In 2019, the European Parliament and the Εuropean Council issued the Directive (EU) 2019/1937 aiming at "the protection of persons reporting violations of Union law". The Directive aims to encourage and commit to the enforcement of Union law and policies in specific areas by establishing common minimum standards that will guarantee the protection of persons who report violations of Union law.
The Directive was incorporated into national legislation by law 4990/2022 (Official Gazette A 210/11.11.2022) (PDF).
The Whistleblowing Policy (hereinafter “Policy”) is an important safeguard for the recognition of risks, the detection and prevention of unfair practices, the discouraging or even cessation of any offending behavior and maintaining the trust of the interested parties, by allowing EWORX (hereinafter "Company") to intervene where deemed necessary.
This policy has immediate and universal effect and has been posted on the company's internal network to which all employees have access.
The purpose of this policy is to:
- Assure petitioners that they can raise genuine concerns without fear of retaliation.
- Enhance integrity, transparency, accountability and adopt appropriate corrective and/or punitive measures as well as protecting stakeholders and the company's interests.
Reports must be based on the honest and reasonable belief of the commission or possible commission of a criminal act or misdemeanor as defined by Law 4990/2022. Reporting of suspicious incidents or serious irregularities by the Company's stakeholders is encouraged.
Protection of Petitioners and Reported Persons
The Company emphasises the importance of "good faith" in reports. Protects those who make good faith reports or complaints from retaliation, discrimination, or adverse treatment. If the report is not confirmed, there will be no consequences for the petitioners. Furthermore, if the petitioner has participated in the act complained of, his contribution to the detection of the irregularity will be taken into account. Reported persons have the right to be informed of the charges against them, unless this impedes the investigation. In this case, the notification of the persons concerned by the report/complaint may be postponed until this risk ceases to exist.
How to Submit Complaints/Reports
The submission of reports is made exclusively in writing, by name or anonymously, in Greek or English.
The available channels for submitting written complaints/reports are the following:
- Email: firstname.lastname@example.org
- By post: Zan Moreas 66, 15231 Chalandri, marked CONFIDENTIAL, for the attention of the Report Receiving and Monitoring Officer (RRMO)
Report Receipt and Monitoring Officer (RRMO)
The company has appointed a Report Receipt and Monitoring Officer (RRMO) who is a member of the human resources department.
In this context, the RRMO aims to:
- Perform their duties with integrity, objectivity, impartiality, transparency and social responsibility.
- Respect and observe the rules of secrecy and confidentiality for matters of which they became aware during the exercise of their duties.
- Refrain from the management of specific cases, declaring an obstacle, if there is a conflict of interest.
- Provide appropriate information about the possibility of submitting a report within the institution and communicate the relevant information in a prominent place in the institution.
- Receive reports of violations falling within the scope hereof.
- Confirm the receipt of the report to the Petitioner within a period of seven (7) working days from the day of receipt.
- Take the necessary actions, in order for the competent bodies of the institution or the relevant institutions to deal with the report, or to end the procedure, by archiving the report, if it is incomprehensible or is submitted abusively or does not contain incidents that document a violation of EU law or there are no serious indications of such a violation and the notification of the relevant decision to the petitioner who, if he considers that it has not been dealt with effectively, may resubmit it to the National Transparency Authority (hereinafter NTA), which, as an external channel, exercises the powers of Article 12 of Law 4990/2022.
- Ensure the protection of the confidentiality of the identity of the Petitioner and any third party named in the report, preventing access to it by unauthorised persons.
- Follow up on reports and maintain communication with the Petitioner and, if required, request further information from them.
- Provide information to the Petitioner about the actions they undertake within a reasonable period of time, which does not exceed three (3) months from the acknowledgment of receipt, or if no acknowledgment has been sent to the Petitioner, three (3) months starting from after the first seven (7) working days from the submission of the report.
- Provide clear and easily accessible information on the procedures by which reports can be submitted to the NTA and to public bodies or institutions and other bodies or organisations of the European Union.
- Plan and coordinate training actions related to ethics and integrity, and to participate in drawing up internal policies to strengthen integrity and transparency in the company.
In the event that the RRMO performs other duties, it is ensured that the exercise of these duties does not affect their independence and does not lead to a conflict of interests in relation to the duties mentioned above.
Processing of Personal Data
Only the data that is necessary to investigate the validity of the report and settle it will be processed. Personal data, which is obviously not related to the handling of a specific report, or is excessive, not collected, or has been collected accidentally, is deleted without delay.
The personal data will initially be processed by the Data Controller (RRMO), as determined by this policy, subject to the specific laws that apply to the matter. This processing has the sole purpose of carrying out the procedures provided for in this policy. Therefore, for the effective management of submitted reports, as well as for full compliance with legal obligations and regulations, personal data will be processed, fully respecting the privacy, fundamental rights, freedom and dignity of the individuals involved.
The Company adopts all the necessary technical and organisational measures to ensure the protection of personal data.