APFF, S.A. complies, in the processing of personal data received in the context of a complaint, including the exchange or transmission of personal data by the competent authorities, with the provisions of the General Data Protection Regulation, approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, Law no. No. 58/2019, of August 8, which ensures the implementation, in the national legal order, of Regulation (EU) 2016/679, and Law No. 59/2019, of August 8, which approves the rules on the processing of personal data for the purpose of prevention, detection, investigation or prosecution of criminal offences or the enforcement of criminal sanctions.

The whistleblower will only retain the personal data necessary for this purpose.