info@businessleaks.com

Privacy Protocol

Company Name: BusinessLeaks
Chamber of Commerce Number: 56991703
Date: April 8, 2025
Version: 1.0

  1. Purpose of this Protocol

BusinessLeaks places great importance on the protection of personal data. This privacy protocol describes how we handle personal data of whistleblowers, investors, employees, and other stakeholders. The aim is to comply with the obligations under the General Data Protection Regulation (GDPR).

  1. Data Controller

The data controller responsible for the personal data is:
BusinessLeaks
Chamber of Commerce Number: 56991703
Email: support@businessleaks.com
Address: 1861CL 35, The Netherlands

  1. Categories of Personal Data

We process, among others, the following personal data:

  • Whistleblowers: pseudonyms, email addresses, IP addresses, content of reports, attachments, timestamps. Anonymous reports are treated truly anonymously.
  • Investors: name, contact details, bank details, investment profiles, IP addresses
  • Employees/partners: name, address, residence data, email, phone number, social security number (if necessary), payroll administration
  • Website users: IP addresses, cookies, browser information
  1. Legal Grounds for Processing

We process personal data based on:

  • Performance of a contract (e.g., investment agreements)
  • Legal obligations (e.g., tax laws)
  • Legitimate interest (e.g., fraud prevention, security)
  • Consent (e.g., newsletter subscription or sensitive reports)
  1. Purposes of Processing
  • Secure handling of whistleblower reports
  • Analysis of investment opportunities
  • Communication with users
  • Prevention and detection of abuse or fraud
  • Administrative processing and compliance with laws and regulations
  1. Retention Periods
  • Whistleblower reports: maximum 5 years (or sooner upon deletion request)
  • Investment data: at least 7 years after completion of the procedure
  • Employee data: according to legal obligations (up to 7 years after end of employment)
  • Log data and IP addresses: for client verification, up to 7 years after termination of an agreement, unless longer retention is needed for ongoing procedures or other accountability
  1. Security Measures
  • Data encryption (end-to-end encryption for reports)
  • Two-factor authentication for internal accounts
  • Restricted access to sensitive data (need-to-know basis)
  • Regular security audits
  • Data breach procedure
  1. Data Breaches

In case of a (suspected) data breach, it will be reported to the Data Protection Officer (DPO) or responsible team. If necessary, the breach will be reported to the Data Protection Authority within 72 hours, and affected parties will be informed.

  1. Rights of Data Subjects

Data subjects have the right to:

  • Access their data
  • Rectify or delete data
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent

Requests can be submitted via support@businessleaks.com

  1. Processors and Third Parties

BusinessLeaks engages third parties for hosting, security, email services, and payment processing. Processor agreements are concluded with all such parties in accordance with the GDPR.

  1. Amendments and Updates

This protocol is reviewed at least annually. Employees and partners will be informed of significant changes.

Last updated: April 8, 2025
For questions regarding this protocol: support@businessleaks.com