Foundever And Vivino Exposed In 16-month Global Data Protection Breach Scandal

LISBON, Portugal - March 26, 2025 - PRLog -- A whistleblower at Foundever Portugal, S.A., a global customer experience firm, has exposed a 16-month GDPR breach, implicating Foundever and Vivino ApS, the world's largest online wine marketplace. Wielding Portugal's Law No. 93/2021 and the EU Whistleblower Directive (2019/1937), this employee is fighting a toxic workplace and systemic data violations affecting EU and U.S. clients, sparking a potential €700M class-action crisis.

Evidence from an October 23, 2023, Leadership Meeting Agenda reveals Foundever's unauthorized retention of client data in Salesforce, breaching GDPR Articles 5, 9, 15, and 32. A trainer flagged this, warning Vivino of fines up to 4% of yearly revenue, yet Slack messages show Vivino dismissing it. After 500+ days, neither reported the breach, violating GDPR Article 33(1)'s 72-hour rule.

On December 13, 2024, Foundever managers mocked the whistleblower's health condition, breaching GDPR Article 9 and Labour Code Article 29, per trainer statements (February 24 and March 17, 2025). Retaliation followed: the trainer faced punitive shift changes on February 24, 2025, leading to sick leave, while the whistleblower was fired February 12, 2025, after raising harassment with HR, violating Labour Code Article 331 and Law No. 93/2021.

Foundever's Data Protection Officer denied the December breach on March 21, 2025, despite evidence, and their Senior HR Manager rejected harassment claims on March 24, falsely alleging the whistleblower missed a health exam—he was on sick leave with a GP note. Vivino's silence fuels their complicity.

Backed by Cambridge Samuel, the whistleblower filed complaints with Portugal's ACT and CNPD on February 21, 2025, updated March 4 and 15, with evidence like Slack messages and the trainer's statement. EU regulators, including the CNPD, are mobilizing, while U.S. authorities—led by the FTC and state attorneys general—are equally on alert due to impacted U.S. clients, amplifying this transatlantic crackdown. A Portugal-led class-action lawsuit seeks $50M-$500M, rivaling TikTok's €345M fine.

The whistleblower demands Foundever and Vivino overhaul data security, compensate victims, and report quarterly to regulators—or face global backlash. With EU and U.S. regulators closing in, this dual crisis—GDPR breaches and HR retaliation—has media and authorities on both continents poised for action, affecting employees and clients worldwide.

Contact: public-relations@cambridgesamuel.com / class-action@cambridgesamuel.com
Evidence: Redacted samples available for regulators and media.

About Cambridge Samuel
Cambridge Samuel champions whistleblower cases, focusing on call center misconduct and data protection violations.

https://www.cambridgesamuel.com/