🎉 20% off the first year #BLACKFRIDAY discount 🎉 Use code:

GIFT20

| Valid until: December 31

Protection of persons who report breaches of Union law

Drafted on December 14th, 2023

1. INTRODUCTION

  • 1.1. Purpose
    • 1.1.1. This policy on the protection of persons who report breaches of Union Law (the “Policy”) defines the general principles and the operational framework through which the foreign branch with the name “FLIPNODE Μ.EPE”, which has its registered office at 1st Lykourgou Street, in Athens, (hereinafter the “Company”) receives,  assesses and investigates reports or irregularities, omissions or offences brought to the attention of the employees, customers, suppliers or other interested parties.
    • 1.1.2. The Company endorses and implements this Policy, respecting the principle of proportionality and considering the size, legal form, nature of activities, constantly ensuring proper adherence to government regulations.
    • 1.1.3. The policy and any amendments thereto, are proposed by the Human Resources Department and approved by the Manager and legal representative of the Company.
    • 1.1.4. The Company is committed to maintaining the highest level of ethics and professional conduct, adopting a zero-tolerance policy approach to illegal or anti-government actions that could adversely affect its reputation and credibility.
  1. 1.2 Regulatory Framework
  2. This Policy complies with the requirements of the regulatory framework and is adapted to the principles and provisions of the European Directive 2019/1937 on the protection of persons reporting violations (whistleblowers), incorporated into national legislation by Law 4990/2022.
  1. 1.3 Definitions
  2. For the purposes of this policy, the following definitions apply:
  3. Report: The oral or written provision of information about violations to the Company.
  4. Unacceptable report: The report that refers to a violation and does do not fall under Article 3 of the Policy or is not clear, definite, complete, timely or is manifestly malicious, frivolous, or excessive.
  5. Reporting person: The person who reports or discloses information about violations, which he has obtained in the context of his work or his cooperation with the Company.
  6. External partners: Third parties linked, contractually or not, to the Company as well as their staff, specifically consultants, contractors, suppliers, partners of all kinds, shareholders etc.
  7. Reporting Receiving and Monitoring Officer (RRMO): Responsible for receiving, managing, and coordinating the investigation of reports by the Report Management Committee.
  8. Report Management Committee (RMC): manages reports and conducts preliminary investigations, drawing up the final report of the investigation to the Company’s management. It is composed of the following members: 1) the RRMO, 2) Company’s CFO and 3) the People Operations Specialist.
  9. Employee: The natural person who is employed by the Company under a contract of employment of a definite or indefinite term, or a natural person who relates to the Company through another employment relationship, or a person who is seasonal employee, or a person who is employed as a trainee by the Company.
  10. Reporting Channels: The channels through which reports are submitted and include the means used for reporting as well as the persons to whom the reporting persons can be addressed.
  11. Malicious Report: A report that is made and the reporting person knows that it is untrue.
  12. Good Faith: The condition that creates in the reporting person a reasonable belief that he is justified in believing that the information he provides is true.
  13. Personal Data: Personal Data, as defined in the Regulation 2016/679 and Law 4624/2019.
  14. Retaliation: Any act or omission, direct or indirect, which occurs in a work context, on the report, and which causes or is likely to cause undue harm to the reporting person.  Retaliation may include, but is not limited to, harassment, discrimination of any kind, negative performance evaluation, freeze or reduction of salary, assignment of other or subordinate duties, and, in general, any form of adverse change in working conditions.
  • 1.4. Scope and Obligations
    • 1.4.1. In the context of this Policy, persons working or providing services to the Company are encouraged to disclose serious irregularities, breaches or offences that come to their attention and concern any person working for or providing services to the Company, whether natural or legal.
    • 1.4.2. The Company encourages all the above to report, confidentially or anonymously, through the existing reporting channels, any illegal or unethical behavior as soon as it comes to their attention and relates to the objects defined below.

