Whistleblowing Process
(Reporting Channel)
Introduction
This document establishes (and consolidates) the Protection Regulation that houses/ applies to whistleblowers who have obtained information about violations in a professional context, whether employees, customers, suppliers, or board members.
This document applies a set of rules ensuring effective protection of whistleblowers related to act and policy areas. It determines protective measures, in addition to internal rules and procedures for the receipt and treatment of the report of irregularities, in accordance with the applicable legal provisions, as well as the rules, principles and values of KCS IT.
Conditions for integration into the Reporting channel
Whistleblowers benefit from the protection of the Regulation provided that:
-
the whistleblower is in Good Faith;
-
had reasonable grounds to believe that the information about reported violations are true at the time it was transmitted and that it falls within the scope;
-
persons who anonymously communicated or publicly disclosed information about violations, but who have subsequently been identified and retaliated against;
Personal Scope
The Reporting Channel applies and houses:
-
Employees
-
Clients
-
Suppliers
-
Board members or shareholders
-
Management or supervisory bodies
-
Any persons working under the supervision and direction of KCS IT contractors, subcontractors, and suppliers
-
Whistleblowers in cases where they publicly report or disclose information about violations obtained in a professional relation that has, in the meantime, ended.
The protection conferred by this Law is extendable, with appropriate adaptations, to:
-
Natural Person who assists the whistleblower in the whistleblowing procedure and whose assistance should be confidential (Facilitators)
-
Third parties who are connected to the whistleblower (co-worker, family member who may be retaliated against in a professional context...)
-
Legal persons or similar entities that are owned or controlled by the whistleblower, for whom the whistleblower works or with whom he is in any way connected in a professional context
Reporting Channel Objectives
Irregularities covered by this Regulation shall be considered acts in the following areas:
-
Public Procurement;
-
Services, Financial Products and Markets and prevention of money laundering and terrorist financing;
-
Product safety and compliance;
-
Transport Security;
-
Environmental Protection;
-
Damage to the environment;
-
Radiation protection and nuclear safety;
-
Food and feed safety, animal health and welfare;
-
Public Health;
-
Consumer Protection;
-
Privacy protection of personal data and security of the network and information systems;
-
Violations of the Financial Interests of the European Union;
-
Violations related to the internal market including competition and state aid rules, as well as corporate taxation rules;
-
Violent crime, and especially violent and highly organized. As well as organized and economic-financial crime (e.g. active/passive corruption);
Communication Mode
This Regulation underlies a voluntary irregularity reporting regime, the system of receiving, processing and the reporting of irregularities procedure, operates through communication channels dedicated to this purpose, promoting the full integrity, confidentiality of the identity or anonymity of whistleblowers in addition to the confidentiality of the identified third parties mentioned in the complaint, ensuring the impediment of unauthorized persons. The submission of complaints may be made anonymously (in this case, it will have to be requested anonymity by the Whistleblower at the time of the request) or maintaining the confidentiality of the identity of the whistleblower by the personnel authorized to the treatment of the complaint and may in any case be presented in a written and/or verbal manner. In any case, the written complaint (in case of written form) and/or the request for contact for complaint (in case of verbal complaint) must be sent to the email:
Email address: etica@kcsit.pt
Communication Treatment
As defined by this Regulation, all communications of irregularities are treated as confidential information, with the reporting channel, designated persons (who are subject to impartiality clauses) and are responsible for receiving the complaint and maintaining communication with the whistleblower, if necessary, requesting more information and giving the whistleblower feedback commitment to provide such information within a reasonable time.
Personnel Authorized to Treatment
The Reporting Channel, given the criticality of the information, adopts the principle of the need to know, restricting and differentiating between the knowledge of the complaint; and the identity of the whistleblower. Only the authorized personnel in charge of the handling of the complaint may be aware of the identity of the whistleblower. There is a responsible for regulatory compliance who carries out his duties independently, permanently and with decision-making autonomy, having the internal information and the human and technical means necessary for the proper performance of his function. According to the legislation in force, this responsible for regulatory compliance is transversal between the companies of the Group MoOngy S.A. To preserve integrity, limiting information, maintaining greater independence of the operation of the channel, the identity of the Compliance Officer responsible for the maintenance, preservation and integrity of the channel will be mantid to anonymity for the group, transmitting only that it will be ensured by specific personnel and highlighted exclusively to the channel, elements trained in the Reporting Channel are part of the DPG. The Compliance Officer, as well as authorized Personnel, is subject to a specific NDA relating to the Reporting Channel to safeguard any complaint under a strict duty of confidentiality.
