Personal data policy – whistleblower scheme

At the JPS Marselis Group, we have set up an internal, Group-wide whistleblower scheme, which is implemented by JPS Marselis ApS. We process your personal data as part of the whistleblower scheme if you yourself make a disclosure or if you are reported yourself or otherwise named in a disclosure made by another person.

In this personal data policy, we describe our processing of personal data in connection with our whistle-blower scheme. You can read more about our whistleblower scheme in our whistleblower policy.

Data controller and contact details

JPS Marselis ApS is the data controller with regard to processing personal data under the whistleblower scheme. JPS Marselis ApS’s legal information is provided below:

JPS Marselis ApS
Thyrasgade 4
DK-8260 Viby J
CVR no. 38 11 01 36

Email: pna@jpsmarselis.dk

If you have any questions about our processing of your personal data under the whistleblower scheme, you are always welcome to phone the Group’s legal representatives on tel. no. +45 60 65 84 98 or email sim@jpsclemens.dk.

Our processing of personal data

Categories of personal data

The personal data about you that we process may include:

Personal data for individuals being reported

The reports that are submitted to the JPS Marselis Group via the whistleblower scheme may deal with employees in the JPS Marselis Group and other persons who have an association with the JPS Marselis Group. When we receive a disclosure, we process the following type of personal data:

  • Ordinary personal data, including:
    • Identity information
    • Personal data that is included in the description of the situation being reported, including any criminal activity
  • Sensitive personal data, including information about sexual relations, if this is part of the disclosure
  • Ordinary and any sensitive personal data about individuals who are named in the disclosure, for example, someone exposed to undesirable conduct by the individual being reported.

Personal data for whistleblowers

Whistleblowers can choose to be anonymous. If you make a disclosure and choose not to be anonymous, we process the following types of personal data about you:

  • Ordinary personal data, including:
    • Identity information
    • Personal data included in your disclosure, including in relation to any criminal offence, if it is suspected that you have knowingly made a false accusation.
  • We do not process sensitive information about you, unless you yourself choose to have this kind of information in the disclosure.

 

Purpose and legal grounds

We process personal data for the purpose of handling and investigating disclosures made as part of our whistleblower scheme.

Legal grounds for processing of personal data:

  • For disclosures covered by the Whistleblower Act, the legal grounds for our processing is the Whistleblower Act, Section 22 (cf. GDPR article 6, paragraph 1, letters c and e, article 9, paragraph 2, letter g, and databeskyttelseslovens Section 8, paragraph 5. (cf. Section 7, paragraph 4).
  • For disclosures not covered by the Whistleblower Act, the legal grounds for our processing is GDPR article 6, paragraph 1, letter f, as we have a legitimate interest in investigating disclosures under the whistleblower scheme, article 9, paragraph 2, letter f, and GDPR section 8, paragraph 3, item 2, because our legitimate interest in processing information about offences is clearly greater than consideration of the data subject.

 

Conveying and categories of recipients

The conveying of personal information about you will only occur in accordance with the processing rules in the General Data Protection Regulation, the Whistleblower Act and in accordance with Danish legislation.

We disclose or make available personal data to the following categories of recipients:

  • The management of JPS Marselis ApS and the management of the company/companies to which the disclosure relates
  • The subsidiary that the person being reported is employed in or associated with, for the purpose of investigating the disclosure
  • External solicitors, accountants and other consultants in connection with the investigation and following up on the disclosure
  • Police authorities and other public authorities
  • Our data processors on the basis of data processor contracts

Transfer of personal data to recipients outside of the EU/EEA

In certain cases, we may share your personal data with recipients outside of the EU/EEA. This happens when we use data processors in countries outside of the EU/EEA. These types of transfer will be consistent with GDPR.

 

Deletion

We delete your personal data when storing it is no longer necessary and proportional.

Disclosures not covered by the whistleblower scheme, or which are clearly unfounded, will be deleted immediately.

If an investigation is launched against the background of a disclosure, as a general rule the information will be deleted 6 months after the end of the investigation, unless we have a legitimate interest in storing the information for longer.

If matters are reported to the police or other relevant authorities, the information is deleted immediately after the case has been closed by the relevant authorities, unless we have a legitimate interest in storing the information for a longer period of time.

If, following a disclosure, a contractual, disciplinary or other sanction is carried out for the employee reported or a whistleblower, or if there is an objective reason for storing the information about the employee or the whistleblower, the information will be stored in that individual’s personnel file. After termination of employment, information about an employee is, as a general rule, stored for up to five years after the year of termination.

 

Your rights

You have the following rights with regard to our processing of your personal data:

  • You have the right to request access, correction or erasure of your personal data that we process. If you request this from us, we will delete the personal data without unnecessary delay, unless we can continue processing the data on a different legal basis.
  • You are entitled to object to our processing of your personal data and to restrict the processing of your personal data, unless we can continue processing the data against the background of another legal basis.
  • You have the right to have the personal data that you have personally provided us returned to you in a structured, commonly used, and machine-readable format (data portability).

There may be legally set restrictions or limitations in relation to these rights. It should be noted in this context that your rights do not apply in cases where your interest in exercising your rights should give way to crucial consideration of private or public interests. As such, the person being reported does not have the right to receive information about the identity of a person who in good faith made the disclosure, or other actual information about her/him, unless otherwise clearly expressed by legislation.

If you have any questions about our personal data policy or how we process your personal data, or would like to exercise one or more of your rights as described above, please contact us. Our contact details are stated at the top of this personal data policy.

Please include sufficient information in this regard to enable us to process your enquiry, including your full name and email address, so we can identify you and respond to your request. We will respond to your enquiry as soon as possible.

Any complaints about our processing of your personal data can be submitted to the Danish Data Protection Agency. The Danish Data Protection Agency’s contact details can be found at www.datatilsynet.dk.

 

Updated December 2023