Introduction

 

GEA – GRAMMO, HERATO, APOLLON operates according to the rules of professional ethics, integrity, transparency and ethics. At the same time, it creates and implements policies in order to comply with the current legislative and regulatory framework.

With this Reporting Policy, the Company complies with Directive (EU) 2019/1937, on the protection of persons reporting violations of EU law, and National Law 4990/2022. The Petitions Policy aims to establish an internal system for reporting violations of EU law rules, to protect persons reporting such violations and to organise the procedure for submission, receipt and follow-up of reports.

The company has zero tolerance for actions that may disrupt its healthy working environment, harm it and jeopardize its reputation and credibility. It encourages reporting as soon as it is noticed. All reports are taken seriously and investigated with full objectivity and independence. The Company ensures that those who make reports are protected from retaliation and that the personal data of all parties involved is protected by applying the necessary technical and organisational security measures.

 

 

Definitions

 

1. “Report.”

providing information, orally or in writing or through an electronic platform, about violations of this Agreement.

α) “Internal reporting” means the provision of information on violations, either orally or in writing or through an electronic platform, to the Reporting and Monitoring Officer (RRO) of a public or private sector legal entity.

(b) “External reporting” means the provision of information on violations to the National Transparency Authority (NTA) orally or in writing or through an electronic platform.

2. “Referenced.”

a natural or legal person who is named in the internal or external report or public disclosure as the person to whom the breach is attributed or who is associated with the person to whom the breach attributed falls within the scope of this Regulation.

3. “Petitioner.”

a natural person who makes an internal or external report or public disclosure by providing information on violations obtained in the course of his or her employment.

4. “Retaliation:

any direct or indirect act or omission, occurring within the employment context, which causes or is likely to cause unjustified harm to the reporting party, or which places the reporting party at a disadvantage, and which is connected with an internal or external report or public disclosure.

5. Valid reasons:

the reasonable belief of a person with similar knowledge, training and experience as the reporting person that the information provided is true and constitutes a breach of Union law falling within the scope of this Regulation.

6. Public disclosure:

making information directly available to the public about violations.

7. Ombudsman:

a natural person who assists the reporter in the reporting process within the working context, whose assistance must be confidential.

8. Monitoring actions:

any action taken by the recipient of the report or any authority or body to which the report is referred by virtue of its competence to assess the accuracy of the allegations contained in the report and to address the reported breach, such as an internal investigation, inquiry, prosecution, action to recover funds or closure of the procedure.

9. Update:

providing information to the petitioners on the measures planned to be taken or already taken in the context of monitoring and the reasons for this.

10. Working context:

current, past or prospective employment activities in the public or private sector, regardless of the nature of those activities, through which persons obtain information about violations and in the context of which such persons are likely to be retaliated against if they report them.

11. Violations:

acts or omissions which are unlawful under Union law or contrary to the object or purpose of the rules of Union law falling within the material scope of this Regulation.

12. Information about violations:

information, including reasonable suspicion, about violations that have been committed or are likely to be committed in the organisation in which the reporting person is employed, has been employed or is about to be employed or is in negotiations to be employed, or in other organisations with which the reporting person has had contact through or in connection with his or her work, as well as information about attempts to conceal violations.

13. External partners:

Third parties contractually linked to the Company and their personnel, namely consultants, subcontractors, contractors, suppliers, partners of all kinds, shareholders, etc.

14. Receiving and Monitoring Officer for Reports or H.P.R.A.:

The person who receives and monitors the progress of the reports.

15. Committee for the Management of Petitions (CMP):

The committee which is responsible for managing and investigating the reports.

16. Employee:

The person who is contracted with the company under a fixed-term or indefinite employment contract or the person who is connected to the company under another employment relationship or the person who is a seasonal employee or the person who is employed as an intern by the company.

17. Reporting channels:

The channels through which reports are submitted and include the means used to submit reports and the persons to whom the reporting parties can be addressed.

18. Malicious Report:

A Report made with the Petitioner’s knowledge that it is not true.

19. Good faith:

The situation which gives the Petitioner the reasonable belief that he or she has a reasonable basis for believing that the information provided is true.

20. Platform:

The specially designed online platform that is accessible online via computer or mobile device.

