Data protection policy
We consider data protection and confidentiality to be of the utmost importance and comply with the European Regulation "on the protection of individuals with regard to the processing of personal data and on the free movement of such data" (EU-GDPR) and applicable national regulations on the protection of personal data. Please read this data protection notice carefully before submitting an alert.
The objective of this warning system and legal framework
The Group's "ethics and compliance" alert system operated with the Twixy Apps platform is designed to collect, process, and manage, in complete security and confidentiality, alerts relating to breaches of Fracht France's ethics and compliance codes of conduct, alerts relating to the fields covered by Law no. 2016-1691 of 9 December 2016 on transparency, the fight against corruption and the modernization of economic life (known as the Sapin 2 Law) and Law no. 2017-399 of 27 March 2017 on the duty of care of parent companies and ordering companies. The processing of personal data in the Twixy Apps platform is based on the Fracht Group's legitimate interest in detecting and preventing any breaches and thus protecting the Group, its employees, customers, and suppliers.
Responsibility for the system
The Ethics and Compliance Committee of Fracht France is the Referent responsible for the Group Ethics and Compliance Alert System (hereinafter the "System"). It is also the contact point for persons concerned by the System, at the following address:
Fracht AG
Authorized Representative: Rudolf Reisdorf
Birsigstrasse 79, P.O. Box, 4002 Basel
Switzerland
The Twixy Apps platform is managed by a specialist company, Camoit Consulting, 60 rue François 1er, 75008 Paris on behalf of Fracht Group.
The personal data and information entered in the Twixy Apps platform are stored in a database managed by Camoit Consulting, in a secure and certified data center. Only Fracht Group has access to this data. Neither Camoit Consulting nor any other third party has access to the data.
All data is encrypted and saved using several levels of password protection so that access is restricted to a very limited number of people with express authorization from Fracht Group.
Questions about data protection in the Whistleblowing System and requests relating to the exercise of your rights regarding your personal data may be addressed to the Fracht Group Ethics and Compliance Committee via the System by clicking on the "Submit an alert or request advice/exercise your rights" button.
Type of personal data collected
Use of the Device is voluntary. By submitting an alert via the Twixy Apps platform, we collect the following personal data and information:
· Your name if you disclose your identity.
· Your status as an employee of the Fracht Group, as an external collaborator, or as an occasional collaborator in connection with Fracht France or the subsidiary concerned.
· Your relationship with a third party, if you disclose it.
· The names and other personal data of the people you mention in your alert.
· Confidential treatment of alerts.
Whistleblower's reports are examined by a limited number of employees with specific authorizations and specially trained by the Ethics and Compliance Committee. Alerts are always treated in the strictest confidence. The employees of the Ethics and Compliance Committee analyze the admissibility of whistleblowers' reports, discuss them with the whistleblower, and appoint a person within the Fracht Group to deal with them, in agreement with the whistleblower. The person responsible for handling the alert carries out the actions and investigations required by the specific case until it is closed.
When processing a report or an investigation, it may be necessary to give access to all or part of the data on the platform to other employees of the Fracht Group specifically authorized by the
Ethics and Compliance Committee, where applicable outside the European Union or the European Economic Area who are subject to different rules on the protection of personal data. Compliance with the data protection regulations applicable at the time the data is transmitted is always guaranteed.
Anyone who obtains data access must ensure it remains confidential.
Informing the person(s) concerned by the alert
The person mentioned in an alert will be informed of the personal data concerning him or her contained on the platform. They will not, however, be informed of the identity of the whistleblower or of any information that could be used to identify him or her. Where precautionary measures are necessary to prevent the destruction of evidence or for the investigation, this person may be informed after these measures have been taken, in accordance with the applicable legal provisions.
Rights of the people concerned
Under the applicable data protection regulations, the whistleblower, and the person(s) concerned by the alert have a right to information, access, rectification, cancellation, and opposition to the processing of their data. If the right to erasure is invoked, Fracht will examine as soon as possible the extent to which the stored data is still necessary for the processing of an alert. Data that is no longer required will be deleted. If the right to object is invoked, Fracht will promptly examine to what extent there are no longer compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. In addition, the whistleblower, and the person(s) mentioned in the alert have the right to complain with a supervisory authority.
Retention period for personal data
Personal data is kept for as long as it is necessary to verify and investigate the alert or as required by applicable law. Once the alert has been processed, the personal data will be anonymized or deleted within 2 months of the alert being closed, except in cases where the alert is followed up (disciplinary or legal proceedings, changes to internal rules or organization) or if the data controller is legally obliged to do so (for example, to meet accounting, social or tax obligations). In any event, this retention period must be limited to the purposes pursued,
determined in advance, and brought to the data subjects' attention. Anonymized alerts are archived by applicable laws.
Using the platform
Communication between your computer and the Twixy Apps platform is via an encrypted connection (SSL). The platform does not allow IP addresses to be tracked. To maintain the connection between your computer and Twixy Apps, a cookie is stored on your computer containing only the session ID (also known as a "zero cookie"). This cookie is only valid until the end of your session and expires when you close your browser or switch off your computer.
You can create a dialogue box within the Whistleblowing System that is protected using a case number and password. This allows you to submit reports either by name or anonymously. Exchanges between the people in charge of the admissibility analysis and processing and the whistleblower are recorded only within the TwixyApps platform, which makes them particularly secure. This is not traditional communication by e-mail.
Note on sending appendices
When submitting an alert or adding information to an existing alert, you may also send attachments. If you wish to submit an alert anonymously, please note the following security advice: the files may contain personal data other than your identity which could jeopardize your anonymity. Remove this data from the files before sending them. If you are unable to remove this data, or if you are not sure how to proceed, send an anonymized copy of the document to the address given in the footnote, specifying the case number allocated to you at the end of the process of registering your alert.