2. GENERAL PRINCIPLES

  • 2.1 The policy is a mean of safeguarding the integrity, internal governance, and reputation of the Company. It contributes to the identification of risks and to the adoption of appropriate corrective measures, including, among other things, the strengthening of the internal control system, the early detection of fraud or other serious crimes, the application of appropriate measures to the obliged parties and, where necessary, the information of competent authorities.
  • 2.2. Ensuring an environment of trust and security for its employees, customers and suppliers, the Company encourages the good faith reporting of illegal acts or serious misconduct of which it becomes aware.
  • 2.3. It is a fundamental principle of the Policy to protect the anonymity and confidentiality of the personal data of whistleblowers and, if they are employees of the Company, to ensure that their professional evaluation is carried out impartially.
  • 2.4. No promise of reward to the whistleblower can be made, as the reports are submitted both in the context of compliance and observance of the relevant applicable institutional and regulatory framework as set out in Article 1.2 of the present and to protect the interests of the Company and the other interested parties.
  • 2.5 The complaint procedure is intended to enhance transparency, which encourages the reporting of incidents that lead to violations of the Company’s procedures and policies, as well as the reporting of incidents of fraud, corruption, coercion, or other violations.
  • 2.6 The deliberate reporting of false and malicious information shall be prohibited. Abuse of the reporting system can lead to measures against the perpetrator of the abuse as well as criminal sanctions, according to Law 4990/2022.

3. SCOPE OF COMPLAINT REPORTS

  • 3.1. Reports shall be submitted on the condition that there is a good faith and reasonable belief that an offence or misconduct has been committed or is likely to be committed. Company’s employees, customers and suppliers are encouraged to report offenses, suspected illegal conduct, instances of mismanagement or serious omissions with respect to regulations, policies and procedures, and with respect to the presentation of financial statements and the preparation of the consolidated financial statements. The Policy covers, by way of example (but is not limited to), reports or complaints concerning:
    • a. Violations of European law, particularly those set out in Part 1 of the Annex to Law 2990/2022, in the areas of:
      • – public procurement,
      • – financial services, products and markets, and the prevention of money laundering and terrorist financing,
      • – taxation, accounting and auditing matters, banking and financial crimes and breaches of anti-bribery laws, such as misappropriation of Company or customer assets,
      • – product safety and conformity,
      • – transport safety,
      • – environmental protection, protection of privacy and personal data, and protection of networks and information systems,
      • – radiation protection and nuclear safety,
      • – food and feed safety, animal health and welfare as well,
      • – public health and compliance with health and safety rules,
      • – consumer protection,
    • b. violations affecting the economic interests of EU of the article 325 of the Treaty on the Functioning of the European Union and the specifics defined in the relevant Union measures,
    • c. infringements of rules related to the internal market, as referred to in in par. 2 of art. 26 of TFEU, including infringements of Union rules on competition and state aid, as well as infringements relating to the internal market regarding acts that violate the rules on corporate taxation or arrangements, the purpose of which is to secure a tax advantage which defeats the object or purpose of the applicable corporate tax legislation.
  • 3.2. This list is not exhaustive but is intended to illustrate indicatively the type of issues raised under this Policy.
  • 3.3. It is clarified that:
    • 1. breaches concerning issues of violence and harassment at work are reported to the to the Company’s Director of Human Resources,
    • 2. breaches concerning issues of personal data are reported to the Personal Data Protection Officer (DPO),
    • 3. breaches concerning network security and leakage of highly confidential (and secret) information are reported to the Information Security Officer,
    • 4. customer complaints related to the quality of the products and services provided are reported to the Customer Service Department or the Company’s respective sales departments and are forwarded to the relevant Department Manager related to the problem.
    • All the above is primarily managed in accordance with the Company’s existing specific policies and procedures for the above objects implemented by the Company.

