WHISTLEBLOWER SYSTEM
OF MEISSNER BOLTE PATENTANWAELTE RECHTSANWAELTE PARTNERSCHAFT MBB

Report incident

Category of incident

When have you learned about the violation?

Description of the violation

When describing the incident, please ensure that it is complete and comprehensible. Please note that the identity of a whistleblower who intentionally or grossly negligently reports incorrect information about violations is not protected under the German Whistleblower Protection Act (HinSchG). In addition, the whistleblower may be liable for damages resulting from the intentional or grossly negligent reporting of incorrect information.

Upload files (up to 100 MB)

report anonymously

First name

Last name

Phone number (optional)

E-Mail *

089 125015611

Holzhofer Consulting GmbH
Lochhamer Straße 31
D-82152 Planegg

(Only by telephone appointment!)

External whistleblower unit at the Federal Office of Justice

As a whistleblower, you generally have the option of submitting your report to the external whistleblower unit at the Federal Office of Justice in accordance with Section 7 HinSchG. However, reporting via our whistleblower system offers you the advantage that your report can be followed up and rectified internally without delay. You can rest assured that we will handle your report confidentially and that you will not suffer any disadvantages in connection with the report.

External whistleblower unit at the Federal Cartel Office

If your report concerns an infringement of competition law, you can submit your report either to our whistleblower system or to the external whistleblower unit at the Federal Cartel Office. However, the advantage of reporting via our whistleblower system is that your report can be followed up and rectified internally without delay. You can rest assured that we will handle your report confidentially and that you will not suffer any disadvantages in connection with the report.

External whistleblower unit at the Federal Financial Supervisory Authority (BaFin)

If your report concerns a violation of supervisory provisions that BaFin is responsible for enforcing, you have the option of submitting your report either to our whistleblower system or to the external whistleblower unit at the German Federal Financial Supervisory Authority (BaFin). However, reporting via our whistleblower system offers you the advantage that your report can be followed up and rectified internally without delay. You can rest assured that we will handle your report confidentially and that you will not suffer any disadvantages in connection with the report.

Relevant reporting procedures of institutions, bodies, offices or agencies of the European Union

Institutions of the European Union

European Commission

European Parliament

Bodies of the European Union

European Ombudsman

European Data Protection Supervisor

Other offices or agencies of the European Union:

European Public Prosecutor’s Office (EPPO)

European Anti-Fraud Office (OLAF)

European Aviation Safety Agency (EASA)

Europäische Agentur für die Sicherheit des Seeverkehrs

European Maritime Safety Agency (EMSA)

European Securities and Markets Authority (ESMA)

These data protection information pursuant to Art. 13 et seq. General Data Protection Regulation (GDPR) serve the duty to furnish information when collecting and processing personal data in connection with our internal whistleblower system in accordance with the German Whistleblower Protection Act (HinSchG).

Our whistleblower system basically comprises the following reporting channels:

Oral report (by telephone)
Written report (by post or web form)
Personal report (as desired by the whistleblower)

Please read this data protection information carefully before submitting a report.

1. Name and contact details of the controller

Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB
Hollerallee 73
28209 Bremen
Tel.: +49 421-34 87 40
E-Mail:

2. Contact details of the data protection officer:

Holzhofer Consulting GmbH
Martin Holzhofer
Lochhamer Straße 31
82152 Planegg
Tel.: +49 89 - 12 50 15 600
E-Mail:

3. Purposes for which the personal data are to be processed and legal basis for the processing

3.1 General information

The reporting channels we provide allow you to contact us in a secure and confidential manner and report suspected compliance and legal violations. We process any personal data contained in a report basically in order to process the report and investigate and clarify the suspected compliance and legal violations. In doing so, we may have further queries for you, and we generally communicate through the reporting channel through which the report was submitted for making a contact. The confidentiality of the information you provide will be maintained at all times. This includes in particular the confidentiality of the identity of the person making the report and the persons who are the subject of the report or who are affected by it (obligation of confidentiality). All persons authorized by Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB to view the information are also expressly obliged to ensure confidentiality.

In addition, the need-to-know principle is strictly observed, i.e. the identity of the above-mentioned persons is only made known to the following group of people:

Persons authorized to receive reports, or
Persons authorized to take consequent action, and
Persons who support them in the fulfillment of these tasks.

If the notification you have submitted contains personal data of third parties to which you refer in your notification, the data subjects will be given the opportunity to comment on the information and any allegations made against them and investigations carried out. In principle, the data subjects must be informed of the information within one month in accordance with Art. 14 Par. 3 lit. a GDPR. The provision of information may be postponed in accordance with Art. 14 Par. 5 lit. b GDPR in conjunction with Sec. 29 Par. 1 S. 1 of the German Federal Data Protection Act (BDSG) for the period of the investigation in order not to jeopardize the investigation. Your confidentiality is also protected in this case, as no information about your identity is provided to the person concerned - as far as legally possible - and your report is used in such a way that your anonymity is not jeopardized.

