We take our responsibility to protect and secure your information seriously and strive for transparency around our whistleblowing practices.
Updated 28.10.2021
HappySignals Oy together with all its group companies internationally, is collectively referred to as HappySignals.
Send us email for more information: privacy@happysignals.com
or by mail:
Privacy Officer / HappySignals
Aleksanterinkatu 15B, 00100 Helsinki
Finland
HappySignals uses Whistlelink, a global whistleblowing service provider, to enable its employees and external stakeholders to report suspected ethical and compliance-related misconduct. This Privacy Statement describes how the personal data is processed by HappySignals in connection with the whistleblowing system.
HappySignals processes personal data of three categories of data subjects:
1) the person reporting the matter (“whistleblower”);
2) the person subject to the report;
3) the authorised personnel conducting the investigation and having access to the system (case manager).
The data relating to the whistleblower depends on what information they give in connection with the report or at a later stage in the process. The whistleblowing report can be done anonymously. When the communication is made anonymously, HappySignals does not process the personal data concerning the whistleblower.
With regard to case managers and other personnel having access to the system, contact data (name, address, e-mail, phone number) are processed.
With regard to persons subject to the report, the data depends on what information the whistleblower gives in connection with the report, such as the name and position of the person as well as the misconduct reported.
Data could contain special categories of data or criminal offence data. If special category data is completely irrelevant to the reported wrongdoing, it is not processed further. Data relating to persons subject to reports are processed in encrypted whistleblower reports.
HappySignals has a legitimate interest to process personal data in connection with the whistleblowing system as well as a legal obligation. By having a whistleblowing system, HappySignals complies with the EU Directive on the protection of persons who report breaches of Union Law and the implemented national laws.
HappySignals considers that the whistleblowing system is beneficial for HappySignals as well as individual employees and society as a whole. Given the purposes of processing, the information given to data subjects and the measures HappySignals has taken to assess associated risks and to protect data subjects’ personal data, HappySignals considers that the rights and freedoms of data subjects do not override HappySignals’s legitimate interest.
In general, special category data (e.g. personal data revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, health related data, data concerning sexual life and orientation) is not processed. However, should any special category or otherwise sensitive data be processed, the processing is carried out in accordance with GDPR and any other relevant laws.
Data is shared only with the limited personnel (e.g. case manager) and parties responsible for handling the case (including Whistlelink and its sub-processors), unless the investigation reveals that the issues should be reported to authorities, such as the police.
HappySignals’s Board of Directors is updated regularly on HappySignals’s whistleblowing program on an anonymous basis.
The whistleblowing service is provided by an external partner Whistleblowing Solutions AB, to ensure confidentiality and anonymity. The communication channel is encrypted and password-protected.
The processing of personal data by HappySignals and Whistlelink (including its sub-processors) will take place within the EU or the EEA.
Personal data included in whistleblowing messages and investigation documentation is deleted when the investigation is complete, with the exception of personal data that must be maintained according to applicable laws.
Data retention policy is 24 months after completion of the investigation. Investigation documentation and whistleblower messages that are archived are anonymised; they do not include personal data through which persons can be directly or indirectly identified.
The information is kept technically protected. Data is protected with access control and other security measures. Access to data requires adequate rights. Unauthorised access is also prevented by firewalls and other technical protection. Only the Controller and designated persons can access the stored data. Users are bound by the confidentiality obligation. The stored data is backed up safely and can be restored as needed. The level of security is audited at recurring intervals by carrying out either an external or internal audit.
Each data subject has the right:
Note the data may be necessary for the establishment, exercise or defense of legal claims, in which case the rights to erasure, or to object or restrict processing may not apply. Also, the right to data portability does not apply as the data is not processed on the basis of consent or contract. Some rights can also be restricted to protect the identity of the whistleblower or the investigation.
For requests relating to the above data subjects’ rights, you can contact HappySignals’s Privacy Officer privacy@happysignals.com. HappySignals will accordingly process your request. If HappySignals is unable to fulfil your request, it will inform you of the reasons. If our response is not satisfactory, you can always contact the Office of the Data Protection Ombudsman (www.tietosuoja.fi).
Updated December 2025.
The easiest and fastest way is sending us a message via email at privacy@happysignals.com. We will process all inquiries individually and by a real person.