Login
Get Started

Whistleblower Policy Switzerland

 
1. INTRODUCTION

1.1 This Whistleblower Policy (hereinafter referred to as the “Policy”) establishes that Xchange360 SA, a company registered in Switzerland (hereinafter referred to as the “Company”), registered in the Commercial Register of the Canton of Vaud under number CHE‑342.141.056, with registered office at Chemin de la Joliette 3, 1006 Lausanne, Switzerland, is committed to strengthening its integrity system and supporting protected whistleblowing activities. This Policy is designed in compliance with applicable Swiss law, including the Swiss Code of Obligations, the Federal Act on Data Protection (FADP), the Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector (AMLA), and relevant self‑regulatory rules issued by ARIF (Association Romande des Intermédiaires Financiers), of which Xchange360 SA is a member under number 4572. The Company ensures the confidentiality, protection, and fair treatment of whistleblowers, and is committed to establishing and maintaining internal whistleblowing channels that are secure and accessible to employees and stakeholders for reporting misconduct.

1.2 This Policy defines the rights and obligations of the Company’s employees, board members, external stakeholders, and witnesses in relation to reporting violations and unethical conduct within the organization. The primary objective of reporting violations is to protect the public interest and prevent unlawful activities, including but not limited to violations of financial regulations, taxation laws, and AML/CFT obligations; breaches of consumer rights; breaches of workplace safety and product quality standards; environmental violations; data protection breaches and cybersecurity threats; and violations affecting public security and order. Reports made solely to serve personal interests or that do not meet the criteria of good faith and public interest may not qualify as protected disclosures under this Policy.

1.3 In accordance with applicable Swiss and European standards on whistleblower protection and AML/CFT, reports regarding violations should in particular relate to the following areas:

  • Corruption, bribery, and abuse of power

  • Violations of public procurement rules and unfair competition

  • Financial services, products, and markets, including securities and investment fraud

  • Anti‑money laundering (AML) and countering the financing of terrorism (CFT)

  • Product safety, quality standards, and compliance with regulatory requirements

  • Transport safety

  • Environmental protection, climate‑related obligations, and sustainable development policies

  • Radiological protection, nuclear safety, and hazardous materials management

  • Food and feed safety, including production, distribution, and labelling compliance

  • Animal health, welfare, and ethical treatment

  • Public health, occupational safety, and healthcare‑related obligations

  • Consumer protection, fair trade, and prevention of deceptive business practices

  • Protection of privacy, personal data, and cybersecurity

  • Security of networks, ICT systems, and critical infrastructure

  • Protection of financial interests of Switzerland, its cantons and communes, and, where relevant, the European Union

  • Regulations governing financial markets, competition, state aid, and corporate taxation

  • Fundamental human rights and constitutional freedoms in interactions between individuals, businesses, and public authorities

The Company treats all reports of potential misconduct with the utmost seriousness, ensuring strict confidentiality and protection of the reporting person in line with applicable Swiss law and ARIF requirements. Reports that meet the criteria set out in this Policy will be reviewed and investigated in accordance with the established internal procedures and legal obligations.

2. DEFINITIONS 

2.1. COMPANY INTERNAL CHANNEL – refers to a secure, designated reporting system within the Company that allows employees, external parties, and others associated with the Company to report potential violations. The system ensures confidentiality, protects the whistleblower’s identity, and allows the Company to address the issue efficiently. It is key to maintaining integrity and ensuring prompt resolution of reported issues. 

2.2. COMPANY PERSONNEL – refers to any individual employed by or contracted with the Company, including an employee, a person providing work on a basis other than an employment relationship, including on the basis of a civil law contract, also a job applicant, as well as contractors and third-party service providers. 

2.3. CONFIDENTIALITY – ensures that a whistleblower’s identity and the details of their report are protected from unauthorized access or disclosure. This is crucial for maintaining trust in the system and encourages reporting by safeguarding the whistleblower from retaliation. Confidentiality extends to all individuals mentioned in the report, including witnesses and affected parties 

2.4. CREDIBILITY – refers to the reliability and trustworthiness of the information provided in a whistleblowing report. For a report to be considered valid, the whistleblower must provide verifiable facts supported by evidence. 

