| Goal | Guaranteeing the continuity of the availability and protection of the (provision of) information, and limiting any consequences of security incidents. |
| Personal Data | From a suspect: First name and last name RSM account All information on RSM systems All data stored/uploaded onto any RSM system (e.g. the CRM system) Account data logging, including: All activity on the system/platform, including: Visited pages/accessed files Downloads/uploads Communication Optional: From a whistleblower: First name and last name RSM account Phone number |
| Source of Data | From any RSM system. A whistleblower may notify RSM directly. |
| Legal Ground | Contractual: A party accepts working in line with predefined information technology terms & conditions, and thereby accepts the possibility of enforcement of investigative procedures in the event of unpermitted behaviour occurring. Consent: A whistleblower decides to notify RSM of unpermitted behaviour. |
| 3rd Parties | Computing system Monitoring system All of RSM’s systems |
| Retention | The data is kept for 7 years, or until an investigative procedure is concluded. |