215 215 4444 231 231 4444

Call

service

Polihome Logo
FAQ
Payment methods
Shipping methods
Return policy
Protection & security
Internal Reporting Policy
Terms and Conditions

Internal Reporting Policy

Internal Reporting & Complaints Policy (Law 4990/22)

POLICY FOR INTERNAL REPORTING & DISCLOSURE OF ILLEGAL CORPORATE ACTIONS (Law 4990/2022) & PROTECTION OF THE EMPLOYEE (WHISTLEBLOWER)

Thessaloniki, December 2023

INTRODUCTION

With Law 4990/2022 (Government Gazette A' 210/11.11.2022), the European Directive of October 23, 2019, on whistleblowing (EU) 2019/1937 was incorporated into Greek legislation.

Law 4990/2022 aims to ensure a comprehensive framework for the protection of persons reporting violations of EU law and sets specific regulatory compliance requirements for businesses.

The purpose of the law is to establish a system of internal and external reporting of violations, the protection of persons reporting such violations, the organization of the process of submission, receipt and monitoring of reports, and the sanctions imposed.

Specifically:

Persons who work in a public or private organization or who are in a professional relationship with such an entity in the context of their work activities are often those who identify existing or imminent violations of legal obligations by the organization itself or by part of its staff, which are harmful to the public interest. However, due to the fear of reprisals, reporting such violations is not a common phenomenon.

Law 4990/2022, with its provided protection, tries to change the situation and create significant benefits for compliant businesses.

DEFINITIONS OF CONCEPTS

For the implementation of this policy, the following definitions apply. If the definition of a concept is provided by national or EU legislation and covers the purposes of this policy or generally meets the requirements of compliance with provisions of mandatory law, then the legislative definition takes precedence.

(a) report (or complaint) is the provision, orally or in writing, of information or clear and reasonable assessments regarding actual or potential violations.

(b) inadmissible is a report that refers to a violation that does not fall within the scope of this policy or is not clear and specific or reasonable or is non-investigable or obviously excessive, and malicious is a report that is made in bad faith or with ulterior motives and aims at purposes unrelated to those sought and protected by the relevant provisions (e.g., blackmail of the company, causing moral or material harm to a colleague or external partner, indirect promotion of the interests of competitors or third parties, etc.).

(c) reporter is the natural (and not legal) person, related to or employed by the company (with any type of employment contract, e.g., indefinite or fixed-term, full-time or part-time, apprenticeship contract, seasonal staff, etc.) or a third party (such as a customer, supplier, subcontractor, external partner), who reports or discloses information about violations that they acquired in the context of or on the occasion of their work or cooperation. In particular, reporters, as protected persons who enjoy the protection provided by law, are especially employees (regardless of the type of employment or whether they are self-employed or consultants, shareholders, board members, executive and non-executive members), managers or supervisory bodies (and regardless of whether they are remunerated), shareholders, board members, any persons working under the supervision and instructions of contractors, subcontractors and suppliers, former or future employees, persons facilitating the provision of information (intermediaries) as well as third parties such as colleagues or relatives of reporters, customers, suppliers, partners, personal businesses or legal entities of the interests of the above, consumers.

(d) reported person is the natural or legal person against whom a complaint has been made and is named or indirectly identified in the report, to whom the violation is attributed or with whom the person concerned is related.

(e) retaliation is any direct or indirect act or omission of the company, which takes place in the work, collaborative, business, and customer context, due to the report (and not for an unrelated reason), and which causes or may cause unjustified damage to the reporter or put them at a disadvantageous or unfavorable position, such as, purely indicatively and not exhaustively, harassment (coercion, blackmail or marginalization), discriminatory treatment (e.g., deprivation of training), inappropriate and unjustified performance evaluation, demotion (or deprivation of promotion), salary reduction, unjustified changes in the employment relationship (e.g., change of duties, change of workplace or schedule), negative recommendation, imposition of disciplinary measures, termination of employment (dismissal) or cooperation, adverse comments and personality offense especially on social media.

(f) good faith is the state that creates in the reporter the reasonable belief that the information provided in their report is true, i.e., based on reasonable facts and/or circumstances that allow them to assume that their report is sufficiently documented.

(g) sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a natural person's sex life or sexual orientation.

(h) reporting channels are the channels through which reports are submitted and include the methods, ways, and means that the reporter can use to submit their report as well as the person or persons to whom they can address.

(i) person responsible for receiving and monitoring reports (PRMR) is the competent person for receiving, managing, investigating, and monitoring the report.

