Whistleblower Privacy Statement in Relation to the Whistleblower Policy
1. Privacy Policy
We at Indorama Ventures Public Company Limited and our affiliated companies and subsidiaries worldwide (collectively referred to as “IVL”) are committed to honouring and protecting your privacy. This Whistleblower Privacy Statement describes our privacy policies and practices regarding any collection and use of your personal data captured in the whistleblower report through the whistleblower website and email. If you have any questions or concerns about this privacy policy or your personal data, please contact us at ethics@indorama.net.
2. What personal data we may collect, how we collect it and the purpose of the said collection
We may collect your personal data in one of the following ways:
2.1. Personal data collected from the whistleblower report through the whistleblower website and email:
By reporting under the whistleblower policy, we may collect information such as your name, email address, country of residence, company you represent, professional information, and any other further information you decide to share with us. Where personal data is processed, we take steps to do this in a manner that is fair and transparent and that protects individuals’ information rights.
3. Security
IVL has implemented adequate technical and organisational safeguards, in line with industry standards and that its systems are state-of-the art to ensure the security of personal data. This includes the prevention of any alteration to captured data as well as the prevention of any loss, damage, unauthorised processing or access to data. The Company will protect the nature of the data, and the risks to which they are exposed by virtue of human action or the physical or natural environment.
Personal data will be put into a secure intelligence database with restricted access arrangements. Reports are clearly marked as related to a confidential and sensitive whistleblower's disclosure. The whistleblower may or may not be identified in the report; he/she can report anonymously. This protective marking system highlights the fact that neither the information nor the whistleblower's identity should be disclosed internally or externally without reference to the Whistleblower Committee.
The key security measures to keep your personal data secure and confidential, include but are not limited to:
3.1. Limiting access to your personal data to authorised IVL employees only and strictly on a need-to-know basis, such as to respond to your report.
3.2. Implementation of physical, electronic, administrative, technical and procedural safeguards that comply with all applicable laws and regulations to protect your personal data from unauthorised or inappropriate access, alteration, disclosure and destruction.
3.3. IVL employees who misuse personal data are subject to strict disciplinary action.
3.4. It is important for you to protect against unauthorised access to your password and your computer. Be sure to sign-off when you are done using a shared computer.
4. Who we may share your personal data with (the recipients or categories of recipients of the personal data)
4.1. The personal data IVL collects from you is stored in one or more databases hosted by third parties. These third parties do not use or have access to your personal data for any purpose other than cloud storage and retrieval. For information on third party vendors partnered with IVL, please write to us at ethics@indorama.net.
4.2. Where required or permitted by law, information may be provided to regulators, state/federal governments and law enforcement agencies such as the police. We may share this information in confidence with regulators such as the Financial Conduct Authority. In complying with applicable laws and for law enforcement purposes, we may also disclose data in confidence (for example to a relevant government entity or regulatory authority). This may mean that personal data is transferred outside the European Economic Area.
5. Transfer of personal data
5.1. IVL has multiple subsidiaries in different countries, and we transfer personal data concerning you within our Company.
5.2. We transfer personal data between our subsidiaries and affiliated entities for the purposes explained above.
5.3. Your personal data is stored in databases, on cloud-based servers operated by the third party, which co-operates with IVL, or with the Whistleblower Committee.
5.4. All personal data received will be provided with an adequate level of protection (as determined by the applicable data privacy regulation) and/or with an appropriate safeguard.
5.5. Where we transfer personal data outside your jurisdiction, we either transfer personal data to countries that provide an adequate level of protection or ensure that appropriate safeguards are in place.
6. Personal data retention
We will only keep your personal data for as long as is reasonably necessary to fulfil our obligation with regard to your whistleblowing report or to comply with legal requirements under applicable law(s). This means that we may retain your personal data for a reasonable period, at least 5 (five) years. After this period, your personal data will be deleted from all IVL systems. In exceptional cases where personal data cannot be completely deleted, it will be anonymised or encrypted to ensure your identity is protected and not revealed.
7. Your rights
You have a right to:
7.1. Request access to your personal data and request details of the processing activities conducted by IVL.
7.2. Request that errors in your personal data be rectified if it is inaccurate or incomplete.
7.3. Request erasure of your personal data.
7.4. Request a restriction of the processing of your personal data by IVL.
7.5. Object to the processing of your personal data.
7.6. Receive your personal data in a structured, commonly used and machine-readable format.
7.7. Lodge a complaint with the relevant supervisory authority.
7.8. Withdraw any consent you may have provided to us at any time.
To exercise the rights outlined above with respect to your personal data, you may write to us at: ethics@indorama.net
8. Changes to our privacy policy
This privacy policy was last updated on 26 February 2022 and we will notify you of further changes we may make to this privacy policy, where required, however, we would recommend that you look back at this policy from time to time to check for any updates.
9. Our Contact details
If you have any concerns as to how your data is processed, you can contact us at: ethics@indorama.net