In order to maintain the connection between your computer and the BKMS® Incident Reporting, a cookie is stored on your computer that contains only the session ID (a so-called session cookie). This cookie is only valid until the end of your session and expires when you close your browser.
It is possible to set up a postbox within the whistleblowing system that is secured with an individually chosen pseudonym/user name and password. This allows you to send reports to the respectively responsible employee at dormakaba either by name or in an anonymous, safe way. This system only stores data inside the whistleblowing system, making it particularly secure. It is not a form of regular e-mail communication.
Note on sending attachments
When submitting a report or an addition, you can simultaneously send attachments to the responsible dormakaba employee. If you want to submit an anonymous report, please take note of the following security advice: files can contain hidden personal data that could put your anonymity at risk. Remove this data before sending. If you are unable to remove this data or are uncertain about how to do so, copy the text of your attachment into your report text or send the printed document anonymously to the address listed in the footer, citing the reference number received at the end of the reporting process.