2.5. FALSE REPORT – refers to a whistleblowing report made with the intention of misleading, deceiving, or fabricating claims of violations. False reports can harm the integrity of the process and may result in disciplinary actions against the reporter. 

2.6. GOOD FAITH – means reporting violations with honest intent, aimed at protecting the public interest, rather than seeking personal gain or causing harm. Whistleblowers reporting in good faith are protected under Company policies, even if their report turns out to be inaccurate, provided the intention was genuine. 

2.7. INVESTIGATION – is the formal process undertaken by the Company to validate a reported violation, involving the collection of evidence, interviews, and assessment to determine the nature of the violation and necessary corrective actions. 

2.8. NON-RETALIATION POLICY – ensures that individuals who report violations will not face retaliation in any form, such as dismissal, harassment, or discrimination. Retaliation is strictly prohibited and may result in disciplinary action. 

2.9. WHISTLEBLOWER PROTECTION AUTHORITY – refers to the competent Swiss authorities that may receive external reports or handle matters arising from whistleblowing disclosures, such as criminal prosecution authorities, supervisory authorities (e.g. FINMA for supervised institutions), or labor authorities, depending on the nature of the violation. Where relevant for cross‑border matters, competent authorities in the European Union may also be involved.

2.10. RELATED PERSONS – individuals who are directly or indirectly connected to a reported violation, including family members, colleagues, or business partners. Their actions may be relevant to the investigation. 

2.11. REPORTING – is the act of submitting information regarding a violation through the Company’s designated internal channels. Reports include descriptions of the violation, involved parties, evidence, and possible consequences. 

2.12.  RETALIATION – refers to negative actions taken against someone for reporting violations or assisting in an investigation. This includes firing, demotion, or creating a hostile work environment. Retaliation is prohibited and may lead to disciplinary action. 

2.13.  VIOLATION – refers to any criminal act, administrative offense, misconduct, or breach of duties within the Company, including serious ethical violations, cover-ups, or illegal acts threatening public interest. 

2.14.  WHISTLEBLOWER – an individual who reports violations of laws, regulations, or Company policies, often based on information acquired through employment or contractual relationships with the Company. 

2.15.  WHISTLEBLOWER MANAGER (or COMPLIANCE OFFICER) – the designated person responsible for handling and responding to whistleblowing reports, ensuring compliance with legal and internal policies, and protecting the whistleblower throughout the process. 

2.16. WHISTLEBLOWING PROCEDURE – is a formal and structured process developed by our company, to facilitate the reporting of misconduct, violations, or unethical behavior by employees, contractors, or other stakeholders. This procedure is a critical part of our commitment to transparency, accountability, and compliance with relevant laws and regulations. It is designed to ensure that individuals feel safe and supported in raising concerns, without fear of retaliation. 

2.17.  WITNESS – individuals who have direct knowledge of or have observed the violation. Their testimonies can provide crucial evidence during an investigation. 

2.18.   VERIFIABILITY – the ability to substantiate the accuracy of a whistleblower’s report through available evidence such as documents, emails, or records. 

2.19.  ANONYMITY – the option for whistleblowers to report violations without revealing their identity, ensuring protection from potential retaliation. 

2.20.  WHISTLEBLOWER PROTECTION– encompasses legal safeguards and internal policies designed to protect individuals from retaliation or harm for reporting violations. 

2.21. WRONGDOING– refers to any act of misconduct, illegal activity, or violation of Company policies, laws, or ethical standards that could harm the Company or its stakeholders, whether it is an act already committed, or one being planned. 

3. LEGAL BASIS AND APPLICABILITY 

3.1 Whistleblower protection within Switzerland is governed by a combination of Swiss statutory law (including the Swiss Code of Obligations, the Penal Code, AMLA, FADP) and case‑law, as well as sector‑specific regulations and self‑regulation. The purpose is to protect individuals who, in good faith, report breaches of law, ethical misconduct, or other violations, while ensuring that their disclosures are handled confidentially and without retaliation.

3.2 This Policy also takes into account relevant European standards on whistleblower protection and reporting of breaches in accordance with applicable Swiss law to the extent they are applicable to the Company’s cross‑border activities, particularly in relation to financial services, AML/CFT, data protection (GDPR where applicable).

