Introduction
ATIC aims to maintain the highest standards of openness, decency, integrity and accountability in its work. Everyone who works with or for ATIC must be vigilant for signs of wrongdoing or criminal activity by individuals or organizations working with or for ATIC and are encouraged to report such behavior using this policy.
ATIC strives to protect its integrity and fights against any practice that may be illegal or contradict with its ethical principles. ATIC ensures that its employees, its executives and its other external or casual workers do not commit any act which could engage its liability.
ATIC set up the following procedure in order to facilitate reporting of serious facts, incidents and business wrongdoing. The alert reporting system aims to ensure the strict confidentiality of the procedure and the anonymity of the whistleblower.
Hence, any employee or stakeholder who complies with the rules contained in the present procedure will beneficiate from the status and protection granted to whistleblowers as under currents law. Moreover, this procedure provides the necessary safeguards to confidentiality of the information reported, in the interests of all. Therefore, we encourage you to comply with its terms.
Equal opportunities
ATIC aims to treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity.
Who does this procedure apply to?
This procedure applies to all ATIC’s employees, but also to self-employed workers, shareholders, members, members of management, volunteers, suppliers, subcontractors, former employees, as well as job applicant when the information was obtained as part of an application process.
ATIC encourages its employees to report any incident or wrongdoing in application of this procedure, but underlines that there is no obligation to do so.
What are the conditions to benefit from the whistleblower status?
To meet the definition of “whistleblower” and benefit from its protection regime, the person who
makes a report must:
- Be a natural person;
- Have lawful knowledge of the facts (when the information was not obtained in a professional context, the whistleblower must have personal knowledge of the facts);
- Have made an external or internal report following this procedure;
- Demonstrate good faith regarding the information known by him at the time of the report;
- Act without any direct financial compensation.
Facilitators who assist “a whistleblower during the reporting process in a professional context and whose assistance should be confidential” will also benefit from the whistleblower protection regime. Facilitators may be, for example, an association or a company’s union that accompanies the whistleblower in the procedure.
What should be reported
A reportable act is one made in the public interest by an individual who has a reasonable belief that one of the following is being, has been, or is likely to be, committed:
- Criminal offences (eg fraud, bribery, corruption, money laundering, modern day slavery, supporting or involvement in terrorism);
- Failure to comply with legal obligations or regulatory requirements;
- A miscarriage of justice;
- Endangering someone’s health and safety;
- Damage to the environment;
- Covering up wrongdoing;
- Unethical conduct;
- Individual issues (eg bullying, harassment, discrimination) should be reported under ATIC’s grievance policy (employees) or complaints procedure (volunteers, third parties etc);
- Not reporting a suspicion when there are clear grounds for doing so could result in disciplinary action or other sanctions.
To whom must the report be sent?
The whistleblower may first choose to issue an alert report by using the internal procedure. In that case, the report must be sent to one of the following contact persons designated within the group:
- Marina Bzovîi, Executive Director, mbzovii@ict.md, Cell: +373 60 266 280
- Olga Surugiu, Vice President of ATIC’s Board, olga.surugiu@orange.com
In the event the report is received by another staff member, the latter must transmit the report without delay to either of the contact person and keep confidential the information to which he has had access.
What is the reporting process?
A report may be sent orally or in writing to one or the other of the competent contact person via email, letter, phone call, by any other voice mail system, by videoconference or during a physical meeting.
The report must contain:
- The term « confidential » and « reporting » or « alert » in the object of the report (for written reports)
- The date of the reported events (if known)
- A description, as detailed as possible, of the facts.
The whistleblower can choose whether or not to indicate its identity (surname, first name, work position, email and postal addresses, telephone number, etc.). Either way, the identity of the whistleblower, the person concerned by the report and any third party there mentioned will be treated as strictly confidential. When a report or public disclosure has been made anonymously, the whistleblower whose identity has been revealed at a later stage may benefit from the protection.
The whistleblower must report the facts and information in a precise and objective manner. Only those elements which are directly linked to matters within the scope of the reporting procedure and which are strictly necessary for verification operations will be considered. Any information communicated that does not fall within the procedure shall be destroyed.
How are alerts processed
Receipt of the report
Provided that the report contains the necessary identification information, the contact person shall, within a period of 7 business days, confirm in writing the receipt of the report to the whistleblower and inform him/her of the foreseeable and reasonable timeframe for processing the report and how he/she will be informed of the outcome given to the report.
Admissibility of the report
The contact person determines whether the report is admissible or not, and then inform the whistleblower of its decision. If the report is not admissible the whistleblower will be informed of the reasons.
If the report is not anonymous, the contact person may request additional elements from the whistleblower during the examination of the report.
The contact person will inform the whistleblower in writing, within a reasonable period of time not exceeding 3 months from the acknowledgment of receipt of the report (or, in the absence of acknowledgment of receipt, 3 months from the end of the 7 business days period following the submission of the report) about the measures foreseen or taken to assess the accuracy of the allegations and the subject of the report.
Report closure
If the contact person finds that the allegations are inaccurate or unfounded, or that the report is not applicable anymore, it may close the procedure. The whistleblower will be informed in writing of the closure of the procedure.
Investigation procedures
He contact person examines the report, if necessary, with the other contact person, the CEO of the company and any other employee or external staff whose intervention is strictly necessary for the examination of the report and provided that this person is bound by a confidentiality obligation. The contact person however shall not reveal the identity of either the whistleblower, the person concerned or any third party there mentioned. To do so, the contact person must anonymize the report, prior to the disclosure.
The whistleblower and the person concerned are informed of the outcome of the investigation, which may lead to a sanction in accordance with the provisions of the internal rules of the company
File destruction
If the report is not admissible or if the report is admissible but does not lead to any sanction, the contact person shall destroy or archive (after anonymization) the report’s elements, including emails with the whistleblower, no later than 1 month following the end of the verification operations. For statistical reasons, the contact person may record the occurrence of the report and its year.
When disciplinary sanctions or legal proceedings are taken following the report, report’s data are retained until the end of the procedure.
A confidential procedure
The contact persons are bound by a strict confidentiality obligation. They shall ensure that the following information are kept confidential:
- Identity of the whistleblower;
- Identity of the natural person(s) targeted by the report;
- Information collected within the reports.
This confidentiality obligation also applies vis-à-vis the other members of the staff. The contact person agrees to store the information collected during the procedure in a secure manner. If elements are electronically stored, the contact person will program an automatic storage of received emails in a dedicated file of their mailbox marked “confidential”. If elements are physically held, they must be stored in a folder marked “confidential”, and in a locked place.
The contact person may only disclose information about the whistleblower’s identity after having received the prior consent of the whistleblower.
By way of exception, this information may be disclosed to the judicial authorities, provided that the alert is founded, that the whistleblower is informed, and that the disclosure does not compromise the legal proceedings.
Personal data protection
Personal data collected under this procedure is processed for the purpose of processing alert reports.
In accordance with the European Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data(“GDPR”), reports are only retained for the time strictly necessary and proportionate to their processing and to the protection of their authors, the people targeted by the report and the third parties they mention. If the case may be, the duration of additional investigations will be taken into account. Personal data may however be retained beyond this period if the natural persons cannot be identified.
The whistleblower may exercise his/her rights of information, access, rectification, erasure and opposition to the processing of his/her personal data by sending a request to the contact person.