DATA PROTECTION & PRIVACY NOTICE
Last Update: April 15, 2022
General
This document (the “Notice”) is the privacy notice that applies to you making a report through this service. The Redis hotline is a web and phone-based intake system provided by Redis and its affiliates and subsidiaries (“Redis” or “we” or “us”) to its employees, vendors, suppliers and business partners and those of its subsidiaries (“Reporters”) for reporting suspected violations of laws or regulations, or for certain matters specifically specified in an applicable whistleblowing law.
The data privacy regulations of some countries require that a person making a report (referred to herein as “you” or “your”) containing personal data must be notified of certain collection and retention practices regarding the information submitted by that person through this service (the “hotline”).
If you do not wish to accept the terms below, we may be unable to accept any information through this system and suggest you report this matter directly to your supervisor or manager or to a representative of the Human Resources, Legal or Corporate Compliance Departments, depending on the nature of the possible violation.
The Redis Privacy Policy will not supersede this policy or otherwise apply to data collected from the hotline, however, please also note that if you visit the Redis.com website through any links contained within this Notice, the Redis Privacy Policy will apply to the extent you are using the Redis.com website.
A Summary of this Notice
- Use of the hotline. This voluntary hotline is designed for reporting if you feel that you are unable to report violations directly to your supervisor or manager, or to human resources, compliance, or the legal department of Redis. Read more.
- What personal data and information is collected and processed? The hotline captures certain personal data that is required for the reporting functions to work properly, such as first and last name as well as other personal data. Read more.
- How will the personal data and information be processed after your report and who may access personal data and information? The Personal Data you provide is restricted in who may access it, and how it is processed. Please read this section carefully. Read more.
- Accessing information concerning the report. This section describes the limited instances in which access to the personal data, such as your request to correct information, is available. Read more.
- Legal basis for processing. Read more.
- Retention of the report and of your data. This section describes how long your report and personal data will be retained, and what happens when they are no longer needed. Read more.
- Your rights. This section describes your rights under applicable data privacy law, since Redis cannot list every privacy law in this Notice, we will make a good faith attempt to honor your privacy requests regardless of where you live (such as the right to deletion). Read more.
- Transfers of personal data. Read more. This section describes where and to whom personal data submitted by a Reporter may be transferred and the specific entities involved.
- Special country regulations. Read more. This section is intended to provide information regarding Reporters who are in jurisdictions with special regulations that may apply to the hotline.
- Changes to this Notice. Read more. This section describes how and when we may update this notice.
Redis is the controller of the processing, and NAVEX is a processor acting on behalf of Redis.
You may contact Redis with any questions relating to this Notice or this service as follows:
- For general requests and inquiries please email privacy@redis.com and include “Hotline Privacy” in the subject line.
- For data subject requests, such as access or deletion, please visit the Redis Privacy Request Form, but please note that, due to the sensitive and important legal nature of the information provided through the hotline, we may be unable to delete or provide access to sensitive information provided by Reporters.
In certain countries, such as the United States, the hotline may also be used to report suspected violations of other matters. It and the database in which the personal data and information that you may report is stored, are operated in the United States by NAVEX.
Use of the hotline
Use of the hotline is entirely voluntary. You are encouraged to report possible violations directly to your supervisor or manager, or to a representative of the Human Resources, Legal or Corporate Compliance Departments, depending on the nature of the possible violation. If you feel that you are unable to do so, you may use the hotline to make your report.
The hotline is a confidential online reporting system that allows you to report suspected violations of law or company policies, as well as other concerns you may have, to Redis. In certain countries, Redis may only accept reports through the hotline that relate to certain matters specifically specified in an applicable whistleblowing law. If your concern pertains to a matter that, under local law, may not be accepted by Redis through the hotline, you will need to contact your supervisor or local management or a representative of the Human Resources, Legal or Corporate Compliance Departments to report the matter.
Please be aware that the information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that you believe is true. You will not be subject to retaliation from Redis for any report of a suspected violation that is made in good faith, even if it later turns out to be factually incorrect. Please be aware, however, that knowingly providing false or misleading information will not be tolerated. The information you submit will be treated confidentially except in cases where this is not possible because of legal requirements or in order to conduct an investigation, in which case the information will be handled sensitively. We encourage you to identify yourself in order for us to follow up with questions we may have.
What personal data and information is collected and processed?
The hotline captures the following personal data and information that you provide when you make a report: (i) your name and contact details (unless you report anonymously) and whether you are employed by Redis; (ii) the name and other personal data of the persons you name in your report if you provide such information (i.e.: description of functions and contact details); and (iii) a description of the alleged misconduct as well as a description of the circumstances of the incident. Note that depending upon the laws of the country in which you are residing, the report may not be made anonymously; however, your personal information will be treated confidentially and will only be disclosed as set out below.
How will the personal data and information be processed after your report and who may access personal data and information?
The purpose for which your personal data, and your report, will be used will be to investigate the issues raised in your report and to take appropriate follow-up action, in accordance with applicable law.
