Compliance Hotline
Data Protection & Privacy Notice
The data privacy regulations of some countries require that a person making a report containing personal data must be notified of certain collection and retention practices regarding the information submitted by that person and must accept the terms and conditions for the use of this service.
You are being asked to read and accept the terms contained below. If you do not wish to accept the terms below, we are unable to accept any information through this system and suggest you report this matter directly to your supervisor or manager or to a representative of the Human Resources, Legal or Compliance departments, depending on the nature of the possible violation.
1. General
This service is a web and phone-based intake system provided by Columbia University and its affiliated organizations for their respective employees (each separately, an “Employer”) for reporting suspected violations of laws or regulations, the Employer’s Code of Conduct or other policies.
In certain countries, such as the United States, this service may also be used to report other suspected violations. It and the database in which the personal data and information that you may report is stored, are operated by NAVEX in the United States.
You may contact your Employer with any questions relating to this Notice or this service.
To proceed further, you must read this notice in its entirety. If you agree and you are submitting a report on the phone, select the appropriate voice prompt to consent. You will then be able to submit a report or question using this service. If you do not provide your consent, you will not be able to submit a report or question through this service.
2. Use of this service
Use of this service is entirely voluntary. You are encouraged to report possible violations directly to your supervisor or manager, or to a representative of the Human Resources, Legal or Compliance departments of your Employer, depending on the nature of the possible violation. If you feel that you are unable to do so, you may use this service to make your report.
This service is a confidential online reporting system that allows you to report suspected violations of law or Employer policies, as well as other concerns you may have, to your Employer. In certain countries, your Employer may only accept reports through this service on limited topics, generally restricted to financial, accounting, auditing, bribery, competition law, sanctions, discrimination and harassment and environment, health, hygiene, and safety matters. If your concern pertains to a matter that, under local law, may not be accepted by your Employer through this service, you will need to contact your supervisor or local management or a representative of the Human Resources, Legal or Compliance departments of your Employer to report the matter.
Please note that we are able to receive and process reports through this service if you confirm that you have read and taken note of this Data Protection and Privacy Notice and expressly consent to the processing of the reports and your personal information.
Please be aware that the information you supply about yourself, your colleagues, or any aspect of your Employer’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that you believe is accurate and true. You will not be subject to retaliation from your Employer for any report of a suspected violation that is made in good faith, even if it later turns out to be factually incorrect. Please be aware, however, that knowingly providing false or misleading information will not be tolerated. The information you submit will be treated confidentially except in cases or in countries where this is not possible because of legal requirements or where, for example, your name may be disclosed if legally required or in order to conduct an investigation, in which case the information will be handled sensitively. We encourage you to identify yourself in order for us to follow up with questions we may have.
3. What personal data and information is collected and processed?
This service captures the following personal data and information that you provide when you make a report: (i) your name and contact details (unless you report anonymously) and whether you are employed by Columbia University or one of its affiliated organizations; (ii) the name and other personal data of the persons you name in your report if you provide such information (i.e.: description of functions and contact details); and (iii) a description of the alleged misconduct as well as a description of the circumstances of the incident. Note that depending upon the laws of the country in which you are residing, the report may not be made anonymously; however, your personal information will be treated confidentially and will only be disclosed as set out below.
4. How will the personal data and information be processed after your report and who may access personal data and information?
The personal data and information you provide will be transferred to and stored in a database which is located on servers hosted and operated by NAVEX in the United States. NAVEX has entered into contractual commitments with Columbia University on behalf of itself and its affiliated organizations to secure the information you provide in accordance with applicable law. NAVEX is committed to maintaining stringent privacy and security practices including those related to notice, choice, onward transfer, security, data integrity, access, and enforcement.
For the purpose of processing and investigating your report and subject to the provisions of local law, the personal data and information you provide may be accessed, processed and used by the relevant Employer personnel, including Human Resources, Finance, Internal Audit, Legal, Compliance, management, external advisors (e.g. legal advisors), or, in limited circumstances, by technical staff at NAVEX. Those individuals may be located in the United States or elsewhere.
Personal data and information you provide may also be disclosed to the police and/or other enforcement or regulatory authorities. The relevant bodies that receive and process personal data can be located in the US or in another country that may not provide the level of data protection available in the EU.
The personal data you provide will be kept as long as necessary to process your report, or, if applicable, as long as necessary to initiate sanctions or to meet our legal or financial needs.
5. Accessing information concerning the report
The Employer will promptly notify any person who is the subject of a report to this service except where notice needs to be delayed to ensure the integrity of the investigation and preservation of relevant information.
With some exceptions, the subject of the report may access information concerning the report (with the exception of the identity of the reporter) and request correction of personal data that is inaccurate or incomplete in accordance with applicable law. Similarly, with some exceptions, reporters may also access information about the report and request corrections of their personal data in accordance with applicable law. To make any such corrections, please contact the Office of General Counsel who will coordinate such corrections with your Employer.
6. Additional country regulations
In some counties, such as certain member states within the European Union, reports can only be made relating to limited topics, typically accounting, auditing, bribery, competition law, sanctions, discrimination and harassment and environment, health, hygiene, and safety matters. Further, some countries restrict reports such that only employees in key or management functions may be the subject of a report.
Any issues or concerns relating to topics not permitted by law to be reported via this service should be reported directly to your Manager or Supervisor or a representative of the Human Resources, Legal or Employer Compliance departments as appropriate for the subject matter of the possible violation. In some countries, anonymous reports may not be permitted under the law except under extremely restrictive circumstances.
Some countries have additional considerations when filing a report. Please see below: