...

POLICY FOR WHISTLEBLOWERS IN THE PUBLIC INTEREST
 

MINDITSERVICES SRL

1.    General information
 

Within MINDIT SERVICES SRL (hereinafter “MINDIT” or “the Company”) compliance with the law is a priority. A healthy and lasting business environment is created by building relationships of mutual trust with both our employees and the partners with whom we do business.

The whistleblower policy in the public interest is intended to encourage the reporting of violations of the law that have occurred or are likely to occur at MINDIT. Thus, MINDIT provides the internal reporting channel through this policy and guarantees the protection of whistleblowers in the public interest.

This policy is based on the provisions of Act No 361/2022 on the protection of whistleblowers in the public interest transposing Directive (EU) 2019/1937of the European Parliament and of the Council on the protection of persons reporting infringements of Union law.

2.    Who are the whistleblowers in the public interest?
 

Whistleblower in the public interest = natural person who makes a report or publicly discloses information about violations of the law, obtained in a professional context.

The following categories of persons can be public interest whistleblowers:

a)    Workers(e.g. employees);

b)   Self-employed persons (e.g. PFA);

c)    Shareholders and members of the administrative, management or supervisory body, including non-executive members of the board of directors, as well as paid and unpaid volunteers and trainees;

d)   Any natural person working under the supervision and management of the Company, its subcontractors and suppliers.

Whistleblowers can also be people who have not yet started the employment relationship (in the process of recruitment/pre-contractual negotiations) or who have terminated the employment/service relationship.

3.    What is breaking the law?
 

The reported breaches of the law concern the following areas:

·       public procurement;

·       financial services, products and markets, and the prevention of money laundering and terrorist financing;

·       product safety and conformity;

·       transport safety;

·       environmental protection;

·       radiological protection and nuclear safety;

·       food and feed safety, animal health and welfare;

·       public health;

·       consumer protection;

·       the protection of privacy and personal data and the security of networks and information systems, as set out in Annex 2, breaches affecting the financial interests of the European Union, as referred to in Article 325 of the Treaty on the Functioning of the European Union and as detailed in the relevant European Union measures;

·       violations relating to the internal market, referred to in Article 26 para. (2) of the Treaty on the Functioning of the European Union, including breaches of EU competition and state aid rules, as well as internal market infringements in respect of acts which infringe the rules on company taxation or mechanisms whose purpose is to obtain a tax advantage contrary to the object or purpose of the applicable company tax law, which constitute disciplinary offences, contraventions or offences, or which are contrary to the object or purpose of the law.

4.    What is reporting and what does it contain?
 

4.1. Reporting

Reporting is the verbal or written communication of information about any act that constitutes a violation of the law.

·       Internal reporting = the verbal or written communication of information regarding violations of the law within the Company, which is carried out through the means made available to the Company as per item 5below, for reporting violations of the law, which constitute internal reporting channels.

·       External reporting = verbal or written communication of information on violations of the law through external reporting channels provided by the competent authorities mentioned in point 7.

4.2. Content of the report

The report shall include at least the following elements: name and surname, contact details of the whistleblower in the public interest, the professional context in which the information was obtained, the person concerned, if known, a description of the fact likely to constitute a breach of the law within the Company, as well as, where appropriate, the evidence in support of the report, date and signature, if applicable.

4.3. Anonymous reporting

Anonymous reports, i.e. those that do not include the name, surname, contact details or signature of the whistleblower in the public interest, are examined and resolved to the extent that they contain indications of violations of the law.

4.4. Unrealistic reporting

The Company encourages the reporting of any suspected violations of the law, taking the risk that some of these may not be true and may not present a cause for concern. However, the reporting of information about violations of the law by a whistleblower who knows it to be untrue may result in disciplinary action by the Society. Also, untruthful reporting constitutes a misdemeanor and is punishable by a fine from 2500 lei to 30,000 lei, if the act was not committed in such a way that it is considered, according to the law, an offence.

