BG | EN

Reporting

1.Scope, purpose and general

These Rules determine the order and manner of processing personal data of persons reporting violations under the Law on the Protection of Whistleblowers or Publicly Disclosing Information on Violations (“PLEAPOIN” or the “Act”), as well as responding to requests for the exercise of rights made by data subjects, their representatives or other interested parties. This procedure aims to ensure compliance with the regulatory obligations of CASINO INBET LTD, with UIC 205767733 (for short: “Company” or “Controller”) as well as to improve the transparency of processes.

This procedure concerns the Responsible person and the persons responsible for the consideration of signals under the Act, who register and consider signals submitted under the Act, including the Data Protection Officer (hereinafter ‘DPO’)

The responsible person and the people responsible for handling signals that process personal data shall observe the following principles when processing personal data:

  • Personal data is processed lawfully and conscientiously.
  • Personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes.
  • The personal data collected and processed when registering and reviewing a reported infringement shall be relevant, related to and not exceeding the purposes for which they are processed.
  • Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data shall be deleted or rectified where it is found to be inaccurate or disproportionate to the purposes for which they are processed.
  • Personal data shall be kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which they were collected.

The person responsible and the people responsible for reviewing signals undergo initial and periodic trainings on data confidentiality and get acquainted with the applicable legislation.

The processing is carried out on behalf of the Administrator, through its employees, who comply with the adopted technical and organizational measures in accordance with the requirements of the Regulation and ensure the protection of the rights of data subjects.

The processing by the Person in charge and the persons responsible for handling signals is governed by these Rules, which are mandatory for each employee who is designated by order of the Manager of the Company as a person responsible for the consideration of signals, as well as for the Responsible. All designated processors should:

  • Process personal data only in accordance with these Rules;
  • Sign a confidentiality statement;
  • Take all necessary security measures for processing provided by the Administrator.

2.Definitions

The words and expressions used, which are not explicitly defined in these Rules, shall have the meaning given to them in the PLEA.

The following words, expressions and abbreviations used in these Rules shall have the meanings defined below:

Law on the Protection of Persons Reporting or Publicly Disclosing Information on Violations, promulgated, SG. 11 of 2 February 2023, in force from 4 May 2023.

CPDP – Commission for Personal Data Protection of the Republic of Bulgaria, which performs the function of a central authority for external reporting and protection of persons to whom such protection is provided within the meaning of the PDPA.

Responsible person and/or Responsible person – the persons responsible for receiving signals.

Persons responsible for the consideration of alerts – the persons designated by an Order of the Manager of the Company in the structure of the Company, including employees of different departments.

Rules the current Rules for the Processing of Personal Data in Connection with Received Signals for Violations

3.REFERENCE DOCUMENTS

  • Law on the Protection of Whistleblowers or Publicly Disclosing Information on Breaches
  • Rules for internal submission of signals and follow-up actions of “CASINO INBET” LTD
  • EU GDPR 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC)
  • Personal Data Protection Act

4.Purposes for which data from a reported infringement are processed

The Company and the Person in Charge process personal data related to the reported breaches, including but not limited to the identity of the reporting and affected persons for the following purposes:

  1. Registration of the signal and its consideration;
  2. Providing protection to the reporting person, related persons and the person concerned;
  3. To comply with an obligation imposed by Bulgarian or European Union law in the context of investigations by national authorities or legal proceedings, including with a view to ensuring the rights of defence of the person concerned;
  4. To hold the reporting person accountable and protect the legitimate interests of the Company in the cases specified by law.

Personal data will not be processed for purposes other than those described above.

5.Data processed in connection with an alert

“Personal data” means any information about an identified natural person from which that person is or can be identified. The Company and the Person in Charge process personal data related to breaches submitted through the internal reporting channel of the Company, which include the following categories of personal data:

  • Data about the reporting person: names, telephone number, mailing address, e-mail address and/or the capacity in which he/she submits the report, as well as other data that may be provided in connection with the report;
  • Data on persons other than the reporting person to whom protection is granted: names, position and contact details of persons identified in a report;
  • Data of the affected person: names, capacity of the person, telephone number, correspondence address and / or e-mail address, as well as other data that may be provided in connection with the signal;
  • Other data related to the signal.

