Data Privacy Policy
We prioritize the protection of personal data and confidentiality, fully complying with the EU General Data Protection Regulation (EU-GDPR) and applicable national data protection laws. We strongly recommend that you carefully review this data protection notice along with the Data Protection Policy prior to submitting any report.
Purpose of the Whistleblowing System and Legal Basis
The WhistleSpot platform is designed to securely and confidentially receive, process, and manage reports related to violations as defined under the material scope of Law 4990/2022 as in force of [Entity Name]. The processing of personal data within the WhistleSpot is carried out based on the legitimate interests of [Entity Name] in identifying and preventing such violations, ensuring that [Entity Name] and the individuals named under the personal scope of Law 4990/2022 as in force are protected from potential harm, in accordance with the protected measures outlined in the same law, where the legal basis for data processing is also provisioned.
Data Controller
The entity responsible for data protection in the whistleblowing system is [Entity Name], Reports Receipt and Monitoring Officer, located at [Address]. The reporting system is managed by a third-party service provider, Lux Actuaries & Consultants, located at 80, N.Paritsi str, 154 51, Athens, Greece on behalf of [Entity Name].
Personal data and information submitted through the reporting system are stored in a secure database managed by Lux Actuaries & Consultants in a high-security data center. Access to this data is strictly limited to [Entity Name]. Neither Lux Actuaries & Consultants nor any other third parties have access to the data. This is guaranteed through a certified process that includes comprehensive technical and organizational safeguards.
All data that could lead to the person’s identification are encrypted and protected with multiple layers of password security to ensure that access is limited only to a very select group of authorized individuals at [Entity Name].
Types of Personal Data Collected
Participation in the internal reporting channel is entirely voluntary. If you choose to submit a report via the WhistleSpot platform, we may collect the following personal data and information:
- Your personal information (such as first name, last name, email address, phone number)
- Your type of employment relationship with [Entity Name]
- The identities and any other personal details of individuals you refer to in your report.
Confidential Handling of Reports
Reports submitted to the WhistleSpot platform are received by the Reports Received and Monitoring Officer of [Entity Name]. The Reports Receipt and Monitoring Officer will evaluate the matter and take the necessary actions as stipulated by Law 4990/2022.
In the course of processing a report or conducting an investigation, it may be necessary to share the report with additional employees of [Entity Name]. We ensure that all applicable data protection laws are strictly followed when sharing such reports.
All individuals who gain access to the data are required to uphold strict confidentiality.
Notification to the Accused Party
We are legally required to notify the accused individuals that a report has been filed against them, unless doing so would compromise further investigations into the matter. When this notification is made, every effort is made to protect your identity as the whistleblower, to the extent permitted by law.
Data Subjects Rights
You, as well as the individuals mentioned in the report, have the right to access, correct, delete, restrict processing and object to the processing of personal data related to you. If you exercise your right to object, we will promptly assess whether the stored data is still necessary for the processing of the report. Any data that is no longer required will be deleted without delay.
In this regard, please contact [email protected]
In addition, you have the right to lodge a complaint with the supervisory authority.
Data Retention Period
Personal data will be retained for as long as it is necessary to resolve the issue, assess the report or as long as there is a legitimate interest of the entity or as mandated by law. Once the report has been processed, the data will be securely deleted in compliance with relevant legal requirements.
Technical Measures while Using WhistleSpot
Communication between your device and the reporting platform is conducted over a secure, encrypted connection (SSL). Your IP address will not be stored while using the WhistleSpot platform. No cookies are stored, besides the Anti-forgery measures that are applied. These measures are used to prevent fraudulent submissions by ensuring that the reporting actions are legitimate and not manipulated by automated systems or unauthorized parties.
The WhistleSpot platform allows you to submit reports to the Reports Receipt and Monitoring Officer at [Entity Name], either by identifying yourself or anonymously, in a secure manner. To follow up on your report, a secure chat box is provided, where access is granted only with the unique ID you received when submitting the report. Only the Reports Receipt and Monitoring Officer can communicate with you. This platform does not function as regular email communication.
Please note that WhistleSpot does not make any decisions regarding the content of the reports; it simply facilitates the secure submission and processing of information.
Important Information on Attachments
When submitting a report or additional information, you may attach files to be sent to the Reports Receipt and Monitoring Officer at [Entity Name]. However, if you wish to remain anonymous, please be aware that files might contain personal information that could inadvertently reveal your identity. To protect your anonymity, ensure that any hidden personal data is removed from the attachments before submission.
⚠️Important: By submitting a report, you consent to the collection and processing of your data in accordance with the Data Privacy Policy.