(j) report management committee (RMC) is the ad hoc committee which undertakes each time the management and investigation of the report.

SCOPE OF APPLICATION

Within the framework of this policy, persons working at PoliHome are obliged to report/disclose serious irregularities, violations, or criminal acts or serious indications that such acts are about to be committed, of which they become aware either due to or on the occasion of their duties, and concern any person related to the company or providing services to it, natural and/or legal. PoliHome encourages and urges any third party who has a relationship with the company to report any critical behavior and suspicious incidents of illegal behavior. All reports or disclosures are considered equally important and are subject to equal processing by the Data Protection Officer (PRMR) and the Company Management, regardless of their origin.

SUBJECT OF REPORTS

The cases that should be reported include especially the cases of Article 4 of Law 4990/2022 and Part I of its Annex (cases A to C) but also other cases aimed at protecting the rights of employees and third parties as well as the legitimate interests of the company (cases D to IA):

(A) violations of EU law in the areas of: aa) public procurement (e.g., contract award by ministries, hospitals, public entities, etc.), ab) financial services, products and markets (e.g., loans, venture capital, insurance contracts), ac) product safety and compliance with EU and national provisions and regulatory authorities' guidelines e.g., EOF, EFET, etc. (whether these are company products or products of third cooperating persons, e.g., safe raw materials and packaging, safe production methods), ad) transport safety (e.g., for the transport of POLIHOME personnel and products, road transport of common and dangerous goods and materials), ae) environmental protection (e.g., rules for the environment, climate, nature and biodiversity, for the environmental licensing of production units, for atmospheric, marine pollution and noise pollution and other environmental obligations, for chemical and biological products, the management of common and hazardous waste, destruction of products and packaging, etc.), af) protection from radiation and nuclear safety, ag) food and feed safety, as well as animal health and welfare, ah) public health (e.g., quality and safety specifications for medicines, medical devices and cosmetic products, correct application of the provisions on pharmacovigilance, materiovigilance and cosmetovigilance, timely procedures for voluntary or mandatory recall and withdrawal of batches, etc.), ai) consumer protection (e.g., exercise of consumer rights, product sales and warranty contracts, unfair commercial practices), aj) protection of privacy and personal data, as well as the security of network and information systems (e.g., correct application of GDPR rules, security of electronic communications, confidentiality and data protection),

(B) violations that harm the financial interests of the Union of Article 325 of the Treaty on the Functioning of the European Union (TFEU) and the specifically defined in the relevant EU measures, i.e., acts concerning fraud or any other illegal activity against the financial interests of the Union,

(C) violations related to the internal market, as defined in the TFEU, including violations of EU competition and state aid rules, as well as violations concerning the internal market regarding acts that violate corporate tax rules or arrangements, the purpose of which is to secure a tax advantage that defeats the object or purpose of the applicable corporate tax legislation.

(D) acts involving elements of theft, embezzlement, misuse of corporate resources, fraud, forgery or corruption,

(E) acts that harm the purpose and reputation of the company or that violate its ethical and deontological rules, as these may be reflected in the relevant codes,

(F) acts that conflict with the legitimate interests of the company and serious violations of its policies and procedures,

(G) acts that endanger the health and safety of staff, partners, customers and users of products (e.g., dangerous staff behavior, omissions of indicated or expected security measures).

(H) acts harmful to the environment that may not be included in the scope of Law 4990/2022.

(I) acts, behaviors, practices or threats thereof that constitute any kind of violence and all kinds of harassment (e.g., sexual, racial, religious, gender identity), within the meaning of the provisions of Articles 4 of Law 4808/2021, 2 of Law 3896/2010 and 2 of Law 4443/2016, i.e., acts that aim, lead or may lead to physical, psychological, sexual or economic harm (manifested individually or repeatedly), that have the purpose or effect of violating the dignity of the person and creating an intimidating, hostile, degrading, humiliating or aggressive environment (regardless of whether they constitute discrimination based on gender, sexual orientation, expression, identity or gender characteristics of the person or discrimination of another reason), other acts of violence as well as abuse of power, when these behaviors take place especially: (a) in the workplace, including public and private spaces and places where the employee provides work, receives remuneration, takes a break, in areas of personal hygiene and care, changing rooms or accommodations, (b) in commuting to and from work, other movements, travels, education, as well as events and social activities related to work and (c) in work-related communications, including those made through information and communication technologies.