6.Minimisation of data

In the event that the reported breach contains information about personal data or data about the economic or financial situation of a specific person that is clearly irrelevant to the establishment of an alleged or potential breach and is not related to it, the Responsible person and the persons responsible for examining reports should cease processing and return it to the sender,  and when this is not possible, to destroy it within the time limits specified in these Rules.

The assessment of the relevance of information containing personal data should be made on a case-by-case basis, and the lack of a link to the report should be obvious.

Example: The person who reported an infringement reports that a colleague has committed fraud. In the signal, the person reveals information about the health status of his colleague. It is obvious that this information is completely irrelevant to the reported infringement and should therefore not be further processed.

7.Duty of confidentiality

7.1 Confidentiality of information

The responsible person and the persons responsible for dealing with reports shall protect information relating to reported breaches, including but not limited to the identity of the reporting and affected persons, and shall take the necessary measures to protect that information.

Access to information related to reported breaches, including the identity of reporting and affected persons, shall be provided only to employees and other persons within the Company and the Person Responsible for whom such data is necessary for the performance of their duties, including disciplinary measures where applicable.

Within the Company, only the employees responsible for handling signals have access to the information. A person under the preceding sentence, against whom an alert has been issued, shall not have access to the information related to this signal, except when the provision of the information is required by law. Access may also be granted to other persons depending on the specifics of the specific case, and access is allowed by the Company on a case-by-case basis.

Within the Company responsible for receiving written signals, access to information shall be granted only to persons entrusted with the functions of receiving signals on behalf of the Company in compliance with these Rules.

The transmission of data and the reference to circumstances by the Company to persons who do not have the right of access to information about the report and the identity of the reporting and affected person, both within and outside the Company, may not directly or indirectly disclose the identity of the reporting and affected person, as well as create an opportunity to suspect his or her identity.

7.2 Exceptions allowing disclosure of the identity of the whistleblower

The disclosure of the identity of the reporting person and/or other information about the report shall be permitted only with the express consent of the reporting person.

Notwithstanding the above, the identity of the reporting person and any other information from which his or her identity can be directly or indirectly known, may be disclosed where this is a necessary and proportionate obligation imposed by Bulgarian or European Union law in the context of investigations by national authorities or legal proceedings, including with a view to ensuring the rights of defence of the person concerned.

In cases where the Company undertakes disclosure of information prior to the disclosure of the person’s identity and/or other information about a particular report, the Company shall notify the reporting person in writing of the need for the disclosure of information. The notification shall state reasons for the need to disclose the information. The reporting person shall not be informed where this jeopardises the investigation of the infringement or the judicial proceedings.

In the event that the Responsible person and the persons responsible for examining reports receive information about an infringement that includes trade secrets of other persons, they are obliged not to use or disclose trade secrets, except and only to the extent necessary for the purposes of internal verification of the reported report and to take follow-up action in case of a violation.

8.Providing information and access to the people whose data is processed in connection with a report. Exceptions

8.1. Provision of awareness ltd

The person responsible and the persons responsible for handling alerts shall provide information in accordance with art. 13 and Vol. 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of all persons related to a specific report of infringement,  namely: the whistleblower, witnesses, persons to whom protection is provided, as well as the person against whom the report is made.

Next, the information should contain data on the consequences of the abuse of the whistleblowing procedure (if, for example, the whistleblower makes a false statement), such as disciplinary liability, administrative or criminal liability.

The information should be provided by the Responsible person or the officer responsible for handling data subjects’ signals within 10 days of receipt of the correspondence address provided by the person. Where the report contains data of third parties but there is no address for correspondence with them by the reporting person, the Responsible person or the officer responsible for handling signals shall request it from him.