3.3 This Policy establishes an internal framework for the protection of individuals who report breaches of law, ethical misconduct, or other violations in the workplace and beyond. It ensures that whistleblowers are protected from retaliation and that their disclosures are handled with confidentiality and due diligence. Whistleblowers may, where permitted by law, also submit external reports directly to competent Swiss authorities without first submitting an internal report, especially if they have reason to believe that internal channels would be ineffective or unsafe.

3.4 The processing of personal data related to whistleblowing reports must comply with the provisions of the Swiss Federal Act on Data Protection (FADP) and, where applicable, the General Data Protection Regulation (GDPR) for EU‑related data processing. Personal data of whistleblowers and any individuals involved in reports must be handled securely, lawfully, and proportionately, and be protected from unauthorized access, disclosure, or misuse.

3.5 Whistleblowers have the right to submit external reports directly to competent Swiss authorities (e.g. criminal prosecution authorities, supervisory authorities such as FINMA for supervised entities, or data protection authorities), in accordance with applicable law. These authorities are responsible for receiving and processing external reports, ensuring compliance with whistleblower protections within their mandates.

3.6 This Policy applies to all individuals within the organization, including employees, contractors, suppliers, and any other third parties who interact with the Company and may have witnessed or become aware of violations, misconduct, or legal breaches.

i) Internal Reporting Mechanisms – Whistleblowers are encouraged to use internal reporting channels first, unless they have reasonable grounds to believe that such channels would not lead to an effective resolution.

ii) External Reporting Mechanisms – Whistleblowers have the right to submit reports directly to competent Swiss or foreign authorities where legally permitted, without the obligation to report internally beforehand.

iii) Public and Private Sector Applicability – The protections and procedures in this Policy apply to all Company activities and relationships, regardless of sector.

iv) Non‑Retaliation – This Policy ensures the protection of whistleblowers from any form of retaliation, including but not limited to discrimination, harassment, negative employment consequences, legal threats, or unjustified legal action.

4. MANAGEMENT OF REPORTS AND REPORTING CHANNELS 

4.1 Internal Reporting Channels 

Employees, contractors, and other relevant stakeholders can report any concerns, suspicions, or allegations of wrongdoing through the internal reporting channels provided by the company. These channels include: 

  1. Reports can be submitted via a specific email address compliance@xchange-360.com designated solely for whistleblowing purposes. The Compliance Officer will review and act upon the submissions. 
  2. An online form available on the company’s intranet, enabling the submission of detailed concerns in a secure and confidential manner.
  3. Employees may report concerns directly to their immediate supervisor or manager, who will ensure the proper escalation of the issue to the relevant department. 

All reports will be acknowledged within 7 days, assessed within 30 days (extendable to 90 days in complex cases), and handled with strict confidentiality and protection against retaliation, in accordance with applicable Swiss law and this Policy. 

4.2. External Reporting Procedure 

Whistleblowers have the option to submit a report externally, either independently or after using internal channels. The decision to report externally does not require prior submission of an internal report.

The public authority handling the external report is independently responsible for managing the personal data contained in the report. These authorities will act in compliance with legal provisions concerning data protection and following of the relevant law. 

Whistleblowers can submit external reports through various official channels. Submission Methods: 

i) Written Requests: The complainant may submit the report in writing through various means: 

ii) By post, in accordance with applicable Swiss law or public authority at the designated correspondence address. 

iii) Electronically, by sending an email to the designated email address or in accordance with applicable Swiss law and this Policy. 

iv) Through an online form or application approved by the competent public authority for electronic submissions. 

v) Oral Reports: Whistleblowers can also submit their reports orally, either in person or by phone, in accordance with applicable Swiss law and this Policy. 

Upon receiving an external report, in accordance with applicable Swiss law and this Policy the public authority will acknowledge receipt of the report within 7 days. If the complainant has requested otherwise or if confirming receipt could jeopardize the confidentiality of the complainant’s identity, no acknowledgment will be issued. 

In accordance with applicable Swiss law and this Policy the public authority may request clarification or additional information from the whistleblower at the contact address provided, should further details be required. If such a request could compromise the protection of the whistleblower’s identity, no such request will be made. 

