1. Register
To set up your whistleblowing platform, you must first register [online (link to registration) / by writing to info@xxxxxxx.xx]. When registering, you will be asked to choose which offer you would like to subscribe to, and to provide the following information: Name of your organisation, name of contact person, email of contact person; [add any other relevant field]. After completing and submitting the online form, you will [receive an automatic email with the confirmation of our registration and other relevant information and documentation/ be contacted by the chapter within 5 days to complete your registration].
Once your registration is completed, you can set up your whistleblowing system yourself by following the steps described below.
2. IT platform configuration
Now that you have registered you have access to the administration portal of your IT platform where you will receive reports and you can change the settings of your user profile.To complete the setup process, change the initial password given to you, check your user settings and report recipient details, and upload your organisation’s logo. You will be able to access the portal whenever you want to check the reports received and to communicate with the whistleblowers. Follow the instructions you received
3. Appointment of [name of IT provider] as external data processer
[PRODUCT NAME] involves the maintenance and updating of a cloud platform by [Name of IT provider].
The organisation must therefore send to [email address created for GDPR purposes, such as gdpr@productname.it] the document entitled “Data processing agreement” that you received when registering, duly completed and signed. You can find HERE the data processing agreement and other relevant documentation on privacy and security.
4. Publication of the web address to the reporting platform and spreading the information
To start receiving reports, you should ensure that all potential whistleblowers are aware of and have access to the reporting platform. This includes the organisation’s personnel, but also other collaborators and business partners including contractors, sub-contractors, suppliers and their personnel, shareholders and board members, volunteers and trainees, as well as job applicants and bidders.
Sign-post the web address to your new reporting platform (that we sent to you by email)
On your organisation’s website and intranet, both on the homepage and the dedicated anti-corruption/whistleblowing pages. You can find HERE model information and description texts to include on your website.
In your organisation’s premises – We invite you to print and hang the posters specially designed for those who adopted [PRODUCT NAME].
Spread the word about the reporting platform
Send a dedicated email to personnel, collaborators and business partners – HERE you can find model emails.
Make an announcement at a general personnel meeting.
Publish a dedicated news item on your website, your intranet, your internal and external newsletters if you have one. HERE you can find an example of news to be published
Update relevant internal policies, procedures and other documents
The organisation’s adoption of [PRODUCT NAME] to receive and manage whistleblowing reports might necessitate an update of your whistleblowing policy and/or procedures, your anti-corruption policy, code of conduct and any other document that contains information on whistleblowing (such as employment and consultancy or suppliers contract templates).
Your data protection policy should be updated to reflect the appointment of an external data processor and published.
HERE you will find some information that may be useful for updating the PTPC
The link to the online reporting platform, and all communication about it, should be accompanied by relevant information about your organisations’ whistleblowing and whistleblower protection policy and procedures, including:
- all the channels available to make a whistleblowing report, including the [name of product] online reporting platform
- who can report, and what can be reported
- who qualifies for protection and the types of protection and support measures provided by the organisation to whistleblowers (including procedures and remedies to address detrimental conduct)
- confidentiality and anonymity regimes (including legal exceptions and practical limitations)
- how the organisation will manage reports and communicate with the whistleblower (including how/when the whistleblower will be contacted)
- how personal data will be processed, how long it will be retained and for what purpose.
–