(IA) acts that are illegal or irregular of any other nature or well-founded suspicions of such acts, which the reporter judges that due to their importance or due to significant consequences for the legitimate interests of the company, employees and third parties, should be investigated.

This policy protects the disclosure (report/complaint) of reprehensible behaviors of the above categories that occurred in the past, are ongoing or may occur in the future. The time distance from the event generally does not deprive the report of its value, nor does it weaken the principles and the protection provided to the reporter. It is noted that customer complaints regarding the quality of POLIHOME products and services and vigilance issues are subject to management by the competent departments and do not fall within the scope of this policy.

GENERAL PRINCIPLES

ANONYMITY: A central and integral principle of the policy is the protection of anonymity and confidentiality of the personal data of each reporter. This is done in order not to disturb the legitimate interests and fair expectations of the reporter. In this context, the aim is to ensure an environment of trust and security for this data, in order to encourage individuals to submit their reports on illegal acts or serious offenses in good faith and with a cooperative spirit.

It should be noted, however, that disclosure of the identity of the reporter (and any other information) may be mandatory, especially in case of investigation by the competent public and prosecutorial authorities, in accordance with European or national law, as well as in the context of administrative or judicial procedures and investigations. This disclosure may be necessary to serve the purposes of Law 4990/2022 or to safeguard the defense rights of the person, depending on the circumstances. It is noted, however, that in case of disclosure, the reporter will be specifically informed in writing in advance, unless such information is prohibited or undermines investigations or judicial proceedings.

SELFLESSNESS: Due to the basic philosophy of the intra-company self-control procedure and the protection of the anonymity of the reporter, no report can cause the reporter financial or other considerations, rewards or special privileges, such as promotion or favorable treatment. This principle can be violated only in exceptional cases, when the report concerns an important issue for corporate life that could not be revealed otherwise. In this case and only if the reporter requests it in writing, a moral distinction may be granted. However, this presupposes a positive proposal from the Data Protection Officer (PRMR) and a decision of the Board of Directors (BoD) of the company.

LENIENCY: In the event that the reporter participated in the incident and bears part of the responsibility, they are not exempt from the consequences and their responsibilities. However, their report and contribution to the identification and investigation of illegal acts will be taken into account in their favor. This will be perceived as a genuine effort of repentance, at least regarding the claims of the company against those responsible and the judicial approach of the company.

EQUALITY: All reports are initially subject to equal processing by the PRMR and the Company Management, regardless of origin or the reported act; any hierarchization of them in a second stage may be based on the gravity of the act (especially if it has great criminal unworthiness), the serious violation of individual rights, the corporate reputation and financial protection of the company and any necessary immediate security measures that must be taken.

TRANSPARENCY: The reporting procedure also aims to enhance the transparency of corporate action and strengthen the regulatory compliance of the company.

PROTECTION: The good faith reporter is not subject to retaliation, regardless of the validity or outcome of their report, and is protected from any reactions of the reported individuals. However, if the reporter acted maliciously or with the aim of causing harm or illegal impact on the rights of the unjustly accused or third parties, then the rights of the latter are protected.

PERSON RESPONSIBLE FOR RECEIVING & MONITORING REPORTS

The Person Responsible for Receiving and Monitoring Reports (PRMR) may be an employee of the company or a third person, who is not subject to rules provided by law. The capacity of a member of the Board of Directors or the legal advisor of the company is not considered incompatible for the position of PRMR. If the PRMR also performs other duties or holds another position in the company, the performance of these duties should not affect their independence and should not cause a conflict of interest regarding their duties as PRMR. A conflict of interest arises when there is any situation that objectively affects the impartial performance of their duties. This happens, especially, when economic or other benefit or harm arises for them and their family members (spouse, partner, relatives in line or in depth, as well as persons with special bonds, enmity or friendship).

The PRMR is appointed by decision of the legal representative of the company, with a term of one calendar year, which can be terminated for serious reason. The term will be automatically renewed, without the need for a new appointment decision, unless the PRMR resigns or a serious reason arises for its termination, which can be done at any time. The details of the PRMR (full name, mobile phone, postal address and email) and the address of the web application (url) are announced to all employees via corporate electronic message and any other appropriate means (printed information, posting on the bulletin board) and are posted on the official site of the company, along with this policy, so that they are accessible to every interested party.