In accordance with applicable Swiss law and this Policy the public authority will, without undue delay, forward the information contained in the external report to the relevant European Union institutions, bodies, offices, or agencies for further action, as required by law. 

4.3. Procedures for Reporting and Handling Breaches in accordance with applicable Swiss law and this Policy

 4.3.1 The Company establishes a structured internal procedure ensuring that all employees, contractors, and external stakeholders can effectively report any actual or potential breaches in accordance with applicable Swiss law and this Policy. This procedure is designed to comply with the applicable Swiss law and this Policy the.

4.3.2 The AML Officer acts as the Designated Person for related whistleblowing reports. The appointment decision, confirmation of integrity, and proof of the absence of a criminal record are documented and retained in the Compliance Register.

 4.3.3. Reports may be submitted through any of the following secure channels:

(i) By email to: compliance@xchange-360.com;

(ii) Through the secure online form available on the Company’s platform;

(iii) Orally or in person  upon request, a confidential meeting will be arranged within five working days from the whistleblower’s request;

(iv) The internal communication channels are encrypted, restricted to authorized personnel, and continuously monitored to ensure integrity and protection of submitted reports.

 4.3.4. The AML Officer acknowledge receipt of each report within seven days from submission. Each report receives a unique reference number and is recorded in the Whistleblower Register, including the date, time, and type of report.

 4.3.5 Within fourteen days of acknowledgment, the Designated Person evaluates whether the report is credible, relevant to regulatory obligations, and contains sufficient information for investigation. If verified, the Designated Person initiates an internal investigation following the Compliance Procedure and informs the whistleblower (if identifiable). If rejected, the whistleblower is notified in writing with justification. Anonymous reports are assessed equally, but feedback is limited if no contact details are provided.

 4.3.6. Feedback on the outcome of the report provided within three months from acknowledgment, in accordance with applicable Swiss law and this Policy. If the matter requires additional time, the whistleblower shall be informed of the delay and the reasons.

 4.3.7. Access to submitted reports and related personal data is restricted solely to the Designated Person and the Company’s Director. Technical measures (encryption, role-based access, logging of access history) ensure compliance with applicable Swiss law and this Policy. Unauthorized access or disclosure is prohibited and subject to disciplinary and legal sanctions.

 4.3.8. In accordance with applicable Swiss law and this Policy the Company publicly discloses on its website:

(i) the name and contact details of the Designated Person (AML Officer);

(ii) available internal and external reporting channels;

(iii) basic information on the reporting procedure and protection of whistleblowers.

 4.3.9. All reports, including evidence and correspondence, shall be stored for three years after closure of the investigation and may be extended by two (2) years for audit purposes. After this period, all records are securely destroyed in accordance with the Company’s Data Protection Policy.

4.4. The Company guarantees the protection of the whistleblower’s identity, ensuring confidentiality and, where possible, anonymity throughout the process. Reports will only be disclosed to authorized personnel who are involved in investigating the matter, and any information provided will be handled with the utmost care to protect the whistleblower from retaliation. 

4.5. The Company ensures that no retaliatory actions will be taken against individuals who report concerns in good faith through the established reporting channels. Any acts of retaliation will be treated as serious violations of the Company’s policies and will be investigated promptly. Employees who experience retaliation have the right to seek legal protection under § 7 of the Act. 

4.6. Whistleblowers can seek guidance from the Compliance Department on how to report a concern or obtain further clarification on the process. In addition, support services, including legal and psychological assistance, will be provided where necessary to ensure the well-being of the whistleblower during the reporting process. The Company is committed to fostering a transparent, ethical, and secure environment where individuals can report violations without fear of retaliation. 

5. VERIFICATION PROCESS 

5.1. Upon receiving a whistleblower report, the Compliance Officer is responsible for logging the report in a secure, confidential register. The report will then be reviewed for initial verification to determine if it contains sufficient information regarding a potential violation. If the report is clear and actionable, it will proceed for further processing. If additional information is needed, the report will be flagged for further review. Unauthorized disclosure of a whistleblower’s identity or report details is prohibited and subject to penalties under § 26 of the Act. 

