The data privacy regulations of some countries require that a person making a report containing personal data must be notified of certain collection and retention practices regarding the information submitted by that person through this service.
If you do not wish to accept the terms below, we may be unable to accept any information through this system and suggest you report this matter directly to your supervisor or manager or to a representative of the Human Resources, Legal or Corporate Compliance Departments, depending on the nature of the possible violation.
This service is a web and phone-based intake system provided by your organization to its employees, vendors, suppliers and business partners and those of its subsidiaries (“Reporters”) for reporting suspected violations of laws or regulations or for certain matters specified in an applicable whistleblowing law. In some jurisdictions, suspected violations of company policies may also be reportable through this service. Depending on the jurisdiction, suspected violations of company policies might not fall into material scope of a specific whistleblower regulation. Such matters should be reported directly to your Manager or Supervisor or a representative of the Human Resources, Legal or Corporate Compliance Departments, as appropriate.
Your organization is the controller of the processing, and NAVEX is a processor acting on behalf of your organization.
You may contact your organization with any questions relating to this Notice or this service.
Use of this service is entirely voluntary. You are encouraged to report possible violations directly to your supervisor or manager, or to a representative of the Human Resources, Legal or Corporate Compliance Departments, depending on the nature of the possible violation. If you feel that you are unable to do so, you may use this service to make your report.
The service is a confidential online reporting system that allows you to report suspected violations of law or company policies, as well as other concerns you may have, to your organization.
Please be aware that the information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that you believe is true. You will not be subject to retaliation from your organization for any report of a suspected violation that is made in good faith, even if it later turns out to be factually incorrect. Please be aware, however, that knowingly providing false or misleading information will not be tolerated. The information you submit will be treated confidentially except in cases where this is not possible because of legal requirements or in order to conduct an investigation, in which case the information will be handled sensitively. We encourage you to identify yourself in order for us to follow up with questions we may have.
This service captures the following personal data and information that you provide when you make a report: (i) your name and contact details (unless you report anonymously) and whether you are employed by the organization; (ii) the name and other personal data of the persons you name in your report if you provide such information (i.e.: description of functions and contact details); and (iii) a description of the alleged misconduct as well as a description of the circumstances of the incident. Note that depending upon the laws of the country in which you are residing, the report may not be made anonymously; however, your personal information will be treated confidentially and will only be disclosed as set out below.
The purpose for which your personal data, and your report, will be used will be to investigate the issues raised in your report and to take appropriate follow-up action, in accordance with applicable law.
The personal data and information you provide will be stored in a database which is located on servers hosted and operated by NAVEX. NAVEX has entered into contractual commitments with your organization to secure the information you provide in accordance with applicable law. NAVEX is committed to maintaining stringent privacy and security practices including those related to notice, choice, onward transfer, security, data integrity, access, and enforcement.
You may contact your organization with any requests relating to the use, transfer, correction, or deletion of any of your personal data stored by this service.
For the purpose of processing and investigating your report and subject to the provisions of local law, the personal data and information you provide may be accessed, processed and used by the relevant personnel of your organization, including Human Resources, Finance, Internal Audit, Legal, Corporate Compliance, management, external advisors (e.g. legal advisors), or, in limited circumstances, by technical staff at NAVEX. Those individuals may be located in the United States, the United Kingdom or elsewhere.
Personal data and information you provide may also be disclosed to the police and/or other enforcement or regulatory authorities. The relevant bodies that receive and process personal data can be located in the US or in another country that may not provide the level of data protection available in the EU.
Your organization will promptly notify any person who is the subject of a report to this service except where notice needs to be delayed to ensure the integrity of the investigation and preservation of relevant information.
With some exceptions, the subject of the report may access information concerning the report (with the exception of the identity of the reporter) and request correction of personal data that is inaccurate or incomplete in accordance with applicable law. Similarly, with some exceptions, reporters may also access information about the report and request corrections of their personal data in accordance with applicable law.
Your report and your personal data will only be retained for as long as they are needed for the investigation of your allegations, for any legitimate follow-up to the investigation, or as otherwise consistent with law; they will be fully and securely destroyed or erased when and as soon as they are no longer needed for the investigation of the report, or for the purposes of legitimate follow-up to the report (including legal action). However, reports and files on the investigation of reports (or parts of such reports or files) and personal data in such reports or files may be placed in an archive if there is a clear and overriding public interest or legal interest of your organization in retaining the data, subject to such restrictions on access to the data aimed at safeguarding the rights and freedoms of the data subjects as may be allowed by applicable law.
Your organization will fully support you in exercise of any rights you may have as a data subject under applicable law, i.e., your:
We will only restrict any of the above rights if and to the extent that that is necessary and proportionate in order to safeguard any of the major public interests recognized in applicable law such as the protection of criminal investigations or public security, or to protect the fundamental rights and freedoms of others, including any person(s) incriminated in your report, in accordance with applicable law.
In addition to the rights listed above, you may also have the right to lodge a complaint about our processing of your personal data with the authority competent for supervising the processing of personal data (often referred to as the data protection authority) in the country where you live (if that is an EU/EEA Member State) or in the country your organization is based (if you live outside the EU/EEA).
Your report and your details may be held on the secure servers hosted by NAVEX; may be transferred to NAVEX sub-processors outside your location for service and support or translation and interpretation purposes; and may be passed on to the servers of your organization, subject to appropriate safeguards.
Some countries restrict reports such that only employees in key or management functions may be the subject of a report. In some countries, anonymous reports may not be permitted under the law except under extremely restrictive circumstances.
Further, any issues or concerns relating to topics not in scope to be reported via this service for a particular country or jurisdiction should be reported directly to your Manager or Supervisor or a representative of the Human Resources, Legal or Corporate Compliance Departments as appropriate.