Report management policy
Report management policy of the company branded
“Michail Arabatzis S.A. Industrial And Commercial Food company”
- POLICY’S PURPOSE
The Reporting Policy (hereinafter referred to as the "Policy") of the Company under the name "Michail Arabatzis S.A. Industrial And Commercial Food company", based in the Industrial Area of Thessaloniki, 1st Street, 24th Industrial Block, in the Local Community of Neochorouda of the Municipality of Oreokastro, Thessaloniki, P.C. 57022, (hereinafter referred to as the "Company") concerns the process of reporting through the Company's internal channels, the process of receiving and following up on such reports by the responsible bodies of the Company, as well as the protection provided to the ones who file a Report.
The Company in all its activities ensures that the principles of ethics, honesty, integrity and justice are applied and expects its employees and associates to adhere to these principles. The Company, in compliance with the provisions of Law 4990/2022 ("Protection of persons who report breaches of Union law "), wishes to achieve a business environment of transparency and responsibility and a high level of business ethics as well as to maintain its reputation, success and ability to operate effectively now and in the future.
- MATERIAL SCOPE
"Reporting" means the provision of information, through the procedures set forth in this Policy, about acts or omissions that constitute, or there are reasonable grounds to consider that constitute:
(a) breaches of Union law, falling within the following areas:
Public procurement,
Financial services, products and markets;
Prevention of money laundering and terrorist financing,
Product safety,
Transport safety,
Protection of the environment,
Radiation protection and nuclear safety,
Food and feed safety, animal health and welfare,
Public health,
Consumer protection,
Protection of privacy and personal data and security of network and information systems,
(b) breaches affecting the financial interests of the Union as referred to in Article 325 of the Treaty on the Functioning of the European Union (TFEU) and as specified in relevant Union measures,
(c) breaches relating to the internal market, as referred to in paragraph 2 of Article 26 TFEU, including to breaches of Union competition and State aid rules, as well as breaches relating to the internal market in relation to acts which breach the rules of corporate tax or to arrangements the purpose of which is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law.
Information about the above breaches may also constitute reasonable suspicion of violations, which have been committed or are very likely to be committed in the Company, as well as attempts to conceal breaches.
The provisions of this Policy do not affect and do not exclude in any way the direct reference to the National Transparency Authority (hereinafter referred to as "N.T.A.").
- PERSONAL SCOPE
This Policy concerns the following categories of persons (hereinafter referred to as "Reporting persons"):
- the Company's employees, regardless of whether their employment is full-time, part-time, permanent or seasonal, or whether they are posted by another entity,
- the self-employed, the consultants or the persons who provide work from home,
- the shareholders and the persons who belong to the administrative, management or supervisory body of the Company,
iv. the volunteers, paid or unpaid trainees,
v. any persons working under the supervision and direction of contractors, subcontractors and suppliers,
vi. former employees regarding information obtained in the context of an employment relationship, which has ended for any reason, prospective (potential) employees for information obtained during the recruitment process or at another negotiation stage, prior to the conclusion of the contract.
- PROCEDURE FOR SUBMISSION AND RECEIPT OF THE REPORTS
Any employee, as well as any other person specified in the above paragraph 3, who has obtained information about breaches defined in the above paragraph 2 in the context of his or her work duties, shall be entitled to submit a Report, which may also be submitted anonymously.
As the Person responsible for the Receipt and Follow-up of Reports (hereinafter referred to as "P.R.R.F.R."), which is the body responsible for receiving and examining the Reports is appointed Nouli Vasiliki (father’s name: Ioannis) and in case of conflict of interest will be replaced by Isidoros Tripolitis (father’s name: Anastasios).
The P.R.R.F.R. acknowledges the receipt of each Report to the Reporting Person within seven (7) working days from the day of the receipt.
Reports must be documented and detailed to provide useful and appropriate information that allows effective verification of the validity of the reported facts. When the Reporting person has the relevant information, it is particularly important the Report to include:
• a detailed description of the events that took place and how the Reporting person became aware of them,
• the date and place of the events,
• the names and properties of those involved or information allowing their identification,
• reference to any documents or other factors that may substantiate the reported facts.
The Report may be submitted through the following channels:
• via the e-mail address yppa@elzymi.gr, to which only the P.R.R.F.R. has access. (alternatively and in case of declared conflict of interest, at the email address yppa2@elzymi.gr, to which only the substitute P.R.R.F.R. has access),
•via the telephone line +0030 6944 926257 which is accessible to the P.R.R.F.R. (alternatively and in case of declared conflict of interest, through the telephone line +0030 6942 558682, which is accessible to the substitute P.R.R.F.R.),
• by post, to the postal address: Industrial Area of Thessaloniki, 1st Street, 24th Industrial Block, in the Local Community of Neochorouda of the Municipality of Oreokastro, Thessaloniki, P.C. 57022, for the attention of the P.R.R.F.R., (alternatively and in case of declared conflict of interest, at the same address, for the attention of the substitute P.R.R.F.R.),
•orally, through a personal meeting with the P.R.R.F.R.), after the request of the Reporting Person (alternatively and in case of a declared conflict of interest, through a personal meeting with the substitute P.R.R.F.R., similarly after the request of the Reporting Person).