3.2 Receipt, (initial) verification and documentation of a report

Use of the whistleblower system is always voluntary. If you submit a report using one of the reporting channels, we may process and save the following personal data or data categories for the purpose of accepting, checking and documenting the report received as well as for communicating with the whistleblower person:

First and last name of the whistleblower (if this data is provided).
First and last name and other personal data of the persons who are the subject of the report or who are affected by it (e.g. accused persons).
Contact details such as telephone number or e-mail address (if this data is provided).
The fact that the whistleblower has made a report using the whistleblower system.
Whether the whistleblower or other persons affected by the report are employed by Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB (if this information is provided).
Time, content and other relevant circumstances relating to the report submitted by whistleblowers.

The legal basis for the processing is in general Art. 6 Par. 1 lit. c GDPR in conjunction with the relevant provisions of the German Whistleblower Protection Act (HinSchG)

Sec. 12 of the German Whistleblower Protection Act (§ 12 HinSchG) defines the obligation to set up and operate an internal reporting contact.
Sec. 10 of the German Whistleblower Protection Act (§ 10 HinSchG) permits the processing of personal data by the reporting contacts if this is necessary for them to fulfill their tasks specified in Sec. 13 of the German Whistleblower Protection Act (§ 13 HinSchG).
Sec. 11 of the German Whistleblower Protection Act (§ 11 HinSchG) defines the obligation to document all incoming reports.

If the information received concerns an employee of Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB, the processing may help to prevent and detect criminal offenses or other legal violations in connection with the employment relationship (Sec. 26 Par. 1 S. 2 BDSG).

If you are the whistleblower and voluntarily wish to disclose your identity to Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB or an external body, this is done on the basis of your consent pursuant to Art. 6 Par. 1 lit. a GDPR. The consent to be given is given by the fact that the report can also be submitted completely anonymously.

With the consent of the whistleblower, the personal report can also be made by means of video and audio transmission (e.g. by means of a video conferencing system). In this case, the legal basis is the voluntary and informed consent in accordance with Art. 6 Par. 1 lit. a GDPR, Sec. 16 Par. 3 of the German Whistleblower Protection Act (§ 16 Abs. 3 HinSchG). In the case of telephone reports or reports by means of another type of voice transmission, a permanently retrievable audio recording of the conversation or its complete and accurate transcript (verbatim transcript) will only be made with the consent of the person making the report. The same applies to the complete and accurate recording of a meeting as part of a report in person. The legal basis here is also the voluntary and informed consent in accordance with Art. 6 Par. 1 lit. a GDPR, Sec. 11 Par. 2 and 3 of the German Whistleblower Protection Act (§ 11 Abs. 2 und 3 HinSchG). As a matter of principle, we do not collect and process any special categories of personal data within the meaning of Art. 9 Par. 1 GDPR (e.g. information on racial and/or ethnic origin, religious and/or philosophical beliefs, trade union membership or sexual orientation). However, due to free text fields in the report form, such special categories of personal data can generally be transmitted. In this case, processing takes place in accordance with Sec. 10 S. 2 of the German Whistleblower Protection Act (§ 10 S. 2 HinSchG) and only if this is absolutely necessary for processing the report. Otherwise, this data will be deleted immediately in accordance with data protection regulations.

3.3 Initiation and implementation of follow-up measures

For possibly required follow-up measures, such as internal review and investigation, contacting the persons and work units concerned, closing the proceedings for lack of evidence, or for other reasons, and transferring the proceedings to the work unit responsible for internal investigations or a competent authority for further investigations, we may process and store the following data or data categories:

Personal details for clarification (e.g. first and last name, private address, private telephone number, private e-mail address)
Company information (e.g. position in the company, job title, possible superior position, business e-mail address, business telephone number)
Business-related documents (e.g. travel expense reports, time sheets, contracts, performance records, logbooks, invoices)
Information on relevant facts: Internal clarification measures often relate to specific facts. The determination and evaluation of relevant information on the respective facts of the case may allow conclusions to be drawn about the behavior or actions carried out by the persons concerned.

The legal basis for the processing is generally Art. 6 Par. 1 lit. c GDPR in conjunction with the relevant provisions of the the German Whistleblower Protection Act (HinSchG):

Sec. 12 of the German Whistleblower Protection Act (§ 12 HinSchG) defines the obligation to set up and operate an internal whistleblower system.
Sec. 10 of the German Whistleblower Protection Act (§ 10 HinSchG) permits the processing of personal data by the reporting contacts insofar as this is necessary for the fulfillment of their tasks specified in Sec. 13 of the German Whistleblower Protection Act (§ 13 HinSchG).

