Whistleblowing Policy

Sfakianakis Group (hereinafter referred to as the “Group”) operates in accordance with the rules of professional ethics, integrity, transparency, and ethics. At the same time, it creates and implements policies to comply with the current legislative and regulatory framework.

With this Whistleblowing Policy, the Group complies with the Directive (EU) 2019/1937 and National Law 4990/2022 on the protection of persons who report violations of EU law. The Whistleblowing Policy aims to establish a system for internal reporting of violations of EU law, to protect persons reporting such violations and to organize the submission process, receipt, and follow-up of reports.

The Group has zero tolerance for actions that may disrupt its healthy working environment, harm it and jeopardize its reputation and credibility. It encourages reporting as soon as it is noticed. All reports are taken seriously and investigated with complete objectivity and independence. The Group assures those who make reports will be protected from any retaliation and that the personal data of all parties involved are protected by applying the necessary technical and organizational security measures.

2 Definitions

‘Report’ means:

the oral or written or through an electronic platform provision of information regarding violations of the current policy.

a) “Internal reporting” means the oral or written or through an electronic platform provision of information on violations to the Person responsible for Receiving and Monitoring Reports (YPPA) of a legal entity in the public or private sector.
b) “External reporting” means the oral or written or electronic provision of information on violations to the National Transparency Authority.
‘Person concerned’ means:

the person named in the internal or external reporting or public disclosure as a person to whom the violations is been attributed or who is related to the person to whom the violation is attributed falling within the scope of this Directive.

‘Reporting person ‘ means:

the person, who makes an internal or external reporting or public disclosure, providing information about violations obtained in the context of occupational place.

‘Retaliation’ means:

any direct or indirect act or omission, occurring within the work-related context, which causes or is likely to cause unjustified damage to, or put the reporting person at a disadvantage, and relates to internal or external reporting or public disclosure.

Good reasons:

a legitimate belief by a person with similar knowledge, education, and experience to the reporting person that the information in his or her possession is true and constitutes a violation of ΕU law falling within the scope of this Directive.

Public disclosure:

making information about violations directly available to the public.

Facilitator:

the person assisting the reporting person in the reporting process within the employment context, whose assistance must be confidential

Follow-up actions

any act carried out by the report recipient or any authority or entity to which the report is referred due to jurisdiction, with the purpose of evaluating the accuracy of the claims included in the report and addressing the reported violation. This can include internal investigation, inquiry, prosecution, lawsuit for fund recovery, or conclusion of the process.

Update:

to inform reporting persons of the measures envisaged or taken in the context of monitoring and the reasons therefor.

Working context:

current, past or anticipated work activities in the public or private sector, irrespective of the nature of those activities, through which persons obtain information about violations and where those persons are likely to suffer retaliation if they report them.

Violations:

acts or omissions that are illegal under EU law or contrary to the objective or purpose of EU Law rules that fall within the material scope of this law

Information about violations:

information, including reasonable suspicions, about violations that have occurred or are very likely to occur in the organization in which the reporting person works, has worked or will work or is in negotiations to work or in other bodies with which the reporting person has had contact through or in connection with his or her work; as well as information about attempts to conceal these violations.

External collaborators:

Third parties contractually linked to the Group as well as their staff, namely consultants, subcontractors, contractors, suppliers, all kinds of partners, shareholders, etc.

Responsible for Receiving and Monitoring reports or YPPA.:

The person who receives and monitors the progress of reports.

Committee for the Management of Reports (RMC):

The committee responsible for managing and investigating Reports.

Employee:

The person who contracts with the company with an employment contract of fixed or indefinite duration or the person connected to the Group by another employment relationship or the person who is seasonal staff or the person employed as a trainee in the Group.

Reporting channels:

The channels through which reports are submitted include the means used for reporting and the persons to whom reporting persons can be contacted.

Malicious Reporting:

A Report made with the Reporting person’s knowledge that it is not true.