8.2. Exceptions to the right of information and access

8.2.1. Restrictions on the internal investigation

In certain cases, informing the person against whom a breach has been reported at an early stage may be detrimental to the internal handling of reports. When, at the discretion of the Person in charge or the employee responsible for the handling of signals, it is considered that there is a high risk that granting access will impede the procedure or violate the rights and freedoms of others, the person proposes to the Manager of the Company to impose a restriction on the provision of specific information or a delay in its provision.

The person responsible or the employee responsible for handling signals proposes to restrict access to information through the preparation of a Report assessing the necessity and proportionality (balancing test) of this restriction to the Manager of the Company and should be decided on a case-by-case basis. The prepared report must require and document the opinion of the Data Protection Debtor. When carrying out the assessment, they should take into account the quality of the person requesting access as well as the stage of the investigation. The type of information, as well as all the associated risks in its disclosure, vary depending on the quality of the person who made the request (the person against whom the alert is filed, the sender, witnesses, third parties, etc.) and should be included in the balancing test.

In the event that a decision is taken to delay the information provided, it should be provided immediately after the reasons for its imposition no longer exist.

8.2.3. Limitations relating to the protection of the confidentiality of information

In certain cases, where the requested information may result in indirect disclosure of the identity of the reporting person or other protected person, a restriction of the right of access may be required.

The person responsible or the officer responsible for examining alerts shall propose the procedure for imposing an exception to the right of access described in art. 8.2.1.

Например, ако лицето, срещу което е подаден сигнал за нарушение поиска достъп до подадения сигнал, който съдържа негови лични данни, дори Дружеството да заличи данните на сигнализиращото лице или на друго лице, което се ползва със защита, спецификата на описание на нарушението може да доведе до разкриване на тяхната самоличност, изключение на правото на достъп може да бъде оценявано по реда на настоящата разпоредба.

8.3. Information for third parties

Where the Responsible person or the officer responsible for handling reports provides access to the personal data of the person concerned, the personal data of third parties, such as whistleblowers or witnesses, should be removed from the documents, except in exceptional circumstances where the person has given his or her explicit consent for his or her data to be disclosed.

The person responsible or the officer responsible for handling reports may consider it disproportionate to inform all third parties identified in the specific alert. The assessment of proportionality must be carried out on a case-by-case basis by the order of art. 8.2.1.

9.Rights of the data subject

Personal data subjects have the following rights regarding their personal data:

  1. Right of access;
  2. Right to rectification;
  3. Right to data portability;
  4. Right to erasure;
  5. Right to erasure (‘right to be forgotten’);
  6. Right to request restriction of processing;
  7. Right to object to the processing of personal data;
  8. Right of the data subject not to be subject to a decision based solely on automated processing, regardless of whether such processing includes profiling.

10.Responsibilities

The responsibility for ensuring compliance with these Rules lies with the Responsible person and the persons responsible for handling reports.

11.Storage of documents retained based on this document

The file, including all data and materials on a specific report, shall be kept for a period of 5 (five) years from the date of completion of the internal verification of the report, and in case no internal check has been carried out (for example, if the report has been forwarded under the competence of the relevant authority or returned to the reporting person due to irregularity) – 5 (five) years,  from the date of receipt of the alert. The date of completion of the internal verification shall be deemed to be the date of issue of the individual report on the results of the verification.

In the event that disciplinary, administrative-penal, criminal and/or civil proceedings have been initiated on the occasion of the alert and/or in connection with the activities of the Company, including the application of the Rules, until the final conclusion of these proceedings and for a period of 5 (five) years thereafter, for the purpose of establishing,  exercise and protection against legal claims, claims, administrative and other acts, unless a shorter or longer retention period is specified in a law or other normative act.

Data that is found to be clearly not related to a report shall be stored for up to 2 months from the establishment of their irrelevance.

12.Information protection measures

In order to protect the information related to the reported breaches, including the identity of the reporting and affected persons, all technical and organizational measures for the protection of personal data provided for in Appendix No 2 – Rules for the processing of personal data in relation to received reports of breaches, as well as the measures provided for in Annex No 3 – Procedure for keeping the Register of Reports on Infringements of the Internal Reporting Rules and for subsequent Actions.