The above channels have been designed and implemented securely to ensure that the identity of the Reporting Person, as well as the identity of any third party mentioned in the Report, remains confidential and that access by unauthorized personnel is prevented in all cases.
The Company is entitled to keep records of any report received by the P.R.R.F.R., in accordance with the confidentiality requirements set by law. The only Reports that should be submitted are those which the Reporting person believes in good faith that the information provided is correct.
It is noted that persons who knowingly made false reports or false public disclosures are punished with a prison sentence of at least two (2) years and a fine.
- INVESTIGATION OF REPORTS AND ACTIONS
The P.R.R.F.R. is responsible for taking the necessary actions and conducting a prompt and accurate investigation, observing the principles of impartiality, justice and confidentiality towards all parties involved.
In order to deal with the complaint, the P.R.R.F.R. may be assisted by competent bodies of the Company or competent sectors, as appropriate, and, where appropriate, by external consultants specialised in the field of Reports, whose participation contributes to the verification of such Report, ensuring the confidentiality of the identity of the Reporting Person and any third party named in the Report, preventing access to it to unauthorised persons, and, where possible, anonymizing any personal data included in the Report.
During the investigation, the P.R.R.F.R. may invite the Reporting Person to provide further information, if necessary, to assist the investigation. In cases where a physical or online meeting takes place between the Reporting Person and the P.R.R.F.R., a complete and accurate record of that meeting shall be ensured, with the consent of the Reporting Person, and access to it shall also be provided to the Reporting Person.
After the completion of the investigation and verification phase of the reported facts, the P.R.R.F.R. prepares a report summarizing the investigations conducted and the evidence gathered. These results are communicated to the relevant services of the company and to the directors of the departments involved in order to determine an intervention plan and decide what measures should be taken to protect the Company, the Reporting person and any other persons involved.
During the carrying out of these activities, the Company guarantees respect for the confidentiality of the Reporting Person and prohibits any act of retaliation against him or any other party involved as described in the paragraph 6 of this Policy.
The Reporting person shall be informed by the P.R.R.F.R. of the outcome of the investigation and of any measures envisaged or taken to address the issue disclosed in his Report within three (3) months of the Report’s receipt attestation, even if the investigation has not yet been completed.
Otherwise, if the P.R.R.F.R. concludes that the Report is incomprehensible or improperly submitted or does not contain any facts constituting a breach of those defined in the above paragraph 2 or there are no serious indications of such a breach, the Report shall be archived, along with its reasoning, by the P.R.R.F.R.. The P.R.R.F.R. shall then notify the decision to file the Reporting person who, if he/she considers that his/her Report has not been dealt with effectively, he/she may resubmit it to the N.T.A..
- CONFIDENTIALITY, PROHIBITION OF RETALIATION AND PROTECTION OF REPORTING PERSONS
The Company guarantees the confidentiality of each Report and the information contained therein, as well as the anonymity of the Reporting person, even if it is subsequently proven to be incorrect or unfounded.
The Company guarantees that the identity of the Reporting Person will not be disclosed to anyone other than the authorised members of personnel responsible for receiving or following up the reports, unless the Reporting Person gives his or her explicit consent or the disclosure is required by applicable Union or national law and in accordance with the relevant conditions. In this last case, the Reporting person shall be informed in written and in advance about it, unless the relevant legislation predicts different. The Company does not tolerate any form of retaliation against the Reporting person or the person concerned or anyone who participated in the investigation to substantiate the Report and will seek to eliminate the consequences of any retaliation suffered by the Reporting person.
The Company reserves the right to take the appropriate measures against anyone who implements or threatens to apply acts of retaliation against those who have submitted Reports in accordance with this Policy, with the proviso of the right of the parties involved to be legally protected, if criminal or civil liability is found in relation to the falsity of what was stated or reported about the party who submitted a Report. The Company may take the most appropriate disciplinary and/or legal measures to protect its rights, assets and reputation against anyone who has made false, unfounded or opportunistic reports in bad faith and/or for the single purpose to calumniate, defame or cause damage to the Reporting person or other parties included in the Report.
In the case of Reports made in accordance with this Policy and the applicable law, the Reporting Person cannot be held liable for defamation, infringement of intellectual property rights, breach of confidentiality obligation, data protection rules and disclosure of trade secrets, etc. The Reporting Person will also not be held liable for his/her behavior in obtaining information or accessing information contained in the Report, provided that this does not constitute a criminal offence.
