The Whistleblower Protection Act (Hinweisgeberschutzgesetz, HinSchG) is the German implementation of the EU Whistleblower Directive (Directive [EU] 2019/37 of the European Parliament and of the Council of 23 October 2019). The aim of the HinSchG is to protect individuals who in the course of their professional activities have obtained information about violations, and who go on to report them. The HinSchG prohibits any reprisals against whistleblowers and obliges companies to set up secure channels for reporting wrongdoing.

The Rosa-Luxemburg-Stiftung (RLS) is committed to the practice of open internal communication and to complying with legal and ethical standards. This also includes zero tolerance for criminal offences or any regulatory breaches. This digital whistleblowing system is designed to enable RLS employees to report offences anonymously. The RLS ensures that employees who report in good faith actual or potential violations of the law will not be penalized or discriminated against.

Individuals who are or who have been in contact with the RLS as part of their professional activities and have obtained information about violations under section 3 paragraph 2 of the HinSchG are also able to report it anonymously and confidentially via the whistleblower system. Via this system, all reports are forwarded to the Internal Reporting Office, which is to be established in accordance with section 12 of the HinSchG.

The Internal Reporting Office is part of the Quality Management and Internal Auditing department and is represented by the following employees:

The scope of protection provided under section 2 of the HinSchG is very broad. Whistleblowers are protected by the Whistleblower Protection Act if they report violations of the following regulations:

Offences against criminal provisions: this includes any criminal offence under German law, in particular those under the Criminal Code.

Offences that are punishable by a fine (i.e. misdemeanours), if they violate a norm that protects life, limb, or health, or the rights of employees or their representative bodies. These offences can include, for example, violations of occupational health and safety regulations, violations of the minimum wage law, or violations of the obligation to report and provide information to bodies of the Works Constitution such as works councils.

Moreover, it includes all violations of federal and state legislation that were adopted in order to implement specific European regulations, as well as violations of directly applicable EU legislation in a variety of different areas, such as: regulations to combat money laundering and financing of terror groups, regulations on product safety and traffic safety, regulations on the transport of dangerous goods, regulations on environmental protection and radiation protection, safety of food items for human and animal consumption, quality and safety standards for pharmaceuticals and medical products, regulations on consumer protection, and on data protection and information technology security, on public procurement, on accounting for corporations, regulations in the area of competition law, etc.

Note: another prerequisite for accepting a report is that the violations must relate to the employer/company or to another entity with which the whistleblower had or has professional contact (section 3 paragraph 3 of the HinSchG).  

The reported incident should be described as accurately as possible. The report should include the following information: What happened? Who was involved? When did the incident occur? What is the alleged offence? What action should be taken?

The HinSchG does not apply to general complaints, suggestions for improvement, criticism, or advice on RLS content (events, publications, debates, etc.). 

Likewise, it does not apply to reports that are obviously unfair accusations, such as insults, informing on others with malicious intent, and the intentional reporting of falsehoods. In these cases, the whistleblower may be liable for damages in accordance with section 38 of the HinSchG.

Employees of the RLS, employees of the regional branches and regional Stiftungen, employees of the international offices, as well as other parties who are or who have been in professional contact with the RLS (contract workers, lecturers, cooperation partners, service providers, volunteers, interns, applicants, etc.).

The portal can be used to submit reports either anonymously or with name provided, with the option of submitting either in writing, or by leaving an audio message. If the whistleblower wishes, it is also possible to discuss the report in an in-person meeting within a reasonable timeframe, and this can also be conducted in a video conference, should the whistleblower consent to this. To schedule a meeting, please contact the Internal Reporting Office on the following number: +49 152 590 638 75.

The internal reporting channels are designed to protect the identity of the whistleblower, the individuals who are the subject of a report, and any others mentioned in the report. Only the staff responsible for receiving the report and taking follow-up measures shall be privy to the identities of those involved, so that other parties are prevented from accessing the internal reporting channel. Only with the express consent of the individuals concerned may their identity be disclosed.

A centralized external reporting office has been set up at the Federal Ministry of Justice (Bundesamt für Justiz). In addition, the existing reporting systems at the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, or BaFin) and the Federal Cartel Office (Bundeskartellamt) will continue to operate as additional external reporting bodies with special responsibilities. Further information on the federal government’s external reporting procedures can be found on the website of the Federal Ministry of Justice. There are also corresponding reporting procedures for filing whistleblower reports with European Union institutions, bodies, offices, and agencies.

In principle, the whistleblower is free to choose whether to contact the internal reporting office of the company or an external reporting office of the authorities. However, section 7, paragraph 1, sentence 2 of the HinSchG incentivizes the use of internal reporting channels within the company: whistleblowers should prioritize submitting their report to an internal reporting office in cases where, without fear of reprisals, effective internal action can be taken to address the offence.

Whistleblowers are encouraged to use a reporting office first. Information should only be disclosed to the public or the media if, following the initial report to a reporting office, no timely follow-up action has been taken; if there is an immediate or obvious danger to the public interest; if there is a risk of reprisals; or if the chances of a solution are low (section 32 of the HinSchG).

The prohibition of reprisals under section 36 paragraph 1 of the HinSchG prohibits unjustified disadvantages such as dismissal, denial of promotion, reassignment of duties, disciplinary measures, discrimination, or harassment, but also the non-renewal of fixed-term employment contracts. If a whistleblower is retaliated against, they are entitled to compensation for any damage incurred.

1. Confirm receipt of the report (within seven days).
2. Check whether the offence falls within the scope of the process.

3. Maintain contact with the whistleblower.

4. Verify the accuracy of the report.

5. Request any additional information needed.

6. Take appropriate follow-up measures, such as an internal investigation, referral to the competent authority, or closing/dismissing the case.

7. Provide feedback to the whistleblower no later than three months after confirming receipt of the report.

8. If applicable, the company will cooperate with third parties for follow-up measures and verification of the validity of the report.

Vispato strictly adheres to the provisions of the EU General Data Protection Regulation (GDPR) in the collection, use, and storage of personal data. We employ comprehensive, client-side end-to-end encryption. The documentation is generally deleted three years after completion of the process. However, in exceptional circumstances, where adherence to the Whistleblower Protection Act or other legal mandates necessitates longer retention, we retain documentation as long as it remains necessary and reasonable to do so.