Amusnet Logo

Please confirm that you are 18 or older before entering this site:

Whistleblowing Policy

1. GENERAL

1.1. The present Whistleblower Notice (“Notice“) is intended to provide you with clear and easily accessible information about the terms and conditions for whistleblowing through an internal channel of Amusnet Interactive Ltd, UIC 203773449, with its registered office and registered address at Garitage Park, Building No. 4, Floor 2, ul. “2, Donka Ushlinova Str. Sofia 1766 (the “Company“), pursuant to the Whistleblower Protection Law (the “Law“).

2. WHAT BREACHES CAN YOU REPORT?

2.1. Under Bulgarian law, you may report breaches relating to violations of Bulgarian law or of European Union legislation in the field of:

 

3. WHO CAN SUBMIT A REPORT?

3.1. A natural person may submit reports and/or publicly disclose information about violations known to him/her in his/her capacity as:

3.2. Protection shall be granted to:

3.3. In the event that the whistleblowing is credible and justified, the protection under the Law shall be available to you from the time of the whistleblowing or public disclosure of information about a breach.

 

4. WHAT ARE THE CONDITIONS TO GET PROTECTION?

4.1. You have the right to a defence provided that you:

4.2. You will not be prosecuted or protected in respect of anonymous whistleblowing (unless you have been subsequently identified) and whistleblowing relating to breaches that occurred more than two years ago.

 

5. HOW AND WHERE CAN I REPORT?

5.1. In the event that you wish to report the breaches referred to in section 2 and if there is reasonable cause to believe that the information is correct, you may do so by one of the following means:

5.2. If a verbal report is made, we will record it on a form which you will be asked to sign.

5.3. The report must contain at least: three names, address and telephone number of the sender, e-mail address (if available), names of the person against whom the report is made (where the report is made against specific persons and they are known), specific details of the offence or of a real risk of such an offence being committed, place and period of the offence, if any, description of the offence or the situation and other circumstances as far as such are known to the reporting person, date and signature.

5.4. We will take immediate action to ensure your confidentiality.

5.5. In addition, you also have the right to report to an external channel, namely the Commission for Personal Data Protection https://www.cpdp.bg, and the right to make information public, in accordance with the Law.

 

6. WHAT CAN I EXPECT AFTER I REPORT A BREACH?

6.1. Once you have reported a breach, we will check whether it is credible and, if so, we will take the necessary follow-up action to uncover the objective truth and gather all necessary evidence, including from the parties concerned and the person against whom the report has been made, while respecting the confidentiality and privacy of your personal data.

6.2. If necessary, we may contact you for further information and documentation.

6.3. In the event that there is a reasonable belief that there is a risk of retaliatory, discriminatory action, and that effective measures will not be taken to verify the reported information, the breach may be communicated through an external submission channel, namely to the Commission for Personal Data Protection.

6.4. Once we have produced a written report and before 3 months have elapsed since the whistleblowing, we will contact you to provide feedback on your whistleblowing.

6.5. Where the breach is minor and does not warrant further follow-up action and in the case of a repeated report that does not contain new information relevant to the breach, the file on your report may be closed.

6.6. The Company shall consider all whistleblowing reports in accordance with the principles of confidentiality, impartiality, fairness, independence and absence of conflict of interest.

6.7. The Company shall ensure that whistleblowers are protected from retaliatory actions that disadvantage them and shall not allow such actions to take place within its organisation.

 

7. YOUR LIABILITY

7.1. Whistleblowing or public disclosure of false information shall be liable for administrative penalties under Article 45 of the Whistleblower Protection Law.

7.2. In the event of manifestly false or misleading statements of fact, your alert will be returned with instructions to correct the statements and a warning of the liability you bear, namely a fine of up to BGN 7,000.

 

8. WHISTLEBLOWER NOTICE AVAILABILITY

8.1. This Notice is available on our website, namely https://www.amusnet.com/whistleblowing, and prominently displayed at our offices.

 

9. PERSONAL DATA

9.1. Amusnet Interactive Ltd will process your personal data for the purposes of handling a report of a breach.

9.2. The information relating to a whistleblowing, as well as the identity of the whistleblower and the person concerned, and other persons named in the whistleblowing report or made known in connection with the whistleblowing report, are protected. Access to your personal data will only be granted to the persons responsible for handling whistleblowing, as well as governmental and supervisory authorities, in cases defined by law.

 

10. UPDATING THE WHISTLEBLOWER NOTICE

10.1. This notice may be subject to amendment, with the latest effective date being 04.05.2023. Any future changes or additions to information described in this notice that affect you will be communicated to you through an appropriate channel depending on the usual mode of communication.

