Compliance

Information Security

1. Information Security at Fritz Winter Eisengießerei GmbH & Co. KG

The protection of information is our top priority. If you detect an information security incident or suspect a security-relevant impairment, please report it immediately.

2. What is considered an information security incident

An incident can be anything that indicates a possible threat to the information security of Fritz Winter Eisengießerei GmbH & Co. KG. This includes obvious security-critical events, but also suspicions or unusual occurrences that you notice. Report all observations that may indicate possible misuse or a vulnerability so that we can quickly check the situation and take action if necessary.

Possible examples of an incident (non-exhaustive list):

  • Unauthorized access to systems or data
  • Suspected phishing or other attack attempts
  • Loss or theft of devices / information belonging to Fritz Winter Eisengießerei GmbH & Co. KG
  • Technical malfunctions with security-critical effects on data of Fritz Winter Eisengießerei GmbH & Co. KG or third parties


3. Contact options

Fritz Winter Eisengießerei GmbH & Co. KG  
Albert-Schweitzer-Straße 15  
35260 Stadtallendorf

Phone: 49 6428 - 78 - 0   
Email: ISB@fritzwinter.de

Requirements for ensuring information security when working with suppliers

1 General

This document describes the basic handling of information security by suppliers, the handling of subcontractors, and the IT security regulations to be observed for the use of information and IT devices (e.g. desktop computers, notebooks, smartphones, tablets) by suppliers and business partners of Fritz Winter Eisengießerei GmbH & Co. KG.

The requirements apply to the management of our suppliers and business partners, their employees, and their vicarious agents (hereinafter referred to as contractors).

The respective management is obliged to independently forward this document to employees, vicarious agents, and, if applicable, any subcontractors.

2 Exchange of information

In all conversations involving confidential or secret information of Fritz Winter Eisengießerei GmbH & Co. KG, including telephone calls, care must be taken to ensure that such information cannot be overheard by unauthorized persons.  
All necessary and appropriate precautions (e.g. encryption) must be taken to protect the information from unauthorized access, modification, and deletion during transmission (this includes family members or friends).

3 Physical transport of media

In general, media containing information of Fritz Winter Eisengießerei GmbH & Co. KG must be protected from unauthorized access, misuse, or tampering during transport, even across organizational boundaries.

All necessary and appropriate precautions (e.g. encryption) must be taken to protect information from unauthorized access, modification, and deletion during transport (this includes family members or friends). Data carriers must be transported concealed. Data carriers containing secret information must always be escorted by an employee of the supplier/business partner. Documents must be transported protected from view, e.g. in an opaque folder.

4 Physical transport of notebooks

Notebooks on which information of Fritz Winter Eisengießerei GmbH & Co. KG is stored must be transported in such a way that they are not visible from the outside. Furthermore, when used in public, care must be taken to ensure that others cannot read information on the screen and/or observe the entry of secret authentication information.

5 Handling information security incidents and communication

Serious information security events (e.g. disruptions, data loss, unlawful actions, cybercrime attacks) must be reported immediately to the information security contact person at ISB@fritzwinter.de or by phone at 49 6428 - 78 - 0. Any suspicion of loss of confidential or secret information must also be reported.

6 Audit rights with regard to information security

The supplier/contractor grants Fritz Winter Eisengießerei GmbH & Co. KG the right to inspect and review at any time, following prior notice, all data relating to business processes regarding information security between the supplier/contractor and Fritz Winter Eisengießerei GmbH & Co. KG, and to review IT and data security measures.

Employees of Fritz Winter Eisengießerei GmbH & Co. KG or third parties commissioned by Fritz Winter Eisengießerei GmbH & Co. KG may enter the premises of the supplier/business partner during normal business hours for this purpose. The costs of the inspection shall be borne by the supplier/business partner if violations of information security and/or agreements of the respective assignment are identified, unless such violations are not attributable to the supplier/business partner.

