How it works? | What is Whispli?

EN
FRENCH ENGLISH CHINESE CZECH DANISH DUTCH FINNISH GERMAN HUNGARIAN ITALIAN KOREAN MALAYSIAN NORWEGIAN POLISH PORTUGUESE ROMANIAN SLOVAK SPANISH SWEDISH THAI
Powered by
Data privacy policy
Data controller

A whistleblowing system has been set up within Lyreco Group. Lyreco SAS is the data controller for the personal data collected via the whistleblowing system and complies with applicable laws and regulations related to personal data protection, including the General Data Protection Regulation 2016/679 (EU) of 27 April 2016 ("GDPR").

Purpose and legal basis of the processing

Personal data processing is implemented in order to collect and process reports made via the whistleblowing system and aimed at revealing an ethical breach. Such data will be processed by Lyreco for the purpose of complying with its legal obligations and also for its legitimate interests.

Recipients of alerts

Only authorised persons within Lyreco Group, and its subcontractors or service providers if any, bound by a dedicated confidentiality commitment, have access to personal data received via an alert. Lyreco may also disclose personal information to third party regulatory organizations or courts, subject to applicable laws or regulations.

Personal data processed

By submitting a report, the whistleblower allows personal data to be collected and processed as part of the whistleblowing system. Only the personal data and information necessary for the processing of an alert will be collected and processed, which may include :
- identity, functions and contact details of the whistleblower ;
- identity, functions and contact details of persons(s) who are the subject of the alert ;
- identity, functions and contact details of the persons involved in the collection or processing of the alert ;
- the facts reported by the whistleblower ;
- information collected when verifying the reported facts ;
- potential reports drafted after the investigations ;
- follow-up action.

Data retention periods

Personal data relating to alerts, which fall outside the scope of the whistleblowing system, will be destroyed or anonymized with immediate effect.

When an alert does not result in disciplinary or legal action, all related personal data will be anonymized or destroyed within two months as from the end of the investigation.

When an alert results in disciplinary or legal action, all related personal data will be retained until the end of the relevant proceedings or the expiry of the statute of limitation period.

When required by law, Lyreco may store certain personal data for longer periods. This data will be stored in a dedicated archive with limited access rights.

Rights

As a data subject, the whistleblower or any person involved in a report has a right of access, rectification, deletion, limitation and/or opposition, under the conditions provided for by the applicable laws and regulations, which can be exercised at the following address : [email protected]. Any data subject also has a right to complain to the national data protection authority.

Transfers of personal data outside the European Union

When processing an alert, personal data may be transferred outside the European Union, to persons assigned to process this alert. Not all countries provide the same level of protection as the European Union. Where these countries do not provide an adequate level of data protection, Lyreco will put in place appropriate measures or contractual safeguards to ensure that personal data is protected according to applicable regulation, including the GDPR.

In the event of any conflict between this data privacy policy and applicable data protection laws and regulations, the provisions of applicable data protection laws and regulations shall prevail.