WhistleB Website Privacy Policy


WhistleB, Whistleblowing Centre AB (“WhistleB”) provides a whistleblowing service platform to our commercial customers to further their ethics and compliance goals. WhistleB is part of NAVEX Global, Inc. (“NAVEX Global”). As a result of the foregoing, WhistleB will be integrating its internal corporate systems with NAVEX Global and its affiliated partners. For example, email, customer relationship management software, contract management software, and electronic file systems may be merged in order to support our shared business operations. There will be no integration of the web-based WhistleB whistleblowing solution.

When you visit our corporate website at https://whistleb.com/ (the “Website”) or work with one of our commercial customers who uses our whistleblowing service, we will receive information about you. This Privacy Policy provides detail about how we process personal information and how we support your rights to your data

We are available for additional information.

If you have questions about this Privacy Policy you can contact us directly.


WhistleB (Data Controller)

ATTN: Data Protection Officer

WTC, Klarabergsviadukten 70,

107 24 Stockholm, Sweden



The following terms apply to users of the WhistleB Website.


How we process your personal information depends upon how you use and interact with our Website. Some information is provided directly by you, while other information is processed through automated technologies.

Legal Basis for Processing. When accessing our Website, we process personal information from you where 1) we have your consent, 2) where your personal information is necessary for us to provide a service (for example, when you sign up for our newsletter), or 3) where we have a legitimate interest to process your information and that legitimate interest is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to process your personal information, or to process your personal information in order to exercise, establish or defend legal claims.

Website Access. More specifically, we process information when you provide it directly to us though the Website in webforms such as when you download white papers, articles or other collateral.

We process the following types of information from you:

  • Name
  • Email Address (work)
  • Phone number (work)
  • Organisation name and web site address
  • Job Title

Collected from Third Parties. We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide information about products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific purpose for which it was provided to us. Examples of the types of personal information that may be processed from external sources include name, business contact details such as email, phone number, and job title.

Automated Processing Mechanisms and Cookie Notice. In addition to the direct procession practices detailed above, we and our service providers use automated processing technologies to process information within some areas of our Website. We use cookies to store content and preferences which enables us to process standard information your browser sends to certain websites you visit such as your IP address, browser type and language, and the site you came from as well as pages you visit and links you click on within our Website. Having technical information like this helps us to improve the Website. We aim to be transparent about the automated technologies we use, and in order to communicate the type, provider, and name of automated technologies employed to accomplish that, we have made additional resources available to provide more detail around automatic information processing technologies available at https://whistleb.com/trustcentre/cookie-policy/.


We use personal information processed from the Website to respond to requests for information, including marketing and advertising communications, and to continue developing and improving the Website.

When you make requests on the Website. We use information processed from the Website to respond to visitors’ requests. WhistleB does not sell, rent, lease, trade or share visitors’ personal information other than as outlined in this Privacy Policy. When you provide us with your personal information or otherwise choose to sign up to receive email communications from us, we will use that information to send those communications to you. Individuals may “opt-out” of receiving e-mail communications through links available on e-mails received.

Data Retention. Where WhistleB serves as the controller of the data, such as where we use personal information for our own independent business purpose, we will retain your information in accordance with our data retention practices as follows:  We will retain your information for the necessary period of time that it serves the purpose for which it was originally processed or subsequently authorised and in accordance with applicable law. For example, we will retain your information for as long as your account is active, as necessary to comply with our legal obligations and rights, to resolve disputes, and to enforce our agreements.


WhistleB acknowledges that you may have the right to access your personal information. WhistleB and NAVEX Global work together to manage your inquiries as applicable.

Rights provided under the Privacy Shield Frameworks to personal information transferred from European Union (EU) member countries and Switzerland to the United States. WhistleB and NAVEX Global respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have processed from you. You also have the right to amend or update inaccurate or incomplete personal information, request deletion of your personal information or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation.  In order to make such a request of us, please use this web form, powered by NAVEX Global. NAVEX Global and WhistleB will respond to and manage your request with respect to the personal information WhistleB holds.

