Whistleblowing-channel

1. Controller

Appmore Ltd
Address: Keilaranta 02150 Espoo Finland
Contact person: Kai Lempinen (CEO)

2. Purpose and Legal Basis of Processing

The Whistleblowing Channel is established to provide all employees of Appmore, as well as external stakeholders, a confidential means to report suspected cases of wrongdoing. Personal data must be processed to investigate these reports and to determine and implement any necessary actions.

Appmore is committed to protecting the privacy of individuals and will only use personal data collected through the Whistleblowing Channel in accordance with data protection laws and good practices. Misuse of the Whistleblowing Channel is prohibited and may result in legal action.

Legal Basis:

• The processing of whistleblowers’ personal data is based on their consent (GDPR, Art 6.1(a) and Art 9.2(a)).
• The processing of personal data regarding the subjects of whistleblowing reports and those handling the reports is based on Appmore’s legitimate interest (GDPR, Art 6.1(f)). This is in line with Directive (EU) 2019/1937, which governs the protection of individuals reporting breaches of Union law.
• The processing of special categories of personal data is necessary to fulfill legal obligations in the field of employment law (GDPR, Article 9.2(b)).

3. Data Sources

Whistleblowers may include employees of Appmore or external stakeholders. Information relevant to investigating wrongdoing may also be collected from other individuals or organizations involved in the case.

4. Categories of Data Subjects and Data

• Whistleblowers: Reports may be submitted anonymously, though some whistleblowers choose to include personal information (such as name, location, financial data, or multimedia).

• Subjects of Reports: Reports of wrongdoing may contain personal details about the subjects (such as name, location, financial data, or multimedia), behavior, and other circumstances, including sensitive personal data such as health information.

• Processors: Personal data collected from individuals handling whistleblowing reports include name, title, usernames, and log data.

5. Access to and Disclosure of Personal Data

Only employees assigned by Appmore to investigate reports of wrongdoing have access to the data. The whistleblowing channel is managed by Appmore. We ensure data is handled in accordance with relevant data protection laws.

Personal data may be disclosed to authorities or third parties, such as external auditors, in accordance with the law.

6. Data Storage Periods

As a general rule, data is stored for no longer than two (2) years after the investigation concludes. However, longer retention may be required due to legal obligations, such as criminal or occupational safety regulations.

8. Rights of Data Subjects

Data subjects have the right to:

• Request confirmation of whether their data is being processed and access to that data.
• Request the rectification of their personal data.
• Request restriction of the processing of their data under certain conditions (GDPR, Art 18).
• Lodge a report with the Data Protection Officer.

Additionally, they can:

• Request the erasure of their personal data.
• Withdraw their consent at any time if the processing is based on consent.
• Object to the processing of their personal data if it is based on legitimate interest (GDPR, Art 21).

Data subjects can request access to their data or exercise their other rights by contacting [email protected]. Verification of identity is required for data access requests.

9. Enquiries Concerning the Processing of Personal Data

For questions regarding personal data processing, please contact [email protected].