1. Controller and its contact details

Bittium Corporation (´Bittium´) 
Ritaharjuntie 1 
90590 Oulu 
358 40 344 2000

2. The purpose and legal basis of the processing of personal data

The purpose of personal data processing is to investigate and process reports made through the Whistleblowing-channel. This processing is based on statutory obligations and the legitimate interest of the controller to prevent risks affecting people, our organisation, the society or the environment and to promote an ethical and legal business activity.

3. Content of the register

Bittium may collect personal data on the person specified in a message, the person submitting the message (if not sent anonymously) and any third person involved, in order to investigate facts on the declared misconduct.

4. Regular sources of the personal data

Personal data is collected from the reports filed in our whistleblowing channel.

5. Retention of personal data

As a rule, Bittium shall delete the information coming through the whistleblowing channel five years after receiving the report, unless their longer retention is necessary for the implementation of the rights or obligations stipulated in the Whistleblower Act or other law, or for the preparation, presentation or defense of a legal claim. Personal data which are manifestly not relevant for the handling of a specific report shall be deleted without undue delay.

6. Recipients of the personal data

Subject to the applicable law, personal data contained in the reports received through the Whistleblowing-channel will only be processed by our Whistleblowing team, consisting of the Chairman of the Audit Committee and Chief Legal Officer as the admins of the channel, and the selected members of the Bittium’s Sustainability Working Group who are appointed to oversee or conduct the investigations. Within the limits permitted by Whistleblower Act or other applicable law, if necessary, assistance from corporate or external experts or officials may be needed to conduct an investigation and processing, for example, if the provision of information is necessary in order to find out whether the report subject is correct.

WhistleB Whistleblowing Centre Ab (World Trade Centre, Klarabergsviadukten 70, SE-107 24 Stockholm) is responsible for the whistleblowing application, including processing of encrypted data, such as whistleblowing messages. Neither WhistleB nor any sub-suppliers can decrypt and read messages. As such, neither WhistleB nor its sub-processors have access to readable content. To ensure the anonymity of the person sending a report, WhistleB deletes all meta data, including IP addresses. The person sending the report also remains anonymous in the subsequent dialogue with responsible receivers of the report.

Personal data reported in the EU or EEA is not transferred beyond the borders of the EU or EEA, subject to mandatory applicable law.

7. Rights of the data subjects

The data subject has, subject to any limitations set out in the applicable laws such as the Finnish Whistleblower Act, the rights according to the General Data Protection Regulation to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing, as well as the right to data portability, and the right to lodge a complaint with a supervisory authority.