Investigation Process
The communication/complaint will be sent internally to the person responsible for the reporting channel. It should determine whether the irregularity communication contains minimal grounds for initiating a fact-finding process. The receipt of a communication/denunciation will always give rise to a case of investigations unless there is manifest lack of grounds.
The authorized personnel who will be in charge of the investigation process should promote the implementation of appropriate measures for the protection of information and data contained in the communications and their records, as well as promote the actions necessary for the initial confirmation of the grounds. KCS IT undertakes to inform the author of the communication within a reasonable period (may not exceed three months after notification sent to the whistleblower), of the measures envisaged or taken to follow up the complaint and the reasons for the choice of such follow-up, as well as the findings of the investigation.
The investigation process ends with the documentation of the results, grounds, and conclusions in addition to the formulation of recommendations and measures appropriate to the situation, otherwise, if it is considered unfounded (due to scarcity or invalidity), the complaint will be filed.
Protection Measures
Prohibition of Retaliation
The Denunciation cannot imply, by any mean or way, acts of retaliation (are also part the Ames or attempts), or omission that directly or indirectly occurs in a professional context and motivated by a complaint cause or may cause to the whistleblower or facilitators of the complaint, in an unjustified manner, property damage or non-property damage harassment, intimation or discrimination, KCS IT must ensure that this does not occur. The person who performs an act of retaliation compensates the whistleblower for the damages caused, the whistleblower may request the appropriate measures to the circumstances of the case, to avoid the verification or expansion of the damages. The disciplinary penalty imposed to the whistleblower up to two years after the complaint or public disclosure is presumed abusive, all those listed int he section "personal scope" are covered by this protection.
Exception due to the need for sharing
If for any reason is exceptionally necessary the whistleblower’s identity to be provided to any other party throughout the investigation process, the complainant will receive a request for consent (on the grounds that it is considered as a necessary and proportionate obligation to be given by the identity) to be given by the individual, so that he allows (or does not allow) of his own free will, sharing identity to the part to which information is conceivable as essential for research in order to safeguard the rights of defence of the person concerned.
It should be noted, this request for consent will be requested from the whistleblower, one for each individual (in a singular way) to which sharing is essential. Under the legislation on the Reporting Channel, the situation of such identity consent information to whistleblower may harm investigations or judicial proceedings in the context of an investigation by national authorities, in this particular situation consent to Whistleblower is derogated.
Support Measures
The Whistleblower is entitled in general terms to legal protection and may benefit from measures for the witness protection in criminal proceedings. KCS IT is responsible for recognizing the status of the Whistleblower through certification.
Personal data
It should be taken into account that the confidentiality of the identity of the whistleblower also applies to the identity of persons listed in the " personal scope". The information collected under the reporting channel shall be used exclusively for the purposes provided for therein. The maximus protection established under the General Data Protection Regulation will be ensured for the processing of each complaint and especially the Identity of the Whistleblower. In addition, the Data Minimization Principle will ensure that authorized personnel have access to the minimum necessary information regarding the identity of the Whistleblower. Without specifying, the other principles (such as limitation of processing, responsibility...) and GDPR practices will be applied to ensure the protection of the whistleblower's data.
Irreducibility of Rights
To ensure integrity and frustrate any impediments or pressures of third parties to the whistleblower and other listed, covered by the protection, the Right to Protective Measures referred to is totally renounceable and may not be waived or limited by any agreements, policies, forms, or conditions. Contractual provisions limiting or obscuring the submission or follow-up of complaints or public disclosure of infringements under this Law shall be null and void.
Denunciation Funding
Those responsible for handling the complaint have the right to capture (with the consent and choice of the whistleblower the recording mode, whether in written form - reports, minutes - or verbal - in the form of audio capture or other forms of multimedia)
Reliable information production and dissemination
The information relating to the complaint is kept for one year, in order to be integrated ( maintaining the maximum confidentiality) in the report about the preventive activity of the company, to evaluate the integration and operations of the Whistleblowing channel, in addition to guiding the preventive activity of the company, rationalizing the allocation of available resources and increasing the level of effectiveness of the system, in order to enable global understanding with the greatest possible approximation of the contours of these crimes and the effectiveness of their investigation, in addition to scrutinizing the overall response time of the reporting channel.
This regulation Irregularity Reporting Regulation is reviewed annually after annual report on the implementation and operation of the Whistleblowing Channel and is fully supported by our management.