Whistleblower policy
1. Purpose
This policy is drawn up by Eduards Trailer Factory BV, with its registered office at Antoine César Becquerelstraat 11, 3920 Lommel and with company number 0474.847.167 (hereinafter called ‘the Company’).
The Company wishes to act with integrity and ethics in its activities and therefore wishes to ensure that its employees have the opportunity, in accordance with the modalities and conditions set out below, to be able to report within the Company, in the most serene and confidential manner, any observed or suspected breaches of the legal and regulatory standards referred to in section 2.2 of this policy.
It is often the Company's own employees who are the first to know of actual or potential breaches occurring within the Company. They could potentially be stopped from expressing their concerns or suspicions for fear of reactions or reprisals.
However, this potential fear could ultimately result in the Company being kept in the dark about potential breaches and unable to take the necessary steps to address them. This could therefore harm the interests of the Company, which is committed to high standards of good governance and professional ethics.
The aim of this policy is to prevent this potential problem by strongly encouraging all employees and other persons having a contractual relationship with the Company to report any breach and/or illegal, unethical or fraudulent activity related to the Company's activities without fear of sanctions or other measures.
This policy is adopted in accordance with the Act of 28 November 2022 on the protection of reporters of breaches of Union or national law established within a legal entity in the private sector, transposing the European Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons reporting breaches of Union law, hereinafter referred to as ‘the Act’.
The purpose of this policy is to:
- enable the confidential, anonymous or otherwise, reporting of information about actual or potential breaches;
- provide protection for persons reporting a breach or assisting the reporter;
- establish the procedure to be followed by the reporter of a breach for this purpose.
This policy is available on the Company's website and on the signboard in the cafeteria and can be viewed at HR and may be amended from time to time.
Of course, this policy in no way precludes direct dialogue and communication of information, outside the reporting procedure. The Company wishes to emphasise that employees with concerns or suspicions may contact their immediate supervisors, the Human Resources department, at any time. Other employees may also contact the Human Resources department at any time.
2. Scope
2.1 Who is covered by this policy?
This policy applies to the following persons:
- current and former employees, who are or were connected under an employment contract with the Company;
- candidates who are or were involved in a recruitment process in the Company;
- persons who work or have worked on a self-employed basis with the Company and candidates for self-employment in the context of pre-contractual negotiations;
- volunteers and trainees (paid or unpaid);
- shareholders and members of the administrative, management or supervisory body of the Company (including non-executive members);
- any person who works or has worked under the supervision and direction of contractors, subcontractors and/or suppliers of the Company;
- any person who has information about breaches in the Company in financial services, products and markets even outside a work-related context.
2.2 Which breaches can be reported?
Only breaches relating to any of the following areas as defined in the Act can be reported:
- Public procurement;
- Financial services, products and markets, prevention of money laundering and terrorist financing;
- Product safety and product compliance;
- Transport safety;
- Protection of the environment;
- Radiation protection and nuclear safety;
- Food and feed safety, animal health and welfare;
- Public health;
- Consumer protection;
- Protection of privacy and personal data, and security of network and information systems;
- Combating tax fraud;
- Combating social fraud.
In addition, infringements that may harm the financial interests of the European Union as well as infringements relating to the European internal market, including the Union rules on competition and state aid, can be notified.
An infringement is defined as any act or omission that is unlawful or contrary to the purpose or application of the rules in the above areas. It refers to any infringement of the legal or regulatory provisions on the matter or the provisions taken in implementation of the aforementioned provisions.
3. The notification
3.1 Purpose of the notification
Any breach relating to the areas referred to in point 2.2 as well as any information about such breaches, including any reasonable suspicion of actual or potential breaches that have occurred or are highly likely to occur within the Company, and attempts to conceal such breaches within the Company, may be reported in writing or orally through any of the channels referred to in point 4.
3.2 The conditions for notification and protection
The report must be made in good faith and must not be based on mere rumour or gossip nor must the report have as its object/object the harming of the Company.
The reporter must have reasonable grounds to believe that the information about the violations was true at the time of the report.
If the report contains false, unsubstantiated or opportunistic allegations, or is made for the sole purpose of disadvantaging or harming others, the Company may take appropriate disciplinary and/or legal action against the reporter, including the imposition of sanctions in accordance with the Company's labour regulations as far as its employees are concerned.