5.    Internal reporting channel
 

5.1. How can you send reports?

The report shall be made in writing, on paper or in electronic format, by communication on the telephone line provided by the Company, or by face-to-face meeting at the request of the whistleblower in the public interest.

The company provides the following methods for submitting reports:

·       The report can be submitted on paper to the company’s head office located in Bucharest, Sector 2, Intrarea I. L. Caragiale No. 5;

·       The report can be sent by e-mail to the dedicated address whistleblower@mindit.io ;

·       The report can be made by phone to the dedicated phone number +40 724 580 928;

·       Reporting can be done in a face-to-face meeting with the person designated to receive reports, at the request of the whistleblower in the public interest.

The internal channel made available by the Company allows anonymous reporting, as well as the protection of the identity of all persons involved, concerned or mentioned. No unauthorized person has access to the reports made.

After submitting the report, the public interest whistleblower will receive confirmation of receipt of the report within 7 days at the latest, as well as diligent communication of the status of the report as new information becomes available.

The designated person will document phone reports in one of the following ways : (i) recording the conversation, with the whistleblower’s consent; (ii)transcribing the conversation completely and accurately. If the phone report cannot be recorded, the designated person is obliged to draw up a complete and accurate transcript of the conversation, which will be signed by the whistleblower, if the latter agrees with the content.

Also, if the report is made in the presence of the designated person, he/she is obliged to draw up a report, subject to the consent of the whistleblower. The report will be signed by the whistleblower, if he/she agrees with its contents.

The Public Interest Warnings Officer has the possibility to check and rectify the report. If the whistleblower does not consent to the transcription or recording of the conversation, he/she will be instructed to report inwriting, on paper, or electronically to the dedicated address.

5.2. Keeping and managing reports

The Company will maintain an electronic register containing all reports. The reports are kept for a period of 5 years, after which they will be destroyed.

The whistleblower will be informed of the status of the subsequent actions taken within a maximum of 3 months from the date of acknowledgement of receipt and each time developments are recorded (if this information does not jeopardize the progress of the actions in question).

The whistleblower will be informed on how to resolve the report.

5.3. Maintaining confidentiality

The person designated to resolve the report will keep the whistleblower’s identity confidential and will not disclose any information that would allow direct or indirect identification(e.g. IP address) of the whistleblower, unless the whistleblower expressly agrees. It will not disclose the identity of the person concerned by the report or of any third party mentioned in the report.

By exception, the whistleblower’s identity and any other information may be disclosed only if required by law, which will be done with prior written notice to the whistleblower of the disclosure of the identity and the reasons for disclosure, if this does not jeopardize the investigation or legal proceedings.

The obligation of confidentiality does not arise if the whistleblower has intentionally disclosed his identity in a public disclosure.

The obligation to maintain confidentiality is maintained even if the report reaches another person within the Company by mistake, in which case the report is immediately forwarded to the designated person.

5.4.Processing of personal data

Personal data that is not necessary for the resolution of a particular report is not collected or, if collected accidentally, is deleted.

Any processing of personal data will be carried out in compliance with EU Regulation2016/679 (GDPR).

6.    Investigation
 

Following receipt of a report through the internal reporting channel, the designated person will record, review, take follow-up action and resolve the report independently and impartially.

Thus, in solving the report, the designated person will gather evidence and information, will organize interviews with the persons involved and with possible witnesses. The designated person will have the right to request information and documents from any departments and persons within the Company, solely for the purpose of resolving the report.

In addition, to the extent necessary, the designated person will take preliminary measures to prevent or remedy any damage.

The investigation will conclude with a report covering the conduct of the investigation, the subsequent actions taken and any action taken or proposed, and the manner of completion of the investigation.

The request will be resolved within 6 months from the date of receipt of the complaint, the deadline being a recommendation, and may be extended if more complex or longer investigations are needed.

The designated person has the obligation to inform the whistleblower in the public interest, as well as the management of the Company on how to resolve the report.

