WHISTLEBLOWING POLICY
1. Introduction
Amvyx S.A. operates in accordance with the rules of professional conduct, integrity, transparency and ethics. At the same time, Amvyx S.A. creates and implements policies to comply with the current legislative and regulatory framework.
With this Whistleblowing Policy, Amvyx S.A. complies with Directive (EU) 2019/1937, regarding the protection of persons who report breaches of EU law, and National Law 4990/2022. The Whistleblowing Policy aims to establish a system for internal reporting of breaches of EU law, to protect persons reporting such breaches and to organize the process of submission, receipt, and follow-up of reports.
The company has zero tolerance for actions that may disrupt its healthy working environment, are potentially harmful and may jeopardize its reputation and credibility. It encourages submission of reports as soon as such actions are noticed. All reports are taken seriously and investigated with complete objectivity and independence. Amvyx S.A. assures those who make reports will be protected from any retaliation and that the personal data of all parties involved are protected by applying the necessary technical and organizational security measures.
2. Definitions
•«Report»: oral or written provision of information regarding breaches of the present.
•«Internal report»: the oral or written provision of information on breaches addressed to the Report Controller (RC) of a legal entity in the public or private sector.
•«External report»: the oral or written or electronic provision of information on breaches to the National Transparency Authority.
•«Person concerned»: the person named in the internal or external reporting or public disclosure as a person to whom the breach is been attributed or who is related to the person to whom the breach is attributed falling within the scope of this Policy.
•«Reporting person»: the person, who makes an internal or external reporting or public disclosure, providing information regarding breaches acquired in the context of his work activities.
•«Retaliation»: any direct or indirect act or omission, occurring within the work-related context, which causes or is likely to cause unjustified damage to, or put the reporting person at a disadvantage, and relates to internal or external reporting or public disclosure.
•«Valid reasons»: a legitimate belief by a person with similar knowledge, education, and experience to the reporting person that the information in his or her possession is true and constitutes a breach of Union law falling within the scope of this Policy.
•«Public Disclosure»: making information about breaches directly available to the public.
•«Facilitator»: the person assisting the reporting person in the reporting process within the employment context, whose assistance must be confidential.
•«Investigation activities»: any action taken by the recipient of a report or any authority or organization to whom the report is forwarded due to their competence to assess the accuracy of the allegations contained in the report and to address the reported breach, such as an internal investigation, external investigation, prosecution, action for recovery of funds or termination of proceedings.
•«Update»: provision of information to reporting persons of the measures proposed or taken in the context of monitoring and the reasons thereof.
•«Work context»: current, past or anticipated work activities in the public or private sector, irrespective of the nature of those activities, through which persons obtain information about breaches and where those persons are likely to suffer retaliation if they report them.
•«Breaches»: acts or omissions which are unlawful under Union law or contrary to the subject matter or purpose of rules of Union law falling within the material scope of this Policy.
•«Information regarding breaches»: information, including reasonable suspicion, regarding breaches that have occurred or are very likely to occur in the organization in which the reporting person works, has worked or will work or is in negotiation to work, or in other bodies with which the reporting person has had contact through, or in connection with his or her work; as well as information regarding attempts to conceal breaches.
•«External collaborators»: Third parties contractually linked to the Company as well as their staff, namely consultants, subcontractors, contractors, suppliers, partners of any kind, shareholders, etc.
•«Report Controller (RC)»: The person who receives and monitors the progress of reports.
•«Committee for the Management of Reports – (CMR)»: The committee responsible for managing and investigating reports.
• «Employee»: The person who is associated with the company with an employment contract of fixed or indefinite duration or the person associated with the Company by another employment relationship or the person who is employed seasonally or the person employed as a trainee in the Company.
•«Reporting channels»: The channels through which reports are submitted and include the means used for reporting and the persons that can be contacted by the reporting
•«Malicious report»: A report made by the reporting person despite knowing that it is not true.
•«Good faith»: The situation which provides reasonable belief to the reporting person that he or she has reasonable faith that the information he provides is true.
3. Scope – Reporting persons
In the Whistleblowing Policy, reporting persons may be:
1. The Board of Directors and its Committees, as well as all employees, of fixed or indefinite contract duration or with any other employment relationship or mandate, seasonal staff, and trainees, who report in good faith behaviour that is illegal or contrary to the code of ethics. The same applies to those who report breaches based on information obtained during the recruitment process or at another stage of pre-contractual negotiation.