4. Reporting channels
Any person covered by this policy who has information about actual or potential breaches referred to in section 2.2 is encouraged to report it to the Company as soon as possible, provided that the report is made in good faith and in accordance with the principles set out in section 3.2.
4.1 Internal reporting channels
4.1.1 Who can use the internal reporting channel?
All employees or other persons covered by this policy may use the internal reporting channels provided by the Company.
4.1.2 What channels are available?
1-
A notification of a breach can be made via one of the following channels:
- By post to the following address: tav. Sanne Van Campfort (HR - service), Antoine César Becquerelstraat 11, 3920 Lommel.
- Via internet: https://www.eduard-trailers.com/contact/
- By e-mail: klokkenluider@eduard.nl
The notification is preferably made in Dutch, French or English. Any notification made in another language will have to be translated first. This may affect the accuracy of the content of the report.
These reporting channels are accessible at all times, 24 hours a day, 7 days a week.
It is also possible to request a face-to-face meeting with the reporting manager as mentioned below in section 4.1.5 of this policy.
Each of the above channels is managed in a confidential and secure manner to ensure the confidentiality of the identity of the reporter and any third parties named in the report. Access to the channels is strictly limited to persons who have access to them based on responsibilities and/or powers.
4.1.3 How does the notification proceed?
1-
A notification shall include a brief description of reasonable suspicions of an actual or potential breach of any of the domains listed in section 2.2 that has occurred or is highly likely to occur as well as any attempts to conceal or disguise such breaches.
The notification should be sufficiently detailed and documented and should include the following (where the relevant information is known
- a detailed description of the facts and how they came to the notifier's attention;
- the date and place of the facts;
- the names and positions of the persons involved, or information enabling their identification;
- the names of other persons, if any, who can corroborate the reported facts;
- when making a report, the name of the reporter (this information is not requested when an anonymous report can be made); and
- any other information or elements that may help the investigation team to verify the facts.
2-
The Company does not encourage reporting in an anonymous manner, as this prevents the Company from properly investigating and dealing with the report. However, if the reporter would still not feel comfortable, the reporter may choose to remain anonymous. The Company will of course respect the reporter's choice and an anonymous report will be taken as seriously as a non-anonymous report.
The report can be made anonymously in the following manner:
- creating an e-mail address through an e-mail provider (Outlook, Gmail, etc.), where identity cannot be inferred;
- preparing a non-handwritten letter posted in such a way that no link can be established with the reporter's possible identity or place of residence and indicating a way in which the reporter can be contacted (anonymously) as part of the follow-up to the report.
With anonymous reports, the Company will face certain restrictions in following up the report. For example, it may not be possible for the Company to:
- acknowledge receipt of the report to the reporter;
- further investigate the report, as the Company may not be able to contact the reporter with a view to obtaining additional information. It is therefore important that the reporter provides sufficient information so that this information can be properly investigated;
- provide feedback on the outcome of the investigation;
- proactively monitor for possible retaliation.
4.1.4 What happens after the notification?
1-Acknowledgement of receipt
The reporter will receive an acknowledgement of receipt within 7 days of reporting. A file number will also be provided for follow-up purposes.
2-Follow-up
Follow-up refers to any action taken by the recipient of a report to verify the veracity of the allegations made in the report and to address the reported breach if necessary, including through measures such as an internal preliminary investigation, investigation, prosecution, a recovery of funds or termination of proceedings.
The reporting manager follows up on reports, maintains communication with the reporter, requests additional information if necessary, provides feedback to the reporter and accepts any new reports.
3-Research
The reporting manager may decide whether or not to investigate a report after consulting with the Company's management.
The report will be investigated promptly and carefully in accordance with this policy. All investigations will be conducted thoroughly with due regard to the principles of confidentiality, impartiality and fairness to all persons involved. The reporting manager will, if necessary, assemble an investigation team. The reporting manager and any investigation team will be given authority in accordance with existing policies within the company, including the ICT policy.
Persons involved in actual or potential breaches reported by the reporter shall be excluded from the investigation team, nor shall they be allowed to participate in the assessment of the report or the determination of actions to be taken regarding the report.
Conflicts of interest are reported to the board of directors if the management and/or executive board are targeted in the report. If the board of directors appears to be involved, the general meeting of the Company is informed.
4-Feedback
The reporting manager will provide appropriate feedback to the reporter within a reasonable time, and at most within three months from the date of the acknowledgement of receipt of the report. This feedback shall include information for the notifier on the actions planned and/or taken and the reasons for these actions. The reporting manager shall inform the reporter through the chosen internal reporting channel.