 

Scope – Petitioners

 

Reports under this Policy may be made by anyone who has obtained, in the course of their work, information about Breaches (the “Reporting Parties”), specifically:

a) employees, regardless of whether their employment is full-time or part-time, permanent or seasonal, or whether they are seconded from another institution,

(b) non-employed persons, self-employed persons or consultants or home workers,

(c) the shareholders and persons who are members of the Company’s administrative, management or supervisory body, including any non-executive members as well as volunteers and paid or unpaid interns,

(d) any persons working under the supervision and instructions of contractors, subcontractors and suppliers,

e) persons whose employment relationship has ended, including retirement, and job applicants.

 

 

Scope – Types of infringements

 

Reports of this policy are acceptable when they relate to the following types of misconduct – violations. Any person belonging to the “Reporting Scope” who becomes aware of any misconduct or violation within the Company for the following types of violations should immediately make a Report.

1. Public procurement.
2. Money laundering from illegal activities.
3. Financing of terrorism.
4. Financial services, products and markets.
5. Product safety and compliance.
6. Transport safety.
7. Protection of the environment.
8. Radiation and nuclear safety.
9. Food and feed safety/animal health and welfare.
10. Public health.
11. Consumer protection.
12. Protection of privacy and personal data.
13. Network and information systems security.
14. Economic interests of the European Union.
15. Competition and State aid.
16. Violation of rules, company tax or arrangements.
17. Bribery and influence peddling
18. Other serious issues.

The Petitions Policy does not cover:

1. Disagreements on matters concerning policies and decisions of the administration.
2. Personal issues and disagreements with colleagues or supervisors.
3. Personal employment issues that fall under the responsibility of HR.
4. Rumors.

 

 

Reporting channels

 

The Company establishes easily accessible reporting channels, encourages the reporting of incidents falling within the scope of this Policy and guarantees that all reports received are treated confidentially. The report may be submitted anonymously or anonymously. By submitting an anonymous report, the personal details of the reporting party may be disclosed to the reporting party, if requested by the reporting party, subject to the terms and conditions of the applicable personal data legislation. If the petitioner does not wish to submit the report anonymously, he/she shall have the option to submit the report anonymously.

The ways of submitting reports are as follows:

• Through the online platform for the submission of reports which meets all security requirements:
• Information systems.
• Personal data.
• The confidentiality or anonymity of the petitioner if he/she so chooses.

It also provides the ability to track the status of the report from the beginning of the report to its completion. Access to the online platform is available on the Company’s website and we encourage petitioners to use it as it is the most comprehensive and secure means of managing reports.

• In writing, by registered mail by sending an e-mail to:whistleblowing@hellecon.com
• In writing, by name or anonymously, by sending a postal letter to the Company’s P.P.O. at 26 Smyrna Street, N. Philadelphia, P.O. Box 14341, marked “personal and confidential”. The letter should also indicate the company for which the reference is made.
• Orally, by telephone at 214 4069004 or by personal meeting with the H.P.P.A. upon request of the petitioner.

Regardless of the reporting channel, all reports are received and managed by the H.P.R.A. who is also responsible for communicating with the reporter.

 

 

Guidelines for Reporting

 

The following are general guidelines and instructions for reporting:

1. Reporting the misconduct should be done in good faith and without delay, as soon as it becomes apparent.
2. The Report should be clear, defined and contain as much information and detail as possible to facilitate its investigation.
3. The Report should include the name of the person (or persons) who may have committed misconduct, the date/time period and place where the incident took place, the type of misconduct and as detailed a description as possible.
4. Special category personal data and other sensitive information not related to the incident should not be included in the Report.
5. The Petitioner need not be absolutely certain of the validity of his/her Petition. He should also not take illegal actions that may endanger himself, the company or a third party in order to seek and collect more evidence to support his Report.
6. The Petitioner should be available, either confidentially or anonymously through the online reporting platform, to provide further information if requested.

 

 

Responsibilities of the person responsible for the receipt of petitions (PIO)

 

The Receiving Officer has the following responsibilities:

1. It shall provide appropriate information on the possibility of reporting within the organisation and shall communicate this information in a prominent place within the organisation.
2. It shall receive reports of violations falling within the scope of this Regulation.
3. Acknowledge receipt of the report to the petitioner within seven (7) working days from the date of receipt.
4. Takes the necessary steps to ensure that the report is dealt with by the Petitions Management Committee (PMC).) , or terminate the procedure by closing the file if it is incomprehensible or improperly submitted or does not contain facts constituting a breach of Union law or if there are no serious indications of such a breach and notifying the decision to the petitioner who, if he considers that it has not been dealt with effectively, may re-submit it to the National Transparency Authority (NSA), which, acting as an external reporting channel
5. Ensure the confidentiality of the identity of the reporter and any third party named in the report by preventing access to it by unauthorised persons.
6. It monitors reports and maintains contact with the petitioner and, if necessary, requests further information from the petitioner.
7. Provide information to the petitioner on the actions taken within a reasonable period of time, which shall not exceed three (3) months from the acknowledgement of receipt, or if no acknowledgement has been sent to the petitioner, three (3) months from the expiry of seven (7) working days from the submission of the report.
8. It provides clear and easily accessible information on the procedures under which reports may be submitted to the National Transparency Authority and, where appropriate, to public bodies or institutions or other bodies or agencies of the European Union.
9. Plans and coordinates training activities on ethics and integrity, participates in the development of internal policies to strengthen integrity and transparency in the organisation.

THE H.P.A.:

1. It shall carry out its duties with integrity, objectivity, impartiality, transparency and social responsibility.
2. Respect and observe the rules of confidentiality and secrecy on matters of which he/she becomes aware in the performance of his/her duties.
3. He/she shall abstain from managing certain cases, declaring a disqualification where there is a conflict of interest.

The Company shall ensure that if the CIO performs other duties, that the performance of such duties does not affect their independence and does not lead to a conflict of interest in relation to their duties.

 

Competences of the Management Committee for Petitions of the EDPS

 

The management of the reports submitted through the Reporting Channels is carried out by the NCA, in accordance with the Reporting Management Procedure which has the following responsibilities:

• Review the admissibility of reports that come to its attention from all the Company’s established reporting channels.
• Evaluate the reports.
• Communicates with the Ministry for the exchange of necessary information.
• It shall take all appropriate measures to protect the personal data of the subjects involved in the reports and shall ensure their erasure in accordance with the time limits laid down.
• Oversee the Internal Investigation Process for accepted Petitions.
• It shall keep a Central Register of Reports.

 

 

Appointment of members of the IACC.

 

The following are appointed as members of the EDA:

1. Full members, who shall be responsible for the management of all reports, except in the case of alternate members.

• General Manager
• Legal Advisor
• Chief Financial Officer

2. Alternate members, who take over their duties in the event that one or more members are relieved of their duties because they are allegedly involved in the report under consideration.

• Lawyer
• Commercial Director

 

Petition Management Procedure

 

The reporting process is described in the steps below:

1. The petitioner submits the report to one of the reporting channels.
2. The H.P.A. receives the report and confirms to the petitioner the receipt of the report within 7 days.
3. The M.P.P.A. assesses the report whether it falls within the scope of the Act and forwards it to the N.D.A.
4. If it does not fall within the scope of the Law, it informs the E.D.A. and if there is no different assessment by the E.D.A., it completes the procedure and informs the petitioner.
5. If it falls within the scope of the Act, it forwards the report to the NCA which manages the investigation of the report within the organisation. If the reporter is a member of the NCA then he/she is relieved of his/her duties and one of the alternate members is appointed in his/her place.
6. The HRH informs the petitioner that his petition has been accepted.
7. The investigation of the report is carried out.
8. The Hellenic Republic informs the Hellenic Ministry of Public Prosecutions at regular intervals on the progress of the investigations, which must inform the petitioner no later than 3 months after receipt of the report of the results of the investigation, even if the investigation has not yet been completed.
9. Upon completion of the investigation, the NCA informs the H.P.A. and the H.P.A. in turn informs the petitioner of the final results of the investigation.

 

Rights of the Petitioner and the Petitioner

 

The Petitioner has the right to be informed both of the receipt of his/her Petition (within 7 working days at the latest) and of the outcome of the investigation (within 3 months at the latest).

The Company protects both the individuals who submit a Report and the reporting parties. The investigation shall be carried out in complete confidentiality and with respect for confidentiality at every stage of the process, as far as possible, in order to avoid stigmatization of individuals.

Individuals included in reports have the right to be informed promptly of the misconduct for which they are accused, of the persons who have access to the data contained in the report or the report and of the right to be called to account. However, where there is a serious risk that the above information could impede the investigation of the case and the collection of the necessary evidence, the information of the persons included in the Report may be postponed until such risk has ceased to exist.

The identity of the Petitioner shall remain confidential. Exceptionally, if the Report is found to be malicious, and if the complainant so requests, he/she may be informed of the identity of the Petitioner in order to exercise his/her legal rights. It is clarified that Reports which are proven to be patently malicious will be further investigated at the Company’s discretion both as to the motives and the parties involved in order to restore order by all lawful means and methods.

