info@mallionda.gr +30 210 8050 055 Mon - Fri: 9.00 - 17.00
facebooklinkedintwitterYoutube

Report Management Policy

HOME / Report Management Policy

1.Law 4990/2022, particularly Article 4, addresses violations in critical EU law areas such as public procurement, financial services, product and market regulation, anti-money laundering, terrorist financing, product safety, transport security, environmental protection, radiation safety, food and feed safety, animal health, public health, consumer protection, privacy, personal data protection, and network and information systems security. It also covers breaches that impact the financial interests of the European Union and those related to the internal market, including competition and state aid rules, and corporate taxation regulations.

The law aims to protect:

1. Employees, whether full-time, part-time, permanent, seasonal, or temporary,

2. Self-employed individuals, consultants, and home-based workers,

3. Shareholders, administrative, management, supervisory body members, volunteers, and interns, regardless of remuneration,

4. Employees of contractors, subcontractors, and suppliers,

5. Former employees, including retirees, and prospective employees.

Additionally, it extends protection to third parties, legal entities, and individuals associated with the aforementioned groups who may face retaliation in the workplace, such as colleagues or relatives of whistleblowers.

2.The purpose of this Policy is to enable all employees and third parties, whether legal entities or individuals, to report significant irregularities, bad practices, or suspicions thereof, particularly relating to any of the following:

• Violations of laws and regulations concerning accounting, auditing, banking, financial crime, or anti-bribery laws, such as the misappropriation of assets of MALLIONTA ATE (hereafter referred to as the Company) or its clients;

• Breaches of public contracts, the Union's competition rules, and acts contravening corporate taxation regulations;

• Infringements in the realms of privacy, personal data protection, and the security of network and information systems;

• Grave irregularities affecting the Company's essential interests, personal data protection, or the life and/or health of individuals, including environmental crimes or non-adherence to health and safety regulations;

• Severe instances of discrimination or harassment, whether verbal or physical, based on nationality, religion, sexual orientation, or other grounds;

• Breach of the Company's Code of Conduct, any Company Policy, or laws and regulations applicable to the Company or our personnel;

• Actions that could be classified as fraud and/or corruption;

• Breaches of prevailing anti-money laundering laws, such as non-compliance with customer due diligence measures or reporting obligations.

3. Reports should be filed based on an honest and reasonable belief that a criminal act or offense has occurred or is imminent. Employees, customers, and suppliers of the Company are urged to report any criminal acts, suspected illegal activities, mismanagement, or significant irregularities or lapses concerning the Company's regulations, policies, and procedures.

4. Our Company pledges to safeguard those who have filed a Report in good faith, that is, without misusing the Report Management Policy, from any form of retaliation. Nonetheless, deliberately submitting false or malicious reports or misusing the Reporting Management Policy could result in actions being taken against the individual, in line with the stipulations of Law 4990/2022.

5. The Company:

a. It encourages anyone who wants to share his/her suspicions about the violations according to Law 4990/2022, b. Guarantees that all Reports received will be treated confidentially,

c. It undertakes to keep the identity of the Reporter confidential throughout the process, unless its disclosure is deemed necessary for the effective investigation of the case (eg in the context of any judicial or legal process). For this purpose, the company has appointed a Report Receipt and Follow-up Officer (YPPA) in accordance with Law 4990/2022, to whom the individual reporter has the opportunity to submit his Report either verbally, or in writing, even electronically, as in particular there is the relevant information from the YPPA appointed each time, which will be communicated to all employees of the Company.

6. The Report must be documented and thorough, so as to provide the necessary and appropriate data to carry out an effective control of the validity of the reported facts. It is particularly important that the Report contains:

• the detailed description of the events that occurred and how they became known to the petitioner

• the date and place in which the event occurred

• the names and jobs of the persons involved or information that can allow their identification

• the names of any other persons who may provide information about the events that are the subject of the Report

• Reference to any documents that can confirm the validity of the reported facts.

7. For the year 2024, the Company has appointed Mr. Nikolaos Paratsokas (nparatsokas@mallionda.gr, tel. 2108050055) as the Responsible for Receipt and Monitoring of Reports.

The R.R.M.R must:

a) performs his duties with integrity, objectivity, impartiality, transparency and social responsibility,

b) respects and observes the rules of secrecy and confidentiality for matters of which he became aware during the exercise of his duties,

c) abstains from the management of specific cases, declaring an obstacle, if there is a conflict of interest.

