Loading content
Loading content
Protection of persons
Last updated: April 14, 2026
This policy explains how SASTIPEN seeks to protect the people who contact the organization through the website, especially vulnerable persons, victims of discrimination, health mediators, witnesses, and other persons involved in reports submitted through the website. It applies both to the way reports are received and assessed and to the way internal access and unnecessary exposure of information are limited.
Our work is guided by principles of respect, dignity, data minimization, confidentiality, necessity, proportionality, and need-to-know access. Information submitted through the website is reviewed only in relation to the purpose of the report, and access is limited to authorized staff and collaborators who genuinely need that information for documentation, assessment, and, where applicable, intervention. We also use reasonable technical measures to limit unauthorized access to the public forms and to the administrative area.
When a person requests anonymity or confidentiality, SASTIPEN respects that choice to the greatest extent possible. However, absolute anonymity cannot be guaranteed in every situation, for example when the person requests steps that require contacting an institution, presenting identifiable evidence, or complying with a legal obligation. In those situations, we apply the principle of minimum necessary disclosure and, where possible, inform the person in advance about the data that may need to be shared further.
Reports are assessed manually by authorized staff and are used for evaluation, guidance, documentation, support, and, where appropriate, institutional, administrative, or legal follow-up. Submitting a form does not automatically mean that SASTIPEN will provide legal representation, start litigation, or formally open a case. SASTIPEN may request clarifications, recommend referring the matter to another competent institution, or close a request that cannot be handled in a responsible, proportionate, or lawful manner. We do not use automated profiling or scoring systems for people who submit reports.
The website forms are not an emergency service. For situations involving immediate risk to life, health, physical integrity, or personal safety, the competent services must be contacted immediately, including 112, the police, medical units, or public social assistance services. The website may be used afterwards for documentation or to request support, but it does not replace emergency intervention and should not be used instead of immediate protection channels.
Users must provide information that is accurate, relevant, and proportionate to the purpose of the report, avoid unjustified disclosure of other persons’ data, and use the forms in good faith. SASTIPEN may refuse or limit the processing of submissions that are manifestly false, insulting, abusive, excessive, or made in bad faith and may reduce, anonymize, or remove information that is not necessary for the purpose of the assessment, without affecting the person’s right to use other legal remedies that may be available.
This policy complements the website’s GDPR Policy. Whenever a report includes personal data, including sensitive data, the rules on legal bases, data subject rights, retention, and security measures described in the GDPR Policy also apply. If a report concerns another person, the sender should ensure that they have a legitimate basis to share the information or disclose only the data that is strictly necessary. Within the organization, information is handled on a need-to-know basis and with increased care toward vulnerable persons.