5.2. The Company accepts anonymous reports, provided they meet the criteria for handling as outlined in this procedure. Anonymous reports will be processed with the same care and attention as non-anonymous reports, ensuring the confidentiality of the whistleblower is maintained. If a report is deemed insufficient for further investigation, the whistleblower’s anonymity will remain protected during the decision-making process. 

5.3. The report will be analyzed to determine whether it is credible and falls within the scope of the Company policies and relevant laws. The Compliance Officer will assess the validity of the report, gather additional facts if necessary, and decide whether an investigation is warranted. If the report is verified as valid, it will proceed to the next stage of investigation. If not, the whistleblower will be informed of the decision (if possible), and the report will be archived. 

5.4. If the report passes the initial verification, an internal investigation will be initiated by the designated team or department. The investigation will follow the Company’s standard procedures, ensuring fairness, impartiality, and confidentiality for all parties involved, including the whistleblower and the reported person. The investigative team will gather evidence, interview witnesses, and review relevant documentation to confirm or refute the allegations made in the report. Based on the findings, corrective actions or other necessary measures will be implemented. The investigation will be completed within a reasonable timeframe, and all parties involved will be kept informed of its progress. 

5.5. The whistleblower will be informed about the acceptance of their report and the initiation of an investigation (if applicable). Throughout the investigation, the whistleblower will receive periodic updates on the status, provided that confidentiality and legal requirements permit. Once the investigation is concluded, the whistleblower will be informed of the final outcome, including any actions taken or decisions made based on the findings. 

5.6. All actions taken throughout the process will prioritize the protection of the whistleblower’s identity and ensure that retaliation is prevented in accordance with § 7 and § 20 of the Act. If retaliation or discrimination against the whistleblower is reported, the Company will take immediate corrective action to address the issue. Violations of whistleblower protection provisions will be considered serious misconduct and may result in disciplinary or legal consequences for the responsible parties. 

6. PROCEDURE FOR HANDLING INFORMATION ON VIOLATIONS REPORTED ANONYMOUSLY 

6.1. The Company recognizes the importance of allowing whistleblowers to submit reports anonymously to encourage the reporting of violations without fear of retaliation. Anonymous reports will be accepted and processed with the same level of diligence and confidentiality as non-anonymous reports, provided they contain sufficient detail for investigation.

6.2. The company ensures that any anonymous report of a violation will be accepted and registered for further investigation. The AML Officer will review each anonymous report to determine if it contains enough details (e.g. Specific incidents, involved parties, supporting evidence) to proceed with an investigation.

6.3. In cases where an anonymous report is accepted, the investigation will proceed without revealing the identity of the whistleblower. If additional information is needed, the Company may attempt to gather further details without compromising the anonymity of the reporter. Should the anonymity be at risk, no further clarification will be sought. 

6.4. Due to the anonymous nature of the report, providing feedback to the whistleblower is not always possible. However, the company will ensure that the investigation is conducted thoroughly, and any actions taken will be documented internally. 

6.5. The company guarantees that the anonymity of the whistleblower will be protected throughout the investigation process. All reports, including anonymous ones, will be handled with the utmost care to prevent any potential retaliation or breaches of confidentiality. 

7. STORAGE OF INFORMATION 

7.1. The Company is committed to ensuring the protection of whistleblowers’ personal data, including their identity, throughout the entire reporting and investigation process. All personal data submitted by whistleblowers, whether through internal or external channels, will be handled with the utmost care and in compliance with applicable data protection laws and the Company’s policies. 

7.2. Personal data, including any information that could potentially identify the whistleblower, is subject to strict confidentiality and will only be accessible to those involved in the management of the report, in accordance with the Company’s internal procedures. 

7.3. In cases where the disclosure of the whistleblower’s identity is legally required in the context of proceedings conducted by public authorities, the Company will inform the whistleblower about this requirement and explain the reasons for such disclosure. This will only occur if such a legal obligation exists, and the Company will ensure transparency in the process. 

7.4. Personal data collected in connection with the acceptance of a whistleblower report will be retained for a period of up to three years after the completion of the follow-up actions, or one year from the conclusion of the investigation or corrective measures. The retention period ensures that any necessary records are available for audit or review, while respecting the whistleblower’s right to privacy. 

