Initial Certification: 05/2021
EQS Group AG provides the IT-based processor service EQS Integrity Line v2.0. Integrity Line is a whistleblowing system, technically designed as a web based service (software as a service – SaaS).
The ToE includes 3 packages: Basic (BA), Best Practice (BP) and Best in Class (BC). It covers the standard modules “Secure Reporting System” and “Case Management” as well as several optional modules / functionalities (for details, please cf. below).
Users of the certified service are controllers in respect of the processing of personal data relating to whistleblowers, reported / accused persons and witnesses as well as to their employees. They are provided with guidance on how to comply with EU data protection law in a data protection leaflet and can be sure to act in compliance with the law if they follow this guidance.
Product/Version
Version 2.0
Function as provided in May 2021
Qualification: IT-based service (processor service)
View the EQS Integrity Line 2.0 certificate
Cert. No.
EP-S-733GD6
Version of Certification Criteria
Validity
31/05/2021 – 31/05/2023
Monitoring
01/2022 (O.K.)
09/2022 (O.K.)
Public Report
Initial certification: EQS Integrity Line v2.0 Short Public Report [PDF]
Manufacturer/Provider
EQS Group AG
Karlstr. 47
80333 München
Germany
BEST
EQS Integrity Line has an “anonymisation function”. This is the possibility to make the contents of messages unrecognisable by having the Case Manager remove a personal reference in a message. To do this, the Case Manager can search for the desired terms in the message history, mark them and select them for removal or replacement. This functionality also works for free text fields and attachments to a message and is applied regardless of upper and lower case.
Users of the ToE are informed about relevant data protection issues by means of a specific information leaflet. The functionality of Integrity Line is described in an elaborate and comprehensible manner in a user manuals document.
ATTENTION
EQS Integrity Line facilitates its data protection compliant use. However, the actual legitimacy of the processing of personal data must be evaluated by the customers (controllers) when making use of the service.
SUMMARY
The EQS Integrity Line is a web-based whistleblowing system, technically designed as a software as a service (SaaS). Customers of EQS Group AG may provide a link to the system on their websites. Whistleblowers (e.g., employees of the customers) may use the service in order to report grievances (e.g., criminal activities such as fraud or embezzlement). EQS Integrity Line facilitates a dialogue between whistleblowers and examiners (e.g., compliance officers or corruption agents). Whistleblowers are enabled to set up a post box in order to exchange messages with examiners.
DETAILS
Initial Cert 202105
The ToE includes three different software packages that the customer can choose from: Basic (BA), Best Practice (BP) and Best in Class (BC). These differ in terms of the functionalities available.
It covers the standard modules “Secure Reporting System” and “Case Management” as well as the following optional modules / functionalities:
- Translation Module: Connection of translation agencies via a specific frontend as well as automated translation services provided via an interface to DeepL (translation agencies / DeepL as such are not part of the ToE)
- Phone Intake: Integrity message service (automated caller service) as well as connection of call centers via a specific frontend (call centers as such are not part of the ToE)
- E-mail Intake: Intake of messages via a specific e-mail account of the customer of EQS
- Ombudsman / Multitake Platform: Connection of ombudsman offices via a specific frontend (ombudsman offices as such are not part of the ToE)
- Administration of user roles within Integrity Line on behalf of the customer (Basic Package only)
- Voice Alienation: Configuration of a voice alienation function (distortion) in Phone Intake by EQS Group AG
The ToE does not include the deployment environment at the customer’s site and customer-specific configurations and components, in particular:
- Setup or use of individual reports
- Setup or use of customer specific themes for notes
- Data processing of call centers connected to EQS Integrity Line
- Data processing in the context of the translation activities of DeepL
- Data processing by translation agencies connected to EQS Integrity Line
- Data processing by ombudsman offices connected to EQS Integrity Line
- Configuration of a voice alineation function (distortion) in Phone Intake by EQS Group AG
- Integration of further tools at the customer’s site, e.g., case management tools
Furthermore, the ToE does not include
- Apps for tablets or smartphones
- Further services (including consultancy services) provided by EQS Group AG, in particular:
- Ticket systems used as well as the information portal using Confluence
- EQS Group’s own or brokered call centers or translation services
- Services for customer-specific configuration and onboarding
Legal Evaluator
Alisha Gühr
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Technical Evaluators
Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Christopher Stradomsky
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany