Privacy Notice
COMPLIANCE INTEGRITY SOLUTIONS SRL is a limited liability company incorporated under the laws of Romania, with registered seat in Calea Mosilor 158 E, registered with the Trade Registry under no. 46319815 (“wibso” or “We”) and the provider of the web-based whistleblowing solution wibso.

We at wibso are committed to protecting your personal data and privacy. With this privacy policy, we want to make sure that you understand how we process your personal data and how we ensure that the personal data processing carried out by wibso is done in a compliant manner in accordance with applicable law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR“). This privacy policy also describes your rights as a data subject and how these rights can be exercised.

This Privacy Notice applies to how we process the personal data of all visitors to this website, www.wibso.com (the “Website”). To find out how we process data that results from the use of the wibso platform, please refer to the data processing agreement attached to the agreement concluded between you and wibso for provision of the whistleblowing service. Hereafter, we will describe the processing of personal data performed or otherwise controlled by wibso as a company. If you wish to exercise any of your rights in connection to the processing of your personal data, you can contact us via the contact details below in section

11.

  1. What does personal data processing mean?
    ‘Personal Data‘ is any information that may be directly or indirectly attributed to you. For example, your name, social security number, address, picture, e-mail and IP address. Even information which cannot in itself identify you may be personal data if this can be attributed to you in combination with other information. ’Controller’ is the organisation that decides on the purposes and means of processing personal data, i.e. how and why personal data processing is done. ‘Data Processing’ means all actions taken with your personal data. For example, collection, registration, storage, alteration, processing, structuring, destruction, etc.
  2. Who is responsible for the processing of your personal data?
    wibso is the controller for the processing of personal data carried out by us or on our behalf
    in relation to accessing the Website. This means that we decide how and why your personal
    data is processed when visiting the Website. When using the whistleblowing solution wibso, the beneficiary having contracted the wibso service will be the controller for the processing of personal data collected using the wibso platform.
  3. What personal data we collect and why?
    wibso mainly collects personal data which is necessary for you to be able to use our products
    or services, for example customer representative data for promoting, offering and subsequently providing wibso to you as a customer. This means that all or part of our products and service will not be usable if you do not want us to process your personal data.


Improvement and development of the service. When you visit the website, we process information about your place of residence, click and visit history, technical data from the devices you used (i.e. IP address, operating system, language, browser setting) and information about where you are when you visit our website, how long you have visited different parts of the website and if you have encountered any technical problems. We do this to improve our services and the website.

Purchases and subscriptions. When you contract the service, we may ask you to provide your name, address, telephone number, e-mail and billing information. We do this so that we
can provide the services and access to the wibso platform.
Preventing crime and misuse. We collect data about your click and visitor history, technical
data from the devices you used to visit our website (i.e. IP address, operating system,
language, browser setting). We do this to prevent and investigate fraud and other crimes, as
well as to improve the security of our services.
Most of the data above, wibso collects directly from you. We may also collect your publicly
available information from public records.

  1. What are our legal grounds for the processing of your personal data?
    We always process your personal data in accordance with current legislation, including the
    GDPR. According to the GDPR, the processing of personal data must rely on one or more
    lawful bases:
    Legal obligations. For processing that is carried out because it is necessary to fulfil a legal
    obligation, we do this in order for wibso to be able to fulfil a obligation imposed by law.
    Performance of contractual obligations. Specific personal data will pe processed in order
    to fulfill obligations deriving from an agreement concluded between you and wibso or for the
    purpose of entering into such an agreement.
    Legitimate interest. When we process your personal data in order to be able to improve and
    develop the service, to prevent crime and misuse of the service, we do so on the basis of our
    legitimate interests in processing your personal data in a way which can be expected in the
    running of wibso.
    Consent. In certain cases, we may ask you to provide your consent for personal data
    processing, for example if we would like to share your personal data with another company
    or for marketing purposes. In such case we will inform you about what personal processing
    you are consenting to, why and how you can withdraw your consent.
  2. Use of cookies
    What are cookies? A cookie is a small text file which is stored on the device you use to visit
    the Website. The cookie enables the Website to recognize and collect information about your
    device, browser, IP-address, operating system and visited websites or functions used.
    The information collected cannot identify you as a person and will only identify the device you
    are using.
    Why do we use cookies? Most websites use cookies, and some cookies are even
    necessary to make the website function as intended. Cookies can also be used to gather
    information for the purposes of improving the website, tailoring adverts and content on the
    website and evaluating the success of campaigns or advertising on the website.


How can I accept or reject the use of cookies? When you enter our website, you will have
a choice to use only the necessary cookies, some additional cookies or all cookies. If you
choose not to accept any additional cookies, this information will be saved as a cookie. If you
accept additional cookies these will be set to collect the information for the purpose
described, however, never to collect your personal data.
All browsers allow you to reject cookies in the browser settings – these will vary depending
on your browser. Note that a rejection of all cookies may affect the functionality of the
website since no information can be collected from your device.
What cookies do we use and why?
Below you will see the cookies currently being used on wibso’s websites. We will not add any
new cookies without informing you first.
A. Cookies as of 24 March 2023
Name Purpose Data Owner Provider Lifetime Third Party
Privacy Policy

NECESSARY
_cfuid The cookie is used by cdn services
like CloudFare to identify individual
clients behind a shared IP address
and apply security settings on a
per-client basis. It does not
correspond to any user ID in the
web application and does not store
any personally identifiable
information.

wibso Cloudflare 1 month cloudlfare.com/

elementor Used in context with the website’s
WordPress theme. The cookie
allows the website owner to
implement or change the website’s
conten t in real-time.

wibso Elementor/Wor
dpress

Persistent wordpress.com/

PREFERENCES
lang This cookie is used to store the
language preferences of a user to
serve up content in that stored
language the next time user visit
the website.