The Company shall take the necessary measures to ensure that access to information related to reported breaches, including the identity of reporting and affected persons, is provided only to employees and other persons for whom such data is necessary for the performance of their duties.

The Company shall take the necessary measures to ensure that persons who have access to the information related to the reported breaches, including the identity of the reporting and affected persons, have undertaken to maintain confidentiality and implement the measures put in place to protect and secure the information.

13.Validity and document management

This document is effective as of 15.12.2023

Responsible for the implementation of this document are the Persons responsible for receiving and reviewing alerts, who must check and, if necessary, update the document at least once a year.

 

Approved by :  Mihail Hadzhiev, General Manager

 

Notification for reporting violations of Bulgarian legislation or acts of the European Union

 

 

  1. GENERAL PROVISIONS

1.1. This whistleblowing notice (“Notice”) is intended to provide you with clear and easily accessible information about the terms and conditions for whistleblowing through an internal channel of “CASINO INBET” EOOD, with EIK 205767733, with registered office and address and management: Sofia, p.k. 1784, Mladost district, Tsarigradsko shose Blvd. No. 115 “G”, office 6 “E”, represented by Mihail Hadjiev (“Company”), according to the Law on the Protection of People Reporting or Publicly Disclosing Information on Violations (” Law”).

  1. WHAT VIOLATIONS CAN YOU REPORT?

2.1. According to Bulgarian legislation, you can report violations related to violations of Bulgarian legislation or regarding the acts of the European Union defined in the law in the field of:

  • public procurement.
  • financial services, products and markets and the prevention of money laundering and terrorist financing.
  • the safety and conformity of the products, as well as of the transport.
  • environmental Protection.
  • radiation protection and nuclear safety.
  • food and feed safety, animal health and humane treatment.
  • public health and consumer protection.
  • the protection of privacy and personal data.
  • the security of networks and information systems.
  • violations that affect the financial interests of the European Union within the meaning of Art. 325 of the Treaty on the Functioning of the European Union and further specified in the relevant measures of the Union.
  • violations of the rules of the internal market within the meaning of Art. 26, paragraph 2 of the Treaty on the Functioning of the European Union.
  • violations related to cross-border tax schemes.
  • committed crime of a general nature, which you learned about in connection with the performance of your work or in the performance of your official duties.
  • the rules for payment of due public state and municipal receivables.
  • labor legislation.
  • the legislation related to the performance of public service.
  1. WHO CAN SUBMIT SIGNALS?

3.1. An individual may file and/or publicly disclose information about violations that have become known to him, in his capacity as:

  • a worker or an employee, when the information was obtained within the framework of an employment or service relationship that was terminated at the time of the submission of the report or of the public disclosure. 1. a worker within the meaning of Article 45, paragraph 1 of the Treaty on the Functioning of the European Union, including a worker, employee, civil servant, or other person who performs wage labor, regardless of the nature of the work, the method of payment and the source of funding.
  • a person with self-employed status within the meaning of Article 49 of the Treaty on the Functioning of the European Union, including a person who works without an employment relationship and/or exercises a free profession and/or craft activity.
  • volunteer, paid or unpaid, and intern.
  • partner, shareholder, sole owner of the capital, member of the management or control body of a commercial company, member of the audit committee of an enterprise.
  • a person who works for a natural or legal person, contractors, subcontractors, or suppliers.
  • a person whose employment or service relationship is about to begin in cases where the information about the violations was received during the selection process or other pre-contractual relations.
  • a worker or an employee, when the information was obtained within the framework of an employment or service relationship that was terminated at the time of the submission of the report or of the public disclosure.

3.2. Protection is also provided to:

  • legal entities in which the whistleblower owns an equity interest, works for, or is otherwise associated with in a work context. 1. people who assist the reporting person in the reporting process and whose assistance should be kept confidential.
  • people who are related through the work or relatives of the whistleblower and who may be subject to retaliation due to the whistleblower.
  • legal entities in which the whistleblower owns an equity interest, works for, or is otherwise associated with in a work context.

