Whistleblowing Policy

COMPLAINT AND REPORT MANAGEMENT POLICY (Law 4990/2022, EU Directive 2019/1937)

1. Introduction

The companies of LEVANTE FERRIES MARITIME COMPANY, LEVANTE FERRIES III MARITIME COMPANY, LEVANTE FERRIES V MARITIME COMPANY, IONISSOS FERRIES MARITIME COMPANY, IONISSOS FERRIES III MARITIME COMPANY, LEVANTE EXPRESS LTD (hereinafter "the Companies” and each one individually as “the Company") apply Greek Law 4990/2022 and the European legislation (Directive 2019/1937) for the protection of persons reporting or disclosing breaches of European Union law in sectors such as public contracts, product safety, consumer protection, environmental protection, financial services, network and information security, competition and personal data, corporate taxation, etc.

Indicative acts that may fall within the scope of the present Policy are offenses such as fraud, theft, embezzlement, bribery, corruption, abuse of power, conflict of interest, breaches of confidentiality and personal data, violation of terms of service to the detriment of consumers, legalization of products of crime, breach of competition law, irregularities in matters of accounting and financial data, violations of safety and health regulations, environmental legislation, etc.

Reports of violations of Greek legislation, such as labor claims, undue discrimination, wage disparities, disciplinary matters, harassment issues in the workplace etc. are outside the scope of the present Policy.

 

2. Scope of Application

In this context, the Companies adopt this Complaints and Reports Management Policy (hereinafter "Whistleblowing Policy").

  • Who may submit a report?

Persons who, in the context of their work-related activities with the aforementioned companies, acquired information pertaining to breaches of union law in the abovementioned fields.
More precisely: Employees of the aforementioned companies, whether engaged in full-time or part- time, permanent or temporary employment, members of the board of the aforementioned companies, shareholders, persons having self-employed status, consultants or remote employees, persons working under the supervision and direction of contractors, subcontractors and suppliers, persons who acquired information regarding breaches in the context of a work-based relationship which has since ended for any reason whatsoever (including retirement) or persons whose work-based relationship is yet to begin (in cases where information on breaches has been acquired during the recruitment process or other pre-contractual negotiations).

 

3. Purpose

The present Whistleblowing Policy pertaining to the management of Complaints and Reports, whether anonymous or non-anonymous, aims at creating an internal channel for the secure and timely detection of irregularities, omissions or breaches committed by board members of the companies, administrators, employees, suppliers, possessing information for illegal acts relevant to our activities and our business in general and the protection of persons reporting such.

We encourage our executives, employees of any professional status, our collaborators, our suppliers, shareholders and any persons working under the supervision of our contractors, subcontractors and suppliers, to immediately and anonymously report cases of violations of European Union law, so that we can take the necessary corrective actions.

We adopt an internal reporting system against illegal actions, which harm our prestige, reputation, and credibility in the market and in society in general, under conditions of protection of both their anonymity and the principle of confidentiality of the reporting persons’ data.

 

4. Reporting mechanism for employees, executives, collaborators and content of such reports 

Αny person who becomes aware of either significant irregularities, omissions, or other breaches of European Union law by the Company, its executives, employees or suppliers, should report them, either orally or in writing, either anonymously or non-anonymously to the competent person appointed as Reporting Receipt and Monitoring Officer (Y.P.P.A.) so as to internally adopt the lawful measures required

Each report should briefly include the reason for its submission, the acts that establish a reportable incident, with specific information about persons’ names, place and dates of occurrence of such illegal act, providing relevant documentation or other data. Ιt is not necessary to include any evidence, however, any relevant information which will facilitate the evaluation and investigation of the report shall be taken into account.

 

5. Reporting channels

Reports are submitted, at the discretion of the reporting person:

a) either through "internal" reporting channels to each company's competent authorized Reporting Receipt and Monitoring Officer (Y.P.P.A. in Greek)

b) or through "external" reporting channels to the competent National Transparency Authority (E.A.D), in case the report is not investigated internally within a reasonable timeframe from its submission date

The Company shall not pay any fee or any remuneration to the reporting person, given that the Reporting System of breaches exclusively serves the need of safeguarding the reputation, ethics and credibility of the company, its managers, shareholders, and customers, from illegal actions committed by members of the Board of Directors, executives, its staff, suppliers or partners.

