Reporting Process
Introduction
This document establishes (and consolidates) the Protection Regulation that covers/applies to whistleblowers who have obtained information about violations in a professional context, whether they are employees, customers, suppliers or management bodies.
This document applies a set of rules that ensure effective protection of Whistleblowers in relation to acts and areas of intervention. It determines protection measures, in addition to internal rules and procedures for receiving and processing reports of irregularities, in accordance with the applicable legal provisions, as well as the rules, principles and values of team.it.
Conditions for integration into the Reporting Channel
Whistleblowers benefit from the protection of the Regulation provided that:
- The whistleblower is in good faith;
- They had reasonable grounds to believe that the information about reported violations was true at the time it was transmitted and that it fell within the scope of application;
- People who anonymously reported or publicly disclosed information about violations but who were later identified and targeted for retaliation;
Personal Scope of Application
The Reporting Channel applies to and covers:
- Employees
- Customers
- Suppliers
- Management bodies or shareholders
- Management or supervisory bodies
- Any persons working under the supervision and direction of team.it contractors, subcontractors and suppliers
- Whistleblowers in cases where they publicly communicate or disclose information about violations obtained in a professional relationship that has since ended.
- The protection granted by this law is extended, with the necessary adaptations, to:
- Individuals who assist the whistleblower in the reporting procedure and whose assistance must be confidential (Facilitators)
- Third parties who are linked to the whistleblower (work colleague, family member who may be the target of retaliation in a professional context, etc.)
- Legal entities or similar entities that are owned or controlled by the whistleblower, for which the whistleblower works or with which he or she is in some way linked in a professional context.
Objectives of the Whistleblower Channel
The acts in the following areas are considered to be irregularities covered by this Regulation:
- Public Procurement;
- Financial Services, Products and Markets and Prevention of Money Laundering and Terrorist Financing;
- Product Safety and Compliance;
- Transport Safety;
- Environmental Protection;
- Environmental Damage;
- Radiation Protection and Nuclear Safety;
- Food and Feed Safety, Animal Health and Welfare;
- Public Health; Consumer Protection;
- Protection of the Privacy of Personal Data and Security of Network and Information Systems;
- Breaches detrimental to the Financial Interests of the European Union;
- Breaches related to the Internal Market including competition and State aid rules, as well as corporate tax rules;
- Violent crime, especially violent and highly organised crime. As well as organised and economic-financial crime (e.g. active/passive corruption);
Communication Mode
This Regulation is based on a voluntary reporting system for irregularities, whose system for receiving, processing and handling reports of irregularities operates through dedicated communication channels, promoting the complete integrity, confidentiality of the identity or anonymity of the whistleblowers, as well as the confidentiality of the identity of third parties mentioned in the report, ensuring that access by unauthorised persons is prevented.
Reports may be submitted anonymously (in this case, the Whistleblower must request anonymity when making the request) or by maintaining the confidentiality of the whistleblower's identity by the staff authorised to handle the report, and may in any case be submitted in writing and/or verbally. In any case, the written report (in the case of a written report) and/or the request for contact for reporting (in the case of a verbal report) must be sent to the following email address:
- Email address: etica@team-it.pt
Communication Treatment
Under the terms defined by this Regulation, all reports of irregularities are treated as confidential information, with the reporting channel having designated persons (who are subject to impartiality clauses) responsible for receiving the report and maintaining communication with the whistleblower, if necessary, requesting further information and providing the whistleblower with feedback on the information, also undertaking to provide this information within a reasonable period of time.
Personnel Authorized to Process
Given the critical nature of the information, the Whistleblower Channel adopts the need-to-know principle, restricting and differentiating between: knowledge of the complaint; and the identity of the whistleblower. Only the authorized personnel responsible for handling the complaint may be aware of the identity of the whistleblower.
There is a person responsible for regulatory compliance who performs his/her duties independently, permanently and with decision-making autonomy, having access to the internal information and human and technical resources necessary to perform his/her duties properly.
Under the terms of the legislation in force, this person responsible for regulatory compliance is transversal among the companies of the moOngy S.A. group.
In order to preserve integrity, limiting information and maintaining greater independence in the operation of the channel, the identity of the Compliance Officer responsible for the maintenance, preservation and integrity of the channel will be kept anonymous to the group, with only the information being provided that it will be ensured by specific personnel assigned exclusively to the channel, with the members trained in the Whistleblower Channel being part of the DPG.
The Compliance Officer, as well as authorized Personnel, is subject to a specific NDA regarding the Reporting Channel, in order to safeguard any report under a strict duty of confidentiality.