5-Examination report
- Upon completion of the investigation, the reporting manager or a member of the investigation team, if any, shall prepare a summary report describing the investigation measures carried out. A redacted, non-confidential and anonymised version of this summary report, other than with the reporting manager and the investigation team (if any), may be shared with the Company's management on a need-to-know basis only to reach a final decision.
The reporting manager or a member of the investigation team, if any, will prepare a final report describing the facts and the final decision:
- In the event that the actual or potential breach is demonstrated, relevant actions are identified with a view to countering the actual or potential breach and protecting the Company; or
- In case the investigation shows that there is insufficient or no evidence of the actual or potential breach, no further action is taken.
The reporter is informed of the closure of the report and the decision taken via the chosen internal reporting channel.
4.1.5 The notification manager
The Company's notification manager is designated as:
Name: Sanne Van Campfort
Mail adress: sanne@eduard.nl
Department: HR
In case of (long-term) absence (back - up):
Name: Niels Kemps
Mail adress: niels@eduard.nl
Department: HR
The reporting manager performs his/her duties independently and without any conflict of interest. He/she is subject to a duty of confidentiality.
4.1.6 Records of disclosures
The Company keeps a record of all notifications received, in accordance with the confidentiality measures set out in section 5.1 of this policy.
These reports and related information are kept at least as long as the contractual relationship between the reporter and the Company runs.
When a telephone line with call recording or other voice message system with call recording is used for reporting, with the consent of the reporter, the Company will record the oral report as follows:
- by a recording of the conversation in a durable and retrievable form; or
- by a complete and accurate written record of the conversation prepared by the reporting manager. The reporting party will be given the opportunity to check this written record, correct it and sign it for approval.
If a telephone line without call recording or other voice message system without call recording is used for reporting, the Company will record the oral report in the form of an accurate record of the conversation, prepared by the reporting manager. The reporter will be given the opportunity to review, correct and sign this report for approval.
In the event of a face-to-face meeting with the reporting manager and/or a member of the investigation team, if any, the Company will ensure that, subject to the reporter's consent, a full and accurate record of the interview will be kept in a durable and retrievable form. The Company is entitled to record maintenance as follows:
- by an interview recording in a durable and retrievable form;
- by an accurate record of the interview prepared by the reporting manager or by a member of the investigation team, if any, responsible for handling the report. The Company allows the reporter to check this report, correct it and sign it for approval.
4.2 External notification channels
1-
Reporters may use an external reporting channel after reporting through the internal channels or directly through the external reporting channels if they consider it more appropriate.
2-
The Federal Coordinator is entrusted by the Belgian legislator with the coordination of reports entered through external channels.
He/she is responsible for receiving external reports, checking their admissibility and forwarding them to the competent authority for investigation, which will be different depending on the subject of the report.
In exceptional cases, the Federal Coordinator may also conduct the substantive investigation. The Federal Coordinator's contact details are as follows:
Adress: Leuvenseweg 48 bus 6, 1000 Brussel
Online notification: https://www.federaalombudsman.be/nl/meldingsformulier
E-mail: integriteit@federaalombudsman.be
Telephone: 02 289 27 04
3-
A notification may also be sent directly to the following authorit
- the Federal Public Service Economy, SMEs, Self-Employed and Energy;
- the Federal Public Service Finance
- the Federal Public Service of Public Health, Food Chain Safety and Environment;
- the Federal Public Service Mobility and Transport;
- the Federal Public Service Employment, Labour and Social Dialogue;
- the Programme Public Service Social Integration, Poverty Reduction, Social Economy and Metropolitan Policy
- the Federal Agency for Nuclear Control;
- the Federal Agency for Medicines and Health Products;
- the Federal Agency for the Safety of the Food Chain;
- the Belgian Competition Authority;
- the Data Protection Authority;
- the Financial Services and Markets Authority;
- the National Bank of Belgium;
- the College of Supervision of Auditors;
- the authorities reported in Article 85 of the Law of 18 September 2017 on the prevention of money laundering and the financing of terrorism and on restricting the use of cash;
- the National Committee for the Security of Drinking Water Supply and Distribution;
- the Belgian Institute for Postal Services and Telecommunications;
- the National Institute for Sickness and Disability Insurance;
- the National Institute for Social Insurance of the Self-Employed;
- the National Employment Service
- the National Social Security Office;
- the Social Intelligence and Investigation Service
- the Autonomous Anti-Fraud Coordination Service (CAF);
- the Shipping Inspectorate.
