Whistleblower channel

The purpose of this Whistleblowing Channel is to report illegal or suspected illegal activities and violations of BaltCap’s Code of Responsible Behaviour and to protect the public interest.

Protecting the integrity and reputation of BaltCap

BaltCap company culture celebrates a can-do attitude, passionate determination, high ethics, and hard work. We’re long-term players and we make promises we can keep – to our investors, our portfolio, our communities, and to ourselves. Therefore, integrity is central to our actions. Protecting the integrity and reputation of BaltCap requires the support of all our employees, business partners and other stakeholders.

Employees have the right and responsibility to report incidents. Also, the external parties, including the employees of our associated companies and business partners are encouraged to report. Examples of incidents include, but are not limited to, fraud, bribery or corruption, market abuse, fraudulent, illegal or negligent professional activities or behaviour, violations of environmental and human rights laws. Providing information solely for the purpose of defending personal interests is not considered an incident.

Whistleblowers can anonymously report either by completing a form or by calling on a special-purpose line. All reports are anonymous, still, to take appropriate follow-up action, the report should be as detailed as possible and include supporting evidence where available.

Report an incident

BaltCap will handle all reports with the utmost care, confidentiality and protection of personal data. All whistleblowers will be protected from discriminatory or retaliatory personnel actions. To learn more about the processing of your personal data, please read the Whistleblowing Channel Privacy Notice.

Whistleblowing Channel Privacy Notice

Data controller

AS BaltCap and its subsidiaries (the “BaltCap”)
Registry code: 11419647
Harju maakond, Tallinn, Kesklinna linnaosa, Maakri tn 30, 10145

Purpose and legal basis for processing personal data

The Whistleblowing Channel is operated under the laws on the protection of whistleblowers implementing the Whistleblower Protection Directive 2019/1937 (the “Whistleblower Protection Laws”).
The purpose of the Whistleblowing Channel is to provide the entire company, including all BaltCap employees, business partners and other shareholders, with the opportunity to confidentially report misconduct and activities that violate the laws or the Code of Responsible Behaviour. The Whistleblowing Channel is an important tool to reduce risk and maintain trust by helping the BaltCap to detect and respond to potential misconduct at an early stage.
The processing of personal data is based on i) a consent of the data subject; ii) a legal obligation (Whistleblower Protection Laws); and iii) BaltCap legitimate interests in ensuring that its activities are lawful and ethically sustainable.

What personal data do we process?

For the defined purposes, we process the following personal data:

Name;
Job title;
Job position;
Location;
Employer;
Relationship with the organization;
E-mail address;
Telephone number;
Data obtained in connection with the employment, interviews and investigations;
Data obtained from public registers where available;
Facts reported by a reporter about a suspected violation, including how and where the suspected violation occurred and how the reporter learned about the suspected violation;
Notes on the progress of the investigation;
Security and surveillance material, such as CCTV video material, digital logs and records;
Identity, function and contact details of individuals allegedly involved in the suspected violation; and
Identity, function and contact details of individuals who could provide information relating to the suspected violation.

When reporting a violation or misconduct the person may choose not to report any personal data of him/herself. Due to the nature of the processing, an exhaustive list of personal data categories cannot be provided. Therefore, the program does not always contain all categories of personal data listed above or may contain additional categories of personal data.
Any category of personal data may be processed as a part of the report handling. Processed data may have references to personal data, however it must be considered that not all the processed data is personal data. In fact, main part of the data would not enable a specific person to be identified.

Where is the personal data collected from?

The personal data is collected directly from the data subject (WhistleB portal), from public sources and from the authorities. After receiving the first report and during the investigation, more personal data may be collected from various sources, such as through interviews of other employees and reviews of employee related files. Should the investigation so require, any data that company has on the individual may be subject to a review during the process where necessary.

Recipients of personal data and transfers outside the EU or EEA

Whistleblowing reports received through the reporting channel are handled by BaltCap Whistleblowing Team. In addition, a very limited number of other individuals may be involved in the whistleblowing process, such as legal advisors involved in the whistleblowing process and experts authorized by BaltCap.
The personal data contained in the register will not be disclosed to third parties unless the matter must be referred to the authorities for the purpose of carrying out an investigation into an abuse or infringement of the law or if the report contains information giving rise to suspicion of a criminal offence.
Even in situations where the identity of the whistleblower is known to the Whistleblowing Team, information about the identity of the whistleblower will not be disclosed to third parties without the whistleblower’s explicit consent. However, the identity of the whistleblower may be disclosed if the disclosure is necessary for the processing of a whistleblowing report under the Whistleblower Protection Laws in an external reporting channel, for a criminal report to the Police, for an investigation by the Police, Prosecutor’s Office, Office of the Equal Opportunities Ombudsperson, other public authorities or for a court hearing. In such case, the company must inform the reporting party in advance of the disclosure of their identity, unless such information would jeopardize the related preliminary investigation or legal proceedings.
The Whistleblowing Channel is WhistleB, the service is provided and maintained by WhistleB Whistleblowing Centre AB (“WhistleB”).
Personal data will not be transferred outside the EU/EEA.

Principles of personal data protection and retention period

BaltCap treats the personal data in its possession as confidential and the persons involved in the processing of reports are bound by the obligation of confidentiality. The personal data contained in the reporting channel are processed only by a very limited number of persons whose job description requires it. The rights of access and use of the data are personal. Access rights are regularly reviewed and removed when they are no longer needed.
In the service provided by WhistleB, personal data is kept secure through encrypted communications as well as threat management and mitigation practices, including regular penetration testing.
Data relating to reports are kept only for as long as is necessary and proportionate to comply with the requirements set by law. The personal data related to the report will be deleted no later than six (6) months after the completion of the investigation and no later than five (5) years after the report was received, unless it is necessary to keep the data longer according to the applicable laws or due to an ongoing criminal or authority investigation or trial, or to protect the rights of the person making the report or the person who is the subject of the report.

Rights of the data subject

Right of access and right to request rectification or erasure of information

The data subject has the right to inspect the personal data stored in the personal register concerning themselves and to request the rectification of inaccurate or incorrect data or the erasure of their personal data if there are grounds for doing so provided by law. However, the right of access does not apply in situations where the execution of the request would adversely affect the rights and freedoms of others. The applicability of the right of access to data processed in the Whistleblowing Channel will be assessed on a case-by-case basis.

Right to object and restriction of processing

For specific personal reasons, data subjects may have the right to object to processing operations concerning their personal data where the processing is based on the legitimate interests of the controller. When making a request, the data subject must identify the specific situation based on which they object to the processing. The controller may refuse to comply with the request on the grounds laid down by law.
The data subject may have the right to request the restriction of the processing of their data, for example in the case where the data subject contests the accuracy of the personal data, in which case the processing will be restricted for a period during which the controller can verify the accuracy of the data.

Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint about the processing of personal data with a supervisory authority.

How can you contact us?

Inquiries and requests concerning the processing of personal data described in this Privacy Notice can be addressed to the contact person indicated at the beginning of this Privacy Notice. Please contact us in writing or in person.

Contact person for data protection matters

Viktorija Pocevičiūtė
Legal Specialist
viktorija.poceviciute@baltcap.com
+370 6387 4414

Updates to the Notice

This Privacy Notice was last updated on 6 October 2023. We reserve the right to change this Privacy Notice from time to time by publishing the updated Privacy Notice on our webpage.