Prosus and Iyzico are committed to protecting the privacy of everyone involved in the Speak Up process as detailed in the Group Speak Up Policy (Speak Up Policy). Please carefully read the terms below as these contain information regarding the processing of your personal data as part of making your report via this Speak Up Service. If you do not agree to these terms, we are unable to accept any information through the Speak Up Service and suggest you report this matter directly to:
The Speak Up Policy offers employees and third parties the opportunity to report suspected misconduct through a variety of channels. The Speak Up Service is one of these reporting channels and is a web and phone-based intake system provided by the Group to its (former) employees, job applicants, vendors, suppliers, business partners, other stakeholders and its subsidiaries for reporting suspected violations of laws or regulations, our Code of Business Ethics and Conduct (Code) or other company policies in line with the Speak Up Policy.
This service and the database, in which the personal data and information that you may report is stored, are operated by NAVEX.
Use of the Speak Up Service is entirely voluntary. You are encouraged to report possible violations to any of the Speak Up channels, depending on the nature of the possible violation. If you do not feel comfortable raising your concern to one of the other channels mentioned in the Speak Up Policy, you may use this Speak Up Service to make your report.
The personal data collected through this service and afterwards during the investigation proceedings may be used for the following purposes:
Please be aware that the information you provide about yourself, your colleagues or any aspect of your or our Group’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that you believe is true. You will not be subject to retaliation from our Group for any report of a suspected violation that is made in good faith, even if it later turns out to be factually incorrect. Please be aware, however, that knowingly providing false or misleading information will not be tolerated. In such case disciplinary action could be taken. Please also note that under applicable laws, the Group may be required to share some of the information reported or collected as part of the investigations with the persons involved or external regulators. If this is the case, the Group will only share minimum information as required by law and will take all available steps to protect your identity.
The Group Speak Up policy contains information about the nature and type of issues that may be reported through the Speak Up Service.
In some countries, anonymous reports may not be permitted due to legal restrictions. If this is the case in the chosen country, you will be required to provide your name and contact details in order to file a report.
Your personal data collected as part of the Group Speak Up Policy will be processed:
The Speak Up Service could capture the following personal data and information that you provide when you make a report:
During (possible) investigation proceedings the Group may also collect other personal data relating to the circumstances of the reported misconduct that may relate to you or to other persons.
Prosus Services B.V. is the controller of your personal data processed in relation to the Speak Up Service. Prosus Services B.V. is located at Gustav Mahlerplein 5, 1082 MS Amsterdam and its lead supervisory authority is the Dutch data protection authority (Autoriteit Persoonsgegevens – https://autoriteitpersoonsgegevens.nl).
Additionally, if you have chosen to make a report to a company of the Group in the context of your employment and/or contracting relationship and/or your reports contain issues that need to be investigated in collaboration with the Human Resources function of your employing company of the Group, your personal data will be controlled by the employing Group company and will be processed in accordance with the HR Privacy Policy of this company.
The personal data and information you provide as part of the Speak Up Service will be stored in a database which is located on servers hosted and operated in Germany by GCS Compliance Services Europe Limited, a subsidiary of NAVEX – in its capacity of data processor. NAVEX has entered into contractual commitments with the Group to secure the information you provide in accordance with applicable law.
This service and the database, in which the personal data and information that you may report is stored, are operated by NAVEX that is located outside Türkiye and any data (including any personal data you may share) will be stored outside Türkiye.
For the purpose of processing and investigating your report and subject to the provisions of local law, the personal data and information you provide may only be shared on a need-to-know basis with Group officers, specialized employees and/or external investigators involved with resolving a report and/or any investigation – in accordance with the Speak Up Policy.
The personal data may also be processed by third party service providers acting on the Group’s behalf, in particular external advisors (e.g. legal advisors), subject to appropriate confidentiality agreements and in compliance with applicable requirements for international transfers of personal data.
Personal data and information you provide may also be disclosed to the police, other enforcement or regulatory authorities when the Group determines that it is required by law or if it believes that such disclosure is necessary to protect our Group.
We may need to notify any person who is the subject of a report to this service about the processing of his/her personal data and that he or she is the subject of or relevant to an investigation. Such notice would be delayed if required to ensure the integrity of the investigation or to preserve relevant information. Please note that such notice will not contain information relating to your identity.
Reports that have been found unsubstantiated shall be removed as soon as possible. Personal data relating to substantiated claims will be deleted or anonymised within two months after full closure of the investigation, unless (i) disciplinary measures are adopted; (ii) court proceedings are initiated, contemplated or foreseen; (iii) reporting was filed in bad faith. In such cases, personal data will be processed until the moment such judicial, disciplinary or similar proceedings are fully and finally completed and following that, personal data shall be deleted or anonymised within 6 months of the completion of such proceedings.
You may have recourse to certain rights regarding the personal data processed in the context of this policy. These include the right of access, rectification, erasure, restriction, objection, data portability and the right to lodge a complaint with a supervisory authority.
To exercise your data subject rights, or if you have questions about this notice, please send an email to privacy@prosus.com. If you choose to contact the Privacy Office, note that your email address used to contact the office may identify you to that office.
Maintaining the security and integrity of your personal data is a high priority. The Group endeavours to maintain appropriate administrative, technical, personnel and physical measures to safeguard personal data against loss, theft, and unauthorised access, uses or modifications.
For any information related to the processing of your personal data as part of the Group Speak Up Policy, please contact the privacy@prosus.com.
HAVING READ AND UNDERSTOOD THE PRIVACY STATEMENT, PLEASE CONTINUE