7.    Reports dismissal
 

Reporting is dismissed when:

(i)            It does not contain the elements provided for in point 4.2, other than the identification data of the public interest whistleblower, and the designated person has requested its completion within 15 days, without this obligation being fulfilled – in this case the decision to close the case is communicated to the whistleblower, indicating the legal basis;

(ii)          The report is submitted anonymously and does not contain sufficient information on violations of the law to allow for analysis and resolution of the report, and the designated person requested its completion within 15 days, without this obligation being fulfilled.

If a person makes more than one report with the same subject, they are linked and the whistleblower will receive only one information. If a new report with the same subject is received after the report has been sent, without providing additional information justifying a different subsequent action, the report is closed.

The Designated Person may decide to close the procedure if, after reviewing the report, it is determined that the violation is clearly minor and does not require further subsequent action other than closure of the procedure.

The decision to close the case is communicated to the whistleblower, indicating the legal basis.

8.    External reporting
 

To the extent that you do not wish to submit the report through the internal channel provided by the Company, you may make an external report to the authorities competent to receive reports of violations of law, respectively:

a) Public authorities and institutions which, according to special legal provisions, receive and resolve reports of violations of the law in their area of competence;

b) National Integrity Agency;

c) Other public authorities and institutions to which the National Integrity Agency forwards the reports for competent solution.

9.    Protective measures
 

In order to benefit from the Company’s protection measures, the whistleblower must cumulatively meet the following conditions:

– Be one of the persons required by law to make reports (those mentioned bylaw, i.e. in point 2 of this policy, such as: employees, shareholders/associates, directors, etc.) and have obtained information regarding violations of the law in a professional context;

– Had reasonable grounds to believe that the information on reported violations was true at the time of reporting;

– Have made an internal report, external report or public disclosure;

In the case of public disclosure (e.g. through the press), whistleblowers are protected if one of the following conditions is met:

– It first reported internally and externally or directly externally, incompliance with the legal provisions, but considers that appropriate measures were not taken within the legal deadline;

– He has good reason to believe that:

(a) the breach may constitute an imminent or obvious danger to the public interest or a risk of irreparable harm; or

b) In the case of external reporting, there is a risk of retaliation or allow likelihood that the violation will be effectively remedied given the specific circumstances of the reporting.

Persons who benefit from protection, together with the whistleblower in the public interest:

a)    Facilitators= people who assist whistleblowers in the reporting process;

b)   Third parties connected with the whistleblower who may suffer reprisals (colleagues, relatives);

c)    Legal entities owned by the whistleblower or for whom he works or with whom he has other links in a professional context;

d)   The whistleblower who initially reported anonymously but is then identified and suffers retaliation;

e)    The whistleblower who reports to the competent EU institutions, bodies, offices or agencies.

Protective measures
 

a)    Disclaimer

–         The whistleblower will be deemed not to be in breach of legal or contractual provisions regarding disclosure of information;

–         The whistleblower who acquires/accesses data/information of which he is aware by virtue of his duties is not liable if the access or acquisition is for the purpose of reporting or publicly disclosing a violation of the law;

–         Whistleblowers will not be held liable if their public reporting/disclosure violates their right to image, copyright, professional secrecy, data protection rules, if they disclose trade secrets or in compensation actions;

b)   Compensation for damage suffered as a result of public reporting/disclosure

c)    Prohibition of reprisals

–         Whistleblowers are protected from any form of retaliation by the Company, such as, but not limited to: suspension/modification of the employment contract, dismissal, reduction of salary, change of work schedule, demotions, negative evaluations, discrimination, harassment, coercion, etc.

–         The public interest whistleblower may challenge the retaliatory measures by applying to the competent court, depending on the nature of the dispute, in whose territorial district he is domiciled.

d)   Prohibition of waiver of rights and remedies

–         Any transaction which seeks to limit or waive the rights and remedies provided by this law is null and void.

This policy will be posted on the Company’s website www.mindit.io and will be annexed to the Internal Regulations.

The designated person, as well as the means of reporting will be made known to each employee and by posting at the Company’s headquarters and workplaces in a visible and accessible place.

The policy will be reviewed whenever necessary. The date of the last revision of this policy is October 16th, 2023.