Whistleblowing Policy

1.  INTRODUCTION

The Whistleblowing Policy of the company COSTAS A. PAPAELLINAS HELLAS S.A. (CPO Greece) (hereinafter referred to as the “Company”) concerns the process of submitting reports through the Company’s internal channels, the process of receiving and monitoring these reports by the Responsible Person for Receiving and Monitoring Reports (Υ.P.P.Α.), as well as the framework of protection provided to the Whistleblowers in accordance with the requirements of Law 4990/2022.

The Company encourages the submission of confidential or anonymous reports regarding violations that may be occurring within the Company, through designated reporting channels. The management and investigation of reports are carried out in an independent manner that allows for the preservation of confidentiality until the facts reported are verified.

The personal data of all involved parties are protected in accordance with the legislative and regulatory framework regarding the Protection of Personal Data.

 

2. PURPOSE

The purpose of this policy is:

  • To implement a system for the internal and external reporting of breaches of Union law, the protection of individuals who report such breaches, the organization of the process for submission, receipt, and monitoring of reports, and the sanctions imposed in case of violation.
  • To encourage those covered by the scope of this policy to submit a report if they become aware of illegal behaviour, as outlined in Paragraph 3.
  • To define the rights and obligations of the Whistleblowers.
  • To establish the principles and framework for managing and investigating reports.
  • To achieve the prevention, combating, and handling of breaches within the Company.

 

3. SCOPE OF APPLICATION

Reports of irregular, unethical, illegal, or criminal behaviour related to the Company’s activities include – but are not limited to – the following:

  • Violation of Union law, namely the rules of Union law that fall under the following areas:
  • Public contracts,
  • Financial services, products, and markets, as well as the prevention of money laundering and the financing of terrorism,
  • Product safety,
  • Transport safety, environmental protection,
  • Radiation protection and nuclear safety,
  • Food and feed safety, animal health and welfare,
  • Public health,
  • Consumer protection,
  • Protection of privacy and personal data, and the security of network and information systems,
  • Violation affecting the financial interests of the Union, as well as violations related to the internal market, including breaches of Union rules on competition, state aid, and violations concerning the internal market related to acts violating rules on corporate taxation or arrangements.
  • Violations of internal law concerning bribery and influence peddling offenses as codified in Articles 159, 159A, 235, 236, 237, 237A, and 396 of the Penal Code (Law 4619/2019, A’ 95) and in Article 134 of Law 5090/2024 (A’ 30).
  • Any violation or weakness in the Anti-Bribery Management System.
  • Violation of the Code of Ethics, the Work Regulations, and the Anti-Bribery Policy established by the Company.
  • Breaches of confidentiality and protection of personal data.
  • Any form of harassment (e.g., sexual, racial, religious, gender identity, etc.), as well as abuse of power.

The provisions of this Policy do not affect or exclude, in any case, direct reporting to the National Transparency Authority.

 

4. INDIVIDUAL SCOPE OF APPLICATION

This Policy applies to the following categories of individuals (hereinafter “Whistleblowers”):

  • Employees, both current and former, whether on fixed-term or indefinite contracts, part-time, seasonal workers, or those with any other employment relationship or assignment.
  • Shareholders and members of the Company’s Board of Directors, including non-executive members, as well as volunteers and paid or unpaid interns.
  • Individuals who report or disclose publicly information regarding violations that were obtained during an employment relationship, which has ended for any reason, including retirement, as well as to Whistleblowers whose employment relationship has not yet started, in cases where information about violations was obtained during the hiring process or at another stage of negotiations before the conclusion of a contract.
  • Third parties who are contractually linked to the Company, as well as any individuals working under their supervision and instructions (referred to in this policy as “external collaborators”), specifically consultants, contractors, subcontractors, suppliers, and all kinds of partners.

 

5. SUBMISSION AND RECEIPT OF REPORTS

Each employee, as well as any other person defined in Paragraph 4, who has obtained information regarding violations as defined in Paragraph 3 in the course of their work duties, is entitled to submit Reports, which may also be made anonymously.
The Person Responsible for Receiving and Monitoring the reports (“Y.P.P.A.”) who will be the competent authority for receiving and examining the Reports is Angeliki Charalampidi, the Company’s Responsible Pharmacist.

The Y.P.P.A. is responsible for:

  • Providing appropriate information regarding the possibility of submitting a report within the entity and communicating the relevant information in a visible place within the entity,
  • Receiving reports concerning violations within the scope of this policy,
  • Confirming the receipt of the report to the Whistleblower within seven (7) working days from the day of receipt,
  • Taking the necessary actions to ensure that the competent bodies of the entity or, where appropriate, other relevant bodies address the report, or concluding the process by archiving the report if it is unintelligible, submitted abusively, or does not contain incidents that constitute a breach of Union law, or if there is no strong indication of such a violation, and informing the Whistleblower of the relevant decision. The Whistleblower, if they believe the matter was not adequately addressed, may resubmit it to the National Transparency Authority (E.A.D.), which, as an external channel, exercises the duties outlined in Article 12,
  • Ensuring the protection of the confidentiality of the Whistleblower’s identity and any third party named in the report, preventing access to it by unauthorized individuals,
  • Monitoring the reports and maintaining communication with the Whistleblower, and if necessary, requesting further information from them,
  • Providing updates to the Whistleblower on the actions taken within a reasonable timeframe, which does not exceed three (3) months from the confirmation of receipt or, if no confirmation was sent to the Whistleblower, within three (3) months from the end of the seven (7) working days from the submission of the report,
  • Providing clear and easily accessible information on the procedures under which reports can be submitted to the E.A.D. and, where applicable, to public authorities or institutional bodies or organizations of the European Union, and
  • Designing and coordinating educational actions related to ethics and integrity, participating in the formulation of internal policies to enhance integrity and transparency within the Company.

