DISCLAIMER

This website provides a Whistleblowing portal reserved for Bolloré employees.

It is the property of Bolloré, a public limited company (société anonyme), with a share capital of 7,178,768,228.50 euros, registered with the Paris Trade and Companies Registry under number 055 804 124, and Siret number 055 804 124 00141, whose registered headquarters are located at Tour Bolloré, 31-32 quai de Dion Bouton, 92811 Puteaux cedex, France. Telephone number: +33 (0)1 46 96 44 33.

The website is edited and published under the responsibility of the Director of Corporate Social Responsibility and Compliance.

Hosting services for the website are provided by Orange, a public limited company (société anonyme) with a share capital of 10,640,226,396 euros, registered with the Paris Trade and Companies Registry under number 380 129 866, whose registered headquarters are located at 78 rue Olivier de Serres, 75015 Paris, France.

When you access the Whistleblowing portal, there is only one “user session (SessionID)” cookie that may be automatically installed on your hard drive. No other cookies or trackers will be downloaded. This session cookie will be temporarily stored in the memory of your hard drive to make it easier for you to browse the portal and register your claim. The cookie will be deleted when you close the session. You can block the installation of this session cookie through your browser configuration, but this may affect your access or make it difficult to use the portal.



DATA PROTECTION AND RIGHTS OF DATA SUBJECTS

This platform is an automated processing of personal information in accordance with the applicable laws and regulations on the protection of personal data, including but not limited to the European General Data Protection Regulation[i] and the French law dated June 20, 2018[ii] on the protection of personal data.

1.1      Purpose of the data collection

The personal data collected as part of the procedure will be used by the data controller to fulfil legal obligations. Data essential from a regulatory standpoint are specified as such during collection.

1.2      Data controller and recipients

The personal data listed in 3.3 (Personal data subject to or excluded from processing), collected as part of the procedure, are liable to be processed by Bolloré, a public limited company with a board of directors, with capital of EUR 470,007,292.48, registered in Quimper Register of Companies under number 055 804 124, headquartered at Odet, 29500 Ergué-Gabéric and having administrative offices at 31-32, quai de Dion-Bouton, 92811 Puteaux Cedex (+33 (0)1 46 96 44 33).

Data collected are intended to be used by Bolloré, its subsidiaries and affiliates and to be made accessible to third parties (attorneys, experts, auditors, technical service providers) solely for the needs of their assignment.

Data collected may be made accessible outside the European Union to the extent it is strictly necessary to the processing of an alert, including investigations aimed at establishing the occurrence of reported misconducts.

Bolloré ensures prior to any data transfer, notably through standard clauses on data protection, that persons accessing the data ensure a suitable level of protection.

1.3      Personal data subject to or excluded from processing

As part of the procedure, the categories of personal data listed below may be subject to processing:

·         Identity (title, first name, last name), position and contact details (phone number, email address) of the whistleblower;  

·         Identity (title, first name, last name), position and contact details (phone number, email address) of the individuals allegedly involved. 

The following categories of sensitive data cannot be processed and thus must not be mentioned as part of an alert (ground for inadmissibility), except if relevant considering the reported misconduct:

·         Social insurance number;

·         Offences, criminal convictions, security measures;

·         Information on disciplinary proceedings;

·         Assessments of the social difficulties of the persons;

·         Origin;

·         Political opinions;

·         Religious or philosophical convictions;

·         Union membership;

·         Sexual life or orientation;

·         Health information;

·         Genetic data;

·         Biometric identification data (fingerprints, written signature, etc.).

 

1.4      Duration of the use of personal data

The personal data collected as part of the procedure will be maintained for the following periods of time:

Inadmissible alert

Immediate

Closure due to inaccuracy or insufficiency

Two months

Closure due to improper use of the system or the materiality of the facts

Duration of the disciplinary action and/or legal proceedings

 

The data will be afterwards archived for a period of time not exceeding statutory periods of limitation or the applicable archiving obligations. Upon expiration of these periods all related data are destroyed. 

Once archived, data are stored in a distinct and restricted-access information system.

 

1.5      Definition and exercise of rights relative to personal data

Whistleblowers, individuals allegedly involved, processing officers and third parties involved in the processing of alerts have the right to access and rectify errors related to their personal data and, where provided for by regulation, right to object and delete certain personal data, limit their use or request their portability with a view to transfer to a third party, and also (in France) to decide on the fate of their data after their death.


To exercise these rights, the individuals may simply e-email
ethicalert@bollore.net attaching any identification document along with the request. For any additional information or any problems regarding the use of personal data, they can be contacted the Data Protection Officer (DPO) at dpo@bollore.net. They can refer unresolved problems to the competent supervisory authority[iii] (Commission Nationale Informatique et des Libertés in France).

1.6      Cookies Management policy

Cookies are small information files that a website or app may record on a device (computer, tablet, smartphone) and intended to ease the use of the website or app (for example, recording language preferences).

The cookies used as part of the procedure are described below:

Type of cookie

Holding period

Mandatory cookies

·         SERVERID: Load balancer session cookie

·         cookie_alertes_connect_id: Application session cookie

·         cookie_alertes_user_id: Application session cookie

·         Expiry on close of browser

·         Expiry after 4 hours

·         Expiry after 4 hours

 

Optional cookies

·         cookie_alertes_el1: Preference cookie (for admin. search)

·         cookie_alertes_el2: Preference cookie (for admin. search)

·         cookie_alertes_mode: Preference cookie (for admin. search)

·         cookie_alertes_nav: Preference cookie (for all users nav bar opened/closed)

 

·         Expiry after 365 days

·         Expiry after 365 days

·         Expiry after 365 days

 

Analytics cookies

The platform does not use this type of cookies.

Social media tracking cookies

The platform does not use this type of cookies.

 

Most browsers are configured initially to accept cookies, but you may change your settings to refuse cookies or receive notifications when cookies are sent.

 



[i] Regulation (EU) 2016/679 of the European Parliament and the Council of Europe of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

[ii] Law no. 2018-493 of 20 June 2018 on the protection of personal data.

[iii] A list of the personal data protection authorities is accessible at the following address: https://www.cnil.fr/fr/la-protection-des-donnees-dans-le-monde

 

 


+