 

Protection of Interests

 

The Company protects the reporter who reports, in good faith, illegal or unethical conduct. In this context, any kind of negative behaviour against anyone who has made a Report is prohibited, even if the Report is proven to be incorrect as a result. The Petition Management Committee and the Management shall ensure that there is no retaliation in the event that anyone in good faith makes a Petition. More specifically, the Company commits that employees who have submitted a Report will not suffer retaliation, harassment or marginalization, intimidation or threats and unfair treatment as a result of their Report.

Also, unjustified changes in the employment relationship as a result of the Report (e.g. dismissal, suspension, demotion or deprivation of promotion, reduction of salary, change of workplace, relocation, diversification of duties, change of working hours, etc.) are not allowed. In case of malicious Reporting the above protection does not exist.

The same level of protection applies to third parties connected to the petitioners who could be retaliated against in a work context, such as colleagues or relatives of the petitioners.

If the Petitioner is an external partner, early termination or cancellation of a contract for goods or services as a result of the Petition is not allowed.

Any retaliatory action should be reported directly to, investigated and resolved by the NCA. If the investigation reveals that retaliation has indeed occurred, disciplinary action will be taken against the perpetrator. The person accused of committing the retaliation has the burden of proving that his/her actions are not related to the Report made by the employee.

In the event that an employee decides to make a Report regarding an incident covered by this policy in which he/she was previously involved, the fact that he/she eventually reported it will be taken into account in his/her favour in any other subsequent proceedings.

If the Report is made by name and after investigation it is proven that thanks to it the Company has protected its vital financial or other interests, the person who made the Report may be rewarded in the most appropriate way possible.

 

Investigating Reference

 

The Company undertakes that it will treat with due diligence any Report, whether named or anonymous. The Investigation Manager and the Investigation Team, where appropriate, shall investigate the incidents contained in the Report as soon as possible. Where necessary and depending on the scope of the Report, additional professional support may be obtained from other company executives as well as from external specialized consultants.

 

Confidentiality Anonymity

 

The Company encourages employees and external partners to raise concerns about potential misconduct through existing reporting channels. It also undertakes that it will make every effort and take every reasonable measure to protect the identity of both the Petitioner and the individuals included in the reports and to handle the case with complete confidentiality and discretion.

In any case, when investigating an incident, the identity of the Reporting Party shall not be disclosed to anyone other than the authorised persons responsible for receiving, monitoring and investigating the reports, i.e. other than the members of the Report Management Committee, the Investigator, the Investigation Manager, the Investigation Team including any qualified external consultants, who have been specifically called upon to investigate the incident, unless the Reporting Party has given express consent or the Report is found to be malicious.

Anonymity is achieved through the use of appropriate technical and organisational measures and in particular through the reporting platform where the possibility of submitting either an anonymous or anonymous Report is provided. The Platform, , supports anonymous reporting, two-way communication and meets high security standards.

 

Privacy

 

Any processing of personal data under this policy is carried out in accordance with the national and European legislation applicable to personal data and the Company’s privacy policy. The data of all parties involved are protected and processed solely in relation to the Report and only for the sole purpose of verifying the validity or otherwise of the Report and investigating the specific incident.

The Company takes all necessary technical and organizational measures for the protection of personal data, in accordance with the Company’s privacy policy.

Sensitive personal data and other data not directly related to the Report are not taken into account and are deleted.

Only those involved in the management and investigation of the incident, such as members of the Report Management Committee, the Investigation Manager and the Investigation Team, including specialist external consultants, can access the data contained in the reports.

The personal data and material obtained during the management of the report will be deleted within a reasonable period of time after the completion of the investigation initiated on the basis of the report.

 

Corrective and disciplinary actions

 

Depending on the results of the investigation, the Petition Management Committee proposes corrective or disciplinary/legal actions. These actions may include (but are not limited to): (a) additional employee training, (b) establishing new internal controls, (c) modifications to existing policies and/or procedures, (d) disciplinary sanctions including permanent removal/firing, or (e) and legal action.

 

Information and training

 

The Company will ensure that all employees will be informed and trained on the content of this Policy and on any new revision of the Policy.

The external partners undertake to inform their staff accordingly. This will be done mainly by highlighting this reporting policy and complemented by the provision of materials to be provided by the Company.

Information and awareness-raising activities will be ongoing, both internally and externally, in order to establish a positive corporate culture for reporting, which will support the principles of integrity, honesty and transparency.

 

 

REPORTING CONVENIENCE