The personal data and information you provide will be stored in a database which is located on servers hosted and operated in the United States by NAVEX. NAVEX has entered into contractual commitments with Redis to secure the information you provide in accordance with applicable law. NAVEX is committed to maintaining stringent privacy and security practices including those related to notice, choice, onward transfer, security, data integrity, access, and enforcement.
For the purpose of processing and investigating your report and subject to the provisions of local law, the personal data and information you provide may be accessed, processed and used by the relevant personnel of Redis, including human resources, finance, internal audit, legal, corporate compliance, management, external advisors (e.g. legal advisors), or, in limited circumstances, by technical staff at NAVEX. Those individuals may be located in the United States, the United Kingdom or elsewhere.
Personal data and information you provide may also be disclosed to the police and/or other enforcement or regulatory authorities. The relevant bodies that receive and process personal data can be located in the US or in another country that may not provide the level of data protection available in the EU.
Legal basis for processing
Redis has a legal basis for collecting and processing the personal data obtained by the hotline. The hotline functions would not work otherwise.
Retention of the report and of your data
Your report and your personal data will only be retained for as long as they are needed for the investigation of your allegations and for any legitimate follow-up to the investigation; they will be fully and securely destroyed or erased when and as soon as they are no longer needed for the investigation of the report, or for the purposes of legitimate follow-up to the report (including legal action). However, reports and files on the investigation of reports (or parts of such reports or files) and personal data in such reports or files may be placed in an archive if there is a clear and overriding public interest or legal interest of Redis in retaining the data, subject to such restrictions on access to the data aimed at safeguarding the rights and freedoms of the data subjects as may be allowed by applicable law.
Your Rights
Redis will fully support you in exercise of any rights you may have as a data subject under applicable law, i.e., your:
- right of access to your data;
- right to rectification of incorrect data;
- right to erasure of data (“right to be forgotten”);
- right to ask for restriction (“blocking”) of contested data;
- right to have third parties who received incorrect, incomplete or contested data informed of any rectifications or blocking of your data;
- right to data portability;
- right to object to processing;
- right not to be subject to automated decision-making including profiling (in fact we will not use your data or any information in your report for such decision-making).
The hotline is intended to ensure that there is a safe avenue for reporting, and part of this requirement is that the availability, integrity, and confidentiality of the information submitted remains protected. To protect the confidentiality of Reporters’ information, as well as sensitive information pertaining to a report or related individuals, we may restrict the provision of sensitive information when the requestor is not the original Reporter.
We will restrict any of the above rights if and to the extent that that is necessary and proportionate in order to safeguard any of the major public interests recognized in applicable law such as the protection of criminal investigations or public security, or to protect the fundamental rights and freedoms of others, including any person(s) incriminated in your report, in accordance with applicable law.
In addition to the rights listed above, you may also have the right to lodge a complaint about our processing of your personal data with the authority competent for supervising the processing of personal data (often referred to as the data protection authority) in the country where you live (if that is an EU/EEA Member State) or in the country Redis is based (if you live outside the EU/EEA).
Transfers of Personal Data
Your report and your details may be held on the secure servers of NAVEX located in the United States; may be transferred to NAVEX sub-processors outside the United States for service and support or translation and interpretation purposes, subject to appropriate safeguards.
If you are a resident in a jurisdiction where the transfer of your personal data to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer by making a report or otherwise using the hotline.
The following is a list of parties that we may need to transfer personal data to facilitate the necessary reporting functions of the hotline.
| Name of Entity | Location | Purpose |
|---|---|---|
| Redis Inc. | Mountain View, CA, United States | Redis entity |
| Redis EMEA Ltd. | London, United Kingdom | Redis entity |
| Redis Ltd. | Tel-Aviv, Israel | Redis entity |
| NAVEX | Lake Oswego, OR, United States | Hotline application provider |
For more information regarding the collection, use, and transfer of personal information that you are providing to the hotline’s web application, please visit the NAVEX Applications Privacy Statement and Website Privacy Statement.
Special Country Regulations
Throughout much of the European Union and surrounding areas, reports may be limited in topics pursuant to applicable law. Further, some countries restrict reports such that only employees in key or management functions may be the subject of a report.
Any issues or concerns relating to topics not permitted by law to be reported via the hotline should be reported directly to your manager or supervisor or a representative of the human resources, legal or corporate compliance departments as appropriate for the subject matter of the possible violation. In some countries, anonymous reports may not be permitted under the law except under extremely restrictive circumstances.
Changes to this Notice
We will update this Notice from time to time. If we make any changes to this Notice, we will post a notice of these changes on the Site and in this Notice.
If the updates have minor if any consequences, they will take effect 7 days after we post a notice on the Site. Substantial changes will be effective 30 days after we initially posted the notice.
Until the new Notice takes effect, if it materially reduces the protection of your privacy rights moving forward (with the understanding that any data previously collected will be treated as it would have been under the previously existing Notice) you can choose not to accept it and terminate your use of the Products to prevent the new Notice from affecting any future data processing.