Privacy Policy

Your data is safe, WhistleLine guarantees the anonymity of the Whistleblower


This Privacy Policy applies to personal data ("Data") that we collect from you for the purpose of providing you with the products and services we offer.

We attach particular importance to the protection of your personal data, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as the Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data.

By using our website or by providing us with your Data when requesting information, commercial offers, directly or through our partners, you accept the practices described in this Privacy Policy. If you do not agree with the terms of this policy, please do not use our website or provide us with your Data. In this case, you agree that you will not receive the full range of services and benefits offered by WhistleLine.

Contact details of the data controller

WHISTLELINE® is a registered trademark of the SRL GDPR Agency.

GDPR Agency SRL (hereinafter: "WHISTLELINE"), whose registered office is located at Chemin du Cyclotron 6, 1348 LOUVAIN-LA-NEUVE (Belgium) and registered with the Crossroads Bank for Enterprises under the number (BE) 0673.492. 972, is responsible for the processing of personal data that you provide to us directly via our website WHISTLELINE.EU as well as via the platforms and other tools made available to you by WHISTLELINE, directly when contacting WHISTLELINE or indirectly via a request for a quote from a partner.

What data do we collect, for what purpose and on what legal basis?

This is the Data that you communicate to us on the one hand within the framework of the services that we provide, in particular through the forms offered on the WHISTLELINE.EU website, and on the other hand through cookies deposited by us or more generally by third party services.

Contact form

The purpose of this form is to allow you to send questions about our services. We will only use the Data from this form for the purposes of your enquiry and for as long as is necessary to provide you with the appropriate answers.

Via this form, the following data can be collected: first name, last name, email address, the subject of the request and a free message from the author.

The legal basis for this processing is the execution of a pre-contractual measure.

Reporting an infringement

The reporting of an infringement within the meaning of Directive (EU) 2019/1937 of 23 October 2019, the follow-up and investigation of these reports as well as the support of Whistleblowers constitutes the main purpose of WHISTLELINE.

The reporting of a violation is implemented by the collection of all ad hoc information via the reporting form available through a non-mediated address (URL). This address is expressly communicated by the organisation that has entrusted WHISTLELINE with the management of its internal reporting channel.

In order to ensure its complete independence in the follow-up and investigation of these reports, WHISTLELINE claims the role of Data Controller throughout the procedure.

In this respect, we collect the following Data: alias, surname, first name, email address, password, telephone or mobile number, preferred time for being called, field of activity to which the report relates, free description of the report.

The legal basis for all the processing carried out in the context of the follow-up and investigation of reports is the consent of the author (the Whistleblower). The author must therefore be aware that withdrawal of consent immediately annuls the procedure

Website maintenance and event logging

We collect the author's metadata (i.e. IP addresses and browser) to ensure the security of our website and the logging of events.

The legal basis for this processing is our legitimate interest.

Managing Cookies

This website uses cookies.

A cookie is a small file sent along with the pages of a website and stored by the browser on the hard drive of your computer, tablet or phone. The information it contains can be sent back to the site's servers during a subsequent visit and thus allow the author of the website to trace the activity of the Internet user.

It should be noted that behind the term "cookies" we also consider any other technical tracking process such as "scripts" in general. A script is a piece of programming code used to make a website work interactively. Finally, "web beacons" or "spy pixels" or "social media cookies" are also cookies.

Cookies allow us to personalise content and provide features necessary for a website to function properly, such as checking a shopping cart or remembering a language choice. Some cookies may be placed or controlled by third parties (partners or subcontractors) for marketing targeting purposes.

WHISTLELINE limits the use of Cookies as much as possible and refrains from using third party Cookies of a marketing type or that profile you. Therefore, the vast majority of the Cookies deposited by WHISTLELINE are technical Cookies necessary for the proper functioning of the website.

For detailed information about the cookies deposited by WHISTLELINE, please consult our policy Gestion des Cookies.

How long do we keep your data?

We will retain your Data for as long as is necessary for the purposes for which it was collected and in accordance with applicable law.

At the end of the retention period, the Data is anonymised and the metadata is retained for statistical purposes.

  • Contact form
    Your Data is kept for the time necessary to respond to your request.
  • Reporting an infringement
    Your Data is retained for 9 months to cover the three-stage period as described within the General Terms and Conditions of Reporting. Your Data is then archived for a period of 3 years in order to cover possible legal claims. It is however destroyed before this period in the event of request by the Whistleblower.
  • Website maintenance and event logging
    Your Data is retained for 6 months from registration.

