Skip to content

Investigate, prosecute and prevent legal violations

The establishment of whistleblower systems is a central component of the Whistleblower Protection Act. They are intended to ensure that breaches of the law are investigated, prosecuted and prevented. The reporting persons are to be protected from disadvantages that could threaten them because of their report or deter them from reporting in in the first place. Simultaneously, whistleblowing enables breaches to be countered at an early stage and damage to companies, employees and business partners to be reduced.

At the same time, we ask you to consider that suspicions and accusations can sometimes lead to serious consequences and would therefore ask you to use this reporting system responsibly.

Reporting form

  • We need your e-mail address to ensure the legally required communication on the status of the procedure. The e-mail-address does not have to allow any inference to your person.

  • Please describe the incident in as much detail as possible. The following information is particularly helpful.

    • What is your relationship to the company of the reporting channel?
    • In your opinion, persons involved in the incident?
    • To your knowledge, has anyone in the company already been informed?
  • Only one file can be selected. Please no larger than 20 MB.
    Max. file size: 20 MB.
  • Your information will of course be treated confidentially. intersoft consulting services assures that your personal data is used exclusively for the purpose of processing your request and is not passed on to third parties. The data transmission is encrypted.
  • This field is for validation purposes and should be left unchanged.


  • Acknowledgement of receipt and verification

    After submitting the form, reporting persons will receive confirmation of receipt of the report within 7 days.

    The notice is then checked for validity, in particular whether there are sufficient indications of an actual violation within the meaning of the Whistleblower Protection Act. Contact is maintained with the reporting person and, if necessary, further information is requested. At the request of the reporting person, a personal meeting is also possible.

  • Reprocessing within the company

    If there are sufficient indications of a breach, the matter is passed on to persons within the company who are responsible for further processing, while maintaining confidentiality at all times.

    In the course of the subsequent investigation, it will be examined in particular which measures are necessary in the individual case in order to sanction any identified breaches and to draw up consequences for the future. Where information relates to specific persons, they will be informed of the report (generally preserving anonymity) and given the opportunity to state their position.

  • Feedback

    Reporting persons will receive feedback on envisaged and already taken follow-up measures as well as the reasons for these within 3 months. Insofar as the internal processing would be prejudiced and/or the rights of the persons who are the subject of a report or named in the report are affected, this may be waived.

Frequently asked questions

We would like to tell you what you should know about the reporting office.

The Whistleblower Protection Act (HinSchG) provides for comprehensive protection of the identity of the reporting person. This reporting channel is therefore designed, set up and operated in such a way that not only the confidentiality of the identity of the reporting person is maintained, but also the confidentiality of third parties mentioned in the report. Unauthorized third parties are denied access to it.

Reporting persons can also send the report anonymously. To ensure that communication is still possible, we recommend using an appropriately innocuous e-mail address.

For a complete report, reporting persons should present the facts in a way that clearly indicates which conduct or circumstance they believe to constitute a breach.

In order to enable necessary inquiries about the report and to provide feedback to reporting persons about the course of the procedure and the result, it is necessary to provide an e-mail address and, if applicable, the name of the reporting person.

Alternatively, a report can be submitted verbally by calling +49 40 790 235 380 or by meeting in person at our premises by telephone arrangement:

intersoft consulting services AG

  • Hamburg: Beim Strohhause 17, 20097 Hamburg
  • Berlin: Schöneberger Ufer 47, 10785 Berlin
  • Cologne: Dürener Straße 189, 50931 Cologne
  • Frankfurt: Niedenau 13 – 19, 60325 Frankfurt
  • Stuttgart: Rotebühlplatz 9, 70178 Stuttgart
  • Munich: Bernhard-Wicki-Strasse 7, 80636 Munich

Furthermore, reports can be submitted to
Encrypted via PGP: Download public key

Reporting systems can be operated by companies themselves or outsourced to third parties. Outsourcing to a specialized and experienced third party offers many advantages, in particular a professionally competent handling of a reporting person’s notification is ensured, and the neutrality of an external provider creates additional trust. At the same time, outsourcing to a third party does not release the company concerned from its obligations to take appropriate measures to remedy any breach.

At intersoft consulting services AG, only professionally trained consultants are involved with the tasks of an internal reporting office, and it is ensured that all necessary legal requirements are met.

