Whistleblower Portal

Welcome to the whistleblower (reporting persons) page of the law firm Dilling Rechtsanwälte Partnerschaftsgesellschaft mbB.
Please read the following instructions for whistleblowers carefully and decide whether and how you would like to submit your report.

1. Please read:

Please provide us with the following details:

  • Which company or business unit under our supervision is affected
  • What specifically happened 
  • When it occurred 
  • Where it took place 
  • Who was involved

We kindly ask you to describe the facts as thoroughly as possible.  

Reports may concern violations subject to criminal or administrative penalties, such as corruption, antitrust violations, assault, and sexual offenses. However, breaches of other legal requirements or internal compliance guidelines—such as the Code of Conduct or signature authorization policies—are also relevant.

We would also appreciate it if you could indicate whether you observed the incident, were directly involved, or learned about it through third parties. Furthermore, please let us know which other individuals, whether directly involved, are aware of the matter. If any documentation exists (e.g., emails, photographs), you may also upload these files via this web portal.

Please note the following:

  • Before submitting your disclosure, we kindly ask that you carefully ensure the factual accuracy of the information provided.
  • Please refrain from making any statements you know to be false.
  • For your protection, we recommend verifying the key facts you are reporting and securely documenting your findings.
  • If you subsequently discover that any previously submitted information is inaccurate or outdated, we respectfully request that you amend it accordingly.
  • In cases of uncertainty, we kindly ask that you use formulations such as 'To the best of my knowledge,' 'I believe,' or 'It appears possible that...'

If you are unsure how to present, assess, or proceed with a report, you may contact our law firm—free of charge and anonymously if you prefer—to discuss the matter in advance.

Receipt and Processing

  • We will diligently and confidentially handle all reports, Attorney Dr. Nadja Müller and/or Attorney Dr. Johannes Dilling.
  • We will acknowledge receipt of the report personally, typically within 48 hours.
  • If necessary, we will contact you to clarify any follow-up questions.

Forwarding to the Company

  • Once we have assessed the plausibility of the report, we will forward it confidentially to the company.
  • We ensure that the report is not forwarded to any individuals who are themselves the subject of the report.
  • The company will then decide how to proceed with the report (e.g., initiation of an internal investigation, referral to external authorities).
  • Companies are legally obliged to investigate potential reports of misconduct and to prevent any identified wrongdoing. Therefore, every report is taken seriously and may lead to follow-up measures.
  • Please note that the submission of a report and any resulting proceedings may be burdensome for all parties involved. We therefore kindly ask you, as the reporting person, to carefully consider in advance whether the information you provide is, to the best of your knowledge and belief, accurate.

Conclusion
    • You will receive feedback from us within three months. 

  • Submitting a report does not establish an attorney-client relationship between you as the reporting person and our law firm.
  • An attorney-client relationship exists solely between our law firm and the company that has appointed us as compliance ombudspersons or trusted attorneys.
  • Nevertheless, we at Dilling Rechtsanwälte agree with each of these companies that they irrevocably waive the right to be informed of the identity of the reporting person if the reporting person does not wish to be identified.
  • We work independently and impartially, without being subject to instructions from any of the companies that have engaged us.

The reporting channels we provide are free of charge (except for Threema). As the reporting person, you will not incur any costs, either for submitting your report or at any later stage of the procedure.

  • We are legally obligated to safeguard the confidentiality of the identity of the reporting person. We also protect the identity of individuals who are the subject of a report and any other persons mentioned in the report.
  • You are not required to disclose any personal data when submitting a report and may do so anonymously. Should you choose to disclose your identity to us, you may request that it not be shared with the company concerned. We will fully respect this request.
  • The confidentiality of your identity is ensured regardless of the reporting channel you use.

Please note that the protection of your identity's confidentiality is not absolute, and we have no influence over certain exceptions.