Good faith:

The situation which gives rise to a reasonable belief in the Reporting person that he or she has reasonable faith that the information he provides is true.

Platform:

The specially designed electronic platform that is accessible online via computer or mobile device.

3 Scope – Reporting persons

Reports, under this Policy, may be submitted by anyone who acquired information on Violations in a work-related context including (the “Reporting persons”) and in particular:

(a) employees, regardless of if their employment is full or part time, permanent or seasonal, or if they are dispatched from another entity;

(b) self-employed persons, consultants or persons working from home;

(c) shareholders and persons belonging to the administrative, management or supervisory body of the Group, including any non-executive members, as well as volunteers and paid or unpaid trainees;

(d) any persons working under the supervision and direction of contractors, subcontractors and suppliers;

(e) persons whose employment relationship has ended, including through retirement, and employment candidates.

4 Material Scope

This Policy concerns the submission and management of reports related to reprehensible behaviors which consist of violations of the legislation and the individual Policies of the Group.

Indicatively, reprehensible behaviors are the following:

Leak of confidential information
Criminal activity
Non-compliance with legal or professional obligations or regulatory requirements
Harm to the environment
Bribery and corruption, such as fraud, embezzlement, theft, forgery
Participation in or facilitation of tax evasion
Violence and harassment of various forms
Acts related to sexual exploitation and abuse
Acts associated with threats, blackmail, and use of force
Acts associated with the deliberate concealment of the above reprehensible behaviors

In addition to the above, the cases of article 4 of Law 4990/2022 and Part I of its Annex fall within the objective scope of this Policy. More specifically,:

(a) Infringements of EU law relating to the following areas:

Violations related to the Public Procurement Sectors
Offences affecting the Financial Services, products and markets sectors as well as the prevention of money laundering and terrorist financing
Product Safety and Compliance Violations
Violations affecting transport safety
Violations in the fields of Environmental Protection
Violations in the areas of radiation protection and nuclear safety
Violations in the Field of Food and Feed Safety, as well as Animal Health and Welfare
Violations in the Public Health Sector
Infringements in the Field of Consumer Protection
Violations in the Area of Privacy and Personal Data, as well as the Security of Network and Information Systems

b) Violations affecting the Economic Interests of the Union of Article 325 of the Treaty on the Functioning of the European Union (TFEU) and the specific provisions of the relevant Union measures.

(c) Infringements relating to the internal market, as referred to in paragraph 2 of Article 26 TFEU, including infringements of Union competition and State aid rules, as well as infringements relating to the internal market relating to transactions that infringe corporate tax rules or arrangements, the purpose of which is to secure a tax advantage that frustrates the object or purpose of the applicable law Corporate Tax Legislation.

Whistleblowing Policy does not cover:

Disagreements on issues concerning management policies and decisions.
Personal issues and disagreements with colleagues or superiors.

5 Reporting Channels

The Group establishes easily accessible reporting channels, encourages the submission of incident reporting that falls within the scope of this Policy and guarantees that all reports received are treated confidentially. The report can be submitted confidentially or anonymously. By submitting a named report, the reporting person’s personal details may be disclosed to the Person concerned if requested, under the terms and conditions of applicable personal data legislation. If the reporting person does not wish to submit the report confidentially ,disclosing the name, has the option to submit the report anonymously.

The ways to submit Reports are as follows:

Through the platform for the submission of reports which meets all safety standards:

Information systems.
Personal data protection.
The confidentiality or anonymity of the reporting person.

It also provides the ability to monitor the status of the report from the beginning of the report until its completion. Access to the online platform is available on the Group’s website and we encourage reporting persons to use it as it is the most comprehensive and secure means of managing reports.

In writing, confidentially by sending an e-mail to whistleblowing@sfakianakis.gr

In writing, confidentially or anonymously by sending a postal letter to the YPPA of the Group at the address 5-7, Sidirokastrou str., P.C. 11855with the indication “personal and confidential”..

