Privacy Notice

Whistleblowing Solutions AB (“Whistlelink” or “We”) is a private company and the provider of the web-based whistleblowing solution Whistlelink.

We at Whistlelink are committed to protecting your personal integrity and want you to feel safe when using our products and services. With this privacy policy, we want to make sure that you understand how we process your personal data and how we ensure that the personal data processing carried out by Whistlelink is done in a responsible manner in accordance with applicable law, including the General Data Protection Regulation (the “GDPR“). This privacy policy also describes your rights as a data subject and how these rights can be exercised.

Please note this Privacy Notice ONLY applies to how we process the personal data of visitors to this website, www.www.whistlelink.com. To see how we process data that results from the use of the Whistlelink platform, read our Data Processing Agreement.

Hereafter, we will describe the processing of personal data performed or otherwise controlled by Whistlelink as a company. If you have any questions about how your personal data is processed, you can contact us via the contact details below in section 11.

1. What does personal data processing mean?

Personal Data‘ is any information that may be directly or indirectly attributed to you. For example, your name, social security number, address, picture, e-mail and IP address. Even information which cannot in itself identify you may be personal data if this can be attributed to you in combination with other information.

’Controller’ is the organisation that decides on the purposes and means of processing personal data, i.e. how and why personal data processing is done.

‘Data Processing’ means all actions taken with your personal data. For example, collection, registration, storage, alteration, processing, structuring, destruction, etc.

2. Who is responsible for the processing?

Whistleblowing Solutions AB is the controller for the processing of personal data carried out by us or on our behalf. This means that we decide how and why your personal data is processed.

3. What we collect and why?

Whistlelink mainly collects personal data which is necessary for you to be able to use our products or services, for example customer representative data for promoting, offering and subsequently providing Whistlelink to you as a customer. This means that all or part of our products and service will not be usable if you do not want us to process your personal data.

Newsletters and offers. If you have chosen to receive news and offers from us, we will ask you to provide your name and e-mail. We may also process, purchase history, purchase and user generated data (click history) and place of residence/country, as from time to time may be provided by you, in order to send out information about our news and offers that may be of interest to you. All communication from Whistlelink to you via e-mail will always include a link in which you can choose to unsubscribe to future communication.

Marketing. We may use your contact details, such as e-mail address and phone number, to market other companies and their products, however we will never share this information for marketing from others without your prior consent. We may also use your contact information and the information that you are interested in our products and services for the purpose of marketing on social media.

Improvement and development of the service. When you visit the website, we process information about your place of residence, click and visit history, technical data from the devices you used (i.e. IP address, operating system, language, browser setting) and information about where you are when you visit our website, how long you have visited different parts of the website and if you have encountered any technical problems. We do this to improve our services and the website.

Purchases and subscriptions. When you make a purchase or place an order for a subscription, we may ask you to provide your name, address, telephone number, e-mail and credit information. We do this so that we can provide the services and access to the Whistlelink platform and so that you can choose between different payment methods.

Customer service. When you contact our customer service with questions or for other support, we process your name, address, e-mail, telephone number, previous messages and notes on the matter, information about the specific purchase/subscription and other information that you provide us with and that may be relevant to your matter. This personal data is processed so that we can offer you the best possible customer service and to ensure that it is you who executed the purchase/subscription that the matter concerns.

Preventing crime and misuse. We collect data about your click and visitor history, technical data from the devices you used to visit our website (i.e. IP address, operating system, language, browser setting) and information about your customer service matters. We do this to prevent and investigate fraud and other crimes, as well as to improve the security of our services.

Whistlelink’s legal obligations. We may process data about your name, contact information, payment history/information, information about your purchases and customer service matters in order to fulfil our legal obligations according to, among other things, the Swedish Accounting Act, the Swedish Money Laundering Act and laws and regulations on product liability and product safety.

Most of the data above, Whistlelink collects directly from you. We may also collect your address information from public records and credit information from credit bureaus and banks.