Verification Process
The communication/complaint will be sent internally to the person responsible for the reporting channel. The person must determine whether the report of irregularity contains minimum grounds for initiating an investigation process.
Receipt of a communication/complaint will always give rise to an investigation process, unless it is clearly unfounded.
The authorized personnel who will be in charge of the investigation process must promote the implementation of appropriate measures to protect the Information and data contained in the communications and respective records, as well as promote the actions necessary for the initial confirmation of the grounds.
team.it undertakes to inform the author of the report, within a reasonable period of time (which may not exceed three months after notification sent to the whistleblower), about the measures planned or taken to follow up on the report and the reasons justifying the choice of such follow-up, as well as the conclusions of the investigation carried out.
The investigation process ends with the documentation of the results, grounds and conclusions, in addition to the formulation of recommendations and measures appropriate to the situation. Otherwise, if it is considered unfounded (due to scarcity or invalidity), the complaint will be archived.
Protective Measures
Prohibition of Retaliation
The Report may not imply, under any circumstances, any act of retaliation (threats or attempts are also included), or omission that directly or indirectly, occurring in a professional context and motivated by a report, causes or may cause the complainant or those facilitating the report, in an unjustified manner, financial or non-financial damages such as harassment, intimidation or discrimination, and team.it must ensure that this does not occur.
Anyone who carries out an act of retaliation shall compensate the complainant for the damages caused, and the complainant may request the measures appropriate to the circumstances of the case, in order to prevent the occurrence or expansion of the damages.
Any disciplinary sanction applied to the complainant up to two years after the report or public disclosure is presumed to be abusive, all those listed in the section “personal scope of application” are covered by this protection.
Exception due to the need for sharing
If for any reason the identity of the whistleblower must be disclosed to another party during the investigation process, the whistleblower will receive a request for consent (with the reason why knowledge of the identity is considered a necessary and proportionate obligation) to be given by the whistleblower himself, so that he/she may freely allow (or not allow) the sharing of the identity with the party to whom the information is considered essential for the investigation, in order to safeguard the rights of defence of the person concerned.
It is important to note that this request for consent will be requested from the whistleblower, once for each individual (individually) to whom the sharing is considered essential. Under the legislation on the Whistleblower Channel, an exception is established in the situation where such disclosure of identity information compromises investigations or legal proceedings in the context of an investigation by national authorities, in which specific situation the consent is waived.
Support Measures
The Whistleblower has the right, in general terms, to legal protection and may benefit from measures to protect witnesses in criminal proceedings. It is team.it's responsibility to recognize the Whistleblower's status through certification.
Personal data
It is important to bear in mind that the confidentiality of the whistleblower's identity also applies to the identity of the people listed in the “personal scope of application”.
The information collected under the whistleblowing channel will be used exclusively for the purposes provided for therein. For this purpose, the maximum protection established under the General Data Protection Regulation will be ensured for the processing of each report and especially the Whistleblower's Identity.
In particular, the Data Minimisation Principle will guarantee that authorised personnel have access to the minimum amount of information necessary regarding the Whistleblower's identity and their Data. Without specifying, the remaining principles (such as limitation of processing, liability, etc.) and practices of the GDPR will be applied in order to ensure the protection of the whistleblower's data.
Non-waiver of Rights
In order to guarantee integrity and frustrate any impediments or pressures from third parties towards the whistleblower and other parties covered by the protection, the Right to the aforementioned Protective Measures is completely inalienable and cannot be waived or limited by any agreements, policies, forms or conditions. Contractual provisions that limit or prevent the presentation or follow-up of complaints or the public disclosure of violations under this law are null and void.
Reporting the Complaint
Those responsible for processing the complaint have the right to capture (with the consent and choice of the whistleblower as to the recording method, whether in written form – reports, minutes – or verbally – by capturing audio or other forms of multimedia)
Production and dissemination of reliable information
The information relating to the report is kept for one year, so that it can be included (while maintaining maximum confidentiality) in the report on the company's preventive activity, to assess the integration and operations of the Reporting Channel, in addition to guiding the company's preventive activity, rationalizing the allocation of available resources and increasing the level of effectiveness of the system, in order to allow a global understanding and with the greatest possible approximation of the contours of these crimes and the effectiveness of their investigation, in addition to scrutinizing the overall response time of the reporting channel.
The Regulation on Reporting Irregularities is reviewed annually after the annual report on the implementation and operation of the Reporting Channel and is fully supported by our management.