Orally, by phone at 210 3499980 or personal meeting with the YPPA at the request of the reporting person.

Regardless of the reporting channel, all reports are received and managed by the YPPA which is responsible for communicating with the reporting person.

6 Guidelines for Reporting

Here are general guidelines for reporting:

Reporting of misconduct should be made in good faith and without delay, as soon as it becomes apparent.
The Report should be clear, defined and contain as much information and detail as possible in order to make it easier to investigate.
The Report should include the name of the person(s) who may have committed any misconduct, the date/time period and place where the incident took place the company to which the incident relates, the type of misconduct and as detailed a description as possible.
Any personal data and other sensitive information unrelated to the incident should not be included in the Report.
The Reporting persons need not be sure of the validity of their Report. They should not take any illegal actions that may endanger themselves, the Group or any third party to seek and collect more evidence to support their Report.
The Reporting Person should be available, either confidentially or anonymously through the online reporting platform, to provide further information upon request.

7 Responsibilities of the YPPA

The YPPA has the following responsibilities:

Provides appropriate information on the chance of reporting within the organization and communicates this information in a prominent place on the organization.
Receives reports of violations falling within the scope of this Directive.
Acknowledges receipt of the report to the reporting person within seven (7) working days from the day of receipt.
Takes the necessary actions so that the competent bodies of the entity or the relevant competent authorities address the report, or they conclude the process by filing the report if it is incomprehensible, submitted abusively, does not contain facts that constitute a violation of EU Law, or if there are no serious indications of such a violation. The relevant decision is then communicated to the Reporting Person, who, if they believe that the issue was not effectively addressed, can resubmit it to the National Transparency Authority (E.A.D.), which, as an external channel, exercises the powers of Article 12.
Ensures the protection of the confidentiality of the identity of the reporting person and of any third parties named in the report by preventing access to it by unauthorized persons.
Monitors reports and maintains communication with the reporting person and, if necessary, requests further information from the reporting person.
Informs the reporting person of the actions taken within a reasonable period of time, which shall not exceed three (3) months from the acknowledgement of receipt, or if no acknowledgement has been sent to the reporting person, three (3) months from the end of seven (7) working days from the submission of the report.
Provides clear and easily accessible information on the procedures under which reports may be submitted to the National Transparency Authority. and, where applicable, public bodies or institutions, bodies, offices, or agencies of the European Union.
Plans and coordinates training activities on ethics and integrity, participates in the formulation of internal policies to enhance integrity and transparency in the institution.

The Person for the Receipt and Monitoring of Reports (YPPA) shall:

Carry out his/her duties with integrity, objectivity, impartiality, transparency and social responsibility.
Respect and observe the rules of secrecy and confidentiality for matters of which he/she has become aware in the performance of his/her duties.
Refrain from handling specific cases, declaring an impediment if there is a conflict of interest.

The Group ensures that if the YPPA performs other duties, that the execution of these duties does not affect their independence and does not lead to a conflict of interest in relation to his duties.

Dimitris Patsiavas, Group Data Protection Officer, is appointed as YPPA.

8 Responsibilities of the Reports Management Committee (RMC)

The management of reports submitted through the Reporting channels is carried out by the RMC, in accordance with the Complaint Management Process which has the following responsibilities:

It examines the admissibility of reports brought to its attention by all established reporting channels of the Group.
Evaluates reports.
Communicates with the YPPA to exchange the necessary information.
Takes all appropriate measures to protect the personal data of the subjects involved in the reports and ensure their deletion in accordance with the deadlines set.
Supervises the Internal Investigation Process of Accepted Reports.
Maintains a central register of Reports.

9 Appointment of members of the RMC

The following are defined as members of the RMC:

Regular members, who undertake the management of all Reports except in cases where alternate members take over.

