Jun 18, 2024

Aiven's Whistleblowing Protection

Aiven is committed to ensuring that it conducts business fairly, transparently, ethically and lawfully. We take all suspicions of illegal or unethical conduct seriously.

Aiven strongly encourages both employees and external stakeholders to speak up and report suspected violations of laws and regulations or unethical conduct. As the Aiven Code of Conduct states, our objective is to create an environment where everyone can speak out in good faith and without fear of retaliation.

For this purpose, we have established a whistleblowing channel. The channel is provided by our external partner WhistleB to guarantee confidential and anonymous reporting. Our whistleblowing channel complies with Directive (EU) 2019/1937 on the protection of persons who report violations of European Union legislation as well as applicable national laws.

Reports are treated confidentially

Reports that are sent to the whistleblowing channel can only be reviewed by a designated Compliance Investigation Team. All reports are handled quickly, confidentially and in accordance with strict rules regarding conflicts of interest.

You may submit your identity or choose to remain anonymous in your report. We recommend submitting your name and contact information to enable fast communication during the investigation process. Also, to pursue an investigation regarding for example harassment or discrimination, it may be necessary to know the identity of the person making the report.

However, messages can also be received anonymously through the whistleblowing channel based on a personal ID and password that are provided upon submitting a report. Note that neither Aiven nor WhistleB can recover your password or ID if lost.

What should I report in the whistleblowing channel?

The whistleblowing channel can be to report suspected crimes, violations or misconduct, for example:

You are not required to provide evidence in your report, but all reports must be made in good faith. Deliberately reporting false or malicious information is a serious violation.

Please note that the whistleblowing channel should not be used for general customer feedback. We ask that you provide customer feedback directly to your sales representative.

How should I make a report?

  1. Alternative 1: If you are an employee at Aiven, first we encourage you to speak directly to your own manager.
  2. Alternative 2: If you cannot report to your manager, you are encouraged to contact your manager’s superior, the People team or the Legal team.
  3. Alternative 3: If the above is not possible or does not apply to you, you may report your concerns through the whistleblowing channel.

How does Aiven investigate reports?

When a report is made through the whistleblowing channel, the Compliance Investigation Team notifies the whistleblower that the report has been received (within 7 days).

If the whistleblower has not provided a name and contact details, all communication takes place through the channel. The person making the report must use the ID and password given when making the report to access the messages.

The Compliance Investigation Team investigates the report under strict confidentiality, and determines whether the report concerns the type of violations that the channel is intended for. During the investigation, it is ensured that no such person participates in the investigation, who is implied in the report or who could otherwise be in a conflict of interest. The Compliance Investigation Team may ask follow-up questions through the channel.

The whistleblower is provided with information about the follow-up measures regarding the report within 3 months following the acknowledgement of receipt.

How does Aiven protect whistleblowers?

The protection provided pursuant to Directive (EU) 2019/1937 applies specifically to those who report:

In the above cases, whistleblower protection may require that the whistleblower treats the case as confidential and uses Aiven’s whistleblowing channel as the primary report channel. To maintain whistleblower protection, the whistleblower may not be able to provide the information to the public or the authorities until Aiven’s internal process is completed within the timeframe set by law. To learn more about applicable protections and available external reporting channels in the countries in which Aiven is required to have an internal whistleblowing channel in place, please visit the webpages of competent authorities in Finland and in Germany.

Please note that the protection provided pursuant to Directive (EU) 2019/1937 does not apply as such to persons and reports which fall outside the scope of the national implementations of the Directive. However, Aiven carries out an investigation and takes measures to prevent retaliation in connection with any report made in good faith and concerning a potential violation of the law, Aiven Code of Conduct or our other internal policies.

Additionally, to qualify for protection, whistleblowers must have reasonable grounds to believe that the matters reported by them are true. If the whistleblower is proven to be mistaken, this does not remove protection.

How is my personal data protected?

Processing personal data

This whistleblowing service may collect personal data on the person specified in a message, the person submitting the message (if not sent anonymously) and any third person involved, in order to investigate facts on the declared misconduct and inappropriate behaviour eligible under our Code of Conduct or internal rules. This processing is based on statutory obligations and the legitimate interest of the controller to prevent reputational risks and to promote an ethical business activity.

The provided description and facts under this processing are only reserved to the competent and authorized persons who handle this information confidentially.

You may exercise your rights of access, of rectification and of opposition, as well as of limited processing of your personal data. However, these rights are subject to any overriding safeguarding measures required to prevent the destruction of evidence or other obstructions to the processing and investigation of the case. Data is stored within the EU.

Deletion of data

Personal data included in whistleblowing messages and investigation documentation is deleted when the investigation is complete, with the exception of when personal data must be maintained according to other applicable laws. Investigation documentation and whistleblower messages that are archived will be anonymised; they will not include personal data through which persons can be directly or indirectly identified.

Personal data controller and processor

Aiven Oy is responsible for the personal data processed within the whistleblowing service. In questions concerning data privacy, please contact privacy@aiven.io.

WhistleB Whistleblowing Centre Ab (World Trade Centre, Klarabergsviadukten 70, SE-107 24 Stockholm) is responsible for the whistleblowing application, including processing of encrypted data, such as whistleblowing messages. Neither WhistleB nor any sub-suppliers can decrypt and read messages. As such, neither WhistleB nor its sub-processors have access to readable content.

Thank you for helping us work ethically and responsibly!