To whom may your data be transmitted?

Your Data may be communicated to other companies belonging to WHISTLELINE for the purposes mentioned above.

In very special circumstances, data may be passed on to highly specialised technical subcontractors (e.g. in relation to the transit of confidential e-mails). In this case the data is encrypted.

In order to manage the reports brought to our attention, we use the TUTANOTA platform. We refer you to the TUTANOTA webpage ( for more information on how they process personal data.

Data related to reports are confidential and may only be partially passed on in an anonymised form as part of the investigation procedure to the managers of the organisation that has entrusted its internal report channel to WHISTLELINE. In this case, the data is filtered according to the need to know principle. Confidentiality can only be lifted with the consent of the author of the report (the Whistleblower).

What are your rights

  • Right of access: you have the right to consult your Data at any time and free of charge,
  • Right of rectification: you have the right to demand that incorrect Data be corrected and that inappropriate or no longer necessary Data be deleted. We would like to point out that you are obliged to check the accuracy of the Data you provide at any time.
  • Right to erasure: If you no longer wish your Data to be processed and you are eligible to request the right to erasure, we will remove your Data from our database.
  • Right to portability: where appropriate, you will also have the right to the portability of your Data in accordance with the applicable data protection legislation.
  • Right to object: you have the right to object to any use of your Data for prospecting purposes.
  • Right to limit the processing: finally, you have the right to obtain from WHISTLELINE the limitation of the processing of your Data, in accordance with the applicable legislation on Data protection.

How to assert your rights

By sending an email to or a letter to the registered office of:

Chemin du Cyclotron, 6

You can also contact our Data Protection Officer (DPO) by email at or a letter to

GDPR Agency
For the attention of the DPO
Chemin du Cyclotron, 6
1348 Louvain-la-Neuve

What happens in the event of a dispute?

If you believe that we are in breach of any of our legal and/or contractual obligations, please contact us by email at We will make every effort to follow up with you as soon as possible.

Any claim, complaint or grievance shall be addressed to WHISTLELINE registered office.

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority.

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority in your country, a list of which is available here:

You can also contact the Belgian supervisory authority on which WHISTLELINE depends ("Lead" authority):

The Belgian supervisory authority is
Rue de la Presse 35
1000 Brussels

Information about children

As a general rule, we do not intentionally collect personal information from children under the age of 13. If we discover that we have inadvertently collected information from children under the age of 13, we will take steps to delete the information as soon as possible, unless we are required by applicable law to retain it.

Where we know that a child is over the age of 13 but is considered a minor under applicable law, we will obtain parental/guardian consent before using that child's personal information.

Links to other websites and services

Our sites may contain links to third party sites, and some of our services give you access to third party services (such as social networks).

We have no control over how third party websites and services handle your personal information. We do not review third party sites and services, and we are not responsible for those third party sites and services or their privacy practices. Please read the privacy statements of any third party sites or services you access from our websites or services.


We have developed appropriate technical and organisational security rules to prevent the destruction, loss, falsification, modification, unauthorised access, accidental disclosure to third parties and any other unauthorised processing of Data.

Limitation of liability clause

WHISTLELINE's liability will be limited to direct damages, to the exclusion of any indirect damage. WHISTLELINE can never be held liable for damages that are considered indirect, such as, but not limited to, loss of Data, financial or commercial prejudice, loss of profits, increase in general costs, disruption of schedules.

Furthermore, WHISTLELINE cannot be held responsible for any damage resulting from illegitimate manipulation of the Data by third parties (theft of Data, viruses, phishing or other computer crimes).

We would also like to point out that links to the Website may contain hyperlinks and other references to other websites which we do not operate or control and to which these provisions do not apply. We are not responsible for the content of these websites or for the offers, products and services provided by them. We therefore recommend that you carefully read the privacy policy of each website you visit, as this policy may differ from this one.

Applicable law and jurisdiction

These provisions shall be governed, interpreted and enforced in accordance with Belgian law, which shall be the only applicable law in the event of a dispute.

Any dispute that cannot be settled amicably within a period not exceeding one month from the date of its occurrence, which period may be extended by mutual agreement, may be brought by the most diligent party before the French-speaking Courts and Tribunals of the judicial district of Nivelles (Belgium), which shall have sole jurisdiction.

Date of entry into effect

This policy was created and became effective on 21.07.2022. We reserve the right, at our sole discretion, to change, modify, add or remove portions of this policy at any time.