- PROCESSING OF PERSONAL DATA
The Company, in its capacity as responsible processor, informs that the personal data of the Reporting person and any other involved party, obtained during the handling of the Reports, will be processed in full compliance with the provisions of the applicable legislation on the protection of personal data. as described above in the paragraph 3, the internal channels for reporting breaches of Union law and process such data for the purpose of effectively receiving and following up on Reports, ensuring their proper handling, documentation and protecting the Reporting Persons.
After the processing for the anonymization of the data included in the Reports, the Company reports to its Management for reasons of accountability and proper operation. The processing of personal data will be limited to what is strictly necessary to substantiate the Report and to serve the above legitimate and rightful processing purposes and, in particular, to the name of the Reporting Person (if he chooses to disclose it) as well as his contact details or any other parties involved, his job position and other data that he chooses to disclose himself. The Company processes personal data through this procedure for the above purposes based on its compliance with a legal obligation (Article 6 (1) (c) GDPR), namely in compliance with the obligation to establish reporting channels and take the necessary measures for their monitoring, as provided for by the legislation on the protection of persons who report breaches of Union law, as applicable. Furthermore, it processes these data for the purpose of compiling anonymized reports based on its legitimate interest (Article 6 (1) (f) GDPR) for transparent and correct administration.
Any processes and investigations involving data processing will be assigned, under the supervision of the P.R.R.F.R., to duly appointed employees, specially trained to manage the Reporting processes, or to selected third-party specialists, such as external lawyers or consultants, with particular emphasis on protecting the confidentiality of the parties involved and the personal data in the Reports.
Furthermore, the Company may transmit to the responsible supervisory and investigative authorities the information referred to in the reports, which may be used as evidence in administrative, civil and criminal investigations and proceedings.
In case it is necessary to transfer the data outside the European Economic Area, the Company takes the necessary protective measures in accordance with the applicable legal requirements, to ensure that the data receive protection equivalent to that provided by the data protection legislation in force in the European Economic Area.
In this context and during the data processing activities that take place to verify each Report, the Company takes all the appropriate technical and organizational measures for the security of personal data, to ensure the confidentiality of their processing and their protection from accidental or unlawful destruction/loss/alteration, prohibited disclosure or access and any other form of unlawful processing. In addition, it binds with confidentiality clauses and with the obligation of confidentiality those persons who have access to or process personal data on its behalf.
In relation to the personal data submitted to the above-described processing, the data subjects (e.g. Reporting persons, persons concerned or third parties involved) have the following rights:
• Right of information & access: They have the right to be informed and have access to their data and to receive additional information about their processing.
• Right to correction: They have the right to request the correction, modification, completion and updating of their data.
• Right to erasure: They have the right to request the deletion of their retained personal data when this right is not subject to restrictions under applicable law or any other restrictions.
• Right to restriction of processing: They have the right to request the restriction of processing of their personal data when: (a) the accuracy of the personal data is disputed and until it is verified, (b) the processing is unlawful and they request instead of deletion the restriction of use of their personal data, (c) the personal data are not needed for the purposes of processing, but they are necessary for the foundation, exercise, support of legal claims, and (d) object to processing and until it is verified that there are legitimate reasons concerning the Company and prevail over the reasons for which they object to processing.
• Right to object to processing: They have the right to object at any time to the processing of their personal data under only specific conditions provided for by law.
• Right to portability: They have the right to receive their personal data free of charge in a format that allows them to have access to, use and process them, as well as to request, if technically feasible, that their data be transmitted directly to another controller. This right applies to the data they have provided and their processing taking place by automated means on the basis of their consent.
• To exercise any of the above rights they can contact the email address: dpo@elzymi.gr
• Right to complain to the Hellenic Data Protection Authority: They have the right to file a complaint to the Hellenic Data Protection Authority (www.dpa.gr). Call Center: +30 210 6475600, Fax: +30 210 6475628, E-mail: complaints@dpa.gr. In the context of preventing and addressing the attempts to obstruct and delay the investigation process following a Report, the Company, in its capacity as responsible processor, does not provide relevant information regarding the processing of their personal data to the Reporting persons and to any third party included in the Reports in their capacity as data subjects and also does not satisfy their respective rights when exercised by them for as long as required and if necessary. In these cases of restriction of the rights of the data subjects, if the Company refuses to satisfy these rights without informing about the reason for the restriction, the data subject has the right to file a complaint to the Hellenic Data Protection Authority (DPA), as provided above. Furthermore, in the event of a data breach, the Company may not disclose the incident to the data subject, if such a disclosure is deemed detrimental for the purposes of this Policy.
The personal data contained in the Reports are stored for as long as necessary under the data protection legislation. At the end of this period, the P.R.R.F.R. permanently deletes all the personal data contained in the Reports.
-----------------------------