2. Third parties contractually linked to the Company and their staff (referred to as “external partners”), who have become aware of illegal behaviour within the Company, specifically consultants, contractors, subcontractors, suppliers, and all kinds of partners. In addition, shareholders, and clients exclusively for issues of breaches of business principles and misconduct referred to in the article “Scope – Types of breaches”.
3. A prerequisite for falling within the scope of protection of this policy is that the report is made in good faith. Reporting persons must have reasonable grounds and a reasonable belief, based on the circumstances and the information available to them, that the information they provide is true. In any case, good faith is taken for granted, unless it is proven that the report was made maliciously. In case of malicious reporting, the protection clauses described in this policy do not apply.
4. Scope – Types of breaches
Reports according to this policy are acceptable when they concern the following types of misconduct – breaches. Any person within the “Scope of Reporting Persons” who becomes aware of any misconduct or violation within the Company for the following types of breaches should immediately make a report.
1.Public procurement
2.Money laundering
3.Financing terrorism
4.Financial services, products, and markets
5.Product safety and compliance
6.Transport safety
7.Protection of the environment
8.Radiation and nuclear safety
9.Food and animal feed safety/animal health and welfare
10.Public health
11.Consumer protection
12.Protection of privacy and personal data
13.Security of networks and information systems
14.Economic interests of the European Union
15.Competition and State benefits
16.Violation of rules, corporate taxation, or settlements
17.Other serious issues
The Whistleblowing Policy does not cover:
1.Disagreements on issues concerning management policies and decisions.
2.Personal issues and disagreements with colleagues or superiors.
3.Personal work matters that fall within the competence of the Human Resources Department.
4.Rumors.
5. Reporting Channels
Amvyx SA establishes easily accessible reporting channels, encourages the submission of incident reporting that falls within the scope of this Policy and guarantees that all reports received are treated confidentially. A report can be submitted signed or anonymously. By submitting a signed report, the reporting person’s personal details may be disclosed to the person concerned if requested, under the terms and conditions of applicable personal data protection legislation. If the reporting person does not wish to submit the report signed, he/she has the option to submit the report anonymously.
The methods of submitting reports are the following:
1. Electronically signed, by sending an email to the address: whistleblowing@hellecon.com
2. In writing, signed by name or anonymously by sending a letter by post to the RC of the Company at the address: Smirnis 26, Nea Filadelfia P.C. 14341 mentioning “Private & Confidential”. The company name for whom the report is filed should be mentioned in the letter.
3. Verbally, via telephone by calling +30 214 4069004 Monday to Friday between 09:00 to 17:00 or by arranging a meeting in person with the RC following a request of the reporting person.
4. Through the National Transparency Authority
Irrespective of the reporting channel, all reports are received and handled by the Report Controller who is responsible for communicating with the reporting person.
6. Reporting Guidelines
The general guidelines for reporting are:
1. Reporting of misconduct should be made in good faith and without delay, as soon as it becomes apparent.
2. The report should be clearly defined and contain as much information and detail as possible so as to make it easier to investigate.
3. The report should include the name of the person(s) who may have committed any misconduct, the date/time period and place where the incident took place, the company to which the incident relates, the type of misconduct and as detailed a description as possible.
4. Any personal data and other sensitive information unrelated to the incident should not be included in the report.
5. The reporting persons should not take any illegal actions that may endanger themselves, the company or any third party, in order to seek and collect more evidence to support their report.
6. The reporting person should be available, to provide further information upon request.
7. Responsibilities of the Report Controller (RC)
The Report Controller has the following responsibilities:
1. Provides appropriate information on the ability of reporting within the organization and communicates this information in a prominent place of the organization.
2. Receives reports of breaches falling within the scope of this Policy.
3. Acknowledges receipt of the report to the reporting person within seven (7) working days from the day of receipt.
4. Takes the necessary steps in order for the complaint to be handled by the Committee for Management of Reports (CMR), or closes the procedure, by archiving the report if it is unintelligible or abusively submitted or contains no facts constituting a breach of Union law or there are no serious indications of such a breach and notifying the relevant decision to the reporting person who, if he/she considers that it has not been dealt with effectively, may decide to resubmit it to the National Transparency Authority, which acts as an external reporting channel.