Zeta Ziova, Chief Administrative Ofiicer
Giorgos Alevizos, Group Business Development & Finance Director
Stavroula Tziamourani, HR Business Partner

9.1 Substitute members, who take up their duties in the event that one or more regular members are removed from office for allegedly being involved in the report under consideration.

Nikos Patsatzis, Chief Real Estate Officer
Nektarios Mavrelis, Head of Group IT

10 Report Management Process

The reporting process is described in the following steps:

The reporting person shall submit the report to one of the reporting channels.
YPPA receives the report and confirms to the reporting person that it has been received within 7 days.
YPPA evaluates the report if it falls within the scope of the Law and forwards it to the RMC.
If the report does not fall within the scope of the Law, YPPA informs the RMC and, unless there is a different assessment by the RMC, concludes the procedure and informs the reporting person.
If the report falls within the scope of the Law, YPPA forwards the report to the RMC which undertakes the management of the investigation of the complaint within the organization. If the reporting person is a member of the RMC, then he is relieved of his duties and one of the substitute members is appointed in his place.
YPPA informs the reporting person that his report has been accepted.
The investigation of the report is conducted.
The RMC informs the YPPA at regular intervals about the progress of the investigations, who must inform the reporting person no later than 3 months after receipt of the report, of the results of the investigation even if the investigation has not yet been completed.
Upon completion of the investigation, the RMC informs the YPPA and he, in turn, the reporting person of the final results of the investigation.

11 Rights of Reporting person and person concerned

The Reporting person has the right to be informed both of the receipt of his Report (at the latest within 7 working days) and of the outcome of the investigation (at the latest within 3 months).

The Group protects both reporting person and person concerned. The investigation shall be conducted in full secrecy and confidentiality at all stages of the procedure, as far as possible, to avoid stigmatizing individuals.

The persons concerned have the right to be promptly informed about the misconduct they are accused of, the individuals who have access to the data included in the Report, and the right to be called for a defense. However, if there is a serious risk that such notification could impede the investigation of the case and the collection of necessary evidence, the notification of the individuals mentioned in the Report may be postponed until this risk no longer exists.

The identity of the Reporting person shall remain confidential. Exceptionally, if the Report proves to be malicious, and if the reported person so requests, he/she may be informed of the identity of the Reporting Person to exercise his/her legal rights. It is clarified that reports that are proven to be manifestly malicious will be further investigated at the discretion of the Group both as to the motives and as to those involved, in order to restore order by any legal means and methods.

12 Protection of Reporting Persons

The Group protects the reporting person who reports, in good faith, any illegal or unethical behavior. In this context, any kind of negative behavior against anyone who has made a Report is prohibited, even if the Report turns out, as a result, to be incorrect. The Reports Management Committee and Management ensure that there is no retaliation if anyone in good faith submits a Report. More specifically, the Group commits that employees who have submitted a Report will not suffer retaliation, harassment or marginalization, intimidation or threats and unfair treatment because of their Report. In accordance with the provisions of Article 17 of Law 4990/2022, any form of retaliation against the reporting persons is prohibited, including threats and retaliatory actions.

Πιο συγκεκριμένα, ο Όμιλος δεσμεύεται ότι οι εργαζόμενοι που έχουν υποβάλει Αναφορά δεν θα υποστούν one of the following forms of retaliation, prohibited by law:

dismissal or other equivalent measures,
relegation, omission or deprivation of promotion,
removal of duties, change of place of work, reduction of salary, change of working hours,
deprivation of training,
Negative performance evaluation or negative professional recommendation,
reprimand, disciplinary or other measure, including a fine,
coercion, intimidation, harassment or marginalisation,
discrimination or unfair treatment,
non-conversion of a temporary employment contract into a permanent contract,
non-renewal or early termination of a temporary employment contract,
intentional harm, including reputational damage, in particular on social media, or economic damage, including business damage and loss of income,
inclusion on a ‘blacklist’), on the basis of a sectoral or sectoral formal or informal agreement, which may mean that the person will not find a job in the sector or sector in the future,
early termination or cancellation of a contract for goods or services,
revocation or cancellation of a license or license,
Referral for psychiatric or medical follow-up,
refusing or denying reasonable accommodations to persons with disabilities.