7 Non-disclosure agreement between the supplier/business partner and its employees

The supplier/business partner of Fritz Winter Eisengießerei GmbH & Co. KG undertakes to conclude a non-disclosure agreement (separately or as part of the employment contract) with all employees who receive or have access to information of Fritz Winter Eisengießerei GmbH & Co. KG in the course of the collaboration. Proof of compliance lies with the supplier/business partner and must be provided to Fritz Winter Eisengießerei GmbH & Co. KG upon request.

8 Subcontractors

If the supplier/business partner engages additional subcontractors, they are fully responsible for the transfer and implementation of all information security requirements and must ensure that these requirements are met by the subcontractor.

Upon request, the supplier/business partner must demonstrate compliance with these requirements to Fritz Winter Eisengießerei GmbH & Co. KG.

In the event of proven serious breaches of duty or significant misconduct by the subcontractor or its vicarious agents, Fritz Winter Eisengießerei GmbH & Co. KG reserves the right to reject the subcontractor.

In addition, Fritz Winter Eisengießerei GmbH & Co. KG may issue extraordinary termination for good cause and/or assert claims for damages.

9 Compliance with information security (supply chain)

When subcontractors are engaged, the supplier/business partner must ensure that the information security requirements of Fritz Winter Eisengießerei GmbH & Co. KG are also adhered to by the subcontractor. This includes the conclusion of non-disclosure agreements with subcontractors. Proof of compliance lies with the supplier/business partner and must be provided to Fritz Winter Eisengießerei GmbH & Co. KG upon request.

If the supplier/contractor is authorized to award subcontracts, they are fully liable for this, regardless of any contractual or statutory limitations or exclusions of liability related to such contracts.

Whistleblower Protection Act

1. Reporting information under the Whistleblower Protection Act

Are you aware of possible violations or suspicious activities at Fritz Winter Eisengießerei GmbH & Co. KG? Are you an employee, intern, freelancer, contractor, business partner, or supplier? Then we encourage you to report your information. Your voice matters to us.

2. Safe and confidential

We guarantee that your identity will remain protected and your information kept confidential. In accordance with the Whistleblower Protection Act, we assure you that no retaliatory measures will be taken against you. We encourage you to provide your name so we can give you feedback on the reported information. All reports for Fritz Winter Eisengießerei GmbH & Co. KG are evaluated and processed by a neutral body to ensure no conflicts of interest.

3. Reporting violations

How you can report information

  • by email: compliancebeauftragter@fritzwinter.de
  • by mail: Compliance Officer, Albert-Schweitzer-Straße 15, 35260 Stadtallendorf
  • by phone: 06428 – 78 300
  • Upon request, a personal meeting can be arranged. With the whistleblower’s consent, this may also take place via audio and video transmission.
  • You also have the option to contact our ombudsperson. Attorney and notary Florian Möller from the law firm Immel & Möller, Stadtallendorf, has been appointed as the external ombudsperson of the company. Employees and third parties may contact this neutral body confidentially and anonymously if they observe improper business practices within the company.


Which violations can you report?

The Whistleblower Protection Act is designed to protect you when you report specific grievances at Fritz Winter Eisengießerei GmbH & Co. KG. The following types of violations can be reported:

  • Financial irregularities: Fraud, corruption, embezzlement, financial manipulation.
  • Violations that may be punishable by fines: These include violations of rules that are particularly important for the safety and well-being of employees, such as:
    • Violations of occupational health and safety regulations.
    • Non-compliance with minimum wage regulations.
  • Violations of criminal laws: If you find that laws are being broken within the company, you can and should report this. This includes all types of criminal offenses under German law.


What happens after your report?

  • Confirmation: If you report via Microsoft Forms, you will receive confirmation that your message has been received.
  • Investigation: Every report is taken seriously. If necessary, an internal investigation will be initiated.
  • Feedback: Within a reasonable period, usually within 3 months, you will be informed about the progress and outcome of the investigation. This is only possible if you have provided your contact details when submitting the report.