The Report can be submitted through the following channels:

  • Electronically by filling out a form on the official Company website cpogroup.gr,
  • In the report box within the Company’s building,
  • By mail to the address: Agion Anargyron 170, Koropi 194 00,
  • Verbally, through a personal meeting with the Y.P.P.A. upon the Whistleblower’s request.

 

Additionally, the following general principles and guidelines must be followed when submitting reports:

  • The report of the violation should be made in good faith and without delay, as soon as it becomes known.
  • The report must be clear and include, at a minimum, a detailed description of the events that occurred, how the Whistleblower became aware of them, the date and place of the events, the identities of those involved, and any other information deemed necessary for an effective investigation of the reported events.
  • Sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, health data, data concerning sexual life or sexual orientation, and, in general, information not related to the incident should not be included in the report.
  • The Whistleblower does not need to be absolutely certain of the validity of their report. It is sufficient to have reasonable concerns or suspicions and to act in good faith. They should not engage in illegal actions that could put themselves, the Company, or a third party at risk to gather additional evidence to support their report.
  • The Whistleblower should be available and accessible, whether confidentially or anonymously, to provide further information if requested.

Additionally, it is mentioned that the external channel of the E.A.D. is in operation. This is a confidential electronic reporting channel that can be used to submit reports regarding violations of Union law detected within the employment context, regardless of whether a report has been submitted through the Company’s internal channels. More information on submitting reports to the E.A.D. can be found at the following link: https://extwhistle.aead.gr/#/.

 

6. MAINTENANCE OF REPORTS RECORD

The Y.P.P.A. maintains a record for each report received, in accordance with the confidentiality requirements set out in Article 14 of Law 4990/2022. The reports are stored for a reasonable and necessary period of time to ensure they can be retrieved, that they comply with the requirements imposed by this policy, Union law, or national law, and in any case, until the completion of any investigation or judicial procedure initiated as a result of the report involving the reported individual, the Whistleblower, or third parties.

When a report is submitted via a telephone line or another messaging system, the conversation may be recorded, provided the Whistleblower has lawfully consented. The Y.P.P.A. has the right to document the oral submission of the report either by recording the conversation in a stable and retrievable format or by making a full and accurate transcription of the conversation, which is created for handling the report, giving the Whistleblower the opportunity to verify, correct, and agree with the transcription of the conversation by signing it.

When a person requests a meeting with the Y.P.P.A. to submit a report, subject to the Whistleblower’s consent, full and accurate minutes of the meeting are kept in a stable and retrievable format. These may either be in the form of a recorded conversation in a stable and retrievable format or in the form of accurate minutes of the meeting, drafted by the Y.P.P.A. for handling the report. The Whistleblower is given the opportunity to verify, correct, and agree with the meeting minutes by signing them.

In case of refusal to sign the report, this is noted by the Y.P.P.A.

 

7. PROTECTION MEASURES FOR WHISTLEBLOWERS

The Company encourages its employees and external collaborators to report violations through the existing reporting channels.

The Company is obligated to protect all individuals included in the Scope of Application (paragraph 3) of this Policy who report violations in good faith. Specifically, it commits to making every reasonable effort to ensure that data leading to the identification of the Whistleblower is not disclosed beyond the authorized staff members responsible for receiving or monitoring reports, unless the Whistleblower provides explicit consent or disclosure is required by applicable Union or national law, in accordance with the relevant conditions. In the latter case, the Whistleblower will be informed in writing in advance, unless otherwise provided in the relevant legislation.
The Company prohibits any form of retaliation against the Whistleblower, including threats and retaliatory actions.

The following forms of retaliation are expressly prohibited:

  1. Suspension, dismissal, or other equivalent measures,
  2. Demotion, omission, or denial of promotion,
  3. Removal of duties, change of workplace, reduction of salary, change of working hours,
  4. Denial of training,
  5. Negative performance evaluation or negative professional references,
  6. Reprimand, imposition of disciplinary or other measures, including monetary penalties,
  7. Coercion, intimidation, harassment, or marginalization,
  8. Discrimination or unfair treatment,
  9. Non-conversion of a temporary contract to a permanent one,
  10. Non-renewal or premature termination of a temporary contract,
  11. Deliberate harm, including defamation, particularly on social media, or economic harm, including business damage and loss of income,
  12. Listing on a blacklist, based on a sectoral or industry official or unofficial agreement, which may imply that the person will not be able to find employment in the sector or industry in the future,
  13. Premature termination or cancellation of contracts for goods or services,
  14. Revocation or cancellation of diplomas or licenses,
  15. Referral for psychiatric or medical monitoring,
  16. Refusal or denial of providing reasonable accommodations to individuals with disabilities.

