Your data is safe, WhistleLine guarantees the anonymity of the Whistleblower
We attach particular importance to the protection of your personal data, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as the Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data.
Contact details of the data controller
WHISTLELINE® is a registered trademark of the SRL GDPR Agency.
GDPR Agency SRL (hereinafter: "WHISTLELINE"), whose registered office is located at Chemin du Cyclotron 6, 1348 LOUVAIN-LA-NEUVE (Belgium) and registered with the Crossroads Bank for Enterprises under the number (BE) 0673.492. 972, is responsible for the processing of personal data that you provide to us directly via our website WHISTLELINE.EU as well as via the platforms and other tools made available to you by WHISTLELINE, directly when contacting WHISTLELINE or indirectly via a request for a quote from a partner.
What data do we collect, for what purpose and on what legal basis?
This is the Data that you communicate to us on the one hand within the framework of the services that we provide, in particular through the forms offered on the WHISTLELINE.EU website, and on the other hand through cookies deposited by us or more generally by third party services.
The purpose of this form is to allow you to send questions about our services. We will only use the Data from this form for the purposes of your enquiry and for as long as is necessary to provide you with the appropriate answers.
Via this form, the following data can be collected: first name, last name, email address, the subject of the request and a free message from the author.
The legal basis for this processing is the execution of a pre-contractual measure.
Reporting an infringement
The reporting of an infringement within the meaning of Directive (EU) 2019/1937 of 23 October 2019, the follow-up and investigation of these reports as well as the support of Whistleblowers constitutes the main purpose of WHISTLELINE.
The reporting of a violation is implemented by the collection of all ad hoc information via the reporting form available through a non-mediated address (URL). This address is expressly communicated by the organisation that has entrusted WHISTLELINE with the management of its internal reporting channel.
In order to ensure its complete independence in the follow-up and investigation of these reports, WHISTLELINE claims the role of Data Controller throughout the procedure.
In this respect, we collect the following Data: alias, surname, first name, email address, password, telephone or mobile number, preferred time for being called, field of activity to which the report relates, free description of the report.
The legal basis for all the processing carried out in the context of the follow-up and investigation of reports is the consent of the author (the Whistleblower). The author must therefore be aware that withdrawal of consent immediately annuls the procedure
Website maintenance and event logging
We collect the author's metadata (i.e. IP addresses and browser) to ensure the security of our website and the logging of events.
The legal basis for this processing is our legitimate interest.
A cookie is a small file sent along with the pages of a website and stored by the browser on the hard drive of your computer, tablet or phone. The information it contains can be sent back to the site's servers during a subsequent visit and thus allow the author of the website to trace the activity of the Internet user.
It should be noted that behind the term "cookies" we also consider any other technical tracking process such as "scripts" in general. A script is a piece of programming code used to make a website work interactively. Finally, "web beacons" or "spy pixels" or "social media cookies" are also cookies.
Cookies allow us to personalise content and provide features necessary for a website to function properly, such as checking a shopping cart or remembering a language choice. Some cookies may be placed or controlled by third parties (partners or subcontractors) for marketing targeting purposes.
For detailed information about the cookies deposited by WHISTLELINE, please consult our policy Gestion des Cookies.
How long do we keep your data?
We will retain your Data for as long as is necessary for the purposes for which it was collected and in accordance with applicable law.
At the end of the retention period, the Data is anonymised and the metadata is retained for statistical purposes.
- Contact form
Your Data is kept for the time necessary to respond to your request.
- Reporting an infringement
Your Data is retained for 9 months to cover the three-stage period as described within the General Terms and Conditions of Reporting. Your Data is then archived for a period of 3 years in order to cover possible legal claims. It is however destroyed before this period in the event of request by the Whistleblower.
- Website maintenance and event logging
Your Data is retained for 6 months from registration.
To whom may your data be transmitted?
Your Data may be communicated to other companies belonging to WHISTLELINE for the purposes mentioned above.
In very special circumstances, data may be passed on to highly specialised technical subcontractors (e.g. in relation to the transit of confidential e-mails). In this case the data is encrypted.