3.3. If the report is credible and well-founded, protection under the law is provided to you from the moment the report is submitted or information about a violation is made public.

 

  1. WHAT ARE THE CONDITIONS TO RECEIVE PROTECTION?

4.1. You are entitled to protection if you have simultaneously fulfilled the following conditions:

  1. Had good reason to believe that the submitted information about the violation in the report was correct at the time of submission and that this information falls within the scope of item 2.
  2. reported a violation under the terms of the Act.

4.2. You will not be prosecuted or protected in respect of anonymous reports (unless you have been subsequently identified) and reports relating to offenses committed more than two years ago.

  1. HOW AND WHERE CAN I REPORT?

5.1. If you wish to report the violations referred to in item 2 and if you have good reason to believe that the information is true, you may do so in one of the following ways:

– sending an email to [email protected]. We will contact you within 7 days to direct you to sign the necessary form, which you can find here, as well as in the event of the need to correct irregularities.

– orally through a personal meeting, with the Head, Administrative Department, every Thursday between 1:00 p.m. and 2:00 p.m.

5.2. When submitting a verbal report, we will record it on a form that we will ask you to sign.

5.3. The report must contain at least: three names, address and telephone of the sender, e-mail address (if any), interest of the reporting person, names of the person against whom the report is filed and his place of employment (when filed against specific people and they are known), specific details of a violation or of a real danger that such a violation will be committed, place and period of the violation, if it was committed, a description of the act or the situation and other circumstances, as far as such are known to the reporting person, date of submission, signature, electronic signature or other identification of the sender.

5.4. We will take immediate action to ensure your privacy.

5.5. In addition, you have the right to report to an external channel, namely the Commission for the Protection of Personal Data https://www.cpdp.bg/, as well as the right to make the information provided public, under the terms of the Law.

  1. WHAT CAN I EXPECT AFTER FILING A SIGNAL?

6.1. After you submit a report, we will check whether it is credible and if it is, we will take the necessary follow-up actions to reveal the objective truth and gather all the necessary evidence, incl. by the affected parties and by the person against whom the report was filed, subject to confidentiality, as well as the confidentiality of your personal data.

6.2. If needed, we can be contacted for additional information and documentation.

6.3. If there is a reasonable assumption that there is a risk of retaliatory, discriminatory actions, and that no effective measures will be taken to verify the report, the report can be submitted through an external submission channel, namely to the Commission for the Protection of Personal Data.

6.4. After we prepare a report and 3 months have passed since the report was submitted, we will contact you to give you feedback on your report.

6.5. When the violation is minor and does not require additional follow-up actions, and in the case of a repeated report that does not contain new information essential to the violation, the file on your report may be terminated.

6.6. The Company considers all reports of violations submitted to [email protected] in compliance with the principles of confidentiality, impartiality, fairness, independence, and absence of conflict of interest.

6.7. The company provides protection to whistleblowers from retaliatory actions having the nature of repression and putting them in a disadvantageous position and does not allow such actions to be carried out within its organization.

  1. YOUR RESPONSIBILITY

7.1. Reporting or public disclosure of false information shall be subject to administrative criminal liability under Art. 45 of ZZLPSPOIN.

7.2. In case of obviously false or misleading statements of fact, your report will be returned with an instruction to correct the statements and a warning about the responsibility you bear, namely up to a fine of up to BGN 7,000.

 

  1. INFORMATION. MODIFICATION OF THIS NOTICE

8.1. This notice is available on our website, namely: www.inbetcasino.com (“Website”) and in a prominent place at our offices.

8.2. More information regarding your rights and the processing of your signals and your personal data can be found on our website.

 

  1. PERSONAL DATA

9.1. The Company will process your personal data for the purpose of considering a given signal.

9.2. The information related to a submitted report of a violation, as well as the identity of the Whistleblower and the affected person, and of the other people named in the report or who became known on the submitted report, are protected. Only the people responsible for handling reports, as well as state and supervisory authorities, will have access to your personal data in cases specified by law.