LinkedIn ads.linkedin.com

Session https://www.linkedin.com/legal/cookie-policy

STATISTICS
_ga This cookie is installed by Google Analytics.The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated
Google Analytics

Google Analytics

2 years https://policies.google.com/privacy

Page 4/2

number to identify unique visitors.

_gat Used by Google Analytics to throttle request rate

Google Analytics

1 day https://policies.google.com/privacy

_gid This cookie is installed by GooglecAnalytics. The cookie is used to store information of how visitors
use a website and helps in creating an analytics report of how the wbsite is doing. The data
collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.

Google Analytics

Google Analytics

day https://policies.google.com/privacy

wibso Facebook 3 months https://developers.facebook.com/docs/facebook-pixel/using-the-pixel

fr The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin

wibso Leadfeeder 2 years https://www.leadfeeder.com/privacy/

  1. For how long is my personal data stored?
    The personal data we collect about you will be stored for as long as it is necessary. We also
    store all personal data up to [Text] after it has been collected to ensure that you can follow up
    on certain matters and to be able to investigate and prevent fraud.
    Please note that certain personal data must be stored for a longer period if it is required by
    law. No personal data attributable to you will be stored for longer than what is necessary or in
    a manner incompatible with current legislation.
  2. Do you share my personal data?
    In order for us to offer you our services and products, it will in some cases be necessary for
    us to share your personal data with other companies. Companies that process your personal
    data on our behalf and according to our instructions are called processors.
    We use processors to to market our services (media agencies, advertising agencies etc.)
    and for our IT services (operation and technical support of the website and other IT systems).
    In some cases, we will share your personal data with companies that are considered
    independent controllers once they have taken part of your personal data. This means that we
    no longer determine how your personal data is being processed. This is the case, for
    example, when you click on an affiliate link which will take you to another website. This is
    also the case when we share your personal data with companies that offer payment
    solutions. This privacy notice only contains information of how wibso processes your
    personal data when visiting the Website, so we encourage you to read the privacy notice on
    the other websites you visit.
    We may also share personal data with a third party (such as the police, the tax authority or
    any other authority) in the case of a criminal investigation or if we are otherwise obliged to
    provide such information under law.
  3. Third Party Processors
    Our carefully selected partners and service providers may process personal information
    about you on our behalf as described below:
    Digital Marketing Service Providers
    We periodically appoint digital marketing agents to conduct marketing activity on our behalf,
    such activity may result in the compliant processing of personal information.  Our appointed
    data processors include:
     [company name] (trading as [commercial name]) Reg. no. [CUI]. You can contact
    [commercial name] and view their privacy policy here: [link].  Their Data Protection
    Officer can be emailed at: [e-mail].
  4. Where is my personal data processed?
    wibso strives to only process your personal data within the EU/EEA. Even though our IT
    systems and servers are located within the EU/EEA, your information may need to be shared

Page 6/2
with a supplier or a subcontractor outside the EU/EEA, for example for support of our IT systems. If so, we will take the necessary steps to ensure that your data is processed at the same level of protection as within the EU/EEA. If you have any questions about the security measures taken, you are welcome to contact us.

  1. What are your rights?
    Right to information. You have the right to be informed about how your personal data is
    processed and why. This information is provided through this privacy policy and when your
    personal data is collected.
    Right to access. You have the right to request access to the personal data processed about
    you at any time in accordance with GDPR.
    Right to rectification. You have the right to have inaccurate personal data about you
    corrected.
    Right to deletion. In some cases, you have the right to request that we delete your personal
    data.
    Right to restriction. You have the right to restrict our processing of your personal data, for
    example through unsubscribing to our newsletter or amending your cookie settings in your
    browser.
    Right to data portability. In some cases, you can request for your data to be provided to
    you in a portable format and to transmit this to another controller.
    Right to object. You have the right to object to wibso’s processing of your personal data.
    If you wish to exercise any of your rights or if you have any questions on wibso’s processing
    of your personal data, please contact us via the contact details below.
    If you have any complaint regarding wibso’s processing of your personal data, you can
    contact wibso under the contact details listed below in order to find an amicable solution and
    give us the chance to explain or remedy any situation. You also have the right to submit a
    complaint to your relevant supervisory authority for data protection, (in Romania, the data
    protection authority is Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu
    Caracter Personal), at any time if you believe that your personal data is being processed in
    violation of the applicable data protection legislation.
  2. How do you contact us?
    The controller for processing your personal data when visiting the Website is wibso. If you
    have any questions about how we process your personal data, please contact us via the
    following contact information:
    COMPLIANCE INTEGRITY SOLUTIONS SRL 
    Calea Mosilor 158 E
    office@wibso.ro