Whistleblowing Process

Introduction

This document establishes (and consolidates) the Protection Regulation applicable to whistleblowers who have obtained information about breaches in a professional context, whether they are employees, clients, suppliers or members of management. It defines protection measures, as well as internal rules and procedures for the receipt and handling of reports of irregularities, in accordance with the applicable legal provisions, as well as the rules, principles and values of Bee Engineering.

Conditions for Inclusion in the Reporting Channel

Whistleblowers benefit from the protection of this Regulation provided that:

• The whistleblower acts in good faith;
• They have reasonable grounds to believe that the information about the reported breaches is true at the time it was submitted and falls within the scope;
• Persons who reported anonymously or publicly disclosed information about breaches, but were subsequently identified and retaliated against.

Personal Scope

The Whistleblowing Channel applies to and protects:

• Employees;
• Clients;
• Suppliers;
• Members of the Board of Directors or shareholders;
• Management or supervisory bodies;
• Any persons working under the supervision and direction of contractors, subcontractors and suppliers of Bee Engineering;
• Whistleblowers in cases where they report or publicly disclose information about breaches that occurred within the scope of a professional relationship that has since ended.

The protection granted by this Regulation is also extended, with the necessary adaptations, to:

• Natural persons who assist the whistleblower in the reporting procedure and whose assistance must be confidential (Facilitators);
• Third parties who are connected to the whistleblower (co-workers, family members who may be retaliated against in a professional context, etc.);
• Legal persons or equivalent entities that are owned or controlled by the whistleblower, for whom the whistleblower works or with whom they are in some way connected in a professional context.

Objectives of the Channel

The irregularities covered by this Regulation shall be considered acts in the following areas:

• Public procurement;
• Financial services, products and markets and the prevention of money laundering and terrorist financing;
• Product safety and compliance;
• Transport safety;
• Environmental protection;
• Damage to the environment;
• Radiological protection and nuclear safety;
• Food and feed safety, animal health and welfare;
• Public health;
• Consumer protection;
• Protection of personal data privacy and security of networks and information systems;
• Breaches of the financial interests of the European Union;
• Breaches related to the internal market, including competition rules and State aid, as well as corporate taxation rules;
• Violent crime, especially highly organized violent crime, as well as organized and economic-financial crime (e.g., active/passive corruption);
• Breach of internal rules or policies.

Reporting Method

This Regulation is part of a voluntary reporting regime for irregularities, and the system for receiving, handling and communicating irregularities operates through communication channels dedicated to this purpose, promoting full integrity and confidentiality of the identity or anonymity of whistleblowers, as well as the confidentiality of third parties identified in the report, preventing access by unauthorized persons.

Reports may be submitted anonymously (in this case anonymity must be requested by the Whistleblower at the time of submission) or with the identity of the whistleblower kept confidential by the personnel authorized to handle the report, and may, in any case, be submitted in writing and/or verbally.

In any case, the written report (in the case of written submission) and/or the request for contact for a verbal report must be sent to the email address:
Email address: etica@bee-eng.pt

Handling of the Report

As defined in this Regulation, all reports of irregularities are treated as confidential information. The whistleblowing channel is handled by designated persons (who are subject to impartiality clauses) who are responsible for receiving the report and maintaining communication with the whistleblower, if necessary, requesting further information and committing to provide feedback within a reasonable period of time.

Authorized Personnel for Handling

Given the critical nature of the information, the Whistleblowing Channel adopts the “need-to-know” principle, restricting and differentiating access to the content of the report and the identity of the whistleblower. Only authorized personnel responsible for handling the complaint may know the identity of the whistleblower.

There is a compliance officer who performs their duties independently, permanently and with decision-making autonomy, having the internal information and the human and technical means necessary for the proper performance of their function.

In accordance with the applicable legislation, this compliance responsibility is transversal among the companies of the MoOngy Group, S.A.

In order to preserve integrity, limit information and maintain greater independence of the channel’s operation, the identity of the Compliance Director responsible for the maintenance, preservation and integrity of the channel will remain anonymous within the group, with only the information that it will be ensured by specific staff exclusively assigned to the channel. Members of the GPD trained in the Whistleblowing Channel are part of this structure.

The Compliance Officer, as well as the authorized personnel, are subject to a specific NDA related to the Whistleblowing Channel in order to safeguard any complaint under a strict duty of confidentiality.