7.5. The Company guarantees that all measures are taken to ensure the security of stored personal data, with access granted only to authorized individuals who require it for legitimate purposes. Any data retention or processing will be in line with the company’s data protection policy and applicable legislation on personal data protection. 

8. ARCHIVING OF REPORTS 

8.1. The Company is committed to maintaining an internal register of all whistleblower reports, ensuring proper administration of the data contained within the register in compliance with our policies and applicable legal requirements. This register will be securely stored and managed, with access granted only to authorized personnel involved in the handling and processing of reports. 

8.2 The internal register will include the following essential details for each whistleblower report:  

(i) A unique reference number for the report.  

(ii) A brief description of the alleged breach or issue.  

(iii) The personal and contact details of the whistleblower (if provided).

(iv)  The date the report was received.  

(v) Information regarding any follow-up actions taken during the investigation process. 

  1. The date on which the report was closed, including the outcome of any actions taken. 
  2. The Company recognizes the importance of maintaining transparency in the whistleblowing process. As such, all records will be kept in accordance with the data retention policy, which ensures that the information is securely stored for the required period. The mandatory retention period for the whistleblower report records is three years, starting from one year after the completion of follow-up actions or closure of the investigation. 
  3. During this retention period, all records will be easily accessible for audit, review, or further legal purposes if required. After the retention period has elapsed, all records will be securely archived or destroyed in accordance with the Company’s data protection policy, ensuring that personal data is handled with care and in compliance with relevant privacy regulations. 
  4. This archiving process allows the Company to maintain a comprehensive and secure record of all whistleblower reports, ensures compliance with legal and regulatory obligations, and protects the confidentiality of the whistleblower and all parties involved in the process. The Company is committed to upholding the highest standards of transparency and security while safeguarding the privacy of all individuals involved in the whistleblowing procedure. 
9. MAXIMUM PERIOD FOR FEEDBACK TO THE COMPLAINANT 

9.1. The Company is committed to providing timely responses to internal complaints in accordance with legal requirements and best practices. The following procedure outlines the maximum period for providing feedback to the complainant: 

9.2. Upon receiving an internal complaint, the company is required to acknowledge receipt of the complaint within 7 days. The acknowledgment will confirm the receipt of the complaint and provide an overview of the next steps in the process. 

9.3. The maximum period for providing feedback to the complainant regarding the outcome of the internal complaint is 3 months. This period starts from the date of acknowledgment of receipt of the internal complaint. 

9.4. If the acknowledgment is not sent to the complainant within 7 days (due to a lack of provided contact information), the 3-month period for feedback will begin after 7 days have elapsed from the date of the internal complaint. 

9.5. In cases where the complainant has not provided the necessary contact details (postal address or email address), the company will make reasonable efforts to contact the complainant. However, feedback may be delayed if no contact information is available, and it will not be considered the Company’s responsibility if the complainant does not provide such details. 

9.6. The Company will make every effort to ensure that feedback is provided within the 3-month period. In cases where additional time is required, the complainant will be informed promptly and provided with an explanation for the delay.  

10. WHISTLEBLOWING AND LIABILITY 

10.1. The Company is committed to providing protection for whistleblowers who report misconduct or violations in good faith. In line with the Company’s internal policies and relevant legal frameworks, whistleblowers are protected from retaliation and should they face any adverse actions as a result of their report, they are entitled to appropriate compensation. 

10.2. If a whistleblower faces retaliatory actions—such as demotion, harassment, discrimination, or termination of employment—due to their report, they are entitled to compensation. The amount of compensation will be no less than the average monthly remuneration in the national economy for the previous year. This ensures that whistleblowers are protected and not penalized for their decision to report violations in the workplace. Compensation claims may be submitted through relevant authorities, including the Ministry of Justice. 

10.3. While the Company encourages the reporting of any potential violations or misconduct, it is also essential that whistleblowers ensure the accuracy of the information they provide. In cases where a whistleblower intentionally submits false or misleading reports, or makes false public disclosures, the person who has suffered harm due to the false report or disclosure is entitled to compensation for the damage done to their personal rights. This compensation may be sought directly from the whistleblower responsible for making the false report. 

