Whistleblower Policy

Leinonen Group

INTERNAL WHISTLEBLOWING CHANNEL ADMINISTRATION POLICY

GENERAL PROVISIONS

  1. The aim of the Internal Whistleblowing Administration Policy (hereinafter – the Policy) is to regulate the following procedures: 
    • whistleblowing within the Company using the internal whistleblowing channel operating in the Company;
    • receiving of the notices;
    • assessment and analysis of the information about a Violation provided in the notice;
    • the procedure for informing the person concerned.
  2. The present Policy is aimed at ensuring compliance with the legislation on the protection of whistleblowers.
  3. Terms used in the Policy:
    • Person reporting a Violation (Person) – a person who provides information about a Violation to a Competent Person within the Company with which he has a service, employment relationship or contractual relations (consulting, contracting, work placement, apprentices, volunteering, etc.).
    • Competent Person – a person appointed by the Company or the competent authority which administers the internal whistleblowing channel, analyses information about Violations received through it (or by other means), ensures confidentiality of the person who reported Violations, except for the cases provided for in legal acts, and performs other functions set in legislation.
    • Whistleblower – a person who reports a Violation within the Company with which he or she has a service or employment relationship or contractual relations (consulting, contracting, work placement, apprentices, volunteering, etc.) and who is recognized as a whistleblower by the Competent Person.
    • Violation – any criminal offence, administrative infringement, official misconduct or infringement of work responsibilities, as well as a gross Violation of compulsory professional ethics or another legal infringement threatening the public interest or breaching the public interest   potentially in preparation, being committed or committed which the Whistleblower discovers from pre-existing or currently existing service, employment relationship or contractual relations with the Company.
    • Internal whistleblowing channel – the procedure for reporting Violations within the Company, analysis of the provided information and informing of the person concerned developed and applied in the ways provided for in the Policy.
  4. Notices received within the Company shall be accepted, registered, reviewed and measures for protection of Whistleblowers shall be guaranteed under the applicable legislation and the present Policy.

REPORTING VIOLATIONS

  1. Information about Violations is reported to protect the public interest. Providing information for the purpose of defending exclusively personal interests is not considered a Violation report.
  2. A report might be submitted regarding breaches concerning:
    • danger to public safety or health, personal life or health;
    • environmental hazards;
    • obstructing or unlawfully influencing investigations conducted by law enforcement authorities or courts in the administration of justice;
    • financing of illegal activities;
    • illegal or non-transparent use of public funds or property;
    • illegally acquired property;
    • concealment of the consequences of the committed violation, obstruction to determine the extent of the consequences;
    • harm to European Union (EU) financial interests, as set in EU legislation;
    • harm to EU internal market, as set in EU legislation;
    • other breaches set in applicable legislation.
  3. Any person who has a service, employment relationship or contractual relations (consulting, contracting, work placement, apprentices, volunteering, etc.) with the Company may report a Violation through the Internal whistleblowing channel.
  4. Information about Violations shall be provided in writing. The Person reporting a Violation must complete an online form. In addition to remote reporting options, an in-person reporting is available by reporting  to the Country manager (CM) of the respective Leinonen country or the CEO of Leinonen group either in-person or via an e-mail. However, it is expressly understood that by choosing this in-person reporting option, the reporting party voluntarily waives their rights to anonymity. The party receiving the report, in turn, undertakes the responsibility to ensure that no retaliatory or revenge measures are taken against the reporting party, and commits to taking all necessary measures to safeguard the confidentiality and protection of the reporter.
  1. When Violation submitting report, the person must indicate:
    • who, when, in what way and what kind of violation is being planned, is being done or has been committed, etc.;
    • the date and circumstances of becoming aware of the violation;
    • name, surname, personal identification number or date of birth (if no personal code is available), workplace, other contact details (personal data shall be disclosed in the person seeks to receive Whistleblower’s protection and resume communication with Competent Person);
    • if possible, any available documents, data or information that reveal signs of a possible Violation.
  2. The person might also report the Violation to competent authority or declare it publicly. Cases when the report regarding Violation shall be made to competent authority directly or might be declared publicly are set in applicable legislation.

