Whistleblowing Data Privacy Policy

Whistleblowing Privacy Policy

Safecall Limited registration number 03769031, whose registered office is at 8th Floor, 100 Bishopsgate, London, EC2N 4AG, its affiliates and subsidiaries (the “Group”, “our”, “us” and “we”) are committed to protecting and respecting your privacy.

This policy (together with our terms and conditions, as well as any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Safecall Limited is based in the UK. Any personal data submitted as part of a report will be processed in the UK and for the purposes of translation services in the EEA.

For the purpose of the UK Data protection Act 2018 and the UK General Data Protection Regulation, Safecall Limited acts as the data processor and your employer acts as the data controller, save in circumstances where Safecall knows your details but withholds them from your employer at your request, or writes a report in such a way as to protect your identity following a request by you to remain anonymous, whereby Safecall Limited shall be regarded as the controller in respect of the data which it withholds from your employer.

Personal Data Definition

Personal data, or personal information, means any information about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymised data).

There are “special categories” of more sensitive personal data which require a higher level of protection.

Information we may collect from you

We may collect, keep a record of and process the following data about you:

Information that you provide by filling in forms on our site (“our site”) or via email or telephone conversations with us. This includes information provided when you complete a whistleblowing report and any follow up correspondence.

Legal basis for processing personal information

The legal basis for collecting and processing your data is for the purposes of providing services to our clients and protecting individuals’ rights and freedoms, so far as we are acting as the controller of data that we keep confidential at your request.

Uses made of the information and disclosure to third parties

The information provided by you will be collated into a whistleblowing report. Unless you request otherwise, all data provided by you, including your name and contact details, will be passed to the senior management within your employer.

We may have to share your data with third parties, including third-party service providers and other entities in the group in order to support our processing. We will only share your personal information with third parties where required by law, where it is necessary to administer the service or where we have another legitimate interest for doing so and they may not use it for any other purposes.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the UK. If we do, you can expect a similar degree of protection in respect of your personal information. Further details can be found below under Cross Border Transfer.

We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of the Group, our customers, or others.

Your rights

Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below:

Right of access – You have the right to obtain a copy of information we hold about you.

Right of rectification or erasure – If you feel that any data that we hold about you is inaccurate; you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data, we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Please note that we may be entitled to retain your personal data despite your request, for example if we are under a separate legal obligation to retain it. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.

Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.

Right to Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.

Right to Object – You have a right to object to our processing your personal data where the basis of the processing is legitimate interest.

Right to Withdraw Consent – You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.

Right of Complaint – You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at www.ico.org.uk/concerns.

To exercise any of these rights in respect of the data we control, you may contact us using the details in the ‘Contact’ section below.

In your request please make clear what data you would like to have changed, whether you would like to have your data suppressed from our database or otherwise let us know what limitations you would like to put on our use of your personal information. For your protection, we may only implement requests in respect of the data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and our records, which will not be removed.

Security and Retention

We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we have in place appropriate technical and organisational security measures to protect your data against loss, misuse, unauthorised access, disclosure or alteration.

We will retain your data for as long as is permitted in light of the purposes for which it was collected. Where we no longer require your data for the purposes for which it was obtained, we will retain it for a period of time which reasonably allows us to comply with our legal and regulatory obligations or if retention is advisable in light of our legal position. Aggregated or anonymised data may be retained for longer.

Cross Border Transfer

We will only send your data outside of the UK to:

  • Follow the instructions of the data controller.
  • Administer and deliver translation services outlined above.
  • Comply with a legal duty.

If we do transfer information outside of the UK, we will make sure that it is protected in the same way as if it was being used in the UK. We will use one of these safeguards:

  • Transfer it to a country with privacy laws that give the same protection as the UK. You can find out more on the UK Government Website:  https://www.gov.uk/data-protection
  • Put in place a contract with the recipient that means they must protect it to the same standards as the UK. You can find out more about this on the European Commission Justice website: https://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Safecall Limited, RTC Loftus House, Colima Avenue, Sunderland, SR5 3XB or emailed to TSU.Cosec@lawdeb.com and info@safecall.co.uk.