 

  1. UPDATE OF PRIVACY NOTICE

10.1. This notice may be subject to change, the latest being effective from 15/12/2023. Any future changes or additions to the processing of personal data described in this notice that affect you will be communicated to you through an appropriate channel depending on the usual way of communication.

Notification for reporting violations of Bulgarian legislation or acts of the European Union

 

 

  1. GENERAL PROVISIONS

1.1. This whistleblowing notice (“Notice”) is intended to provide you with clear and easily accessible information about the terms and conditions for whistleblowing through an internal channel of “CASINO INBET” EOOD, with EIK 205767733, with registered office and address and management: Sofia, p.k. 1784, Mladost district, Tsarigradsko shose Blvd. No. 115 “G”, office 6 “E”, represented by Mihail Hadjiev (“Company”), according to the Law on the Protection of People Reporting or Publicly Disclosing Information on Violations (” Law”).

  1. WHAT VIOLATIONS CAN YOU REPORT?

2.1. According to Bulgarian legislation, you can report violations related to violations of Bulgarian legislation or regarding the acts of the European Union defined in the law in the field of:

  • public procurement.
  • financial services, products and markets and the prevention of money laundering and terrorist financing.
  • the safety and conformity of the products, as well as of the transport.
  • environmental Protection.
  • radiation protection and nuclear safety.
  • food and feed safety, animal health and humane treatment.
  • public health and consumer protection.
  • the protection of privacy and personal data.
  • the security of networks and information systems.
  • violations that affect the financial interests of the European Union within the meaning of Art. 325 of the Treaty on the Functioning of the European Union and further specified in the relevant measures of the Union.
  • violations of the rules of the internal market within the meaning of Art. 26, paragraph 2 of the Treaty on the Functioning of the European Union.
  • violations related to cross-border tax schemes.
  • committed crime of a general nature, which you learned about in connection with the performance of your work or in the performance of your official duties.
  • the rules for payment of due public state and municipal receivables.
  • labor legislation.
  • the legislation related to the performance of public service.
  1. WHO CAN SUBMIT SIGNALS?

3.1. An individual may file and/or publicly disclose information about violations that have become known to him, in his capacity as:

  • a worker or an employee, when the information was obtained within the framework of an employment or service relationship that was terminated at the time of the submission of the report or of the public disclosure. 1. a worker within the meaning of Article 45, paragraph 1 of the Treaty on the Functioning of the European Union, including a worker, employee, civil servant, or other person who performs wage labor, regardless of the nature of the work, the method of payment and the source of funding.
  • a person with self-employed status within the meaning of Article 49 of the Treaty on the Functioning of the European Union, including a person who works without an employment relationship and/or exercises a free profession and/or craft activity.
  • volunteer, paid or unpaid, and intern.
  • partner, shareholder, sole owner of the capital, member of the management or control body of a commercial company, member of the audit committee of an enterprise.
  • a person who works for a natural or legal person, contractors, subcontractors, or suppliers.
  • a person whose employment or service relationship is about to begin in cases where the information about the violations was received during the selection process or other pre-contractual relations.
  • a worker or an employee, when the information was obtained within the framework of an employment or service relationship that was terminated at the time of the submission of the report or of the public disclosure.

3.2. Protection is also provided to:

  • legal entities in which the whistleblower owns an equity interest, works for, or is otherwise associated with in a work context. 1. people who assist the reporting person in the reporting process and whose assistance should be kept confidential.
  • people who are related through the work or relatives of the whistleblower and who may be subject to retaliation due to the whistleblower.
  • legal entities in which the whistleblower owns an equity interest, works for, or is otherwise associated with in a work context.

3.3. If the report is credible and well-founded, protection under the law is provided to you from the moment the report is submitted or information about a violation is made public.

