Privacy Statement – SpeakUp®
About SpeakUp®
Your organisation has chosen to make the SpeakUp® whistleblowing and reporting platform developed by People Intouch B.V. (“we,” “us,” “our”) available to you. Within SpeakUp®, you can leave an (anonymous) report and start a safe and secure conversation with your organisation. Personal data is processed when using SpeakUp®. Personal data, in this context, means any data by which you can be directly or indirectly identified.
As People Intouch B.V. is based in the Netherlands in the European Union (EU), we are committed to the EU GDPR (General Data Protection Regulation), which is one of the most comprehensive personal data protection regulations in the world. We generally act as the data processor when providing our services to your organisation, as we primarily process personal data on behalf of your organisation. We take this role seriously and understand the importance of handling your personal data with care.
Your Organisation
Your organisation is primarily responsible for the processing of your personal data via SpeakUp®. Therefore, your organisation qualifies as a data controller. If you have any questions concerning SpeakUp® and how your personal data will be processed, please contact your organisation and check their SpeakUp®/Whistleblowing policy.
We want you to feel safe while using SpeakUp® and would like to inform you about the security measures in more detail.
What Happens to a Report Left via SpeakUp®?
The content of a report is shared with your organisation and will only be used and processed for the purposes for which SpeakUp® is intended by your organisation. Reports are always shared with your organisation in written form. Audio reports are transcribed before they are shared, and the audio file is deleted automatically.
Anonymity
When leaving a report via SpeakUp®, you can decide to share your identity with your organisation or remain anonymous. If you share personal details in your report, these will be processed by your organisation when handling your report. While SpeakUp® does process personal data, SpeakUp® ensures that without your consent, your organisation will not be able to know from whom the report originated.
Your organisation instructs us, as the data processor, to process certain personal data but also explicitly instructs us to destroy all relevant connection data that might identify you as an individual and to block any access of your organisation to this personal data.
Which Data is Processed?
Generally, two categories of personal data are processed:
1. Personal data provided by you (e.g., report information, name, and email); and
2. Personal data automatically collected when you use SpeakUp®.
SpeakUp® is designed in such a way that you are in complete control of what you will report and when. There is no pressure to give more information to your organisation than intended. You will be able to leave a misconduct report without compulsory forms.
Why is Personal Data Processed When Using SpeakUp®?
Generally, personal data is processed to provide you with all functionalities of SpeakUp®.
Your Organisation
For your organisation, the processing of personal data via SpeakUp® might be necessary:
– For the legitimate interest of your organisation to have a safe system to detect misconduct that otherwise would not be detected;
– For the establishment, exercise, or defence of legal claims by your organisation; and/or
– As required as part of a legal obligation applicable to your organisation because your organisation might have a legal obligation to implement reporting and/or whistleblowing procedures.
People Intouch B.V.
We process personal data as a data controller insofar as it is necessary for the purposes of:
– Establishing a secure (encrypted) connection with your device. We may process the following personal data:
– IP address;
– Session ID;
– Device ID.
– Non-marketing communication (e.g., communicating about issues). We may process the following personal data:
– Email;
– Name;
– Report information.
– To prevent and detect security threats or other fraudulent or malicious activity. We may process the following personal data:
– IP address;
– Session ID;
– Device ID;
– Email;
– Name;
– User-Agent.
This personal data will never be used for any other purpose and will only be saved as long as necessary for the intended purpose.
Data Security
SpeakUp® requires by its nature, scope, context, and purpose of the service very secure, confidential, structured, and closely monitored data management and data processing. For that reason, we have many data protection and data security measures in place and procedures incorporated in our software and hardware IT security programme and in our standard operating procedures (“privacy by design”). SpeakUp® is designed to limit the storage duration of the processed data as much as possible.
SpeakUp® has taken extensive measures to prevent the loss, misuse, or alteration of your personal data. All data is encrypted when transmitted via the SpeakUp® web and the SpeakUp® mobile app.
Cookies
When using the SpeakUp® web, session cookies are used to provide secure communication. This session cookie data will be deleted after two (2) hours. These cookies are necessary for SpeakUp® to function. Legally, these cookies are exempted from the cookie consent requirement. Therefore, we do not ask for your permission to use these cookies but do inform you about their use.
What Are Your Rights?
Generally, your organisation is responsible for safeguarding your rights under applicable data protection laws. Please refer to your organisation’s SpeakUp® policy and/or privacy policy for more information about your data protection rights. To exercise your privacy rights with respect to personal data controlled by us, please feel free to contact us. In addition, you have the right to file a complaint with a supervisory authority at any time. We refer you to this webpage for an overview of the supervisory authorities and their contact details.
Contact Details
People InTouch B.V.
Olympisch Stadion 6
1076 DE Amsterdam
The Netherlands
Modifications
We would like to keep you informed in the best way possible and may amend and change this privacy statement from time to time.
*Last modified: 26 January 2024*