The R.R.M.R. has the following responsibilities:

a) provides the appropriate information regarding the possibility of submitting a Report within the organization and communicates the relevant information in a visible place of the organization,

b) receives Reports of violations falling within the scope of this,

c) confirms the receipt of the Report to the addressee/reporter within a period of seven (7) working days from the day of receipt,

d) takes the necessary actions, in order for the competent bodies of the Company or the relevant Directorates to deal with the Report, or terminates the procedure, by filing the Report, if it is incomprehensible or is submitted abusively or does not contain incidents that document a violation of EU law or there are no serious indications of such a breach. This decision is communicated to the Reporter, who, if he considers that it was not dealt with effectively, may resubmit it to the National Transparency Authority (hereinafter referred to as "E.A.D."), which, as an external channel, exercises the powers of article 12 of Law 4990/2022,

e) ensures the protection of the confidentiality of the identity of the recipient/reporter and of any third party named in the Report, preventing access to it by unauthorized persons, f) monitors the Reports and maintains communication with the Reporter and, if necessary, requests further information from him

g) provides information to the recipient/reporter about the actions he undertakes within a reasonable period of time, which does not exceed three (3) months from the receipt confirmation, or if no confirmation has been sent to the Reporter, three (3) months from at the end of seven (7) business days from the submission of the Report, h) provides clear and easily accessible information on the procedures by which Reports can be submitted to the E.A.D. and, as the case may be, to public bodies or institutions and other bodies or organizations of the European Union, and

i) plans and coordinates educational actions related to ethics and integrity, participates in drawing up internal policies to strengthen integrity and transparency in the Company.

In case the R.R.M.R. performs other tasks, it is ensured that the exercise of these tasks does not affect his independence and does not lead to a conflict of interests in relation to the tasks mentioned above.

In addition, the company will have a three-member Complaints Management Committee (CMC), appointed by a decision of the Company's Management, which, respecting the requirements of the Personal Data Protection Act, investigates in collaboration with the Ministry of Health. P.P.A the Report and then decides whether to accept or reject the Report, at which point it will file it.

The criteria for this (rejection) are the following:

• The Report does not fall within the scope of the present or there are no serious indications of such a violation,

• The Report is manifestly in bad faith or malicious,

• The Report is unintelligible or submitted improperly,

• There is insufficient evidence for further investigation,

• The Report has been settled. If a Report concerns issues that are not covered by the scope of this Policy and the law, E.D.A. will take the appropriate actions to resolve the issue, e.g. assigning the case to the appropriate person or team. Cases related to Reports found to be indicatively unfounded, in bad faith or abusive will be archived without further action. In any case, E.D.A. will send a message to the Reporter to inform them of the reason for archiving. If the Reporter considers that it was not dealt with effectively, he may submit a Report to the National Transparency Authority (NAT). If the Report is accepted, appropriate steps will be taken to investigate as described below.

The Reporter has the possibility to directly submit an external Report/Report to the National Transparency Authority (NTA).

The specific Report is submitted in writing or via an electronic platform, also accessible to people with disabilities, and in particular:

1. Electronically: by email to kataggelies@aead.gr or by filling in the corresponding Reports form:

https://aead.gr/submit-complaint/

2. By post: by sending to the postal address of E.A.D. : 195 Lenorman & Amfiaraou, PO Box 104 42, Athens. 3. In person (or through a legally authorized representative) by submitting the Report to the E.A.D premises: 195 Lenorman & Amfiaraou, PO Box 104 42, Athens/

All Reports are investigated seriously and in accordance with this Policy and the law.

• The investigation of the case begins as soon as possible, with objectivity, integrity and taking into account the interests of all involved.

• No one from E.D.A., or anyone participating in the investigation process, will attempt to identify the Reporter, in the case where it is an anonymous Report.

• E.D.A. may, if deemed necessary, request additional clarifications.

• A Report will not be investigated by someone who may be involved in or associated with the irregular practice in question.

• E.D.A. confidentially manages Reports as well as the identity of the Reporter and any third party named in the Report.