 

6. Reports management principles

The management of reports by the Reporting Receipt and Monitoring Officer (Y.P.P.A.) is based on the following general principles:

a) confidentiality: non-disclosure of the identity of the reporting person and the persons named or indicated in the report, except in cases where there is a relevant obligation by law, such as in the case of crimes prosecuted ex officio

b) due diligence: the investigation will be carried out professionally, documenting as far as possible all findings and evidence.

c) integrity: the research is carried out with objectivity, and without behaviors that may create suspicions of influencing the examiners.

 

7. Competencies of the Reporting Receipt and Monitoring Officer (Y.P.P.A)

In each company, we have appointed a Reporting Receipt and Monitoring Officer (Y.P.P.A.), with the following responsibilities):

a) briefing and training of personnel regarding the option of internal reporting.

b) receiving reports of breaches of Union law.

c) acknowledgment of receipt of report to the reporting person within seven (7) working days from that receipt.

d) monitoring, communication with the reporting person and referral of the report to the competent bodies of the company or to the national or European bodies, as the case may be.

e) completion of investigation of the report within three (3) months from its submission date.

f) archiving of incomprehensible or abusive reports or reports which lack sufficient evidence or are outside the ambit of breaches as per Union law and sending notification of the relevant archiving decision to the reporting person, who has the right to resubmit the report to the National Transparency Authority (E.A.D) as an external reporting channel.

 

8. Submission of report concerning a breach to the Reporting Receipt and Monitoring Officer (Y.P.P.A.)

Should you wish to report breaches of Union law exclusively in the aforementioned areas you may use any of the alternative internal reporting channels, namely:

a) orally or through a physical meeting with the competent Reporting Receipt and Monitoring Officer (Y.P.P.A.),

b) in writing to the address of each company:

For the Companies: LEVANTE FERRIES MARITIME COMPANY, LEVANTE FERRIES III MARITIME COMPANY, LEVANTE FERRIES V MARITIME COMPANY, IONISSOS FERRIES MARITIME COMPANY, IONISSOS FERRIES III MARITIME COMPANY at 280 Thiseos Avenue, 17675, Kallithea Attikis,
For the Company: LEVANTE EXPRESS LTD. at 282 Thiseos Avenue, 17675, Kallithea Attikis 280 Thiseos Avenue, Kallithea Attikis,
for the attention of the Reporting Receipt and Monitoring Officer (Y.P.P.A.) of the respective company (indicate the company concerned) in an envelope marked "Confidential"

c) by email to the electronic address of the respective company, as follows:

for LEVANTE FERRIES MARITIME COMPANY

yppalevanteferries@levanteferries.com
for LEVANTE FERRIES III MARITIME COMPANY

yppalevanteferriesIII@levanteferries.com
for LEVANTE FERRIES V MARITIME COMPANY

yppalevanteferriesV@levanteferries.com
for IONISSOS FERRIES MARITIME COMPANY

yppaionissosferries@levanteferries.com
for IONISSOS FERRIES III MARITIME COMPANY

yppaionissosferriesIΙI@levanteferries.com
for LEVANTE EXPRESS LTD

 yppalevanteexpress@levanteferries.com

d) through the electronic reporting platform https://whistleblowing.levanteferries.com, which operates on LEVANTE FERRIES’s website, also accessible to people with disabilities, that will lead you to the company that the report concerns.

 

9. Reports outside standard communication channels

A breach report that, although falling within the responsibilities of the Y.P.P.A. is nevertheless submitted to any other executive of the Companies or by means other than those described above must be forwarded immediately to the competent Y.P.P.A. with care of the recipient.

 

10. Handling of reports

Following the submission of a report, whether anonymous or non- anonymous through the special electronic platform https://whistleblowing.levanteferries.com, the platform automatically provides a receipt confirmation to the sender, provided contact information is supplied.