5. Protection measures
The Company undertakes to make every effort to provide adequate and effective protection to the persons covered by this policy, provided that the notification complies with the conditions of the Law, in particular by taking the following measures.
5.1 Guarantee of confidentiality
The Company guarantees that it will take the necessary measures to ensure that employees and other persons targeted by this policy can file a report with the Company in complete confidence.
The Company undertakes to provide the necessary measures so that the identity of the reporter cannot be disclosed without his/her free and express consent to persons other than those authorized to receive or follow up on reports.
This also applies to all information from which the identity of the reporter can be directly or indirectly derived.
By way of derogation from the foregoing, the identity of the reporter of the infringement may be disclosed where this is necessary and proportionate under special legislation in the context of an investigation by national authorities or in the context of judicial proceedings, in particular for the protection of the rights of defense of the data subject.
In the latter case, the reporter will be informed of the disclosure of his or her identity before it takes place, unless this information would jeopardize ongoing investigations or legal proceedings. This is the case, for example, if the reporter represents an important witness in court or in the event of an unjustified or unlawful report to protect the rights of defense of the data subject.
5.2 Protection against retaliation
Any form of reprisal against the persons referred to in point 2.1 who are protected under this policy, including threats of reprisals and attempts at reprisals, is prohibited, in particular in the following forms:
- suspension, temporary out of service, dismissal or similar measures (including the termination of cooperation with (legal) persons with a contractual relationship with the Company, who are not employees of the Company);
- demotion or denial of promotion;
- change of position, change of workplace, reduction of wages, change of working hours;
- suspension or refusal of training;
- negative performance review or negative reference;
- imposing or applying a disciplinary measure, reprimand or other sanction, including a financial sanction;
- coercion, intimidation, bullying or exclusion;
- discrimination, adverse or unequal treatment;
- failure to convert a temporary employment contract into an employment contract for an indefinite period, while the employee had the legitimate expectation that he would be offered an employment contract for an indefinite period;
- non-extension or early termination of a temporary employment contract or other cooperation agreement with the Company;
- damage, including damage to reputation, especially on social media, or financial damage, including loss of turnover and income;
- inclusion on a blacklist based on an informal or formal agreement for an entire sector or industry, which prevents the reporter from finding work in the sector or industry;
- early termination or cancellation of an agreement for the supply of goods or services;
- revocation of a license or permit;
- psychiatric or medical referrals.
6. Processing of personal data
In the context of the internal reporting procedure, the Company is considered to be responsible for the processing of personal data.
Any processing of personal data under this policy will be carried out in accordance with applicable personal data protection laws, including the European General Data Protection Regulation (“GDPR” or “GDPR”).
The following personal data may be processed in the context of a report: name, position, date of commencement of employment (or start date of the independent collaboration), contact details and e-mail address of the reporter and of persons involved in the infringement, all identified or identifiable information that the reporter provides and that is collected in the context of the internal investigation. This processing of data takes place in the context of compliance with a legal obligation and/or the legitimate interest of the company, to the extent that the internal reporting channel exceeds the legal objectives, in particular the detection of infringements, ensuring security and ethical conduct of the Company.
Personal data that is clearly not relevant for the processing of a report will not be collected or, if collected, will be deleted as soon as possible. The relevant data will be kept until the reported infringement has expired and in any case for a period of five years after the report.
The identity of the reporter can only be made known with the consent of the reporter. Other data also remains strictly confidential and is only shared on a strict need-to-know basis.
All persons whose personal data is processed in the context of infringement notifications have, within the applicable legal conditions, the right of access and copy, the right to rectification, the right to erasure, the right to object and the right to lodge a complaint with the supervisory authority in accordance with the applicable legislation. However, these rights may be limited by the rights and freedoms of others, in particular the reporter's right to confidentiality and the Company's right to appropriate follow-up of the report.
For more information about the processing of personal data, we refer to the Privacy notices for employees, applicants, self-employed service providers and temporary workers and the Company's Privacy Policy, which are available from the HR department and via the sign in the Company's cafeteria.
7. Entry into force
This policy will take effect on December 17, 2023 for an indefinite period.
The Company reserves the right to change this policy at any time, including but not limited to, in response to changes in relevant legislation and/or operational needs.