Only the members of E.D.A. they will have access to Submitted Reports. The Company ensures that the Reports will not be shared with any third party, unless access is deemed necessary by E.D.A. In the context of the investigation, the Y.P.A.P.A. and/or the E.D.A. they can address the respective Company Departments and, if they deem it necessary, to external consultants with expertise in the subject of the Report submitted, ensuring confidentiality. After the completion of the investigation process, Y.P.A.A and/or E.D.A. prepare a summary report on the investigations carried out and the data obtained, which, depending on the results, they communicate to the relevant Company Managements, in order to determine the possible intervention plans to be implemented and the actions that must be taken to protect the Company, also communicating the results of the investigations and checks carried out for each Report to the managers of the Directorates affected by the content of the Report. Otherwise, if upon completion of the investigations it is established that there is no sufficiently substantiated evidence or, even, that the evidence relied on by the Report is unfounded, then it is archived together with the relevant justification by the Public Prosecutor and/or the E.D.A.. The Y.P.A. or even the E.D.A. periodically submit information on the type of Reports they receive and the result of their investigation activities to the Company's Board of Directors. Reporter and Reportee Protection Reporter Protection As stated above, an individual who makes a Report under the Policy is protected from retaliation as a result of that Report. It does not matter if the Reporter is wrong, provided of course that he is acting in good faith. Therefore, the Reporter is entitled to protection if, at the time of the Report, he had reasonable grounds to believe that the information regarding the reported violations was true. The identity of the Reporter is treated with absolute confidentiality. According to Law 4990/2022, and in particular article 14, any kind of information that leads, directly or indirectly, to the identification of the Petitioner, is not disclosed to anyone other than the authorized staff members who are competent to receive, or to monitor Reports, unless the Reporter consents. Notwithstanding the above, the identity of the Reporter and any other information may only be disclosed in the cases required by EU or national law, in the context of investigations by competent authorities or in the context of judicial proceedings, and if this is necessary to serve the purposes of present or to ensure the defense rights of the Respondent. These Disclosures are made after the Reporter has been informed in writing about the reasons for disclosing his identity and other confidential information, unless this information undermines investigations or legal proceedings. Unjustified failure to provide information constitutes a disciplinary offense for those subject to disciplinary law provisions. After being informed, the Reporter is entitled to submit written comments to the disclosing authority, which will not be disclosed to anyone. Exceptionally, in the event that the stated reasons for the observations are not deemed sufficient, the disclosure of the identity and other confidential information of the Petitioner is not prevented. Further safeguards of the identity of the Reporter and the information from which it can be deduced, provided for by specific provisions of Union or national law, are not affected. Recognizing that there are employees who are reluctant to make any kind of Report for fear of possible retaliation, this framework ensures that the Company is a safe environment that protects and encourages the submission of Reports of irregularities, omissions or other criminal acts that have come to our attention of their employees. The Company opposes the imposition of retaliation against any employee who reports or participates in the investigation of an existing or suspected violation of the relevant institutional framework and/or the internal regulations governing the operation of the Company. In this context, every employee is encouraged, without fear of any form of retaliation, to speak openly and provide honest and complete information, when he observes or suspects illegal or unethical behavior or behavior contrary to the relevant institutional framework and/or the internal regulations that govern the operation of the Company. The Company takes the necessary actions to restore the working environment of the employee who is found to have been subjected to retaliation, even considering his transfer to another department as long as this is possible and the relevant request of the employee has preceded. The Company is committed to respecting the framework of protection of the Reporter and the Reported (equality) from retaliation, even if the submitted Reports cannot be confirmed after a relevant investigation. Appropriate consequences will be given if it is proven that the employee knowingly made a false claim, provided false or misleading information by obstructing the project during an investigation, or acted in bad faith in any way.

8. Throughout the process of reporting malfunctions, E.D.A. is expected to receive Personal Data, either from the Report or from subsequent communication/correspondence with the Reporter. "Personal Data" is defined as any information concerning an identified or identifiable natural person ("Data Subject"). An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to physical, physiological , genetic, mental, economic, cultural or social identity of that natural person. The Company strongly encourages the Reporter not to include in the Report specific categories of Personal Data about himself or the person against whom he is making the Report, unless absolutely necessary to substantiate the Report. Special categories of Personal Data are Personal Data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic Personal Data, biometric Personal Data for the purpose of unambiguous identification of a person, Personal Data relating to the health or Personal Data relating to the sex life or sexual orientation of a natural person. This will assist in only necessary collection of Personal Data. In any case, any unnecessary, excessive or redundant Personal Data or Personal Data that is obviously not related to the handling of a specific Report is not taken into account and will not be processed by E.D.A. In any case, the company takes the appropriate technical and organizational measures so that, during the monitoring of the Reports, the absolutely necessary and appropriate Personal Data to achieve the purposes of this Policy are subject to processing. The processing of Personal Data is carried out in accordance with sub. No. 679/2016 European General Regulation for the Protection of Personal Data (GDPR), Law 4624/2019 and the Company Policy, as applicable or as it may be replaced, and any other applicable Greek and European legislation for the protection of Personal Data. The Personal Data of the Data Subject will be processed exclusively for the purposes of checking Reports, i.e. for the proper management and further investigation of Reports.

The Company takes appropriate technical and organizational measures, in accordance with the GDPR, and regarding Reports made via e-mail. The Personal Data included in the Report and the completion of the investigation by archiving the incident are deleted within 3 months of the completion of the investigation. An exception is any legal process (against the Reporter or the Reporter), in which case the Personal Data will be retained until the completion of the legal/judicial/disciplinary process initiated by the Company, the Reporter or the Reporter

back to top
espa banner
Accessibility