Your personal data will be processed for the following purposes:

1. to handle reports, including their receipt, verification, and clarification, based on the controller’s legal obligations under applicable law – pursuant to Article 6(1)(c) GDPR;
2. to handle reports, including their receipt, verification, and clarification, in accordance with internal company procedures beyond those required by law – based on the controller’s legitimate interest in ensuring compliance with the company’s internal standards and procedures (Article 6(1)(f) GDPR).

Your personal data may be shared with: entities authorized under applicable laws, entities processing data on behalf of the controller to support its day-to-day business operations (subcontractors, suppliers, including providers of external systems). Such entities process personal data on the basis of a contract with the controller and only under the controller’s instructions.

Your personal data will not be transferred outside the EEA.

Your personal data will be retained for the period required by applicable law and for the period necessary to demonstrate the controller’s accountability in handling and recording reports.

In relation to the processing of your personal data, you have the right to:

1. access your personal data and request rectification;
2. request the erasure of your data, under the conditions provided in Article 17 GDPR;
3. request restriction of processing, under the conditions provided in Article 18 GDPR;
4. object to processing under the conditions set out in Article 21 GDPR.

If you believe that the processing of your personal data does not comply with applicable law, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

Providing your personal data is mandatory under the internal regulations adopted by the controller.

We do not make any decisions that significantly affect you through automated means, including profiling.