4. What are our legal grounds for the processing?

We always process your personal data in accordance with current legislation, including the GDPR. According to the GDPR, the processing of personal data must rely on one or more lawful bases:

Legitimate interest. When we process your personal data in order to be able to send you information about news and offers, provide marketing, improve and develop the service, provide customer service and to prevent crime and misuse of the service, we do so on the basis of our legitimate interests in processing your personal data in a way which can be expected in the running of Whistlelink. In concluding that an interest of ours is legitimate, we always take into account the negative and positive effects of the processing on your rights, freedoms and interest of privacy.

Legal obligations. As for processing that is carried out because it is necessary to fulfil a legal obligation, we do this in order for Whistlelink to be able to fulfil an obligation set out in law or a governmental authority decision.

Consent. In certain cases, we may ask you to provide your consent for personal data processing, for example if we would like to share your personal data with another company. In such case we will inform you about what personal processing you are consenting to, why and how you can withdraw your consent.

If we are to process your personal data for any purpose other than those mentioned above, we will inform you of this.

5. Do you use cookies?

What are cookies?
A cookie is a small text file which is stored on the device you use to visit the website. The cookie enables the website to recognise and collect information about your device, browser, IP-address, operating system and visited websites or functions used.

The information collected cannot identify you as a person and will only identify the device you are using.

Why do we use cookies?
Most websites use cookies, and some cookies are even necessary to make the website function as intended. Cookies can also be used to gather information for the purposes of improving the website, tailoring adverts and content on the website and evaluating the success of campaigns or advertising on the website.

How can I accept or reject the use of cookies?
When you enter our website, you will have a choice to use only the necessary cookies, some additional cookies or all cookies. If you choose not to accept any additional cookies, this information will be saved as a cookie. If you accept additional cookies these will be set to collect the information for the purpose described, however, never to collect your personal data.

All browsers allow you to reject cookies in the browser settings – these will vary depending on your browser. Note that a rejection of all cookies may affect the functionality of the website since no information can be collected from your device.

What cookies do we use and why?

Below you will see the cookies currently being used on Whistlelink’s websites. We will not add any new cookies without informing you first.

Cookies 25th of April 2022

Name PurposeData OwnerProviderLifetimeThird Party Privacy Policy
NECESSARY
_cfuidThe cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.WhistlelinkCloudflare1 monthcloudlfare.com/
elementorUsed in context with the website's WordPress theme. The cookie allows the website owner to implement or change the website's conten t in real-time.WhistlelinkElementor/WordpressPersistentwordpress.com/
PREFERENCES
langThis cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.LinkedInads.linkedin.comSessionhttps://www.linkedin.com/legal/cookie-policy
cookie_consentRemember if a visitor has accepted or rejected the use of cookiesWhistlelinkApsis1 yearhttps://apsis.se/about-us/policies/privacy-policy
FPKSCoA7oEU6Qht8ApsisApsis1 yearhttps://apsis.se/about-us/policies/privacy-policy
STATISTICS
_gaThis cookie is installed by Google Analytics.The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.Google AnalyticsGoogle Analytics2 yearshttps://policies.google.com/privacy
_gatUsed by Google Analytics to throttle request rateGoogle AnalyticsGoogle Analytics1 dayhttps://policies.google.com/privacy
_gidThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.Google AnalyticsGoogle Analytics1 dayhttps://policies.google.com/privacy
MARKETING
bscookieThis cookie is a browser ID cookie set by LinkedIn share Buttons and ad tags.LinkedInLinkedIn2 yearshttps://www.linkedin.com/legal/cookie-policy
bcookieUsed by the social networking service, LinkedIn for tracking the use of embedded services.LinkedinLinkedin2 yearshttps://www.linkedin.com/legal/cookie-policy
lidcThis cookie is set by LinkedIn and used for routing.LinkedinLinkedin1 dayhttps://www.linkedin.com/legal/cookie-policy
UserMatchHistoryLinkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.LinkedinLinkedin1 monthhttps://www.linkedin.com/legal/cookie-policy
_fbpThis cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.WhistlelinkFacebook3 monthshttps://developers.facebook.com/docs/facebook-pixel/using-the-pixel
frThe cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social pluginFacebookFacebook3 monthshttps://developers.facebook.com/docs/facebook-pixel/using-the-pixel
Intercom-session-(app-id)Keeping track of sessionsIntercomIntercom1 week https://www.intercom.com/help/en/articles/2361922-intercom-messenger-cookies
intercom-id-(app-id)Uniqe anonymous identifierIntercomIntercom9 monthshttps://www.intercom.com/help/en/articles/2361922-intercom-messenger-cookies
_lfaThe Tracker cookie is set for the website domain only and is used to set a unique identifier to separate different visitors. The cookie is called _lfa. Leadfeeder does not use any 3rd party cookies.WhistlelinkLeadfeeder2 yearshttps://www.leadfeeder.com/privacy/
6. For how long is my personal data stored?

