Whistleblower Protection Act

Serious misconduct must be disclosed in order to prevent it in the future and to penalize it appropriately. Molecular Health encourages all employees and managers to inform their manager or the Board of Management if misconduct is observed. Problems can often be resolved this way.


  • Basic information
  • Content of a notification
  • Data protection information
  • Type and scope of data processing
  • Voluntarily and depending on the incident, the following data may be transmitted by you
  • Legal basis and purpose of data processing
  • Reporting channels for submitting a report

Reporting channels


RA Ghaffar
Erbacher Tal 26
64646 Heppenheim
Phone: + 49 (0) 171 832 1000
E-Mail: hinweis-molecularhealth@ghaffar.eu

General Information

Molecular Health offers whistleblowers the opportunity to submit their information to an external authority. For this purpose, Molecular Health has commissioned Mr. Michael Ghaffar, attorney at law, to set up a reporting office in accordance with the Whistleblower Protection Act. Mr. Ghaffar acts free of instructions in the handling of reports. Please note the following:

  • The first thing to consider is to report the misconduct to your own manager.
  • If this is not an option, reports of misconduct can be submitted to Molecular Health’s external reporting office in person, by post, by telephone or by e-mail.
  • The information will be treated in strict confidence and checked for plausibility by persons bound to secrecy. Information on data protection can be found on the next page.
  • In exceptional cases, you can submit your report anonymously if you fear serious personal, labor law, disciplinary or social disadvantages.

Content of a report

The following violations or misconduct may be the reason for a report:

  • Corruption / bribery: bribery and corruptibility as well as granting and accepting advantages, such as accepting or granting gifts, invitations to events, discounts or other advantages or benefits for personal gain
  • Theft / embezzlement: Unauthorized theft and appropriation of items or money, such as keeping items provided, pocketing items belonging to others, reaching into the cash register
  • Fraud / embezzlement: Deception to damage the assets of another, personal enrichment, abuse of power of disposal or a fiduciary relationship to financial disadvantage, such as fraudulent payment of benefits, excessive invoicing, etc.
  • Competition/antitrust violations: Violations of free market economy, fair competition and harm to consumers, especially through unauthorized price fixing
  • Money laundering/terrorist financing: smuggling money of illegal origin into the financial circuit, such as payment or granting of loans with money from profits from drug deals, arms trading, etc., even if transfers are made to (seemingly) humanitarian organizations
  • Accounting fraud / accounting violations: Violations of proper accounting practices, such as requirements for bookkeeping, accounting, auditing or internal controls, financial reporting or auditing, resulting in inaccurate figures
  • Health protection / workplace safety: violation of health protection and workplace safety regulations intended to prevent health hazards and accidents at work
  • Discrimination / harassment: Violations of the principle of equal treatment and the prohibition of discrimination based on origin, religion, gender, personal orientation, etc. as well as harassment of privacy, including bullying or bossing
  • Breaches of data protection regulations and/or information technology security: unlawful processing of personal data, loss or disclosure of personal data due to inadequate information technology security measures

Clarification of the facts is supported by a structured report. The report should therefore contain a detailed description of the incident. You can use the following questions as a guide:

  • Who committed the violation?
  • What happened?
  • Where did it happen?
  • When did it happen?
  • How can the violation be proven?

Data protection information

The responsible party within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States of the European Union (EU) as well as other data protection regulations is:

Molecular Health GmbH
Kurfuersten-Anlage 21,
69115 Heidelberg,
E-Mail: info@molecularhealth.com
Phone: +49 (0) 6221 43851-0

The data protection officer of the responsible party is:
Mr. Sebastian Feik
legitimis GmbH
Ball 1
51429 Bergisch Gladbach
Phone: 02202 28 941-0

Type and scope of data processing

You can inform Molecular Health in person, by post, by telephone or by e-mail about serious misconduct of which you have become aware. You decide on the scope and content of the information you provide to the reporting office.

All data submitted will be checked confidentially by the MH whistleblower team (Michael Ghaffar, Thorsten Vogt, Head of HR, Dr. Stephan Brock) to verify the facts of the case, checked for plausibility and used to clarify the matter while observing the necessary confidentiality. All members of the MH whistleblowing team are also obliged to maintain confidentiality in the course of their work. Internal and external experts and service providers may be involved in the investigation. In the event of criminal prosecution, personal data may have to be disclosed to state investigating authorities in accordance with legal obligations.

The following data is collected when you submit a notification, provided you send it to us:

  • Facts of the case

The following data may be transmitted by you voluntarily and depending on the incident

  • Personal data of any Molecular Health employees or external persons involved
  • contact details
  • Documents and images

Legal basis and purpose of data processing

The legal basis for the processing of the data after your report has been submitted is Article 6(1)(f) of the General Data Protection Regulation (GDPR), our legitimate interest in identifying and prosecuting violations of criminal law and violations subject to fines at Molecular Health and Article 6(1)(c) of the GDPR, ensuring compliance with the legal requirements of the Whistleblower Protection Act.

Reporting channels for submitting a report

There are several ways for you to report violations or suspected violations of the law, legislation and internal guidelines and regulations:

The following reporting channels are available to you for submitting a report:


RA Ghaffar
Erbacher Tal 26
64646 Heppenheim
Phone: + 49 (0) 171 832 1000
E-Mail: hinweis-molecularhealth@ghaffar.eu

GDPR Cookie Consent with Real Cookie Banner