 

 

NOTICE ON THE CONFIDENTIALITY OF PERSONAL DATA PROCESSED IN RELATION TO REPORTS ON BREACHES

 

Purpose

The purpose of this notice is to inform individuals about how we process the personal data of whistleblowers or persons who publicly disclose information about breaches, of persons other than the whistleblower who are afforded protection, and of persons against whom a report is made.

 

WHO WE ARE?

The controller of personal data is Amusnet Interactive Ltd, UIC 203773449, with registered office and management address in Garitage Park, building No. 4, floor 2, ul. “2, Donka Ushlinova Str. Sofia 1766 (“the Company“, “we“).

The contact of our Data Protection Officer is:

Data Protection Officer: atty. Desislava Dimitrova-Cholakova

Email: [email protected] Amusnet Interactive Ltd.

 

PERSONAL DATA WE PROCESS

 

BASIS FOR PROCESSING

The basis for the processing of the personal data described above is for the purpose of fulfilling a legal obligation under the Whistleblower Protection Law, SG No. 11 of 2 February 2023, effective 4 May 2023 (the “Law“), namely: for the purpose of providing an internal whistleblowing channel.

 

PROCESSING PURPOSES

1. Report registration and handling;

2. Providing protection to the whistleblower, the individuals related to the whistleblower, as well as the person concerned;

3. To fulfil an obligation imposed by Bulgarian or European Union law in the context of investigations by national authorities or judicial proceedings, including with a view to guaranteeing the right of defense of the person concerned;

4. To hold the whistleblower accountable and to protect the legitimate interests of the Company in the cases defined by law.

 

CONFIDENTIALITY OF INFORMATION

We protect information related to whistleblowing, including but not limited to the identities of whistleblowers and persons concerns, and take necessary measures to protect that information.

Access to information relating to whistleblowing, including the identity of whistleblowers and persons concerned, shall be provided, subject to the Law, only to employees and other persons within the Company and to the person responsible and designated for registering the reports (including where such person is outside the Company).

Within the Company, access to the information shall be limited to the employees responsible for handling reports. A person against whom a report has been made shall not have access to the information relating to that report, except where the provision of the information is required by law. Access may also be granted to other people depending on the specifics of a particular case.

Disclosure of the identity of the whistleblower and/or other information concerning the report shall be authorized only with the express consent of the whistleblower.

Notwithstanding the foregoing, the identity of the whistleblower, and any other information from which the identity of the whistleblower may be revealed, directly or indirectly, may be disclosed where this is necessary and is a proportionate obligation imposed by Bulgarian or European Union law in the context of investigations by national authorities or legal proceedings, including with a view to ensuring the right of defence of the person concerned.

 

YOUR RIGHTS

The Company shall provide to persons reporting or publicly disclosing information about breaches, to persons other than the whistleblowers who are afforded protection, and to persons against whom a report has been made, all the rights set out in national and European legislation, including the right:

1. on request, to receive all necessary information relating to the processing of the data provided by you, including, if possible, a copy;

2. to request from the Company access to, rectification, erasure/deletion of personal data or restriction of the processing of personal data, if the prerequisites for this are present;

3. to object to the processing, as well as to lodge a complaint with the supervisory authority – the Commission for Personal Data Protection (CPDP) (Sofia 1592, 2 Tsvetan Lazarov Blvd. or www.cpdp.bg) in case of unlawful processing of data;

4. to withdraw your consent at any time, without negative consequences for you, when the basis for processing is consent;

5. to exercise your right to portability.

In certain cases, informing the whistleblower at an early stage may be detrimental to internal reports examination. Where, at the Company’s discretion, it is considered that there is a high risk that providing access will impede the procedure or undermine the rights and freedoms of others, the Company may impose a restriction on the provision of specific information or a delay in its provision.

All requests related to personal data such as: information, access, deletion, withdrawal of consent, etc. described above, shall be made in writing, signed by you and transmitted to the Company for processing at the e-mail address: [email protected] or at the Company’s management address. The request must contain three names and, in the event that it relates to specific personal data – these should be specified, together with the precise right being exercised.

 

DATA PRIVACY MEASURES

The Company has put in place technical and organizational measures to protect information relating to whistleblowing, including the identity of whistleblowers and affected individuals, against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other types of unlawful processing. Special attention shall be paid to sensitive data. Some of the measures taken are: encryption, pseudonymization, redundancy, access control, strict confidentiality, periodic training, etc.

 

DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

Your personal data is not transferred outside the EU/EEA. Should such processing be necessary, appropriate safeguards will be used to ensure that such transfer is carried out in accordance with applicable data protection rules, including legal grounds.

 

CONSERVATION PERIOD

 

Updating the privacy notice

This notice may be subject to change and was last updated on 04.05.2023. Any future changes or additions to the processing of personal data described in this notice will be communicated through an appropriate channel.