The same level of protection applies to third parties associated with reporting persons who could suffer retaliation in a work-related context, such as colleagues or relatives of reporting persons.

In case the Reporting person is an external partner, premature termination or cancellation of a contract for goods or services as a result of the Reporting is not permitted.

Any act of retaliation should be immediately reported to the RMC, investigated, and resolved. If the investigation reveals that there has indeed been retaliation, disciplinary action will be imposed against the perpetrator. The person accused of committing the retaliation has the burden of proving that his actions are not related to the Report made by the employee.

In the event that an employee decides to Report an incident covered by this policy and in which the Reporting Person was the person concerned or otherwise involved may be, the fact that they ultimately reported it will be considered in their favor in any other subsequent proceeding.

In case the Report is made confidentially and after investigation it is proven that thanks to it the Group protected its vital financial or other interests, the person who made the Report may be rewarded in the most appropriate way.

13 Investigation of a report

The Group undertakes to treat with due care any Report, whether named or anonymous. The Investigator and the Investigation Team, where necessary, investigate the incidents contained in the Report as soon as possible. Where necessary and depending on the Report, additional professional support may be received from other company executives as well as external specialized consultants.

14 Confidentiality – Anonymity

The Group encourages employees and contractors to raise concerns about potential misconduct through existing Reporting channels. It also undertakes to make every effort and take all appropriate measures to protect the identity of both the Reporting person and the persons included in the Reports and to handle the case in full secrecy and confidentiality.

In any case, during the investigation of an incident, the identity of the Reporting Person shall not be disclosed to anyone other than the authorized persons competent to receive, monitor and investigate the reports, i.e. other than the members of the Reports Management Committee, the Investigating Officer, the Investigation Team including any qualified external advisors, who have been specifically called to investigate the incident; unless the Reporting person has given explicit consent or the Report proves malicious.

Anonymity is achieved using appropriate technical and organizational measures and mainly through the reporting platform where it is possible to submit either a named or anonymous Report. The Platform supports anonymous reporting, two-way communication and meets high security standards.

15 Personal Data

Any processing of personal data under this policy is conducted in accordance with the national and European legislation applicable to personal data as well as the Group’s Privacy Policy. The data of all parties involved are protected and processed solely in relation to each Report and for the sole purpose of verifying the validity or otherwise of the Report and investigating the specific incident.

The Group takes all necessary technical and organizational measures to protect personal data, in accordance with the Group’s privacy policy.

Sensitive personal data and other data not directly related to the Report are not taken into account and deleted.

Access to the data contained in the reports can only be granted to those involved in the management and investigation of the incident, such as members of the Reports Management Committee, the Investigating Officer and the Investigation Team, including specialized external consultants.

Personal data and material obtained during the handling of the Report shall be deleted within a reasonable time from the completion of the investigation initiated on the basis of the Report.

16 Corrective actions and disciplinary actions

Depending on the results of the investigation, the Reports Management Committee proposes corrective and/or disciplinary/legal actions. These actions may include (but are not limited to): (a) additional employee training, (b) establishment of new internal control points, (c) amendments to existing policies and/or procedures, (d) disciplinary sanctions including permanent removal/dismissal, or (e) legal action.

17 Information and education

The Group ensures that all employees of the company will be informed and trained on the content of this Policy and on any new revision.

External partners are committed to informing their staff accordingly. This will be done by highlighting this reporting policy and in addition to providing them with material that the Group will provide them with.

Information and awareness actions will be continuous both internally and externally to establish a positive corporate reporting culture that will support the principles of integrity, honesty and transparency.

Create a report