5. Ensures the protection of confidentiality of the identity of the reporting person and of any third parties named in the report by preventing access to such information by unauthorized persons.
6. Monitors reports and maintains communication with the reporting person and if necessary, requests further information from the reporting person.
7. Informs the reporting person of the actions taken within a reasonable period of time, which shall not exceed three (3) months from the acknowledgement of receipt, or if no acknowledgement has been sent to the reporting person, three (3) months following seven (7) working days from the submission of the report.
8. Provides clear and easily accessible information on the procedures under which reports may be submitted to the National Transparency Authority and, where applicable, public bodies or institutions, bodies, offices, or agencies of the European Union.
9. Plans and coordinates training activities on ethics and integrity, participates in the formulation of internal policies to enhance integrity and transparency in the Company.
Furthermore, the Report Controller shall:
1. Carry out his/her duties with integrity, objectivity, impartiality, transparency and social responsibility.
2. Respect and observe the rules of confidentiality for matters of which he/she has become aware in the performance of his/her duties.
3. Refrain from handling specific cases, declaring an impediment if there is a conflict of interest.
The Company ensures that if the RC performs other duties, that the execution of these duties does not affect their independence and does not lead to a conflict of interest in relation to his duties.
8. Responsibilities of the Reports Management Committee (RMC)
The handling of reports submitted through the reporting channels is carried out by the RMC, in accordance with the Reports Management Process which has the following responsibilities:
•Examines the acceptability of reports brought to its attention by all established reporting channels of the Company.
•Evaluates reports.
•Communicates with the RC to exchange necessary information.
•Takes all appropriate measures to protect the personal data of the subjects involved in the reports and ensure their deletion in accordance with the deadlines set.
•Supervises the Internal Investigation Process of accepted reports.
•Maintains a Reports Register.
9. Appointment of RMC members
RMC members are appointed as:
1. Regular members, who undertake the handling of all reports except for cases undertaken by Substitute members.
•General Manager
•Human Resources Manager
2. Substitute Members, who assume their duties in the event that one or more regular members are relieved from their duties because they are persons concerned in a report under consideration.
•Sales Director
•Marketing Director
•Finance Director
10. Report Managment Process
The reporting process is described in the following steps:
1. The reporting person submits a report through one of the reporting channels.
2. The Report Controller receives the report and confirms to the reporting person its receipt within 7 days.
3. The Report Controller evaluates the report if it falls within the scope of the Law and forwards it to the RMC.
4. If the report does not fall within the scope of the Law, informs the RMC and, unless there is a different assessment by the RMC, closes the case and informs the reporting person.
5. If the report falls within the scope of the Law, forwards the report to the RMC, which undertakes the management of the investigation of the report within the organization. If the person concerned is a member of the RMC, then he/she is relieved of his duties and one of the substitute members is appointed in his place.
6. The Report Controller informs the reporting person that his report has been accepted.
7. The investigation of the report is conducted.
8. The RMC informs the RC at regular intervals regarding the progress of the investigation, who must inform the reporting person no later than 3 months after receipt of the report, of the results of the investigation, even if the investigation has not yet been completed.
9. Upon completion of the investigation, the RMC informs the RC and he/she, in turn, the reporting person of the final results of the investigation.
11. Rights of reporting person and person concerned.
The reporting person has the right to be informed both, of the receipt of his report (at the latest within 7 working days) and of the outcome of the investigation (at the latest within 3 months).
The Company protects both, reporting person and person concerned. The investigation shall be conducted in full privacy and confidentiality at all stages of the procedure, as far as possible, to avoid defaming individuals.
The persons included in the reports, have the right to be informed immediately of the misconduct of which they are accused, of the persons who have access to the data contained in the report, and of their right to be provide their point of view. However, if there is a serious risk that such information could hamper the investigation of the case and the collection of the necessary evidence, the briefing of the persons included in the report may be postponed until this risk ceases to exist.