 

  1. WHAT ARE THE CONDITIONS TO RECEIVE PROTECTION?

4.1. You are entitled to protection if you have simultaneously fulfilled the following conditions:

  1. Had good reason to believe that the submitted information about the violation in the report was correct at the time of submission and that this information falls within the scope of item 2.
  2. reported a violation under the terms of the Act.

4.2. You will not be prosecuted or protected in respect of anonymous reports (unless you have been subsequently identified) and reports relating to offenses committed more than two years ago.

  1. HOW AND WHERE CAN I REPORT?

5.1. If you wish to report the violations referred to in item 2 and if you have good reason to believe that the information is true, you may do so in one of the following ways:

– sending an email to [email protected]. We will contact you within 7 days to direct you to sign the necessary form, which you can find here, as well as in the event of the need to correct irregularities.

– orally through a personal meeting, with the Head, Administrative Department, every Thursday between 1:00 p.m. and 2:00 p.m.

5.2. When submitting a verbal report, we will record it on a form that we will ask you to sign.

5.3. The report must contain at least: three names, address and telephone of the sender, e-mail address (if any), interest of the reporting person, names of the person against whom the report is filed and his place of employment (when filed against specific people and they are known), specific details of a violation or of a real danger that such a violation will be committed, place and period of the violation, if it was committed, a description of the act or the situation and other circumstances, as far as such are known to the reporting person, date of submission, signature, electronic signature or other identification of the sender.

5.4. We will take immediate action to ensure your privacy.

5.5. In addition, you have the right to report to an external channel, namely the Commission for the Protection of Personal Data https://www.cpdp.bg/, as well as the right to make the information provided public, under the terms of the Law.

  1. WHAT CAN I EXPECT AFTER FILING A SIGNAL?

6.1. After you submit a report, we will check whether it is credible and if it is, we will take the necessary follow-up actions to reveal the objective truth and gather all the necessary evidence, incl. by the affected parties and by the person against whom the report was filed, subject to confidentiality, as well as the confidentiality of your personal data.

6.2. If needed, we can be contacted for additional information and documentation.

6.3. If there is a reasonable assumption that there is a risk of retaliatory, discriminatory actions, and that no effective measures will be taken to verify the report, the report can be submitted through an external submission channel, namely to the Commission for the Protection of Personal Data.

6.4. After we prepare a report and 3 months have passed since the report was submitted, we will contact you to give you feedback on your report.

6.5. When the violation is minor and does not require additional follow-up actions, and in the case of a repeated report that does not contain new information essential to the violation, the file on your report may be terminated.

6.6. The Company considers all reports of violations submitted to [email protected] in compliance with the principles of confidentiality, impartiality, fairness, independence, and absence of conflict of interest.

6.7. The company provides protection to whistleblowers from retaliatory actions having the nature of repression and putting them in a disadvantageous position and does not allow such actions to be carried out within its organization.

  1. YOUR RESPONSIBILITY

7.1. Reporting or public disclosure of false information shall be subject to administrative criminal liability under Art. 45 of ZZLPSPOIN.

7.2. In case of obviously false or misleading statements of fact, your report will be returned with an instruction to correct the statements and a warning about the responsibility you bear, namely up to a fine of up to BGN 7,000.

 

  1. INFORMATION. MODIFICATION OF THIS NOTICE

8.1. This notice is available on our website, namely: www.inbetcasino.com (“Website”) and in a prominent place at our offices.

8.2. More information regarding your rights and the processing of your signals and your personal data can be found on our website.

 

  1. PERSONAL DATA

9.1. The Company will process your personal data for the purpose of considering a given signal.

9.2. The information related to a submitted report of a violation, as well as the identity of the Whistleblower and the affected person, and of the other people named in the report or who became known on the submitted report, are protected. Only the people responsible for handling reports, as well as state and supervisory authorities, will have access to your personal data in cases specified by law.

 

  1. UPDATE OF PRIVACY NOTICE

10.1. This notice may be subject to change, the latest being effective from 15/12/2023. Any future changes or additions to the processing of personal data described in this notice that affect you will be communicated to you through an appropriate channel depending on the usual way of communication.