Investigation Process

The report/complaint will be internally forwarded to the person responsible for the whistleblowing channel, who must determine whether the report contains minimum grounds to initiate a fact-finding process.

The receipt of a report/complaint will always give rise to an investigation process, except in cases of manifest lack of grounds.

The authorized personnel in charge of the investigation process shall promote the implementation of appropriate measures to protect the information and data contained in the reports and their records, as well as promote the necessary actions for the initial confirmation of the grounds.

Bee Engineering undertakes to inform the author of the report, within a reasonable period (not exceeding three months after the notification sent to the whistleblower), of the measures envisaged or taken to follow up on the complaint and the reasons for choosing such follow-up, as well as the conclusions of the investigation.

The investigation process ends with the documentation of the results, grounds and conclusions, as well as the formulation of recommendations and measures appropriate to the situation. Otherwise, if it is considered unfounded (due to lack or nullity), the complaint will be archived.

PROTECTION MEASURES

Prohibition of Retaliation

A report may not, by any means or in any form, result in acts of retaliation (including attempts) or omissions that directly or indirectly occur in a professional context and are motivated by the report, causing or potentially causing unjustified material or non-material damage, harassment, intimidation or discrimination to the whistleblower or facilitators. Bee Engineering must ensure that this does not occur.

The person who commits an act of retaliation must compensate the whistleblower for the damage caused, and the whistleblower may request appropriate measures in view of the circumstances of the case to prevent the occurrence or worsening of the damage.

Any disciplinary sanction applied to the whistleblower up to two years after the report or public disclosure is presumed to be abusive. All persons listed in the “Personal Scope” section are covered by this protection.

Exception Due to Need to Share

If, for any reason, it is exceptionally necessary for the identity of the whistleblower to be provided to any other party during the investigation process, the complainant will receive a request for consent (on the grounds that it is considered a necessary and proportionate obligation by the person responsible for the identity) so that they may, of their own free will, allow (or not allow) the sharing of their identity with the party to whom the information is deemed essential for the investigation, in order to safeguard the rights of defence of the person concerned.

It should be noted that this request for consent will be made to the whistleblower, one for each individual (on an individual basis) for whom the sharing is indispensable. Under the legislation on the Whistleblowing Channel, situations may arise in which informing the whistleblower of such sharing of identity could jeopardize investigations or judicial proceedings in the context of an investigation by national authorities; in this particular situation, consent from the whistleblower is waived.

Support Measures

The Whistleblower has the right, in general terms, to legal protection and may benefit from witness protection measures in criminal proceedings. Bee Engineering is responsible for recognizing the status of the Whistleblower by means of certification.

Personal Data

It should be taken into account that the confidentiality of the whistleblower’s identity also applies to the identity of the persons listed in the “Personal Scope”.

The information collected in the whistleblowing channel will be used exclusively for the purposes provided therein. The maximum protection established in the General Data Protection Regulation will be ensured for the processing of each complaint and especially for the identity of the Whistleblower.

In addition, the Data Minimization Principle will ensure that authorized personnel have access only to the minimum information necessary regarding the identity of the Whistleblower. Furthermore, the other principles (such as processing limitation, accountability, etc.) and GDPR practices will be applied to ensure the protection of the whistleblower’s data.

Irreducibility of Rights

In order to ensure integrity and to prevent any impediments or pressure from third parties on the whistleblower and others covered by the protection, the right to the protective measures referred to herein is fully inalienable and may not be waived or limited by any agreements, policies, forms or conditions. Contractual provisions that limit or obscure the submission or follow-up of complaints or the public disclosure of breaches under this Regulation shall be null and void.

Recording of Reports

Those responsible for handling the report have the right to record it (with the consent of the whistleblower and their choice of recording method, whether in writing – reports, minutes – or verbally – in the form of audio recording or other multimedia forms).

Production and Dissemination of Reliable Information

Information relating to the report is kept for one year in order to be integrated (while maintaining maximum confidentiality) into the report on the company’s preventive activity, to assess the integration and functioning of the Whistleblowing Channel, as well as to guide the company’s preventive activity, rationalizing the allocation of available resources and increasing the level of effectiveness of the system. This also allows a global understanding, as close as possible, of the contours of these crimes and the effectiveness of their investigation, as well as an analysis of the overall response time of the whistleblowing channel.

This Whistleblowing Regulation is reviewed annually after the annual report on the implementation and operation of the Whistleblowing Channel and is fully supported by our management.