Discover the latest EGYM innovations here

EGYM Logo

Whistleblowing Channel

Procedure for the external whistleblowing system of EGYM SE

    Preamble

    For reasons of simplicity and better readability, gender-specific differentiation has been omitted in this document. All role designations apply in principle to both genders and to people whose gender cannot be clearly determined, without any judgment being associated with this.

    1. Purpose of scope

    1.1 Purpose

    EGYM SE is committed to acting in a responsible, lawful and ethical manner. Compliance with all applicable laws, internal guidelines and our corporate values is fundamental to our business success and forms an integral part of a trusting relationship with customers, business partners and employees. These principles are also defined in the Supplier Code of Conduct as a binding part of our supply chain commitment. 

    To identify, investigate and initiate appropriate measures for potential violations at an early stage, EGYM SE provides a whistleblowing system. This system allows external whistleblowers to confidentially report possible legal or regulatory violations in good faith and without fear of reprisal. 

    In particular, the following facts can be reported via the whistleblowing system: 

    • Corruption, bribery
    • Human and labour rights, including child and forced labour
    • Discrimination, harassment
    • Environmental violations
    • Fraud, theft
    • Violations of competition law
    • Data protection violations 

    This procedure implements the requirements of §8 LkSG. It regulates the organisation and process of the whistleblowing system, ensures the protection of whistleblowers and at the same time safeguards the rights of persons affected by a report.

     EGYM SE sees the whistleblowing system not only as a legal obligation, but as an expression of our lived corporate culture. Open communication, transparency and mutual trust are the basis for preventing grievances, reducing risks and ensuring compliance with our high standards throughout the entire value chain. 

    1.2 Scope 

    This regulation applies to persons in the supply chain of EGYM SE (e.g. suppliers, service providers, subcontractors), their employees or commissioned persons.

    2. Reporting office

    2.1 Internal reporting office 

    EGYM SE has set up an internal reporting office that handles all reports independently and strictly confidentially. Reports are received via the available channel, examined, and if necessary, appropriate investigations and measures are initiated. 

    Incoming reports are viewed/processed exclusively by authorised persons and processed in a restricted-access, protected system. 

    2.2 Contact options 

    Whistleblowers can submit reports via the following channels: 

    By E-mail: whistleblowing@egym.com 

    By Post: 

    EGYM SE Whistleblowing Office 

    Einsteinstraße 172 

    81677 Munich 

    Germany

    3. Reports of violations

    3.1 Form of reports 

    Reports should be as specific as possible and contain the following information, as far as known and reasonable: 

    • Description of the facts
    • Place and time
    • Possible evidence for reports
    • Affected or potentially harmed persons (groups)
    • Names of possible participants
    • Witnesses, if applicable 

    3.2 Anonymous reports 

    Whistleblowers can remain anonymous. However, follow-up may be difficult if inquiries are not possible. 

    3.3 No investigation by reporting person 

    For legal and security reasons, it is not necessary for the reporting person to investigate violations independently. However, collecting information to secure evidence for the report is permissible and can support a targeted and efficient investigation. Access to and procurement of information must always be lawful.

    4. Procedure

    Confirmation of receipt

    The reporting office documents all incoming reports and complaints and confirms receipt to the whistleblower within seven working days if contact details are available.

    Preliminary review

    The report is checked to see if it falls under this procedure and if there is concrete evidence of a breach.

    Investigation 

    If there is reasonable suspicion, an investigation will be carried out. Evidence (e.g. documents and discussions) is used to investigate the violation and examine possible consequences.

    Decision/measure

    Once the facts have been proven with the necessary evidence, an evaluation and decision will be made regarding the possible consequences, including legal ones.

    Feedback to whistleblower

    If the report was made with the identity of the whistleblower, they will receive feedback on the status of processing and the planned measures within three months of confirmation of receipt.

    Completion

    The case is documented and closed; lessons learned are drawn and processes are improved if necessary.

    5. Protective Measures

    5.1 Protection of all Parties involved 

    EGYM SE guarantees the greatest possible protection and confidentiality for all parties involved in the report. This applies to the whistleblower, those involved and those affected by the clarification of the facts. The presumption of innocence applies until a grievance, offence or act of misconduct has been proven beyond doubt. No measures are taken to identify the person if a report has been made anonymously. 

    5.2 False reports and violations 

    The protection does not apply if reports are made falsely and without concrete indications, either intentionally or through gross negligence. The same applies to violations of the procedure during investigations into reported offences, such as evidence manipulation, fact concealment or breach of confidentiality agreements. Deliberately making false reports constitutes an abuse of the whistleblowing system and can result in consequences under labour, civil or criminal law.