4. PROTECTION OF ANONYMITY-PROTECTON FROM RETALIATION

  • 4.1 Protection of the whistleblower
    • 4.1.1 Reports are made on the condition that there is a good faith and reasonable belief that a criminal offence or misconduct has been committed or is likely to have been committed.
    • 4.1.2. In any case, the report must be made in “good faith”, i.e. a reasonable belief as to the accuracy of the facts reported and in the commission of infringement. The whistleblowers are protected from any retaliation or reprisal, as follows:
    • The confidentiality and the identity of reporting person is protected if he has chosen to remain anonymous.
    • Individuals who report or publicly disclose breaches anonymously but are subsequently identified and subject to retaliation shall be entitled to receive the protection provided.
    • The reports submitted shall be disclosed only to predefined persons deemed necessary for the conduct of the investigation and bound by their duties to observe the rules of confidentiality. Compliance with the above also has the effect of protecting the identity of the persons referred to.
    • 4.1.3. The disclosure of the identity of the reporting person may be required in the course of judicial or other legal proceedings, in the context of an investigation of the relevant case. In particular, the reporting person shall be informed before his or her identity is disclosed, unless such disclosure would undermine the relevant investigations or judicial proceedings. In the information to the complainant, the Company provides explanations for the disclosure of the confidential information.
    • 4.1.4 Disclosure shall be made only if it is necessary to serve the purposes of Law 4990/2022 or to safeguard the defense rights of the person against whom the reference/complaint is made, after the whistleblower/complainant has been informed in writing about the reasons for disclosing his identity and other confidential information, except where such information undermines investigations or judicial proceedings.
    • 4.1.5. In cases of obstruction or attempted obstruction during the submission of a report falling within the scope of this Policy, as well as in case of initiation of malicious proceedings against persons submitting complaints about malfunctions, criminal sanctions are provided for under Law 4990/2022. Criminal penalties are also provided for persons who breach the obligation to preserve the confidentiality of identity of reporting persons, as well as for persons who knowingly make false public disclosures.
    • 4.1.6. The Company ensures that the reporting person is adequately protected from adverse effects, such as the threat or application of retaliation, discriminations, or any kind of adverse treatment. Any act of discrimination or retaliation, as indicated in article 17 of Law 4990/2022, that takes place against a person who discloses or may discourage other persons from disclosing, is not tolerated.
    • 4.1.7 Protection covers on the one hand persons who report, if they reasonably believe that the offences have been or will be committed, even if the allegations are subsequently proven to be inaccurate and on the other hand those who assisted or relate to the persons who report.
  • 4.2 Protection of persons subject to reporting
    • 4.2.1 Persons who are the subject of report are also entitled to protection and are covered by the presumption of innocence.
    • 4.2.2. The identity of the person against whom a complaint has been lodged will be treated with the strictest confidentiality and will only be disclosed in certain exceptional circumstances, such as when required by EU or national law, in the context of investigations by the competent authorities or in the context of legal proceedings, and where is necessary to serve the purposes of this Policy or to preserve the rights of the defense. Any information concerning other persons mentioned in the report will remain confidential, subject to any legal restrictions.
    • 4.2.3. The notification of the person against whom a complaint has been made may be delayed if there is a significant risk that the Company’s ability to effectively investigate the complaint would be eroded by such notification. This will be on a case- by-case basis and considering the wider interests at stake.
    • 4.2.4. The persons who are the subjects of the report enjoy the same protection regarding the protection of personal data, with the reservation that these rights are subject to any overriding security measures required to prevent the destruction of evidence during the investigation stage of the case.

