Information on data protection
We attach the utmost importance to data protection and confidentiality and comply with the EU GDPR Directive on data protection and the applicable national regulations on the protection of personal data. Please read this data protection information carefully before submitting a report.
Purpose of this whistleblowing system and legal basis
The whistleblowing system (BKMS® System) is designed to collect, process and manage, in complete security and confidentiality, reports relating to breaches of Chaabi Bank's code of ethics. The processing of personal data in the BKMS® System platform is based on Chaabi Bank’s legitimate interest in detecting and preventing any breach and thus protecting the bank, its employees and clients. The legal basis for the processing of personal data is article 6 paragraph 1f of the GDPR.
Responsible parties
The parties involved in the whistleblowing system are :
1) Chaabi Bank1 is the data controller.
2) The BKMS® System is managed by a specialist company, EQS Group GmbH, Bayreuther Str. 35, 10789 Berlin, Germany, on behalf of Chaabi Bank.
Personal data and information entered into the BKMS® System platform are stored in a database managed by EQS Group GmbH in a certified, high-security data centre. Only Chaabi Bank has access to this data. Neither EQS Group GmbH nor any other third party has access to the data. This is guaranteed in the certified procedure by technical and organisational measures.
All data is encrypted and saved using several levels of password protection so that access is restricted to a very limited number of people with the express authorisation of Chaabi Bank.
Chaabi Bank has appointed a Data Protection Officer (DPO), who guarantees the protection of the personal data of its customers, prospects and employees. His main missions are to advise, inform and ensure compliance with the provisions of the data protection regulations.
Type of personal data collected
Use of the system is voluntary. By submitting a report through the whistleblowing system, we collect the following personal data and information:
- Your name, if you disclose your identity,
- your status as an employee of Chaabi Bank, and
- if applicable, the names of persons and other personal data of the persons you mention in your report.
Confidential handling of reports
Incoming reports are received by a limited number of employees with specific authorisations and specially trained by Chaabi Bank's Compliance Department. The reports are always handled with the strictest confidentiality. Chaabi Bank's Compliance Department employees assess the case and, if necessary, carry out a more detailed investigation.
When handling a report or investigation, it may be necessary to share information with employees of other Chaabi Bank departments, in particular the Internal Audit Department and the Human Resources Department, or with employees of other group entities, for example if the reports relate to incidents that have taken place in branches.
Any person obtaining access to the data is obliged to keep it strictly confidential.
Information relating to the accused person
In accordance with Article 14 of the GDPR, Chaabi Bank must inform the person concerned by a report as soon as this does not threaten the implementation of measures to clarify the situation. To the extent permitted by law, your identity as the whistleblower will not be disclosed.
Rights of the data subjects
Under the applicable data protection regulations, you and the person concerned by the report have the right to information, access, rectification, erasure and opposition to the processing of personal data concerning them. If the right of erasure is invoked, we will examine as soon as possible to what extent the data saved is still necessary for processing the report. Data that are no longer necessary will be deleted immediately.
To exercise your rights, you can send your request to our Data Protection Officer at the following email address: DPO@banquechaabi.fr or to the postal address: 121 Avenue de Malakoff 75016 Paris. To find out more, please consult our Confidentiality and Personal Data Protection Policy available on our website.
Your request must be dated, signed and accompanied by a photocopy of your identity document.
Chaabi Bank undertakes to answer you within a maximum period of 30 days.
The exercise of your rights of access, rectification, opposition, erasure, limitation of processing or portability of personal data is free of charge.
In addition, you have the right to lodge a complaint with a supervisory authority about the processing of your personal data. A single counter, CNIL, has been designated for Chaabi Bank and its branches, whose head office is located at 3 place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 - www.cnil.fr
Retention period for personal data
Personal data is retained for as long as necessary to clarify the situation and make a final assessment or as long as there is a legitimate interest on the part of the company or retention is required by law. After completion of the processing of the report, the personal data is deleted in accordance with regulatory requirements.
Use of the whistleblowing system
Communication between your computer and the BKMS® System platform is performed through an encrypted (SSL) connection. The whistleblowing system does not enable IP addresses to be traced. To maintain the connection between your computer and the BKMS® System, a cookie is stored on your computer containing only the session ID (also known as a “zero cookie”). This cookie is valid only until the end of your session and expires when you close your browser.
You can set up a postbox within the whistleblowing system which is protected with a personally chosen user name/pseudonym and password. You can thus submit reports either personally or anonymously to the responsible Chaabi Bank employee. In this system, the data is stored only within the BKMS® System platform, which makes it particularly secure. This is not a traditional communication by exchange of e-mails.
Note on the sending of attachments
When you submit a report or provide additional information to an existing report, you can also send attachments to the responsible Chaabi Bank employee. If you wish to submit a report anonymously, please note the following security advice: the files may contain hidden personal data that could jeopardise your anonymity. Remove this data from the files before sending them. If you are unable to remove this data, or if you are unsure how to do so, please copy the text of your attachment into the text of your report message or send a printed copy of the document anonymously to the address given in the footnote, specifying the reference number assigned to you at the end of the reporting process.
1 Banque Chaabi du Maroc in France and its European branches