The PRMR performs their duties with integrity, objectivity, impartiality, transparency and social responsibility, respecting the rules of confidentiality and confidentiality for matters of which they become aware in the performance of their duties. They are obliged to abstain from the management of specific cases, declaring their impediment to the company's management, if there is a case of conflict of interest. The PRMR has the following responsibilities: (a) provides appropriate information regarding the possibility of submitting a report and communicates the relevant information in a prominent place, (b) receives reports falling within the scope of this policy (c) confirms the receipt of the report to the reporter within a period of seven (7) working days from the day of receipt, (d) takes the necessary actions in order for the competent bodies to address the report or concludes the procedure, by filing the report, if it is incomprehensible and incapable of assessment or is submitted maliciously or abusively or does not contain facts which substantiate a violation of EU law or there are no serious indications for such a violation and notifies the reporter of the relevant decision, who, if they consider that it was not effectively addressed, may resubmit it to the National Transparency Authority, (e) ensures the protection of the confidentiality of the identity of the reporter and any third party named in the report, preventing access to it by unauthorized persons, (f) monitors the report and maintains communication with the reporter and, if required, requests further information from them, (g) provides information to the reporter about the actions taken within a reasonable period of time, which does not exceed three (3) months from the confirmation of receipt, or if no confirmation has been sent to the reporter, three (3) months from the end of the seven (7) working days from the submission of the report, (h) provides clear and easily accessible information on the procedures under which reports can be submitted to the National Transparency Authority and, where appropriate, to public bodies or institutional and other bodies or organizations of the European Union, and (i) designs and coordinates training actions on ethics and integrity, participates in the formulation of internal policies to enhance integrity and transparency in the company.

REPORT SUBMISSION PROCEDURE

Any interested party can submit the report to the Person Responsible for Receiving and Monitoring Reports (PRMR) in 4 ways:

  • By phone
  • In writing by letter
  • Via email
  • Via an anonymous web application provided by the company

Upon a reasoned request of the reporter, the report may also be submitted through a personal meeting with the PRMR, at a location outside the company, within a reasonable time from the submission of the relevant request. The reporter is entitled, at their absolute choice and regardless of the method of submission, to report anonymously or by name (without, however, losing the protection of the confidentiality of their data). Every report, in case of doubt, will be considered anonymous.

TELEPHONE COMMUNICATION: In order not to leave suspicions of leaks and for the maximum protection of the reporter's right to anonymity, the telephone communication of the reporter with the PRMR and vice versa (of the PRMR with the reporter), must always be made from a non-corporate telephone (concerns the employees of the company who have such a provision), so that the company does not have, even potentially, access to the external data (caller's phone number, date of call, duration of call) of the telephone communication.

LETTER: The reporter can send by mail to the PRMR, at an extra-company address controlled by the latter, a letter with the additional indication on the envelope: "CONFIDENTIAL REPORT TO PRMR POLIHOME".

WEB APPLICATION: The reporter can report through a relevant electronic application provided at a specific electronic address (url), the operation of which is maintained by POLIHOME, without, however, having access to its content, by filling in the relevant fields.

REPORT CONTENT

The violation report must be submitted honestly and immediately, as soon as it is identified by the reporter. Although the report can be anonymous, the submission of a named (always confidential) report allows for further communication and provision of more information, if deemed necessary. Absolute certainty about the illegal behavior is not required for the submission of the report. It is sufficient to have a well-founded and justified suspicion, suspicion or concern, as would be estimated by a prudent and sensible person. However, the report must be clear, categorical and provide as much information and details as possible for easier investigation. The content of the report should at least include the details of the person (or persons) who may have committed the violation, the date or time period and place of the incident, the type of violation (according to the reporter's judgment) and a description as detailed as possible. Personal data and general information not related to the incident and not beneficial to the investigation should be omitted, unless the PRMR considers them necessary.

REPORT MANAGEMENT PROCEDURE

Reports will be examined with due diligence, impartial judgment and objectivity. Upon receipt of the report, the PRMR immediately informs the legal representative of the company and a three-member ad hoc Report Management Committee is established, consisting of a managerial executive (preferably related to the department where the violation is identified), the PRMR and a member (even external) appointed by the CEO. It is understood that a person named in the report, either as a perpetrator, or as an accomplice, or as a witness, does not participate in the RMC. The PRMR may maintain communication with the reporter throughout the investigation, ask for clarifications or additional information or their assistance. The RMC examines the reported incidents with discretion and confidentiality, without becoming aware of the identity of the reporter. Third-party access to the report details is limited, i.e., the report and the critical facts it presents are disclosed to the required extent and only to the persons deemed necessary for the conduct of the investigation, who are previously bound, and by their duties, to observe the rules of confidentiality and confidentiality. The participants in any way in the investigation (other employees who are called to contribute due to their position, duties and knowledge) must cooperate harmoniously and substantially in order to resolve the reported incident. Upon completion of the investigation, the RMC makes a recommendation to the company's management, in order to close the case (if it is judged that the report is substantially unfounded) or to take the appropriate internal corrective measures or to take legal action towards the competent authorities. The measures may include (indicatively and not restrictively):

