Privacy notice of the whistleblowing notification channel of JOT Automation
1. Controller
JOT Automation Oy
Elektroniikkatie 17
90590 Oulu, Finland
2. Contact details of the controller
Name: Sirkka Ikonen
Phone: +358 40 301 5055
E-mail: sirkka.ikonen@jotautomation.com
3. Description of the processing of personal data in the notification channel
Through the notification channel any person can report suspected or detected abuses in the organization. The notification is anonymous. The system only processes personal data that the notifier enters in the notification.
The notification or the annex to the notification may contain personal data if, for example, the notifier identifies the person whose activities are covered by the notification. If desired, the notifier may also provide his own name and contact details. As a result, typical personal information logged into the system might be:
- Name and contact details of the notifier
- The name of the person who is the subject of the notification and a description of the person's possible illegal activities
We hope that notifiers will not include sensitive personal information in the notification unless it is specifically necessary for the notification.
The processing of notifications and any personal data they contain is based on JOT Automation Ltd’s legal obligation to maintain the notification channel (Directive 2019/1937 on the protection of persons who report breaches of Union law) and JOT Automation Ltd’s legitimate interest in investigating irregularities and securing the organization’s operations.
4. Retention periods
The notifications are permanently archived so that it is possible to make observations and reports on them even after the actual investigation of the reported issue. This also ensures the integrity of the notifications, which makes it possible to check the correctness of the use of the notification channel and the processing of notifications afterwards, and to prove which notifications have been brought to the organization's attention through the channel.
5. Transfer and regular disclosure of data
Data may be disclosed to third parties only within the limits and to the extent permitted by applicable law or with the separate consent of the data subject.
Data will not be disclosed or transferred outside the EU or EEA.
6. Protection of the data
The maintenance of the notification channel has been purchased from an external service provider as a SaaS service. This helps to ensure that no person in the JOT Automation Group has access to the information in the system in the role of system development or maintenance.
Only designated notification processors of JOT Automation Group are authorized to access the system and process the data in the system. They each have personal IDs in the system. The channel is protected by technical and administrative means so that the system administrator does not have access to the notifications or the information of the notifier either.
No information about the notifier is stored in the system unless the notifier himself/herself doesn’t give it in the notification. The person receives a numeric code that allows him or she to log in and monitor the processing of the notification after the notification has been made. This notification number is the only way to connect to the notification afterwards. Therefore, the person must record the number code for himself.