REGISTRATION, ASSESSMENT, ANALYSIS OF THE INFORMATION ABOUT A VIOLATION PROVIDED IN THE NOTICE AND ADOPTION OF RESOLUTIONS

  1. Notices shall be accepted and on the same working day registered in a separate register of the document management system of the Company by the Competent Person. If a notice is submitted outside working hours, the Competent Person shall carry out the actions listed in the present clause of the Policy on the next working day.
  2. After the Competent Person receives a notice in compliance with the requirements provided of the present Policy and applicable legislation, from the moment of receipt of the notice he or she must ensure confidentiality of the Person who submitted the notice in the ways and taking the measures set in the Policy and shall immediately assess the information about a Violation received. Confidentiality does not have to be ensured if the person requests it or if submitted information is knowingly false.
  3. After the Competent Person receives information about a Violation, he or she must:
    • ensure that obtained information about a Violation and related data are kept in a secure manner and that they may be accessed only by the persons who have access rights and the person who analyze the information about a Violation;
    • on request of the Person who reported a Violation, inform the Person in writing about the fact of receipt of such information immediately, however, not later than within 2 working days from the day of receipt of the information;
    • after verification of the provided information about a Violation, inform the Person who reported a Violation in writing about adoption of resolutions within no more than 10 working days;
    • after analysis of the information submitted by the Person and adoption of related resolutions or after receipt of information about the outcome of the review of the notice from another authority which has reviewed the notice, inform the Person in writing about the adopted resolution, the outcome of the research and actions which were taken or which were planned not later than within 2 working days from the day of receipt of the information, specify the procedure of appeal against the adopted resolution;
    • consult the Person who reported a Violation concerning potential or currently imposed negative impact related to the fact of reporting a Violation, concerning ways and measures for protection of his or her rights if the Person so requests.
  4. After assessment of the information about a Violation provided by the Person reporting a Violation, the Competent Person shall adopt one of the following resolutions immediately, however, not later than within 10 working days from the date of receipt of the notice:
    1. to recognize the Person reporting a Violation as a Whistleblower in cases where the information provided in the notice is in compliance with provisions of the applicable legislation and the present Policy;
    2. not to recognize the Person reporting a Violation as the Whistleblower in cases where the information provided by the Person in the notice is not in compliance with provisions of the applicable legislation and the present Policy;
    3. not to examine the notice in the cases where:
      1. the notice is based on obviously inaccurate information;
      2. the Person repeatedly contacts the Competent Person concerning the same circumstances where previously provided information about a Violation was analyzed under the procedure established by the Policy and a resolution concerning it has been taken.
  5. After adoption of the resolution provided for in Clause 14.1 of the Policy (to recognize as a Whistleblower) the Competent Person shall take the following actions:
    1. in cases where the Competent Person is authorized to investigate the Violations specified in the notice, he or she shall establish the fact of existence or non-existence of the Violation and prosecute the persons who committed the Violation or initiate prosecution of the persons who committed the Violation following legal acts regulating corresponding liability;
    2. in cases where the Competent Person is not authorized to investigate Violations specified in the notice, he or she shall send it to another competent authority together with the resolution to recognize the Person as a Whistleblower and shall inform the Whistleblower about it within no more than 2 working days. The authority to which the notice was forwarded shall provide information about the course and the outcome of the investigation of the notice.
  6. After the resolution provided for in Clause 14.2 of the Policy (not to recognize as a Whistleblower) is adopted and if the information provided in the resolution may reasonably serve as the basis for the assumption that another infringement of legal acts was committed which is not defined in the present Policy as a Violation, the Competent Person shall immediately forward the notice to the authority which is authorized to investigate such infringements under the applicable legislation and shall inform the person reporting a Violation about it.
  7. The resolution of the Competent Person not to recognize the person reporting a Violation as a Whistleblower may be appealed before a court under the procedure established by the local applicable legislation.

