Enlarge text
Data Protection










Which data will be stored? 
This system should only be used to report Compliance violations. These are violations of the applicable (where applicable, local) laws and Zalando's internal Compliance regulations. In particular, any suspicion regarding violations of anti-corruption and anti-trust laws can be reported via this tool.
Should other incidents, for example HR-related issues, be reported, those are still stored here but will be forwarded to the responsible department for processing if necessary.
The registration of reports takes place anonymously in the system. The only thing that is registered is the report itself. There is no log made as to the IP address or machine ID of the computer on which the report is made.
Correction of registered information
If you realise that you have provided incomplete or incorrect information, just make a new report in the system in which you refer to the earlier report and describe what should be corrected.
If, in connection with the opening of a report, have decided to open a secure post box, you can make the correction by logging in to the system using your case number and the password you had created.
Transfers of registered information
The information registered in the IT system is not generally transferred to a third party outside of the organisation. However, in the following circumstances, the information may be transferred onward:
  • Transfer to an external attorney or auditor in connection with the case processing of the report.
  • If the report results in a court case.
  • If the law so requires.
Your personal information (name and address)
If you provide your name, be aware that your employer can use your personal information when investigating the case, and also during any subsequent court case.
Your employer guarantees that your personal data protection rights will be respected without limitations and will only be used as described above. 
Your employer will not share your personal information with third parties outside of the organisation except for in cases as described above in section ”Transfer of registered information”.
Deletion of registered data
Registered data may only be retained for as long as there is a need for it.
When there no longer is a need for retaining the recorded personal information, the information is deleted.
IT security
The reporting system is hosted by Got Ethics A/S, an independent party guaranteeing the system’s security and anonymity.
Got Ethics A/S has taken the necessary technical and organisational measures to prevent personal data from being accidentally or illegally destroyed or lost, and to prevent any unauthorised disclosure or misuse of the personal data. The handling of personal data is subject to strict controls and procedures and is in compliance with good practices in the field.
All data is transmitted and stored encrypted. No unencrypted information is sent over the open Internet.
The system does not log IP addresses and machine IDs, and does not use cookies.
If a report is made from a computer on the company’s network, there is a risk that the visited webpages will be logged in the browser’s history and/or company’s log. This risk can be eliminated by making the report from a computer which is not on the company’s network.
If one uploads documents, one should be aware that the documents can contain metadata which can compromise the reporter’s identity. Therefore, one should ensure that any identifying metadata be removed from a document before it is uploaded.
It is optional to make either an anonymous report or a report containing personal data. If a reporter chooses not to remain anonymous, the reporter’s identity will be known to the persons that handle the case. The reporter risks being called as a witness in any court case, and the reporter’s anonymity thus can be lost.
If you have any questions regarding personal data protection, you may contact Jesper Dannemann from Got Ethics A/S by e-mail: jda@gotethics.com.