1. INTRODUCTION & BASIC PRINCIPLES
The Company implements the principles and guidelines set out in Whistleblowing Policy (the “Policy”) in order to enhance integrity, transparency and accountability within the Company and to protect its interests and reputation. The Company encourages all persons covered by Article 4 to report, confidentially or anonymously, through existing reporting channels, any conduct that is illegal and/or unethical as soon as it comes to their attention. Failure to report may in some cases constitute a criminal offence where there is a legal or contractual obligation to do so. All reports will be taken seriously and investigated with complete objectivity and independence. The Company will ensure that whistleblowers are protected from any retaliation and that the personal information of all parties involved is protected by taking the necessary technical and organizational security measures. This Policy should be in line with the principles and provisions of the European Directive 2019/1937 on the protection of whistleblowers, which was transposed into Greek law by Law 4990/2022.
The basic principles of the Policy are as follows:
i) confidentiality of personal data
(ii) respect and maintenance of anonymity
(iii) collection and investigation of all necessary documentation and information for the proper management of the report/complaint
(iv) protection against malicious action by those who make a report or complaint in good faith.
2. PURPOSE
The purpose of this Policy is to:
a) set out the principles and framework for reporting within the Company.
b) encourage all persons referred to in Article 4 to make reports if they become aware of illegal or unethical behaviour within the Company.
c) provide assurances that reports will be treated and incidents will be investigated in complete confidentiality and that the personal data of those involved will be protected as well as that those who report will be protected from retaliation.
d) ensure that the Company will follow the provisions of Law 4990/2022, as well as the Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law.
3. TERMS
– Report: The oral or written information about violations to a duly authorised person of the Company.
– Unacceptable Report: A report that relates to a violation not covered by Article 5 of the Whistleblowing Policy, or a report that is not clear, defined, complete, timely, or that is malicious, excessive and repetitive.
– Whistleblower: The natural person who reports or discloses information on breaches acquired in the context of their work-related activities.
– Retaliation: Any direct or indirect act or omission which occurs in a work-related context, prompted by reporting, which causes or may cause unjustified detriment to the whistleblower.
– External Partners: Third parties contractually linked to the Company and its employees, i.e. consultants, subcontractors, suppliers, shareholders, etc.
– National Transparency Authority (hereinafter referred to as “NTA”): The Authority that is an external reporting channel and is responsible for receiving, managing and following up on reports of violations that are submitted directly to it.
– Employee: The person who contracts with the Company under a fixed-term or open-ended employment contract, or the person who is associated with the Company under another employment relationship, or the person who is in a probationary period.
– Reporting channels: The channels through which reports are made, including the means used to make reports and the persons to whom reports may be made.
– Malicious Report: A report made with the knowledge that it is untrue.
– Good Faith: the unequivocal belief in the veracity of the reported incidents, i.e. the fact that the whistleblower reasonably believes the transmitted information to be true, based on reasonable facts and/or circumstances that allow for the assumption that the report is sufficiently grounded.
– Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
4. SCOPE
The Whistleblowing Policy applies to:
- A) The Company’s management and all employees, whether temporary, permanent or otherwise, including probationary employees, who in good faith report illegal conduct or conduct that violates the Company’s Code of Ethics and Business Conduct. The same applies to information about violations obtained during the recruitment process or any other pre-contractual negotiation stage.
- B) Third parties who have a contractual relationship with the Company, as well as their employees (referred to in this Policy as “External Partners”) such as consultants, suppliers, shareholders, etc., who have become aware of unlawful/unethical conduct within the Company.
In order to be covered by this Policy, reports must be made in good faith, i.e. those making reports must have reasonable grounds to believe that the information they are providing is true. In all cases, good faith will be presumed unless it can be shown that the report was made in bad faith. If the report is malicious, the protections described in this Policy will not apply.
The above persons will be informed of the Policy as set out in the relevant Article (see “INFORMATION AND TRAINING ON THE WHISTLEBLOWING POLICY”).
5. SUBJECT OF REPORTS
If anyone covered by this Policy becomes aware that any of the following types of misconduct are taking place within the Company, they should make an immediate report.
– Disclosure of confidential information, business secrets, plans relating to the strategic or general financial interests of the Company.