MEASURES TO PROTECT PERSONS REPORTING A VIOLATION AND WHISTLEBLOWERS

  1. Confidentiality of the Persons reporting Violations and Whistleblowers shall be ensured by the ways and taking the measures provided in legislation.
  2. The Company shall guarantee safe whistleblowing channels and shall take all measures provided for in the present Policy in order that the information about Violations properly reaches the Competent Person.
  3. From the day of provision of information, the Company and its employees shall be prohibited to take any measures having negative effect against the Person reporting a Violation due to provision of such information:
    • to dismiss, 
    • to transfer the Person to a lower or another post, 
    • to intimidate, harass, discriminate, have his or her life threatened, 
    • to limit his or her career opportunities, 
    • to reduce wage, 
    • to change working hours, 
    • to raise doubts concerning competence, 
    • to disclose negative information about him or her to any third persons 
    • or to take any other measures having negative effect.
  4. It is also prohibited to impose any negative impact on family members of the Person who reported a Violation who work for the Company or for another legal entity which has a subordination relationship with the Company where a family member of the Person who reported a Violation may suffer negative consequences due to provision of the information about a Violation.
  5. Protective measures provided for in the present section of the Policy shall be also mutatis mutandis applicable to Whistleblowers.

PERSONAL DATA PROTECTION

  1. According to Clause 6 of the Regulation 2016/679 of The European Parliament and of The Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation (GDPR)), the Competent Person is entitled to process personal data of the Person only if:
    • the Person has given his written consent to the processing of his or her personal data for one or more specific purposes (consent included in the Form for reporting a Violation);
    • the data processing is necessary for compliance with a legal obligation to introduce whistleblower reporting system according to the applicable legislation, to which the Company is subject;
    • the data processing is necessary in order to protect the vital interests of the Whistleblower or other person(s).
  2. Competent Person is obliged to warrant non-disclosure of Person’s identity. Competent Person is entitled to disclose identity of Whistleblower in cases if the Whistleblower’s report is subjected to investigation of respective authority.
  3. Competent Person is liable at the request of the data subject to rectify personal data that is incorrect, incomplete or misleading. Any employee of the Company has the right to request an excerpt of the register to check which information if any is registered about him or her. The information will however not be disclosed if it could jeopardize the investigation, but should be released as soon as action is taken against the person concerned.

FINAL PROVISIONS

  1. Employees of the Company working for it under employment contracts who received personal data of the Person who reported a violation or its contents in connection with performance of their duties hereby undertake to ensure confidentiality of the provided information and the personal data both during and outside of working hours.
  2. The provision of knowingly false information does not give any warranties to the Person in respect to this Policy or applicable legislation. The Person who has knowingly provided false information shall be liable in accordance with the procedure established in legal acts.
  3. The Managing Director of the Company shall be liable for ensuring of functioning of the Internal whistleblowing channel.
  4. At least once a year, the Competent Person shall generalize the practice of receipt and analysis of information about a Violation and shall accumulate statistical data about the number of notices, their assessment results, summarized information about Violations which were disclosed on the basis of information provided by persons. The Competent Person shall provide the information and statistical data provided in the present clause of the Policy to the Managing Director of the Company.
  5. The Competent Person shall be also liable for supervision of compliance with provisions of the present Policy and control of enforcement of the provisions provided herein, as well as periodic review of the Policy at least every 2 years, and the Competent Person shall initiate an update of the Policy after assessment of the practice of application of the Policy, if needed.
  6. Information containing personal data shall be stored for no longer than is required to reach the goals provided for in the Policy. Where information which contains personal data is stored in a virtual repository not for archiving purposes or any reasons of public interest, it must be destructed by the Competent Person by noting it in a separate register of the document management system of the Company.
  7. Employees of the Company shall be familiarized with the present Policy and subsequent amendments by signing or by e-mail. Other persons might access the policy in Company’s website.
  8. If it is discovered that any provision of the present Policy is invalid or impracticable, other provisions of the present Policy shall continue to apply to the highest extent allowed by law. If any provision of the present Policy may be interpreted in two ways, and if according to one of interpretations this provision is invalid, and according to another one it is valid, the interpretation according to which the provision is recognized as valid shall prevail.
  9. Titles of sections of the present Policy are used only for convenience and have no effect on interpretation of the entire Policy.

Submit your tip to Leinonen Group

Get in Touch