    6. Documentation and retention

    6.1 Documentation of all steps 

    The reporting office documents all reports, measures and decisions in a comprehensible and audit-proof manner. 

    6.2 Retention periods 

    Personal data related to the report will be deleted within three years of the investigation initiated in connection with the report being completed, unless statutory retention periods oppose this, or longer storage is necessary for the assertion, exercise or defence of legal claims. This may be necessary, for example, to clarify further legal steps, such as the initiation of disciplinary or criminal proceedings.

    7. Information on confidentiality and data protection

    7.1 Confidentiality of identity 

    The whistleblower is under no legal or contractual obligation to provide personal data about themselves. It is also possible to make a report anonymously without disclosing personal data. 

    No processing of personal data will take place if an anonymous report is made. 

    However, if a whistleblower decides to submit a report under this guideline providing their identity and contact information, the personal data they provide in the report and the investigation thereof will be processed as follows. 

    7.2 Purposes and legal basis of data processing 

    If a report is submitted via the channel and contact information is provided voluntarily (including name, first name, email address and telephone number), the data provided or communicated will be processed for the purpose of reviewing and documenting the report. It will also be processed for internal investigations, including disclosure to external lawyers, auditors or other professionals legally bound by secrecy, as well as to group companies that may be affected by the report. If applicable, it will also be disclosed to state authorities, such as the police, the public prosecutor's office or the courts. 

    The legal basis for the processing described above is Art. 6(1)(f) GDPR. EGYM SE has a legitimate interest in uncovering and investigating grievances within companies, preventing fraud and misconduct, and combating corruption and criminal offences. This interest usually takes precedence over the interests and fundamental rights of the data subjects, as processing is necessary to effectively review reports and take appropriate measures to protect the integrity of the company and its employees.

     Whistleblowers have the right to object to the processing of their personal data at any time. In such instances, the processing of personal data will cease unless there are compelling legitimate grounds that outweigh the interests, rights and freedoms of the data subject, or unless the processing is necessary for the establishment, exercise or defence of legal claims.

    7.3 Data protection rights of data subjects 

    All information obtained during the procedure is subject to the General Data Protection Regulation (GDPR). It will only be processed to the extent necessary, and will only be accessible to those who require it to clarify the facts. 

    Provided the relevant conditions are met, the whistleblower has the right to access their personal data (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR; 'the right to be forgotten'), the right to restrict processing (Article 18 GDPR) and the right to object to processing (Article 21 GDPR). The whistleblower also has the right to complain to a data protection supervisory authority about the processing of personal data by EGYM SE if he or she believes that the processing of the personal data in question is unlawful. 

    The Data Protection Officer is available to assist you in asserting your rights or with any other data protection concerns. You can contact the data protection officer at any time regarding data protection matters by email at datenschutz@egym.de or by post at the address below, adding “Data Protection Officer” to the address. 

    The responsible body for the processing of your personal data within the meaning of the General Data Protection Regulation in connection with the use of the whistleblower system is EGYM SE, Einsteinstraße 172, 81677 Munich, Germany. 

    7.4 Processing of personal data of named or affected persons 

    In the context of a report, it is possible that whistleblowers will provide the personal data of other individuals (e.g. of allegedly involved or affected persons). This data will be processed exclusively for the purpose of reviewing and processing the report.

     The legal basis for this processing is Art. 6 (1) (f) GDPR. EGYM SE has a legitimate interest in properly investigating reported facts, uncovering grievances in the company and taking appropriate follow-up measures. This interest usually takes precedence over the interests of the data subjects, since processing is necessary to clarify potential legal violations, maintain the company's integrity and prevent further damage. 

    Where a report relates to employees of EGYM SE or its affiliated companies, personal data is processed on the basis of Section 26(1) BDSG. 

    In accordance with Art. 14 GDPR as soon as doing so no longer endangers the purpose of the investigation. However, prior notification may be omitted if there are legitimate interests in maintaining the confidentiality of the report or preserving evidence. 

    After the proceedings conclude, the individuals involved will be notified unless there are legal reasons to the contrary.

    This content is hosted by a third party (%%host%%) and requires you to allow Marketing Cookies, which you currently have disabled. By showing the external content, you accept our use of Marketing cookies and our

    Show External Content

    Copyright © 2025 EGYM

    Update Cookie Preferences

    Please select your location and language

    Can't find your country? Check out our international page for distributors in your area.