Skip to content

Choose your area

Close

Code Of Conduct Reporting Channel

We strive to act ethically and be worthy of your trust as professionals. It’s paramount to us that our staff, customers, and other stakeholders regard our actions as ethically sound. You play a crucial role in our success.

Renta

WE WANT TO ACT RIGHTLY

We aim to maintain transparency and trust in Renta’s business operations. We are committed to acting ethically and in compliance with laws, regulations, and rules.

We want to prevent misconduct and unethical behavior, and therefore we encourage Renta’s employees and partners to report any suspicions related to misconduct or unethical activities.

 

Renta Whistleblowing Reporting Channel

Renta’s reporting channel offers the possibility to report suspected misconduct or unethical behavior, such as corruption, bribery, harassment, or other dishonest activities, as well as issues under the whistleblower legislation. The channel is not intended for customer feedback or complaints processing.

Reports can also be made directly to the Office of the Chancellor of Justice’s centralized reporting channel in certain situations. Reports can be made both in writing and orally. Anonymous reports are not accepted. However, for the reporter to be entitled to the protection under the whistleblower protection law, one of the following conditions must be met:

  • The reporter has a reasonable cause to believe that no necessary actions have been taken based on an internal report to verify the accuracy of the report and, if necessary, to address the violation within the time limits set by law.
  • The reporter has a reasonable cause to believe that the violation cannot be effectively addressed based on an internal report.
  • The reporter has a reasonable cause to believe that they are at risk of retaliation due to the report.

 

The reporting channel is not connected to Renta’s IT systems but is maintained by an external service provider, WhistleB, Whistleblowing Centre AB. To ensure the anonymity of the reporter and the protection of information, the reporting procedure is strongly encrypted and protected.

All reports are taken seriously and treated confidentially.

 

The reporting channel is available in nine different languages. You can make a report here. here.

PRIVACY NOTICE - Whistleblowing Reporting Channel

Created on October 1, 2021

1. Data Controller

Renta Group Oy

Business ID: 2732388-9

Address: Äyritie 12B, 01510 Vantaa

2. Person responsible for registry matters and/or contact person
Joel Särkkä

Renta Group Oy

Äyritie 12B, 01510 Vantaa

Email: privacy@renta.fi

3. Registry name

Renta Group’s reporting channel registry.

4. Purpose and legal basis for processing personal data

The reporting channel enables Renta to fulfill their statutory obligations.

The purpose of the registry is to process reports received through Renta’s reporting channel. The processing of personal data aims to ensure and monitor compliance with ethical guidelines, other internal directives, legislation, and contracts binding Renta. The reporting channel aims to ensure that decision-making and the internal control system operate properly and that the data controller adheres to the principles of good governance in its operations.

The objective of the reporting channel is to prevent, investigate, and bring to investigation any crimes, violations, or other misconduct that may have occurred in Renta’s operations. The reporting channel offers the possibility to report suspected misconduct or unethical behavior, such as corruption, bribery, harassment, or other dishonest activities, and issues included in the whistleblower legislation (e.g., public procurement, traffic safety, consumer protection, and environmental protection).

The processing of personal data is necessary for Renta to evaluate and investigate reported cases and implement appropriate case-specific measures to resolve and terminate the issue.

The legal basis for processing personal data is compliance with a legal obligation to which the data controller is subject (General Data Protection Regulation, Article 6.1.c).

The legal basis for processing personal data is also the realization of the legitimate interests of the data controller (General Data Protection Regulation, Article 6.1.f).

The processing of personal data is based particularly on the EU Directive 2019/1937 (Directive on the protection of whistleblowers), which requires Renta to implement an internal reporting channel (Directive on the protection of whistleblowers, Article 8.3).

5. Recipients of personal data

Deloitte Oy processes reports received through the reporting channel as an independent entity in the first instance. Renta’s executive, financial, and country managers make decisions on any possible follow-up actions.

WhistleB Whistleblowing Centre AB provides the cloud service for Renta’s reporting channel through which reports are submitted.

Renta may, on a case-by-case basis, transfer information to external parties, such as authorities, for them to perform their legal duties.

