Whistleblowing

Compliance & Ethics

At MyRenegade, we are committed to conducting our business with the highest standards of integrity, transparency, and compliance. To support this commitment, and in accordance with Portuguese Law No. 93/2021 and EU Directive 2019/1937, we have established a secure internal reporting system.

This channel allows employees, suppliers, contractors, and other third parties to report suspicions of misconduct safely and confidentially.

What Can Be Reported?

You may use this channel to report serious infractions, including but not limited to:

  • Financial Misconduct: Fraud, corruption, and money laundering.
  • Legal Violations: Criminal offenses or breaches of Portuguese/EU law.
  • Workplace Issues: Harassment, discrimination, or workplace mobbing.
  • Data & Security: GDPR violations or cybersecurity incidents.
  • Safety: Violations of occupational health and safety standards.

How to Report

We offer several channels to facilitate your report. You may choose the one most
comfortable for you:

  • Email: [email protected] (Managed by our authorized representative).
  • Postal Mail: MyRenegade – Whistleblowing Rua Joshua Benoliel No1, 6od 1250-273 Lisboa, Portugal.
  • Telephone: +41 78 308 55 15.

Confidentiality & Anonymity

We take your privacy seriously.

  • Confidentiality: Your identity will remain confidential throughout the process and will only be disclosed where legally required.
  • Anonymity: You have the right to report anonymously. If you wish to do so, we strongly recommend creating a secure, encrypted email account (e.g., Proton Mail) that does not track your IP address to communicate with us.

Protection Against Retaliation

MyRenegade has a zero-tolerance policy regarding retaliation. We strictly prohibit dismissal, demotion, harassment, or any form of discrimination against anyone who reports a concern in good faith.

What Happens After You Report?
  1. Acknowledgment: We will confirm receipt of your report within 7 calendar days.
  2. Assessment: An initial review of credibility and severity is conducted within 14 days.
  3. Investigation: If a formal investigation is required, it is generally concluded within 3 months.
  4. Feedback: You will be informed of the outcome and any corrective measures taken.

External Reporting Channels

While we encourage you to use our internal channels first to allow us to address the issue quickly, you have the legal right to report directly to competent external authorities if necessary, including:

  • Banco de Portugal (Financial/Banking infractions).
  • CMVM (Crypto-asset/Market infractions).
  • Ministério Público (Criminal offenses).
  • MENAC (National Anti-Corruption Mechanism)

Privacy Policy

Data Protection Notice (GDPR)

Privacy Notice regarding Whistleblowing Reports Personal data collected through this channel is processed by MyRenegade, Unipessoal Lda for the sole purpose of assessing and investigating reports of misconduct, in compliance with the GDPR and Law No. 93/2021. * Access: Access to data is restricted to authorized personnel involved in the investigation.

Retention: Data regarding unfounded reports is deleted promptly. Data related to ongoing investigations is retained only as long as necessary to resolve the case or comply with legal obligations.

Rights: You have the right to access, rectify, or request the deletion of your personal data, provided it does not hinder the investigation. Contact our DPO at [email protected] for inquiries.

Since the procedure explicitly mentions the DPO (Data Protection Officer) and strict adherence to GDPR, we need a dedicated document or popup text for this.

Privacy Policy for Whistleblowing Channel

1. Data Controller

The entity responsible for processing your personal data is MYRENEGADE, UNIPESSOAL LDA("Company"), with registered office at Rua Joshua Benoliel Nº1, 6º D, 1250-273 Lisboa, Portugal.

2. Purpose and Legal Basis

We process personal data for the purpose of receiving, assessing, investigating, and following up on whistleblowing reports, including taking any necessary corrective or legal measures, in accordance with Portuguese Law No. 93/2021 and EU Directive 2019/1937. The processing is necessary for compliance with a legal obligation to which the Company is subject (Article 6(1)(c) GDPR) and, where applicable, for the purposes of the Company’s legitimate interests in preventing misconduct and protecting the organisation (Article 6(1)(f) GDPR).

3. Types of Data Collected

  • Identification Data: Name, contact details, and position (unless you choose to report anonymously).
  • Report Data: Information regarding the facts reported, including evidence and the identity of any persons involved.

4. Confidentiality and Recipients

Your data will be treated with the strictest confidentiality. Access is restricted to authorized personnel involved in the investigation, specifically the Chief Compliance Officer (CCO), the investigation team, and, if necessary, external legal counsel or the DPO. We do not share your data with third parties unless required by law (e.g., sharing with the Public Prosecutor's Office or Banco de Portugal).

5. Data Retention

  • Unfounded Reports: Data will be deleted or anonymised as soon as it is reasonably possible and lawful to do so..
  • Investigation Records: Retained for the duration of the investigation and any related proceedings (including administrative or judicial proceedings), and thereafter for the applicable statutory limitation period or other legally required retention period.

6. Security Measures

We apply appropriate technical and organisational measures to protect whistleblowing data against unauthorised access, disclosure, alteration, or loss. Such measures include restricted access to reports on a need-to-know basis, secure storage, confidentiality obligations, and documented handling procedures. Where electronic communication is used, encryption and access controls are applied where appropriate.

7. Your Rights

Under the GDPR, you have the right to access, rectify, or erase your personal data, and to restrict or object to its processing. However, these rights may be limited if they jeopardize the confidentiality of the investigation or the protection of other involved parties. To exercise these rights, please contact our Data Protection Officer (DPO) at: [email protected].

8. Right to Complain

You have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) if you believe your data rights have been violated.

9. Internal Data Transfers

We do not intentionally transfer whistleblowing personal data outside the European Economic Area (EEA). Where service providers may process data outside the EEA, we ensure that appropriate safeguards are in place in accordance with GDPR requirements (e.g., EU Standard Contractual Clauses).

10. Provision of Data

Providing personal data is voluntary. You may submit a report anonymously. However, providing contact details may facilitate follow-up and feedback