European Economic Area, Switzerland or United Kingdom Citizen Data Subject Rights. Individuals who reside in the European Economic Area (EEA), including Switzerland and the United Kingdom (UK) have additional rights reserved under the General Data Protection Regulation (GDPR), the UK Data Protection Act and/or ePrivacy Directive, as applicable. This section details those additional rights and information on how to exercise them:

  • You may request to access, correct, update or request deletion of your personal information based on information collected from accessing our Website or participating in our Webinars.
  • You may request additional information related to the purposes for which we process your personal information, the categories of personal information we process, where we originally collected the information, who we share it with, and how long we will retain it.
  • You may object to our processing of your personal information, request that we restrict the processing of your personal information or request portability.
  • You have the right to opt-out of marketing communications we sent you at any time. You can do so by clicking the “unsubscribe” or “opt-out” link in the marketing emails we send to you, including our newsletter. You may also opt-out of other forms of marketing (such as postal or telemarketing).
  • Where we have collected and processed your personal information with your consent, you can withdraw your consent at any time. However, withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • Upon your request, and where it is technically feasible, WhistleB will provide you with a copy of your personal data or transmit it directly to another controller.
  • You have the right to submit a complaint to a data protection authority about our collection and use of your personal information.  For more information, please contact your local data protection authorities. Contact details are available here.

To make a request please use this web form, powered by NAVEX Global or email us at legal@whistleb.com with “Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information and any other detail you feel is relevant. WhistleB and NAVEX Global will provide a response to an access request within 30 days of receiving such request with respect to the personal information WhistleB holds or if we cannot, we will notify you and provide you with the reason for the delay.

Identity Verification Requirement. We are required by law to verify that any request submitted was made by someone with the legal right to access the data.  Therefore, prior to accessing or divulging any information pursuant to a data subject access request, we may request that you provide us with additional information in order for us to verify your identity and legal authority.

Under certain circumstances we may not be able to fulfill your request, such as where doing so would interfere with our regulatory or legal obligations, where we cannot verify your identity, or if your request involves disproportionate cost or effort; in any event, we will respond to your request within a reasonable time frame and as required by law, and provide you an explanation.


When personal information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, Switzerland, United Kingdom, or another country that requires legal protections for international data transfer, we do so pursuant to appropriate safeguards necessary to ensure an adequate level of protection in accordance with applicable law. We have taken appropriate safeguards to require that the personal information we process will remain protected in accordance with this Privacy Policy when transferred internationally, including when processed internationally by third-party service providers and partners. For personal information from the EEA, the United Kingdom, or Switzerland, data protection laws in those jurisdictions require that that we tell you the legal safeguards we have in place to protect that personal information.  We may implement the European Commission’s Standard Contractual Clauses, rely on a third-party service provider’s Binding Corporate Rules or other legally approved mechanism, for any transfer of personal data to non-EEA, United Kingdom, or Switzerland third-party service providers or business partners.


WhistleB’s affiliated company, NAVEX Global, Inc. (and its subsidiary companies, The Network, Inc. and Lockpath, Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss- U.S. Privacy Shield Framework. However, in 2020, both Frameworks were declared invalid as a legal mechanism we could rely on for the lawful transfer and processing of personal data from the EEA, the United Kingdom, and Switzerland. Despite this, NAVEX Global, Inc. continues to certify its compliance with the Frameworks as a means of evidencing its continued commitment to protecting personal information from the EEA, the United Kingdom, and Switzerland and remains under the jurisdiction of the U.S. Federal Trade Commission.  Personal information received by NAVEX Global, Inc. following invalidation of the Frameworks will be transferred and processed in accordance with the applicable European Commission’s Standard Contractual Clauses or other legally approved mechanism.  More information about Privacy Shield can be found here and more information about the Standard Contractual Clauses can be found here.

NAVEX Global, Inc. is responsible for the processing of personal information it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. NAVEX Global, Inc. complies with the Privacy Shield Principles for all onward transfers of personal information from the European Economic Area, United Kingdom, and Switzerland, including the onward transfer liability provisions.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the following U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.


Legal Disclosures. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We reserve the right to disclose your personal information as required by law and when we believe in good faith that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on us.

Business Transfer. In the event we undergo a legal business restructuring, business transition, merger, acquisition by another company, or sale of all or a portion of its assets, your personal information will likely be among the assets transferred. You will be notified via prominent notice on our Website for 30 days of any such change in ownership or control of your personal information.


If you have received unwanted, unsolicited e-mail sent by WhistleB or purporting to be sent via WhistleB, please forward a copy of that e-mail with your comments to legal@whistleb.com for review.

If you have questions or complaints regarding our privacy statement or practices, please contact us at legal@whistleb.com with “Privacy Enquiry” in the subject line and provide detail on your question or complaint so that we may adequately respond.

WhistleB (Data Controller)

ATTN: Data Protection Officer

WTC, Klarabergsviadukten 70,

107 24 Stockholm, Sweden




We keep our privacy policy under regular review. Any updates will be placed in our Trust Centre on this web page. This privacy policy was last updated on 29 November 2021.