This website is implemented by SCOR SE (5 avenue Kléber, 75116 Paris) as data controller to facilitate the reporting concern process within SCOR SE, its subsidiaries and branches worldwide. This processing is necessary to comply with a legal obligation requiring the implementation of a whistleblowing system, in particular those provided for in articles 17.II.2° and 8.III of the “Sapin 2” law(1).
As per the SCOR Group Policy on Reporting Concerns there are alternative avenues to make a report and use of this website is not mandatory.
The information you provide will be only used for the following purposes:
- Internal investigation on your concern;
- Internal reporting;
- Provide internal statistics on the concerns reported.
Only the following personal data will be reviewed and processed:
- The identity, job and location of the person reporting a concern and the person(s) who is/are subject of the reported concern;
- The identity, job and location of the individual(s) involved in the receipt or investigation of the reported concern;
- The facts reported and the evidence gathered in the course of the investigation;
- The final report of the investigation and related remediation.
This processing activity has been set up only to manage concerns reported and falling into the following categories :
- A breach of the principles set out in SCOR Group Code of Conduct ;
- A crime or an offence ;
- A serious and manifest breach of an international undertaking or obligation ;
- A breach of European Union law ;
- A breach of any law or regulation where SCOR operates ;
- A threat or serious damage to the general interest.
This may include conducts and practices in the following areas :
- Accounting, finance and banking (such as false entries, fraudulent practices or audit, tax evasion, etc.) ;
- Antitrust or unfair competition ;
- Corruption, including bribery and influence trafficking ;
- Harassment or discrimination ;
- Health, hygiene or security in the workplace ;
- Protection of the environment.
All information collected may be processed, in accordance with applicable law, by one or more of the following:
- Hub General Counsel, Local Compliance Officer, Group Chief Compliance Officer and Group General Secretary who will manage the investigations.
- Subject Matter Expert: If appropriate given the nature of the reported conduct, the Hub General Counsel or Local Compliance Officer shall consult with subject matter experts who may be better positioned to fully investigate or evaluate the matter (for example, finance or accounting experts if the concern relates to accounting practices or matters).
- Website management:
- SCOR is outsourcing the hosting of the website with the company Claranet, 18-20 rue du Faubourg du Temple, 75011 Paris, France – Tél +33 (0)18.104.22.168.00. Claranet acts as a Data Processor and can access the data provided on the website although Claranet has no role in the investigation of the reported concerns. SCOR ensures in the agreement with Claranet that the confidentiality is complied with.
- SCOR is outsourcing the design and maintenance of its website with the company Actency, 45, avenue de colmar, 67100 Strasbourg, Tel. +33 (0)3 88 45 30 60. Actency acts as a Data processor and can access the data provided on the website although Actency has no role in the investigation of the reported concerns. SCOR ensures in the agreement with Actancy that the confidentiality is complied with.
- SCOR, as well as all third-party service providers operating on its behalf, are required to comply with high security standards to protect your information, and to process it in confidential manner.
In the event of a transfer of your data, confidentiality will be guaranteed by the appropriate transfer mechanism such as, inter alia, a Data Transfer Agreement by and among SCOR entities globally. The list of Data Transfer Agreements and appropriate transfer mechanism is available on the privacy page of www.scor.com
You have a right of access, a right of correction, a right of erasure and a right of objection against our processing of your personal data, for any legitimate reason. You can at any time withdraw your consent to the processing of your data by SCOR. To exercise your rights, please contact the Data Protection Officer at the following address: Privacy@scor.com. Furthermore, SCOR SE is regulated under the French laws and you can lodge a complaint before France’s Data Protection regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL).
The Commission Nationale de l’Informatique et des Libertés (CNIL)
Place de Fontenoy
75334 PARIS CEDEX 07
Retention principles are applicable to the information you provide as part of your concern. In accordance with the right to erasure, personal data processed for reporting concerns shall not be kept for longer than necessary for that purpose as required by applicable law.
SCOR, as Data controller, expressly states that misuse of the website may expose its author to sanctions or prosecution, but that, conversely, use of the website in good faith will not expose its author to any disciplinary sanction even if the facts subsequently reported are proved to be inaccurate or do not give rise to any follow-up.
(1) Law of 9 December 2016 on transparency, fight against corruption and modernisation of the economy