Protection of persons
This policy explains how SASTIPEN seeks to protect the people who contact the organization through the website, especially vulnerable persons, victims of discrimination, health mediators, witnesses, and other persons involved in reports submitted through the website.
Our work is guided by principles of respect, dignity, data minimization, confidentiality, necessity, and proportionality. Information submitted through the website is reviewed only in relation to the purpose of the report, and internal access is limited to the persons who genuinely need that information for documentation, assessment, and, where applicable, intervention.
When a person requests anonymity or confidentiality, SASTIPEN respects that choice to the greatest extent possible. However, absolute anonymity cannot be guaranteed in every situation, for example when the person requests steps that require contacting an institution, presenting identifiable evidence, or complying with a legal obligation. In such situations, we apply the principle of minimum necessary disclosure and, where possible, discuss this in advance with the person who submitted the report.
Reports are used for assessment, guidance, documentation, support, and, where appropriate, institutional, administrative, or legal follow-up. Submitting a form does not automatically mean that SASTIPEN will provide legal representation, start litigation, or formally open a case. The way we intervene depends on the content of the report, the available documentation, the consent of the person concerned, the organization’s resources, and the applicable legal framework.
The website forms are not an emergency service. For situations involving immediate risk to life, health, physical integrity, or personal safety, the competent services must be contacted immediately, including 112, the police, medical units, or public social assistance services. The website may be used afterwards for documentation or to request support, but it does not replace emergency intervention.
Users must provide information that is accurate, relevant, and proportionate to the purpose of the report and should avoid the unnecessary disclosure of other persons’ data. SASTIPEN may refuse or limit the processing of submissions that are manifestly false, abusive, insulting, excessive, or made in bad faith, without affecting the person’s right to use other legal remedies that may be available.
This policy complements the website’s GDPR Policy. Whenever a report includes personal data, including sensitive data, the rules on legal bases, data subject rights, retention, and security measures described in the GDPR Policy also apply. Within the organization, information is handled on a need-to-know basis and with increased care toward vulnerable persons.