In order to manage the reports brought to our attention, we use the TUTANOTA platform. We refer you to the TUTANOTA webpage (https://tutanota.com) for more information on how they process personal data.
Data related to reports are confidential and may only be partially passed on in an anonymised form as part of the investigation procedure to the managers of the organisation that has entrusted its internal report channel to WHISTLELINE. In this case, the data is filtered according to the need to know principle. Confidentiality can only be lifted with the consent of the author of the report (the Whistleblower).
What are your rights
- Right of access: you have the right to consult your Data at any time and free of charge,
- Right of rectification: you have the right to demand that incorrect Data be corrected and that inappropriate or no longer necessary Data be deleted. We would like to point out that you are obliged to check the accuracy of the Data you provide at any time.
- Right to erasure: If you no longer wish your Data to be processed and you are eligible to request the right to erasure, we will remove your Data from our database.
- Right to portability: where appropriate, you will also have the right to the portability of your Data in accordance with the applicable data protection legislation.
- Right to object: you have the right to object to any use of your Data for prospecting purposes.
- Right to limit the processing: finally, you have the right to obtain from WHISTLELINE the limitation of the processing of your Data, in accordance with the applicable legislation on Data protection.
How to assert your rights
By sending an email to email@example.com or a letter to the registered office of:
Chemin du Cyclotron, 6
You can also contact our Data Protection Officer (DPO) by email at firstname.lastname@example.org or a letter to
For the attention of the DPO
Chemin du Cyclotron, 6
What happens in the event of a dispute?
If you believe that we are in breach of any of our legal and/or contractual obligations, please contact us by email at email@example.com. We will make every effort to follow up with you as soon as possible.
Any claim, complaint or grievance shall be addressed to WHISTLELINE registered office.
If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority.
If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country, a list of which is available here:
You can also contact the Belgian supervisory authority on which WHISTLELINE depends ("Lead" authority):
The Belgian supervisory authority is
AUTORITÉ DE PROTECTION DES DONNÉES (DATA PROTECTION AUTHORITY)
Rue de la Presse 35
Mail : CONTACT@APD-GBA.BE
Information about children
As a general rule, we do not intentionally collect personal information from children under the age of 13. If we discover that we have inadvertently collected information from children under the age of 13, we will take steps to delete the information as soon as possible, unless we are required by applicable law to retain it.
Where we know that a child is over the age of 13 but is considered a minor under applicable law, we will obtain parental/guardian consent before using that child's personal information.
Links to other websites and services
Our sites may contain links to third party sites, and some of our services give you access to third party services (such as social networks).
We have no control over how third party websites and services handle your personal information. We do not review third party sites and services, and we are not responsible for those third party sites and services or their privacy practices. Please read the privacy statements of any third party sites or services you access from our websites or services.
We have developed appropriate technical and organisational security rules to prevent the destruction, loss, falsification, modification, unauthorised access, accidental disclosure to third parties and any other unauthorised processing of Data.
Limitation of liability clause
WHISTLELINE's liability will be limited to direct damages, to the exclusion of any indirect damage. WHISTLELINE can never be held liable for damages that are considered indirect, such as, but not limited to, loss of Data, financial or commercial prejudice, loss of profits, increase in general costs, disruption of schedules.
Furthermore, WHISTLELINE cannot be held responsible for any damage resulting from illegitimate manipulation of the Data by third parties (theft of Data, viruses, phishing or other computer crimes).
Applicable law and jurisdiction
These provisions shall be governed, interpreted and enforced in accordance with Belgian law, which shall be the only applicable law in the event of a dispute.
Any dispute that cannot be settled amicably within a period not exceeding one month from the date of its occurrence, which period may be extended by mutual agreement, may be brought by the most diligent party before the French-speaking Courts and Tribunals of the judicial district of Nivelles (Belgium), which shall have sole jurisdiction.
Date of entry into effect
This policy was created and became effective on 21.07.2022. We reserve the right, at our sole discretion, to change, modify, add or remove portions of this policy at any time.