The same, as above, applies in the case of submission of a report to the Y.P.P.A., who has the obligation to send confirmation of receipt (of the report) within seven (7) working days from the day of receipt of such. The Y.P.P.A of each company assesses the nature of each report, having the option of either deciding to investigate it further or seeking external assistance or archiving it as manifestly unfounded

 

11. Disclosure of information pertaining to the reporting persons, the persons concerned reported and third parties

Personal data and confidential information that may lead whether directly or indirectly to the identification of the reporting person are not disclosed to anyone beyond the authorized staff members competent to receive or follow up on reports, except if the reporting person explicitly consents. .

The identity of the reporting person may be disclosed only where there is such obligation imposed by Union or national law in the context of investigations by national authorities or judicial proceedings and as long as this is necessary for safeguarding the rights of defence of the person concerned. Such disclosure takes place after the reporting person has been informed in writing about the reasons for the disclosure of his identity and other confidential information. Following such notification, the reporting person is entitled to submit written comments or objections. If such reasons are not considered sufficient, then the disclosure of the identity of the reporting person is not prevented.

As a general rule, the persons concerned and third parties mentioned in the report are not informed of the content of the report, in derogation of GDPR 2016/679 and Law 4624/2019, respecting the conditions and limitations of article 15 par. 5, 6 and 7 of Law 4990/2022, for as long as it is necessary so that the confidentiality of the investigations is not affected, nor the investigations are hindered due to the disclosure of the source of the data and the identity of the persons involved in its (the report’s) processing and evaluation.

The submission of evidently malicious and frivolous reports is not protected under this present Policy and is punishable in accordance with the applicable legislation.

 

12. Exemptions from the disclosure obligation

Notwithstanding the above, the provision of information and right of access shall be assessed by the Y.P.P.A on a case-by-case basis as there may be cases where the aforementioned disclosure may indicatively:

a) obstruct the investigation of the case and hinder the evaluation of the report and the collection of the required information and data,

b) lead directly or indirectly to the identification of the reporting persons,

c) result in the disclosure of classified or confidential corporate information,

d) prevent the establishment, exercise or support of legal claims of the company and/ or the possible criminal proceedings against the parties involved.

Each case shall be assessed independently and the reasons for the delay in the disclosure or grant of access shall be recorded in writing. The nature of information and the risks associated with their disclosure will be taken into consideration. In cases of satisfying a certain request, as a rule the personal data of third parties will be deleted from the relevant documents.

 

13Personal data

Each Company acts as Data Controller for the processing of personal data contained in the aforementioned reports, as per the provisions of the GDPR (Regulation 2016/679) and Law 4624/2019, as amended by Law 5002/ 2022.

When implementing this present Policy, each company shall ensure compliance with the legislation on personal data, the lawful exercise of the rights of all persons involved and the confidentiality of the process in general.

At every stage of the process and to the extent that personal data of the reporting party, of the party concerned or thirds parties are contained in the reports, the Data Protection Officer’s (DPO’s) opinion is essential for the lawful management of the reports.

 

14. Record Keeping

The Y.P.P.A. keeps a special record of all reports, as follows:

  • in case the report is deemed unacceptable, the personal data shall be deleted from the report within three (3) months from the date that the report is archived.
  • in case the reported breach follows the legal route, the personal data shall be deleted with the issuance of an irrevocable court decision on such breach.
  • in case the report results in documented findings against an employee or member of the Board of Directors of a Company, the personal data shall be kept throughout his employment and shall be deleted five (5) years after the termination, for any reason whatsoever, of the cooperation, and in any case until the completion of any investigation that has been initiated as a consequence of the report against the concerned party, whichever is latest.
  • in case the report results in documented findings against an external partner or supplier of the Company, the personal data shall be kept throughout its cooperation and shall be deleted five (5) years after the termination, by any reason whatsoever, of the cooperation and in any case until the completion of any investigation that has been initiated as a consequence of the report against the party concerned, whichever is latest.

 

15. Implementation, Monitoring and Modification of the policy

Each Company is the owner of the present document and is responsible for revising this Policy.

The present is regularly revised whenever compelled by circumstances and amendments of the legal framework.  

Date of Adoption: 10.02.2024