 

8.  EXAMINATION OF REPORTS AND FOLLOW-UP ACTIONS

The Responsible Person for Receiving and Monitoring Reports (Y.P.P.A.), who is also a member of the Anti-Bribery Compliance Structure, is responsible for investigating each report after immediately informing the other members of the Company’s Compliance Structure, in case the report concerns a reasonable belief, attempted, presumed, or actual bribery, or any violation or failure of the Anti-Bribery Management System or violation of the Company’s Code of Ethics, Work Regulations, or Anti-Bribery Policy.

Furthermore, another relevant body (e.g., the Anti-Bribery Compliance Structure) or other senior company executives may be designated to the investigation team if the investigation requires specialized knowledge, and no conflict of interest arises concerning the report. If deemed necessary, external collaborators, such as legal advisors, external auditors, and specialized experts, may also assist in the investigation. Throughout the investigation, the principles of impartiality, fairness, and confidentiality toward all parties involved are maintained.

During the investigation, if necessary, contact with the Whistleblower may be requested, and further information may be sought from them regarding their report.

The team handling the report, which is formed on a case-by-case basis, takes the necessary actions to address the report by the relevant company bodies or concludes the process by archiving the report if it is inadmissible, submitted abusively, or does not contain incidents that constitute a violation of EU law or if there is no substantial evidence of such a violation. The Y.P.P.A. will then inform the Whistleblower of the archiving decision.

After completing the investigation, the Y.P.P.A. informs the Whistleblower, if the report was made under their name, of the decision taken regarding their report. The feedback to the Whistleblower is provided no later than three (3) months from the confirmation of the receipt of the report or, if no confirmation has been sent to the Whistleblower, three (3) months from the end of the seven (7) working days after the submission of the report.

Additionally, the investigation team compiles a report summarizing the investigations conducted and the evidence gathered. These findings are communicated to the heads of the relevant departments, Senior Management, and the Board of Directors, so that corrective or disciplinary/legal actions can be decided upon. During these activities, the confidentiality of the Whistleblower is respected, and any retaliatory actions against them or any other involved party are prohibited (Section 7 of the Policy).

 

9. CONFIDENTIALITY AND DATA PROTECTION

Any processing of personal data occurring within the framework of this policy is carried out to fulfil the obligation of establishing reporting channels and taking the necessary measures for their monitoring as outlined in Articles 8 to 12 of Law 4990/2022. Specifically, this processing includes any information related to violations within the scope of internal and external reports, including the exchange or transmission of such information. It is permissible to transmit information contained in the reports to the relevant supervisory and investigative authorities, which may be used as evidence in administrative, civil, and criminal investigations and proceedings.

Any processing of personal data under this policy is carried out in accordance with European and national legislation, as well as the Company’s policy for the protection of personal data.

The Company takes appropriate technical and organizational measures to ensure that, during the submission and monitoring of reports, only the necessary and relevant personal data required for achieving the purposes of this policy are collected. Personal data that is clearly irrelevant to the handling of a specific report, or is excessive, is not collected, or if inadvertently collected, is immediately deleted. Personal data is deleted within a reasonable period after the completion of the investigation.

 

10. SANCTIONS

Whistleblowers are entitled to protection, provided that at the time of the report, they had reasonable grounds to believe that the information regarding the reported violations was true and falls within the scope of Law 4990/2022. Otherwise, a prison sentence of at least two (2) years and a monetary fine is imposed on individuals who knowingly make false reports or false public disclosures.

Additionally, individuals are subject to imprisonment and a monetary fine if they:

  • Hinder or attempt to hinder the submission of a report in cases of violations falling within the protection scope of Law 4990/2022,
  • Retaliate or initiate malicious proceedings against the individuals mentioned in Article 6 of Law 4990/2022,
  • Violate the obligation to maintain the confidentiality of the Whistleblower’s identity in violation of Article 14 of Law 4990/2022 and this Policy.

When determining the penalty, the severity of the retaliation and the seriousness of the violation are taken into account. If any of the violations listed above are committed for the benefit or on behalf of a legal entity, an administrative fine is imposed on it, ranging from a minimum of ten thousand (10,000) euros to a maximum of five hundred thousand (500,000) euros.

 

11.  NOTIFICATION OF POLICY

All parties involved in this policy are required to comply with it. The Responsible Person for Receiving and Monitoring Reports (Υ.P.P.Α.), in collaboration with the other members of the Compliance Structure of COSTAS A. PAPAELLINAS HELLAS S.A. (CPO Greece), ensures that the employees of the Company are informed that this policy has been communicated to them and that they have been adequately briefed on its contents through appropriate means (in-person or online training, distribution of informational material, etc.).

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.