The identity of the reporting person shall remain confidential. Exceptionally, if the Report proves to be malicious, and if the person concerned so requests, he/she may be informed of the identity of the reporting person to exercise his/her legal rights. It is clarified that reports that are proven to be deliberately malicious will be further investigated at the discretion of the Company, both as regards to the motives and as to those involved, to restore order in any legal way and means.
12. Protection of Reporting Persons
The Company protects the reporting person who reports, in good faith, illegal or immoral behaviour. In this context, any kind of negative behaviour against anyone who has made a report is prohibited, even if the report turns out, following investigation, to be incorrect. The Reports Management Committee and Amvyx Management ensure that there will be no retaliation if anyone submits a report in good faith. More specifically, the Company declares that employees who have submitted a report will not suffer retaliation, harassment or marginalization, intimidation or threats and unfair treatment because of their report.
Also, unjustified changes in the employment relationship will not be permitted because of the report (e.g. dismissal, suspension, degradation or deprivation of promotion, reduction of salary, change of place of work, transfer, change of duties, change of working hours, etc.). In case of a malicious report, the above protection clause does not apply. The same level of protection applies to third parties associated with reporting persons who could suffer retaliation in a work-related context, such as colleagues or relatives of reporting persons.
In case the reporting person is an external partner, premature termination or cancellation of a contract for goods or services as a result of a report is not permitted.
Any act of retaliation should be immediately reported to the RMC, investigated, and resolved. If the investigation reveals that there has indeed been retaliation, disciplinary action will be imposed against the person in fault. The person accused of committing retaliation has the responsibility of proving that his actions are not related to the report made by the employee.
Should an employee decide to report an incident covered by this policy and in which event the employee himself/herself was involved, the fact that he/she ultimately decided to report it, will be considered in their favor in any other subsequent proceeding.
Should a signed and not anonymous report of an incident covered by this policy be submitted and following investigation it is proven that vital Company financial or other interests were protected as a result, the person who made the report will be rewarded in the most appropriate way.
13. Investigation of Reports
The Company undertakes to treat with due care any report, whether signed by name or anonymous. The Investigator and the Investigation Team, where necessary, investigate the incidents contained in the report as soon as possible. Where necessary and depending on the report, additional professional support may be requested from other company executives and/or external specialized consultants.
14. Confidentiality – Anonymity
The Company encourages employees and external parties to raise concerns about potential misconduct through existing reporting channels. It also undertakes to make every effort and take all appropriate measures to protect the identity of both the reporting person and the persons concerned and to handle the case in full privacy and confidentiality.
In any case, during the investigation of an incident, the identity of the reporting person shall not be disclosed to anyone other than the authorized persons competent to receive, monitor and investigate the reports, i.e. the members of the Reports Management Committee, the Investigating Officer, the Investigation Team including any qualified external advisors, who have been specifically requested to investigate the incident, unless the reporting person has given explicit consent or the report proves to be malicious.
15. Personnal Data
Any processing of personal data under this policy is conducted in accordance with the national and European legislation applicable to personal data as well as the Company’s personal data protection policy. The data of all parties involved are protected and processed solely in relation to each report and for the sole purpose of verifying the validity or not of the report and in order to investigate the specific incident.
Amvyx S.A. takes all necessary technical and organizational measures to protect personal data, in accordance with the Company’s personal data protection policy.
Sensitive personal data and other data, not directly related to the report are not taken into consideration and deleted. Access to the data contained in the reports can only be granted to those involved in the management and investigation of the incident, such as members of the RMC, the Investigator and the Investigation Team, including specialized external consultants.
Personal data and material obtained during the handling of the report shall be deleted within a reasonable period of time following the completion of the investigation initiated based on the report.
16. Corrective actions & disciplinary measures
Depending on the results of the investigation, the Reports Management Committee proposes corrective and/or disciplinary/legal actions. These actions may include (but are not limited to): (a) additional employee training, (b) establishment of new internal control points, (c) amendments to existing policies and/or procedures, (d) disciplinary actions including permanent removal/dismissal, or (e) legal action.
17. Provision of information
The Company ensures that all employees will be informed and trained on the content of this Policy and on any new revision.
External partners are committed to informing their staff accordingly. This will be done by highlighting this Whistleblowing policy and by additional material provided by the Company. Information and awareness actions will take place both internally and externally to establish a positive corporate reporting culture that will support the principles of integrity, honesty, and transparency.