5. COMMITTEE AND REPORTING PROCEDURES

  • 5.1. Receipt of reports submitted
    • 5.1.1 Reports may be submitted by telephone, in writing or by e-mail. In particular, complaints may be sent through the following channels of communication:
    • a) by telephone 211 198 5708,
    • b) by e-mail whistleblowing@yodeck.com  and
    • c) post office box at 1 Lykourgou street, Athens, 10551, to the attention of the Reporting Receiving and Monitoring Officer (RRMO)
    • 5.1.2. The whistleblower may report either by name or anonymously by submitting his report through the communication channels described above. If the reporter does not wish to submit a message in identified manner, he has the option of reporting his concern anonymously and the Company ensures the anonymity throughout the entire process.
    • 5.1.3. When a telephone line or other messaging telephone system is used to make a report, recording of conversation is permitted if the reporting party has lawfully consented to.
    • 5.1.4. At the request of the reporting person, reports may be submitted by means of a personal meeting with the RRMO.
    • 5.1.5. Anonymous reports make it extremely difficult or impossible to thoroughly investigate an incident, due to the difficulty of obtaining information from an anonymous person, as well as the difficulty of assessing the credibility of the report. Anonymous reports are reviewed depending on whether it is possible to determine the illegal acts described and prove them without obtaining further information from the reporter.
    • 5.1.6.  The reporting person is encouraged to share any information known to him, such as sufficient details of the incident and the parties involved and documents that could effectively verify the validity of the reported event, to facilitate the investigation. In any case of reporting, the following are essential elements of disclosure:
      • Description of the offending conduct,
      • Time period of the incident,
      • Contact details of the disclosing person’s choice,
      • Any document or information that contributes to the emergence of the offending conduct.
    • 5.1.7. The RRMO and the members of RMC for the successful conduct of investigations have:
    • Free and unrestricted access to all records and premises of the Group Company concerned by the complaint, whether owned or leased and
    • Authorization to examine and take files or copies thereof, in any form, physical or digital, as well as any type of object, from any Group facility, without the prior consent or notification of any person who may use or keep the aforementioned, when they fall within the scope of their research and after they have primarily informed and obtained approval from the Chairman of the board of Directors or the Chief Executive Officer of the Company, to which the reports pertains, as the case may be.
    • 5.1.8 Both the RRMO and the other members of RMC must:
    • carry out their duties with integrity, objectivity, impartiality, transparency a social responsibility,
    • respect and observe the rules of confidentiality and confidentiality of matters of which they became aware in the course of their duties and
    • abstain from the management of specific cases, declaring an obstacle, if there is a conflict of interest.
  • 5.2. Processing of personal data
    • 5.2.1. Any processing of personal data under this Agreement is carried out in accordance with the national and European legislation applicable to personal data as well as the Company’s privacy policy. The data of all those involved are protected and subject to processing exclusively in relation to the relevant report and for the sole purpose of ascertaining the validity or not of the report and investigating the specific incident. The Personal Data of individuals involved in and related the reports (e.g. the person against whom the report has been registered) will be processed solely for the proper handling and further investigation of the report.
    • 5.2.2. The legal basis of the processing is a) compliance with the legal obligation arising from the Law 4990/2022 regarding the obligation to create a channel of reporting malfunctions (report channels) and taking the necessary measures to monitor it and the Law 4557/2018 regarding the prevention and suppression of money laundering and the financing of terrorism , as amended and in force, and regarding the operation of a whistleblowing system and b) the legitimate interest of the Company regarding the prevention and combating of any wrongdoing or irregularities against the exercise of its activities.
    • 5.2.3. The Company takes all necessary technical and organizational measures to protect personal data, in accordance with the Company’s privacy policy. Sensitive personal data and other data not directly related to the report are disregarded and deleted.
    • 5.2.4. Only those involved in the management and investigation of the incident can have access to the data included in the reports, such as for example the members of the Report Investigation Committee and the person responsible for receiving the reports, including other specialized external consultants whose assistance may be requested by the Report Investigation Committee.
    • 5.2.5. Such information and personal data may be transmitted to the competent supervisory and investigative authorities or other competent public authorities in the event of a legal obligation or in the event of initiation of a judicial or other legal process in the context of the investigation of the report, e.g. to be used as evidence in administrative, civil, and criminal cases.
    • 5.2.6. Personal data is deleted from the Report Register within a reasonable period from the completion of the investigation initiated based on the Report. In particular, personal data included in a report to substantiate the investigation are deleted within thirty (30) days after the completion of the investigation, except for the case where the Personal Data must be preserved in accordance with applicable laws. In the event of initiation of any legal or judicial or disciplinary proceedings, the Personal Data will be retained until the completion of such proceedings, which are initiated because of the submission of the report.
    • 5.2.7. All personal data management is assisted by the Personal Data Protection Officer (DPO).
  • 5.3. Management of submitted reports
    • 5.3.1. The RRMO after receiving the report, it first checks its completeness in terms of the required data and communicates it to the other members of the RMC to be evaluated. RMC decides the appropriate action on a case-by-case basis and decides whether to accept the report for further investigation or to reject and file it.
    • 5.3.2. RMC has the option to dismiss the complaint/report and close the process by filing the report if any of the following apply:
      • – the alleged conduct does not constitute reported conduct under the Policy, nor does it constitute a violation within the scope of this Policy, or there are no serious indications of such a violation,
      • – the complaint/report was not made in good faith or is malicious,
      • – the complaint/report is incomprehensible or has been submitted in an inappropriate way,
      • – there is insufficient information to allow further investigation,
      • – the matter of the report has already been resolved.
    • If a report includes topics that are not covered by the scope of this Policy, the RMC  takes appropriate action to resolve the issue, e.g. assigning the case to the appropriate person or group. Cases involving complaints messages deemed to be unfounded or in bad faith will be closed without further action. In any case, RMC shall inform the reporting person in writing on the rejection of the report and the reasons thereof and, if the report is accepted, shall take appropriate steps for investigation as described below.
    • 5.3.3. If there is need and a special know-how or expertise in the investigation process, third parties, such as external partners and lawyers, may be included, subject to their written commitment to maintain confidentiality. In addition, by decision of RMC  and if required for the purpose of the investigation, the case may be escalated or assigned to other persons within the company, who are informed and participate in the process.
    • 5.3.4. The report with all the data that accompanies it, as well as those arising from the investigation, is kept -whether printed or electronically- under the responsibility of the Reporting Receiving and Monitoring Officer. The retention period is set at a minimum of 5 years (from the date of receipt of the report) if there are no other legitimate reasons that extend the retention period (e.g. continuation of judicial investigation).
    • 5.3.5. To ensure objectivity and integrity, and to avoid a conflict of interest, if the person named in the complaint report coincides with one of the members of the Commission, this conflict is immediately highlighted. It is pointed out that if a member of the RMC is involved in any report, then under the responsibility of the RRMO, the Manager and legal representative of the Company is informed to appoint a replacement, while if the RRMO himself is involved, then he forwards the report to the members of RMC, which handles the investigation without his participation.
    • 5.3.6. In case the report has been submitted by name the RRMO confirms to the reporting person documented receipt of his report within seven (7) days of its submission.
    • 5.3.7. Anonymous reports are reviewed based on the quality of their documentation and the ability to trace the reported irregularity.
    • 5.3.8. RMC reviews and decides whether the submitted report concerns irregularities, omissions, or criminal acts. It then decides the investigative actions that will lead to the final characterization of the report as unfounded or not and to the relevant documentation of the violations reported. The reports are examined with due diligence, unbiased judgement, and objectivity and at the end a report is drawn up with the findings and conclusions of RMC, which is forwarded to the Administration. It is clarified that in the case of non-unanimity, each member of the RMC has the right to record his opinion in the report to be drawn up. Depending on the results of the investigation and if there are documented reprehensible behaviors and actions, the Company’s Management, considering the recommendation of the RMC, decides on corrective or even disciplinary/legal actions. Such actions may include (indicatively but not limited to): a) further investigation, if it considers that elements are insufficient to fully clarify the case, b) additional training of employees, c) establishment of new internal control channels, d) modifications in existing policies and/or procedures, e) disciplinary sanctions including and final removal/dismissal or f) legal actions.
    • 5.3.9. After completion of the investigation, the RRMO informs the reporting person (if the report was named) of the decision taken on his report. A case is considered to have been completed when a final decision has been taken by the Company’s Management, which is based on the report submitted by RMC. The relevant feedback to the reporting person is provided no later than three (3) months after the acknowledgement of receipt of the report or, if no acknowledgement has been sent to the reporting person, three (3) months form the end of seven (7) days after the submission of the report.
    • 5.3.10. It is noted, however, that the reporting person, if he considers that his report was not dealt with effectively or if it was rejected, may resubmit it to National Transparency Authority (NTA), which, as an External Reporting Channel, exercises the responsibilities, according to art. 12 of Law 4990/2022.
    • 5.3.11. Exceptionally, if the report proves to be false or malicious, and if the complainant so requests, he may be informed of the identity of the complainant to exercise his legal rights. It is clarified that reports that prove to be clearly malicious will be further investigated at the discretion of the Administration, both in terms of motives and those involved to restore order by any lawful means.
    • 5.3.12. It is pointed it out, finally, that the respondents have access to all legal remedies and enjoy the rights of a trial, and particularly the right of effective resource to an impartial tribunal, as well as the presumption of innocence and the rights of defense, including the right to be heard and the right of access to their files. The identity of those referred to in the complaint is protected throughout the investigations initiated by the report or public disclosure.