  • additional training of employees and partners,
  • establishment of new internal control safeguards,
  • modifications to existing policies and procedures,
  • disciplinary sanctions including permanent removal/dismissal,
  • judicial actions

REGISTER OF REPORTS

The PRMR maintains a confidential register of submitted reports and a file with the relevant documents, which they hand over to the next appointed PRMR. Other persons do not have access to the register, except for the competent administrative and judicial authorities, unless there is a serious reason for declassifying a case (e.g., for reasons of protection of third party rights), and only for the data that are necessary and sufficient for the remedy of the specific reason. The register and the relevant file are kept for five (5) years, if there are no other legal reasons for their maintenance and in accordance with the other policies of the company. In any case, reports are stored for a reasonable and necessary period of time, in order to be retrievable and to meet the requirements of the law and in any case until the completion of any investigation or judicial procedure that has started as a consequence of the report against the reported person, the reporter or third parties.

PERSONAL DATA

Any processing of personal data related to this policy, including exchange or transmission by the competent authorities, is carried out in accordance with national and European personal data protection legislation including any specific legislative provisions and POLIHOME's personal data protection policy, which must take all necessary technical and organizational measures for their protection. The personal data of those involved are protected and are processed exclusively and only in relation to the respective report and with the sole purpose of verifying the validity or not of the report and investigating the specific incident, i.e., within the framework of the application of the provisions of Law 4990/2022. Personal data that are not directly related to the report or are excessive are not collected or if they have been collected accidentally, they are deleted without delay. Sensitive personal data are not taken into account and are deleted immediately, unless their processing is absolutely necessary with the subject of the report and the investigation. Access to the data included in the reports (except of course the identity of the reporter) can only be granted to those involved in the management and investigation of the incident. The company, as the controller and by way of derogation from the relevant provisions of the General Data Protection Regulation, does not provide information on the processing of personal data to the reported person and to any third person in their capacity as a data subject, who is named in the report or the personal data that emerged during its investigation, for as long as required and if deemed necessary for the purpose of preventing and dealing with attempts to impede the report, obstruct, thwart or delay the investigation or the measures taken as well as for the protection of those involved against retaliation.

CRIMINAL PENALTIES

The law provides for a prison sentence and a fine for persons who:

  • a) impede or attempt to impede the submission of a report
  • b) take retaliatory measures or initiate malicious procedures against reporters
  • c) violate the obligation to maintain the confidential nature of the identity of reporters.

Persons who knowingly made false reports or false public disclosures are punished with a prison sentence of at least 2 years and a fine. If any of the violations was committed for the benefit or on behalf of a legal person, an administrative fine is imposed on it, the amount of which cannot be less than ten thousand (10,000) euros and more than five hundred thousand (500,000) euros.

INFORMATION

The PRMR ensures that all employees of the company are informed about the content of this policy. The information is provided through the sending of informational material, email, newsletters or in another appropriate way depending on the category of employees. This policy is accessible to any third party on the official website of the company. The possibility of submitting reports will be easily identifiable (platform, telephone, email address, etc.) and the submission procedure will be easy to use, providing simple and easy instructions to potential reporters.

MODIFICATIONS - REVISIONS

This policy is subject to continuous evaluation of its functionality (especially after each valid report) and, if deemed necessary, will be adapted to the requirements of new conditions, will be modified, updated and revised, in order to continuously improve its efficiency and effectiveness.

The Person Responsible for Receiving and Monitoring Reports (PRMR) appointed is the company employee Ms. Nikolaki Niki and you can contact her and submit your report in the following ways:

  • By phone at 2312314444 with extension 302
  • By letter, to the address: Ionias 5, 57009, Kalochori - Thessaloniki with the indication on the envelope "CONFIDENTIAL REPORT TO PRMR POLIHOME"
  • By email to the email address [email protected] with the subject line "CONFIDENTIAL REPORT TO PRMR POLIHOME".
  • Via web application at the electronic address: https://forms.gle/7fq32rqdLTmhhq3y9