The personal data we collect about you will be stored for as long as it is necessary, i.e. until payment and delivery of a purchase is completed or the customer service matter is closed. We also store all personal data up to 24 months after it has been collected to ensure that you can get access to purchase history, to follow up on certain matters and to be able to investigate and prevent fraud.

If you choose to unsubscribe to a newsletter or other communication from us, we will store your e-mail address to ensure that we will comply with your request.

Please note that certain personal data must be stored for a longer period if it is required by law. No personal data attributable to you will be stored for longer than what is necessary or in a manner incompatible with current legislation.

7. Do you share my personal data?

In order for us to offer you our services and products, it will in some cases be necessary for us to share your personal data with other companies. Companies that process your personal data on our behalf and according to our instructions are called processors. The processor will always enter into a data processing agreement with us to ensure that a high level of protection is maintained for your personal data.

We use processors to handle your payment (payment service providers and banks), to market our services (media agencies, advertising agencies etc.) and for our IT services (operation and technical support of the website and other IT systems).

In some cases, we will share your personal data with companies that are considered independent controllers once they have taken part of your personal data. This means that we no longer determine how your personal data is being processed. This is the case, for example, when you click on an affiliate link which will take you to another website. This is also the case when we share your personal data with companies that offer payment solutions. This privacy notice only contains information of how Whistlelink processes your personal data, so we encourage you to read the privacy notice on the other websites you visit.

We may also share personal data with a third party (such as the police, the tax authority or any other authority) in the case of a criminal investigation or if we are otherwise obliged to provide such information under law or a governmental decision.

8. Third Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:

  • Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.
9. Where is my personal data processed?

Whistlelink strives to only process your personal data within the EU/EEA. Even though our IT systems and servers are located within the EU/EEA, your information may need to be shared with a supplier or a subcontractor outside the EU/EEA, for example for support of our IT systems. If so, we will take the necessary steps to ensure that your data is processed at the same level of protection as within the EU/EEA. If you have any questions about the security measures taken, you are welcome to contact us.

10. What are your rights?

Right to information. You have the right to be informed about how your personal data is processed and why. This information is provided through this privacy policy and when your personal data is collected.

Right to access. You have the right to request access to the personal data processed about you at any time in accordance with GDPR.

Right to rectification. You have the right to have inaccurate personal data about you corrected.

Right to deletion. In some cases, you have the right to request that we delete your personal data.

Right to restriction. You have the right to restrict our processing of your personal data through unsubscribing to our newsletter or amending your cookie settings in your browser.

Right to data portability. In some cases, you can request for your data to be provided to you in a portable format and to transmit this to another controller.

Right to object. You have the right to object to Whistlelink’s processing of your personal data.

If you wish to exercise any of your rights or if you have any questions on Whistlelink’s processing of your personal data, please contact us via the contact details below.

You also have the right to submit a complaint to your relevant supervisory authority for data protection, (in Sweden, the data protection authority is “Integritetsskyddsmyndigheten”), at any time if you believe that your personal data is being processed in violation of the applicable data protection legislation.

11. How do you contact us?

The controller for processing your personal data is Whistlelink. If you have any questions about how we process your personal data, please contact us via the following contact information:

Whistleblowing Solutions AB

Norrgatan 10
432 56 Varberg
Sweden

dpo@whistlelink.com