Reporting persons are encouraged to report breaches through this whistleblowing system. However, there are also external reporting offices operated by the respective competent authorities. The external reporting office set up at the Federal Office of Justice can be found under this link.

Privacy / Imprint

We would like to inform you about how we process your data and how you can exercise the rights to which you are entitled under the General Data Protection Regulation. Which types of personal data we process and for what purpose depends on the respective notification by the reporting person.

Who is responsible for data processing?

The controller is:

intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
Phone: +49 40 790235 – 0
Fax: +49 40 790235 – 170

How to contact the data protection officer?

You can contact our data protection officer at:

Katrin Rammo
Data Protection Officer
Beim Strohhause 17
20097 Hamburg

Provision of the website

The access log by our web server is anonymized. However, our system uses certain security plugins from the provider WordPress, which protect our website from attacks and misuse. Normal, non-malicious website access is usually not logged by the plugins. If an attack on our system is suspected, data about the visitor’s computer system is logged automatically for forensic purposes and stored in firewall logs.

Type of data
The data stored is the IP address, date and time, browser user agent and the reason for the suspicious activity.

Purpose of processing
The collection of log files serves to log averted or malicious website accesses, to ensure forensic activities and the security and stability of our website.

Legal basis
The legal basis is Article 6 (1) sentence 1 (f) GDPR.

Legitimate interests
The aforementioned purposes also constitute the legitimate interest in data processing within the meaning of Article 6 (1) sentence 1 (f) GDPR.

Duration of data storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case after one month at the latest.

Possibility to object
Insofar as data is collected to the extent described, this is absolutely necessary for securing and operating the website. Hence, there is no possibility to object.

Use of the whistleblower system

When you make a report via the reporting platform we operate, we process your personal data as well as the personal data of persons you name in your report.

Type of data
When using the reporting platform, the following categories of personal data are processed:

  • first name, last name (if you disclose your identity)
  • e-mail-address
  • if necessary, contact details (telephone, fax, address)
  • if necessary, further personal data resulting from the reported facts.

From which sources do the data originate?
We process personal data that we receive from you as a reporting person.

For what purposes do we process your data and on what legal basis?
We process your personal data in compliance with the General Data Protection Regulation (GDPR) and all other applicable laws for the purpose of fulfilling the legal obligations arising from the Whistleblower Protection Act.

Legal basis: For the fulfillment of legal obligations (Article 6 (1) Sentence 1 (c) GDPR in conjunction with Sections 12, 13, 14 HinSchG).
We – intersoft consulting services AG – are commissioned by companies to assume the tasks of the internal reporting office according to Sections 12, 13 and 14 HinSchG. According to Section 10 HinSchG, the reporting offices are authorized to process personal data as far as this is necessary for the fulfillment of their tasks.

Will your data be shared?
Data is only ever shared in connection with the reporting person’s notification to the relevant company.

Is your data transferred to countries outside the European Union (so-called third countries)?
Data transfer to countries outside the European Union is not envisaged.

How long will your data be stored?
We delete your data as soon as it is no longer required for the above-mentioned purposes. Storage is associated with a legal obligation to document the reports.

The documentation is deleted three years after the conclusion of the procedure. The documentation may be kept longer to meet the requirements under the Whistleblower Protection Act or other legislation, as long as this is necessary and proportionate.

What rights do you have in connection with the processing of your data?

We will be happy to provide you with information as to whether personal data relating to you is being processed; if this is the case, you have a right of access to this personal data and to the information listed in Article 15 GDPR. The restrictions according to Sections 29, 34 and 35 BDSG may apply.
In addition, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR), where the legal conditions are met.

What right do you have in case of data processing based on a legitimate or public interest?

Pursuant to Article 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is based on Article 6 (1) point (e) (data processing in the public interest) or point (f) GDPR (data processing for the purpose of a legitimate interest).

You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal is only effective for the future.

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).

intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg

Phone: +49 40 790235 – 0
Fax: +49 40 790235 – 170

Chairman of the Board: Thorsten Logemann
Management Board: Dr. Nils Christian Haag
Chairman of the Supervisory Board: Ralf Schmidt

VAT ID: DE 175966522
Commercial register: HRB 114727
Registry court Hamburg

Responsible for the content
Thorsten Logemann, intersoft consulting services AG, Beim Strohhause 17, 20097 Hamburg, Germany