Privacy Policy
ReportSecurely Platform
Skiwo AS · Pilestredet 17, 0164 Oslo · privacy@reportsecurely.com
Effective: 2025
Skiwo AS wants you to understand what data we collect about you and how we process it. We process your personal data in accordance with our obligations under applicable privacy legislation, including the EU General Data Protection Regulation ("GDPR").
In this privacy policy we explain what personal data we collect and process, and for what purposes, when you use the ReportSecurely platform (the "platform"). We also provide information about your rights. You can read more about the platform at: https://www.reportsecurely.com/
Introduction
Report Securely is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our whistleblowing platform.
Data Controller
Report Securely acts as a data processor on behalf of the organisation that operates the reporting channel. The organisation is the data controller. For questions about how your data is handled, please contact the organisation directly.
- Postal address: Pilestredet 17, 0164 Oslo, Norway
- Email: privacy@reportsecurely.com
We also process certain personal data on behalf of our customers in the role of "data processor". This includes, for example, processing of personal data contained in submitted reports, including descriptions of specific individuals or events and related documentation. For these processing activities, our solution functions solely as a storage platform, and our customers are the data controllers. This privacy policy does not cover our processing as a data processor.
Data We Collect
We collect only the data necessary to provide our service:
- Report content submitted by reporters
- Communication between reporters and case handlers
- Account information for organisation administrators
- Technical logs necessary for security and service reliability
- Others who otherwise contact us.
Data Security
All data is encrypted in transit and at rest. We use industry-standard encryption protocols and store data in secure European data centres. Access to data is strictly limited to authorised personnel.
- Basic information, such as name and contact details of customer, reporter, or partner representative.
- Information about your customer relationship, such as service and order information, payment information, and customer service inquiries.
- Information related to a user account, such as name, email address, role and access level, authentication and login data.
- Information about your use of and activity on the ReportSecurely platform, including IP addresses, timestamps, system usage data, and access logs.
Your Rights
Under GDPR, you have the right to access, rectify, erase, restrict processing, and port your personal data. To exercise these rights, please contact us at privacy@reportsecurely.com.
- We receive personal data directly from you when you order our services or otherwise contact us. This data is necessary for us to deliver the service you have ordered or to follow up on your inquiries.
- We receive personal data from your employer (our customer) when you are added to a customer account, or when a user account is created in your name. This data is necessary for us to deliver and provide access to the platform services in accordance with our agreement with the customer.
- We receive personal data indirectly from you when you use or otherwise interact with our platform. This data is important for providing the platform services in a secure manner and with relevant functionality.
Data Retention
We retain data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Report data is retained in accordance with the organisation's data retention policy.
| Purpose | Processing activity | Personal data | Legal basis |
|---|---|---|---|
| Customer support — Sales and order processing | Carry out transactions you have requested, including handling payments, delivery of services. | Customer contact details, payment details, billing information, information about purchased services, order history. | Article 6(1)(b) — Contract |
| Customer support — Customer service | Assist in resolving any questions or issues you may have with our services. | Customer contact information, inquiry details, communication history, service information, information about your technical equipment or software, error messages. | Article 6(1)(f) — Legitimate interest in providing customer service |
| Provide access to the ReportSecurely platform | We process personal data to deliver our services, e.g. when creating a user account. | Username and other personal data (email address, role, etc.), names of contact persons at business customers. | Article 6(1)(b) — Necessary to perform a contract |
| Prevent data security breaches | Monitoring use of the platform to detect or investigate network security breaches. | Metadata (including timestamps, user identifiers, IP addresses, browser and device details, session data, access logs, etc.) | Article 6(1)(f) — Legitimate interest in maintaining information security |
| Compliance with legal requirements | Processing to fulfil statutory obligations, for example in connection with accounting and to provide information to the competent authority. | All categories of personal data strictly necessary to fulfil our obligations. | Article 6(1)(c) — Necessary to comply with a legal obligation |
| Other purposes | We may process your personal data for any other purpose to which you have specifically consented. | Article 6(1)(a) — Consent |
Contact
For privacy-related inquiries, please contact our Data Protection Officer at privacy@reportsecurely.com.
Who do we share personal data with?
Personal data necessary for you to log into the platform (name and email address) may be shared with your organization to administer accounts and provide necessary access.
Data may also be shared with "data processors" engaged by Skiwo. A company that processes your personal data on our behalf is called a data processor. If we engage a data processor, we enter into a data processing agreement that regulates how the data processor may process the data they gain access to and their obligations in that regard.
We may also share personal data with public authorities where there is a statutory obligation to do so.
Do we transfer personal data to other countries?
As a general rule, we do not transfer your personal data to countries and/or organizations outside the EU/EEA area (so-called "third countries").
If such transfers nevertheless occur — for example if one of our data processors transfers personal data to sub-processors outside the EU/EEA area — we will ensure that the transfer is carried out in accordance with the requirements set out in GDPR Chapter V and that adequate safeguards are provided, e.g. through EU Standard Contractual Clauses ("SCC").
How long do we store personal data?
We store your personal data for as long as necessary for the fulfilment of the above-mentioned purposes of processing the data. However, this does not apply if storage is required by law for a longer period than the purpose warrants.
What are your rights?
Privacy legislation gives you a number of rights, including the right of access, rectification, and erasure of the personal data we have stored about you.
We are committed to ensuring that the personal data we have stored about you is accurate and up to date. If you discover that the data we have stored about you is incorrect, we encourage you to contact us. This also applies if you wish the stored data to be deleted.
Regarding the right to erasure, there is an exception for data that is necessary for us to deliver a service you still wish to have access to, or where it is required by law to retain the data for a specific period.
You also have the right to data portability. This means that you can, among other things, obtain your personal data in a machine-readable format.
Furthermore, you have the right to object to the processing of personal data and the right to object to profiling and automated decisions. This means you can require that your personal data is not analysed to reveal your behaviour, preferences, abilities, or needs. However, this does not apply if the processing is necessary to fulfil an agreement you have entered into with us or if you have previously given your explicit consent to the processing.
You also have the right to receive a copy of the personal data we have registered about you, to the extent that confidentiality obligations do not prevent this. To ensure that personal data is disclosed to the correct person, we may require that the request is made in writing and that identity is verified in another way.
If you believe Skiwo does not comply with what we inform about in this privacy policy or applicable legislation, you can send us a complaint. You can also file a complaint with the Data Protection Authority.
Use of cookies
We use cookies and similar technologies on our websites. You can read more about how we use cookies in our Cookie Policy.
How do we notify about changes to this privacy policy?
Our services are in continuous development. We may therefore need to update our privacy policy. If the privacy policy is updated, the updated privacy policy will be made available on our website.
How to contact us
If you have questions about how we process your personal data or wish to exercise your rights, you can contact us by sending an email to: privacy@reportsecurely.com