  • The Whistleblower Protection Act (§ 9 Abs. 2 HinSchG) allows for exceptions to confidentiality. For example, the identity of a reporting person may be disclosed to law enforcement authorities if they request it. We explicitly refer to § 9 Abs. 2 HinSchG for further details.
  • Only individuals acting "bona fide" in other words in good faith, who do not intentionally or grossly negligently provide false information, are protected by confidentiality. A reporting person who intentionally or grossly negligently provides false information may have their identity revealed through a request for information under Article 15(1) GDPR. The affected person may also seek damages.
  • Neither our law firm nor the companies that mandate us have protection against seizure. This means that in the event of an official investigation, authorities may seize documents that reveal the identity of the reporting person.
  • Reporting persons who are concerned about their identity being revealed are advised to submit their report anonymously. Even when submitting a report anonymously, it is important to ensure that no personally identifiable information is included in the report or any attached documents.

If you wish to submit your report anonymously, please consider the following guidelines:

  • Ensure that your identity cannot be inferred from the documents you send. Remove all personal data that could identify you, such as names, addresses, email addresses, and author information in Word documents.
  • Describe only the behavior or statements of a person without referencing hierarchies, departments, professional experience, or personal relationships.
  • Do not use phrases, emojis, words, or expressions that you regularly use and that could enable identification.
  • If possible, do not use your work email address, internal company network, or company computer to submit your report.
    Your anonymity is important to us, and we will not take any measures to identify you.

To ensure that third parties cannot access the communication between you and our law firm, you can use the Signal messenger, which provides effective end-to-end encryption.
If you wish to remain anonymous but still allow us to ask follow-up questions, consider the following options:

  • Set up a specific email address solely for this case.
  • Utilize ProtonMail for secure and encrypted email communication.
  • Consider using a prepaid phone, possibly in combination with the Signal messenger or 
  • Threema
  • Arrange a time for us to call you back anonymously.

You can also use this web portal to unilaterally inform us of how, when, and where you can be reached. We are also available for in-person meetings with the reporting person.

If you provide personal data, it will be protected under existing legal provisions. Detailed information on the processing of your data can be found in our Privacy Policy.

Reports are an effective means of identifying and addressing risks and legal violations at an early stage. Therefore, whistleblowers must be protected.
In particular, you must not suffer any work-related retaliation from your employer.
Work-related retaliation can encompass any act or omission that results in a professional disadvantage for the reporting person due to their report.
This includes threats or attempts at retaliation.
Possible professional disadvantages may include termination of a contract, reprimands, reassignment, discrimination, or bullying.
If you experience any form of retaliation, please contact us.
However, only "bona fide" (in good faith) whistleblowers are protected. To enjoy protection, the whistleblower must, at the time of reporting, have reasonable grounds to believe that the submitted information is true. Protection is lost if you deliberately or grossly negligently report false information.

2. Make a report

Please choose the channel that is most suitable for you to submit a report:

Form

Use our encrypted form

E-Mail

Contact via our secure PGP email

ProtonMail

Communicate via our ProtonMail address

Signal

Chat or make phone calls securely with us via Signal

Voice message

Send me a voice message

Threema

Chat or make phone calls securely with us via Threema

Telephone

Would you like a conventional phone call? No problem!

Mail

Send us a letter or a package.

Personal contact

Meet with me in person.
No mandatory information, you can also provide the information anonymously.
If you wish to remain anonymous, please let us know how we can reach you in case we have any questions. We recommend using „Protonmail“ if you want to continue communicating securely and anonymously by email.
Please choose whether you want us to contact you!
You can submit the notice in any language.
Upload

If you wish to submit a report via email, please use the following address:

info@ra-dilling.de

To ensure the highest level of data security, we recommend the use of a VPN connection.

An anonymous and secure alternative to traditional email communication is offered by the provider ProtonMail from Switzerland.

You can use ProtonMail free of charge. No personal data is required to create an account. According to its own statements, ProtonMail does not, by default, generate IP logs that can be linked to your anonymous account.
The communication is encrypted in such a way that even ProtonMail is neither able to decrypt the emails nor to view their content. In this way, it is ensured that information is not disclosed to third parties.
Since ProtonMail stores all user data on servers located in Switzerland, this data is protected by the strict Swiss data protection law.
If you would like to contact us via this method, please create your own account, which is also free of charge, and send your message to the following address:
RADilling@protonmail.com

If you wish to use Signal’s traceable end-to-end encryption, please use the free app or a desktop account and contact us on Signal via our mobile number:

+49 (0)163 3476 111

Signal also offers the option to upload data and send it to us.
Please note that the phone number you use to register with Signal will be visible to other Signal users.
If you wish to maintain your anonymity in this case as well, you should consider short-term or prepaid alternatives that allow for anonymity, or use the Threema alternative.
If you use Signal via desktop, we recommend using a Tor browser, which can be downloaded here, as well as a VPN connection.