4. Automated individual decision-making including profiling

Automated individual case decisions, including profiling, in accordance with Art. 22 Par. 1 and 4 GDPR are not carried out by Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB.

5. Data transfer to third countries

Data transfers to countries outside the EU and the European Economic Area ("third countries") occur in the context of the administration, development and operation of IT systems. The transfer only takes place on the basis of:

An adequacy decision of the European Commission within the meaning of Art. 45 GDPR.
An approved certification mechanism pursuant to Art. 42 GDPR together with legally binding and enforceable obligations of the responsible party or data processor in the third country.
Standard data protection clauses issued by the Commission in accordance with the examination procedure pursuant to Art. 93 Par. 2 GDPR.

There is currently no transfer of personal data to third countries in connection with the use of our internal whistleblower system.

6. Categories of recipients of data

We use the following categories of recipients as data processors to process personal data for the purposes stated here (Art. 28 GDPR):

Holzhofer Consulting GmbH for the purpose of providing and technically implementing the whistleblower system.
Server providers for the purpose of hosting the websites.
Service providers for hosting and operating the online video conferencing system.
Telecommunications service providers for the operation of the telephone system.
...

These service providers process information about you on our behalf and on the basis of our instructions and are bound by a data processing agreement to comply with the applicable data protection laws.

To the extent permitted by law, we may pass on personal data to the following external recipients:

Lawyers if legal advice is needed.
Law enforcement authorities, antitrust authorities, other administrative authorities, courts (if required by law or necessary for the clarification of an incident).
Affiliated companies of Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB (if necessary for internal review and investigation).
Other third parties as part of the transfer of functions (e.g. data protection officer).

We always ensure that the relevant data protection regulations are complied with whenever information is passed on.

7. Storage period and criteria for determining the period

Personal data will only be stored for as long as is necessary to fulfill the herein mentioned purposes (e.g. to process a report and for final clarification of a violation) or as is required by the retention periods specified by law. After the respective purpose has ceased to apply or after the retention periods have expired, the data will be deleted in accordance with the statutory provisions. The specific duration of storage depends in particular on the severity of the suspicion and the reported compliance and legal violations. The documentation of reports is deleted three years after completion of the procedure (Sec. 11 of the German Whistleblower Protection Act [§ 11 HinSchG]). Personal data that are obviously irrelevant for the processing of a report are not collected or are deleted immediately after receipt of the report.

8. Rights of the data subject

Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB is responsible for the processing of your data, unless otherwise stated. You can obtain information (Art. 15 GDPR) from us at any time to the data stored about you and its correction (Art. 16 GDPR) in the event of errors. Further you can request the restriction of processing (Art. 18 GDPR), the portability (Art. 20 GDPR) of the data you have provided to us in a machine-readable format or the deletion of your data (Art. 17 GDPR) – if it is no longer required. In addition, you have the right to object (Art. 21 GDPR) to the use of your data based on public or legitimate interests at any time. If we process your data on the basis of your consent, you can revoke this consent (Art. 7 Par. 3 GDPR) at any time with effect for the future. From the receipt of your revocation, we will no longer process your data for the purposes specified within the scope of your consent.

If you wish to make use of your rights as a data subject, please address your request to:

Meissner Bolte Patentanwälte Rechtsanwälte Partnerschaft mbB
Hollerallee 73
28209 Bremen
Tel.: +49 421-34 87 40
E-Mail:

9. Right to complain to a supervisory authority

You can also lodge a complaint with a supervisory authority at any time in accordance with Art. 77 Par. 1 GDPR.

10. Technical implementation and security of your data

The web form contains the possibility of anonymous communication via an encrypted connection. When you use, your IP address and current location will not be stored at any time. To ensure the applicable data protection regulations and confidentiality, we have implemented sufficient technical and organisational measures. The data provided by you are stored on a particularly secure database. All data stored on the database is encrypted by us according to the current state of the art.

Provider Identification according to Sec. 5 of the German Digital Services Act (DSA)

Holzhofer Consulting GmbH (Gesellschaft mit beschränkter Haftung)
Lochhamer Straße 31
82152 München-Planegg
Tel.: +49 89 - 1 25 01 56 00
E-Mail:

Registered office of the company: Lochhamer Straße 31, 82152 Planegg
Representative Managing Director: Martin Holzhofer
Register Court: Amtsgericht München
Registration Number: HRB 202124
VAT Identification Number according to Sec. 27a UStG: DE286087235

Responsible according Sec. 18 II MStV (Interstate Treaty on Media)

Martin Holzhofer
Lochhamer Straße 31
82152 München-Planegg

Report incident

Information on external whistleblower units

Privacy statement

Imprint