10.4. In the event that a whistleblower claims retaliation, it is presumed that any action taken by the Company, such as disciplinary measures or adverse changes to their work conditions, may constitute retaliation. The burden of proof then shifts to the Company. The Company must demonstrate that the action was taken for objective and justifiable reasons, unrelated to the whistleblower’s report. 

10.5. The Company is committed to ensuring that all whistleblowers can report in good faith without fear of retaliation. Any retaliation is not tolerated and will be met with corrective action. At the same time, the Company acknowledges the potential risks involved in false reporting and emphasize that malicious, false reports may result in legal and financial consequences for the whistleblower. 

10.6. The Company ensures that any claims of retaliation or false reporting will be thoroughly investigated with the highest level of impartiality, and the Company will uphold both the rights of the whistleblower and those potentially affected by the report. 

By implementing these measures, the Company guarantees a transparent, legally compliant, and fair whistleblowing framework, ensuring protection for whistleblowers while preventing abuse of the system. 

11. CONFIDENTIALITY 

11.1. The Company is committed to maintaining the highest level of confidentiality in the whistleblowing process, in accordance with § 20 and § 27 of the Act. This includes safeguarding the personal data and identities of the whistleblower, the affected person, and any third parties mentioned in the report. We take necessary measures to prevent unauthorized access to any sensitive information related to the whistleblowing procedure. 

11.2. Only individuals specifically authorized by the Company, in writing, are permitted to receive, verify, monitor, or process internal reports. These authorized personnel are entrusted with handling sensitive data and are required to maintain strict confidentiality regarding the information and personal data obtained during the whistleblowing process. This duty of confidentiality extends even beyond the termination of their employment or legal relationship with the Company. 

11.3. All personal data and information related to a report, including the identity of the whistleblower, the affected party, and any third parties, shall be securely stored and only accessible to authorized individuals. This data will be retained for the minimum period required by law and as specified in the Company’s internal procedures. 

11.4. To ensure that unauthorized individuals do not have access to whistleblowing information, the Company has implemented various security measures, including encrypted communication channels and restricted access to digital and physical records. Any breach of confidentiality will be investigated promptly, and appropriate measures will be taken to prevent future occurrences. 

11.5. The Company commits to protecting the identity of the whistleblower throughout the investigation process. The information contained within the report will only be disclosed to other parties if required by law, such as for criminal investigations, or where explicit consent has been given by the whistleblower. In such cases, the whistleblower will be informed and provided with a clear explanation regarding the disclosure of their identity. 

11.6. The authorized personnel who handle whistleblowing reports are obliged to maintain confidentiality regarding the information and personal data obtained in the course of the reporting process. They must refrain from disclosing any sensitive information unless legally mandated or when disclosure is essential for the purposes of the investigation. This confidentiality obligation continues even after the termination of the employee’s or authorized individual’s relationship with the company. 

11.7. All employees involved in receiving, processing, or investigating reports are required to undergo regular training on the importance of confidentiality and data protection. This training includes a clear understanding of the legal requirements surrounding whistleblowing and the responsibilities of those involved in the process to protect sensitive information. Employees are also reminded of the serious legal and ethical consequences of breaching confidentiality. 

11.8. The Company ensures that the whistleblower’s identity is protected throughout the process to prevent retaliation or harm. If retaliation or discrimination against the whistleblower is reported, the Company will take immediate corrective action. The whistleblower is provided with reassurance that their identity will be kept confidential and that their protection is a priority. 

11.9. By implementing these confidentiality measures, the Company demonstrates its commitment to creating a safe environment for whistleblowers, ensuring that their concerns are addressed while protecting the privacy and rights of all parties involved. 

12. POLICY UPDATES AND REVISIONS 

12.1. The Director of the Company approves this Policy, and the Compliance Officer oversees its updates. The Compliance Officer is also responsible for ensuring that the Policy is communicated to all Company’s  executives and employees, external stakeholders, contractors, and third parties, provides updates to reflect changes in legislation or best  practices, oversees the implementation of this Policy, and ensures  compliance with applicable whistleblower protection laws. The Policy will be made available on the Company’s website for easy access. Should there be any questions or concerns about compliance with this Policy, employees are encouraged to reach out to the Compliance Officer for further assistance and clarification.   

END OF POLICY

Login
Get Started