Bitte gewähren Sie den Zugriff im Browser-Dialog.

If you wish to contact us via Threema, please use the paid app or a desktop account and use the following Threema ID to reach us:
3P9X97PS

You can submit reports anonymously via the Threema messaging service. Your phone number will not be visible.
You may also use Threema to forward attachments to us.
Please note that unlike open-source alternatives such as Signal, Threema's source code is not publicly accessible, meaning it is not transparent where data may potentially be accessed. Nevertheless, Threema is considered a secure communication channel.

If you wish to contact us directly by phone, please use the following number:

+49 163 3476 111

Please note that the security of standard telephone conversations via service providers is not within your or our control.

If you wish to send us something anonymously by post, please address your documents or package to the following address:

Dilling Rechtsanwälte Partnerschaftsgesellschaft mbB
Landgrafenstraße 49
D-50931 Cologne, Germany

We will treat your submission confidentially.

If you would prefer to meet us in person to submit a report as a whistleblower, we are also available for that. Please contact us via one of the channels listed above to arrange a meeting point. Here, too, we assure the highest possible level of confidentiality.

3. External Reporting Channels

Whistleblowers may also choose to report information about violations to an external reporting channel.

External Reporting Channels of the Federal Republic of Germany

External Reporting Channel is generally 
Bundesamt für Justiz
Adenauerallee 
99-103 53113 Bonn.

You can find the reporting portal of the Federal Office of Justice here:
https://www.bundesjustizamt.de/DE/MeldestelledesBundes/Kontakt/Kontakt_node.html

 

Federal Financial Supervisory Authority (BaFin)
You can report potential violations in the areas of financial services, financial products, and financial markets, as well as breaches of legal regulations on combating money laundering and terrorist financing, to the Federal Financial Supervisory Authority (BaFin):
Graurheindorfer Straße 108 
53117 Bonn

You can find BaFin’s reporting portal here:
https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=2BaF6&c=-1&language=ger

Federal Cartel Office (Bundeskartellamt)
You can report potential violations in the area of competition and antitrust law, as well as misconduct by large online platforms in digital markets, to the Federal Cartel Office (Bundeskartellamt):
Kaiser-Friedrich-Straße 16 
53113 Bonn

You can find the reporting portal of the Federal Cartel Office here:
https://www.bkms-system.net/bkwebanon/report/channels?id=bkarta&language=ger


External Reporting Channels of the European Union

European Anti-Fraud Office (OLAF)
Possible fraud cases or other serious irregularities with potentially negative impacts on EU funds can be reported – anonymously if desired – to the European Anti-Fraud Office (OLAF):
Europäische Kommission
Europäisches Amt für Betrugsbekämpfung (OLAF)
B-1049 Brüssel
Belgien

You can find the reporting portal of OLAF here: 
https://fns.olaf.europa.eu/main_de.htm

European Union Aviation Safety Agency (EASA)
You can report potential violations in the area of aviation safety – confidentially if desired – to the European Union Aviation Safety Agency (EASA):
Konrad-Adenauer-Ufer 3 
D-50668 Köln

You can find EASA's reporting portal here:
https://www.easa.europa.eu/en/confidential-safety-reporting

European Securities and Markets Authority (ESMA)
You can report potential violations in the areas of UCITS, rating agencies, transaction registers, securitization registers, and benchmarks to the European Securities and Markets Authority (ESMA):
201-203 rue de Bercy 
CS 80910 F-75589
 Paris Cedex 12 
Frankreich

You can find the reporting portal of ESMA here:
https://esma.integrityline.app/

European Medicines Agency (EMA)
You can report potential violations in the field of medicinal product safety to the European Medicines Agency (EMA):
Domenico Scarlattilaan 6 
NL-1083 HS Amsterdam 
Niederlande

You can find the reporting process of EMA here:
https://www.ema.europa.eu/en/about-us/how-we-work/external-whistleblowing-policy