Information is not transferred for commercial purposes.

6. Transfer of data outside the EU or EEA

Information is not transferred or disclosed to countries outside the EU and EEA.

7. Content of the registry and data retention

The registry contains information provided by individuals associated with Renta’s staff and stakeholders. The information provided may include, for example:

  • The name and contact details of the reporter (if provided)
  • Identification information related to the subject of the report, such as the name and location (to the extent that this has been reported
  • Information about actions contrary to law or ethical guidelines, such as a free-form description of the event
  • Information about the investigation and investigation of the case, follow-up actions, and the conclusion of the investigation.

If the reporter has not made the report anonymously, their personal data may be registered.

8. Data sources

Renta’s staff and stakeholders may report possible suspicions of misconduct and issues related to the substantive scope of the whistleblower protection legislation through the reporting channel.

9. Data retention period

Data is removed from the registry when it is no longer necessary for processing, and the related actions and/or processes have concluded or become legally binding, and legislation does not require data retention. Data is removed within 60 days after the completion of the investigations and processes related to the case unless applicable legislation dictates otherwise.

10. Principles of registry protection

The data controller ensures that data stored in the service is processed according to good data security practices and instructions given by the data controller.

The personal data contained in the registry is protected by technical and organizational measures and stored in electronic systems. WhistleB Whistleblowing Centre AB provides the cloud service for Renta’s whistleblowing reporting channel, through which reports are submitted. WhistleB Whistleblowing Centre AB is responsible for the technical protection of the data stored in the registry, which includes internal data security, access control, software security updates, and backup. The service’s data security is also tested by third-party security checks in addition to internal tests.

Access to the reporting channel is restricted to designated and limited individuals, namely the designated experts at Deloitte Oy, who process reports received through the reporting channel as an independent entity in the first instance. All individuals with access to the registry data are bound by confidentiality.

11. Rights of the data subject

  • Rights of the data subject: 
    Access to data: The data subject has the right to obtain confirmation from the data controller as to whether their data is being processed. If data is being processed, the data subject has the right to access their data recorded in the registry. The data subject may submit a written inspection request to the data controller. However, the right of the data subject to obtain information about the processing of their personal data and the right to inspect can be limited if exercising this right would jeopardize the achievement of the investigation’s objectives. This limitation ends when there is no longer a need to ensure the investigation or the person is heard for the investigation.
  • Right to rectification:  The data subject has the right to demand the correction of inaccurate or incomplete personal data concerning them. Rectification of data is carried out by submitting a written correction request to the data controller. However, the right of the data subject to obtain information about the processing of their personal data and the right to inspect can be limited if exercising this right would jeopardize the achievement of the investigation’s objectives. This limitation ends when there is no longer a need to ensure the investigation or the person is heard for the investigation.
  • Right to erasure:  The data subject has the right to demand the deletion of their data recorded in the registry unless there is a reason for retaining the data. The data subject may submit a written request for deletion to the data controller.
  • Right to restrict processing:  The data subject has the right to demand that the data controller restrict the processing of the data subject’s personal data if there are grounds for it. A request for the restriction of the processing of personal data must be made in writing to the data controller.
  • Right to object to processing: The data subject has the right to object to the processing of personal data concerning them if there are grounds for it. A request to object to the processing of personal data must be made in writing to the data controller.
  • Right to data portability:  The data subject has the right to transfer their personal data in a machine-readable format. This is done by contacting the data controller in writing.
  • Right to withdraw consent to processing:   The data subject has the right to withdraw consent on which the processing is based. Withdrawal of consent is done by submitting a written request to the data controller.
  • Right to lodge a complaint with a supervisory authority:  The data subject has the right to lodge a complaint about the processing of personal data to the data controller, the data processor, or the supervisory authority (in Finland, the Data Protection Ombudsman).

12. Automated decision-making and profiling

The data in the registry is not used for automated decision-making or profiling of registered individuals.

13. Changes

This Privacy Notice for Renta’s reporting channel registry replaces all previous versions. Renta may update this Privacy Notice from time to time, e.g., due to changes in its operations or legislation, and the latest version is updated on Renta’s intranet.