– Fraud
– Corruption/abuse of power
– Bribery
– Conflict of interest
– Theft, embezzlement
– Falsification
– Breach of confidentiality and privacy
– Money Laundering
– Breach of competition law
– Breaches of accounting and auditing standards
– Breaches of health and safety regulations
– Breaches of public procurement law
– Breaches of environmental legislation
– Discriminatory treatment
– Harassment
– Violence and harassment as defined in Articles 3 and 4 of Law 4808/2021, as incorporated into Decree 80/2022 (Code of Individual Labour Law)
– Threats, extortion, use of force
– Abuse, slander
– Misuse of company resources
– Unethical behaviour
– Violation of laws and company policies, including the applicable Code of Ethics and Business Conduct
The Whistleblowing Policy does not cover:
– Disputes over matters relating to management policies and decisions
– Personal matters and disagreements with colleagues or supervisors
– Rumours
6. REPORTING CHANNELS
The Company has established reporting channels for persons wishing to make reports. Any employee who suspects that any of the above misconduct is taking place should first contact their immediate supervisor or manager in person or by telephone or email.
If the reporting parties are not employees of the Company, they may submit a report via the whistleblowing email. The submission of named reports is encouraged. It is also clarified that anonymous reports will be treated with the same attention as the named reports and their anonymity will be guaranteed. All reports submitted through the above reporting channels will be managed by a duly authorised person of the Company.
7. GUIDELINES FOR THE SUBMISSION OF REPORTS
The following are general guidelines and instructions for reporting:
Α) Reports of misconduct should be made promptly and in good faith. It is clarified that “promptly” means: (i) within twelve (12) months of becoming aware of matters having a financial dimension or financial impact (e.g. contracts, tendering, negotiations, etc.), (ii) within six (6) months of becoming aware of matters having a non-financial impact (e.g., conduct, discrimination, harassment, etc.).
B) The report should be clear, defined and contain as much information and details as possible.
C) The report should include the name of the person (or persons) who may have been the subject of misconduct, the date/time period and location where the incident occurred, the nature of the misconduct and detailed description of the misconduct.
D) Special categories of personal data and other sensitive information unrelated to the incident should not be included in the report.
E) The whistleblower does not need to be absolutely certain of the validity of his/her report. He/she should not take any illegal action that could put him/her, the Company or a third party at risk in order to seek and gather further information to support his/her report.
F) The whistleblower should be available to provide further information, either confidentially or anonymously by e-mail, if requested. Particularly in the case of an anonymous report, the whistleblower may also choose to be available through any other specific communication channel or contact point (at the whistleblower’s sole discretion).
8. PROTECTION OF WHISTLEBLOWERS
The Company protects the members of the Board of Directors and any employee of the Company who, in good faith, reports illegal or unethical conduct. In this regard, any form of retaliation against a whistleblower is prohibited, even if the whistleblower’s report turns out to be incorrect. The Compliance Officer and the management shall ensure that there is no retaliation against anyone who makes a report in good faith.
In particular, the Company is committed to ensuring that employees who have made a report are not retaliated against, harassed or marginalized, intimidated or threatened and treated unfairly as a result of their report (e.g. dismissal, etc.). Similarly, unjustified changes to the employment relationship as a result of their report are not permitted (e.g. dismissal, suspension, reduction in salary, change of working hours, etc.). In the case of a malicious report, the above protection shall not apply.
The same level of protection applies to third parties related to the whistleblower who may be retaliated against in the workplace, such as colleagues or relatives of the whistleblower.
If the whistleblower is an external partner, early termination or cancellation of a contract for goods or services as a result of the report is not permitted.
Any act of retaliation should be reported directly to the Company and will be investigated and resolved. If the investigation determines that retaliation has occurred, disciplinary action will be taken against the perpetrator. The person accused of retaliation has the burden of proving that their actions were not related to the employee’s report (reversal of the burden of proof). If an employee decides to report an incident covered by this Policy in which he or she was previously involved, the fact that he or she ultimately reported the incident will be considered in his or her favour in any subsequent proceedings (e.g. disciplinary proceedings).
If the reporting employee requests special protection from any retaliation (e.g. transfer to another department), the Company will consider granting the request within its existing capabilities. If the whistleblower is named and the investigation shows that the Company’s vital financial or other interests have been protected as a result, the whistleblower will be rewarded in the most appropriate manner.
9. RIGHTS OF PERSONS NAMED OR INCLUDED IN THE REPORT
The whistleblower has the right to be informed of both the receipt of his/her report (within 7 working days at the latest) and the outcome of the investigation (within 3 months at the latest).
