Data Protection Notice: Whistleblower Reporting

At the Group, we take data protection and confidentiality seriously, including when it comes to whistleblower reporting. If you decide to issue an anonymous whistle-blower report, we assure you that your personal data will not be collected and processed. 

However, if you decide to share some of your personal information during your reporting, we provide this „Data Protection Notice: Whistleblower Reporting” (hereinafter – Privacy Notice) to answer your most important questions about how we collect, use, and store your data, when you report a whistleblower concern (e.g., possible cases of internal fraud, bribe or corruption, information about a criminal act, administrative misconduct, breach of work duties, professional ethics, legal acts, etc.) through our reporting form. 

The Group is responsible for the processing of personal data collected through the whistleblower reporting form. The Group means any subsidiary, parent or any related undertaking of coretech lt, UAB in Lithuania and/or abroad which, directly or indirectly, through one or more intermediaries, controls coretech lt, UAB, is controlled by coretech lt, UAB or is under common control with the coretech lt, UAB.

1. Why do we collect and how do we use your personal data? 

1.1. Categories of personal data

When you report a whistleblower concern, you may provide us with the following categories of personal data, at your own discretion: name, surname, email address, company name, details of the infringement or concern being reported, the content of your report, attachments to your report (if any), any other information you have decided to share with us. We will also be able to see the date of your report. 

1.2. Purpose 

We collect and process your personal data for the following purposes: to assess and investigate the whistleblower concern you have reported; to communicate with you regarding the status and outcome of the investigation; to take appropriate actions based on the findings of the investigation. 

1.3. Legal basis

The legal basis for processing your personal data is our legitimate interest (Art. 6(1) (f) of the GDPR) in addressing whistleblower concerns and ensuring the integrity of our business operations by preventing any cases of corruption, breaches of legal acts, Group’s internal regulations, work duties, professional ethics, criminal acts, administrative misconduct. 

1.4. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in Section 1.2. of this Privacy Notice, however, no shorter than 5 (five) years from the last decision made when assessing and investigating the whistleblower’s concern. 

2. Confidentiality and disclosure to third parties 

We treat all whistleblower reports with the utmost confidentiality. Unless statutory required by law and necessary for the investigations conducted by regulatory, law enforcement authorities, we will not disclose your personal data to any of the third parties. 

3. Rights

Subject to conditions, limitations, and exceptions established by statutory data protection provisions, GDPR, and other laws provide you with certain rights, regarding your personal data, including access and obtain a copy of your personal data; rectify any inaccuracies in your personal data; erase your personal data in certain circumstances; restrict or object to the processing of your personal data; lodge a complaint with a supervisory authority. 

4. Contact information

If you have any questions or wish to exercise your rights regarding the processing of your personal data outlined in Section 3 of the Privacy Notice, please contact us at  privacy@oxylabs.io.