6. SUBMISSION OF EXTERNAL REPORT TO THE NATIONAL TRANSPARENCY AUTHORITY

  • 6.1. The reporting person submits an external report/complaint directly to the National Transparency Authority.
  • 6.2. This report is submitted in writing or orally or via an electronic platform, accessible also by people with disabilities and in particular:
    • a) Electronically: by sending an e-mail to the address kataggelies@aead.gr or by completing the relevant complaint form.
    • b) By post: by sending it to the postal address of NTA at 195 Lenorman Avenue and Amfiaraou Street, Athens, 10442.
    • c) In person (or through an authorized representative) at the facilities of NTA at 195 Lenorman Avenue and Amfiaraou Street, Athens, 10442

7. FINAL POVISIONS – ADOPTION, REVISION AND UPDATE

  • 7.1. Under the responsibility of the Human Resources Department, the complaints policy is communicated to employees and posted on the Company’s website in a separate, easily identifiable, and accessible place. The information includes the procedures applicable to the reporting of a case, including how the Company may request clarification from the complainant on further elements of the report or provide additional information, the timetable for the feedback and review of the case and the content of such feedback, and the nature of the follow-up to the reports.
  • 7.2. The Human Resources Department is responsible for the evaluation and annual review of the policy and, if deemed necessary, proposes amendments to the management to recognize changes in the relevant regulatory framework and to continuously improve operational efficiency and effectiveness.
  • 7.3. The RRMO is responsible for the design and coordination of educational and training activities regarding the training of staff and all partners on the operation of reporting channels, ethics, and integrity.