The Company protects both individuals who make a report and individuals who are included in reports. The investigation will be conducted in complete confidentiality and, as far as possible, confidentiality will be maintained at every stage of the process to avoid stigmatisation and victimisation of individuals.
Individuals included in reports have the right to be informed promptly of the misconduct of which they are accused, of the persons who have access to the data contained in the report and of their right to be held accountable. However, if there is a serious risk that the above information could impede the investigation of the case and the gathering of the necessary evidence, the notification of the persons included in the report may be postponed until such risk has been removed.
The identity of the whistleblower shall remain confidential. Exceptionally, if the report is found to be malicious and if the accused so requests, the identity of the whistleblower may be disclosed in order to exercise his or her legal rights.
It is clarified that reports that are found to be clearly malicious will be further investigated at the Company’s discretion, both as to the motives and the parties involved, with a view to restoring order by all lawful means and methods.
10. INVESTIGATION OF INCIDENTS
The Company undertakes to treat all reports seriously, whether anonymous or not. The Company will investigate the incidents contained in the report as soon as possible. If necessary, and depending on the scope of the report, additional professional assistance may be sought from other Company executives as well as external advisors, such as legal counsel, external auditors, fraud investigators.
11. CORRECTIVE AND DISCIPLINARY ACTION
Depending on the results of the investigation, corrective and/or disciplinary/legal action will be proposed. These actions may include (but are not limited to) (a) additional employee training, (b) implementation of new internal controls, (c) changes to existing policies and/or procedures, (d) disciplinary sanctions up to and including permanent removal/dismissal, or (e) legal action.
The Company has zero tolerance for any illegal conduct or behaviour that does not comply with the Code of Ethics and Business Conduct. In the event of a substantiated report, disciplinary action will be taken and, if required or deemed necessary, the Company will take action using all lawful ways and means, including litigation of any civil and/or criminal claims.
12. CONFIDENTIALITY – ANONYMITY
The Company encourages employees and external partners to raise concerns about possible violations through existing reporting channels. The Company also undertakes to make every effort and take all reasonable measures to protect the identity of both the whistleblower and the individuals included in the reports, and to treat them with complete confidentiality and discretion.
In all cases, during the investigation of an incident, the identity of the whistleblower will not be disclosed to anyone other than those authorized to receive, monitor and investigate reports, unless the whistleblower has given explicit consent or the report is found to be malicious.
Anonymity will be maintained through the use of appropriate technical and organizational measures.
13. RECORD KEEPING
A centralized register of reports will be maintained by the Company, in electronic or paper form.
14. PERSONAL DATA
Any processing of personal data under this Policy will be carried out in accordance with national and European legislation applicable to personal data and the Company’s Privacy Policy. The data of all parties involved will be protected and processed solely in relation to the report concerned and for the sole purpose of verifying the validity or otherwise of the report and investigating the specific incident.
The Company will take all necessary technical and organizational measures to protect personal data in accordance with the Company’s relevant policies. Sensitive personal data and other data not directly related to the report will not be considered and will be deleted. Only those involved in the management and investigation of the incident shall have access to the data contained in the reports. Personal data shall be deleted within a reasonable period of time after the conclusion of the investigation initiated on the basis of the report. Personal data will be deleted from the register of reports and from the material obtained during the investigation in accordance with the timeframes set out in the Company’s Privacy Policy.
15. INFORMATION AND TRAINING ON THE WHISTLEBLOWING POLICY
The Company shall ensure that all employees of the Company are informed and trained on the content of this Policy. The information will be provided by sending information materials, e-mails, newsletters or other appropriate means. Information about the Policy will also be posted in a prominent place in the company. Training (face-to-face or online) will be provided on a regular basis.
External partners will be contractually required to provide relevant training to their employees. This will be done in accordance with instructions and using materials provided by the Company and by any appropriate means, such as e-mail, mailing of information materials, etc.
Information and awareness-raising activities should be disseminated both internally as well as the general public.
16. COOPERATION WITH THE COMPETENT AUTHORITIES
To the extent that the report relates to violence and harassment as defined in Articles 3 and 4 of Law 4808/2021, as amended, the Company shall ensure cooperation and provide all relevant information to the competent authorities upon request.
17. IMPLEMENTATION AND RENEWAL OF THE POLICY
This Policy will be renewed whenever the Company deems it necessary. In the event of a renewal of the Policy, the Company will notify employees immediately.