Reporting Policy

1. Introduction

Technologia Sport Aftokiniton S.A. operates in accordance with the principles of professional conduct, integrity, transparency, and ethics. At the same time, it develops and implements policies in order to comply with the applicable legal and regulatory framework.

Through this Reporting Policy, the Company complies with Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law, as well as with Greek Law 4990/2022. The purpose of this Reporting Policy is to establish an internal reporting system for breaches of EU law, to protect the persons reporting such breaches, and to organise the procedure for the submission, receipt, and follow-up of reports.

The Company demonstrates zero tolerance for actions that may disrupt its healthy working environment, cause harm to the Company, or put its reputation and credibility at risk. It encourages the submission of reports as soon as any relevant issue comes to light. All reports are taken seriously and investigated with full objectivity and independence. The Company confirms that any person making a report, as defined below, shall be protected against retaliation and that the personal data of all parties involved shall be protected through the implementation of the necessary technical and organisational security measures.

2. Definitions

  1. “Report” means the oral, written, or electronic platform-based provision of information regarding breaches covered by this Policy.
    • (a) “Internal Report” means the oral, written, or electronic platform-based provision of information regarding breaches to the Reports Receiving and Monitoring Officer (R.R.M.O.) of a public or private legal entity.
    • (b) “External Report” means the oral, written, or electronic platform-based provision of information regarding breaches to the National Transparency Authority (N.T.A.).
  2. “Reported Person” means the natural or legal person who is named in the internal or external report or in the public disclosure as a person to whom the breach is attributed or who is associated with the person to whom the breach is attributed and who falls within the scope of this Policy.
  3. “Reporting Person” means the natural person who makes an internal or external report or a public disclosure by providing information regarding breaches acquired in the context of their work-related activities.
  4. “Retaliation” means any direct or indirect act or omission occurring in a work-related context, which causes or may cause unjustified detriment to the reporting person, or places them at a disadvantage, and which is linked to an internal or external report or public disclosure.
  5. “Reasonable Grounds” means the justified belief of a person, with similar knowledge, training, and experience to the reporting person, that the information in their possession is true and constitutes a breach of Union law falling within the scope of this Policy.
  6. “Public Disclosure” means the direct making available of information on breaches to the public.
  7. “Facilitator” means a natural person who assists the reporting person in the reporting process in a work-related context, and whose assistance must remain confidential.
  8. “Follow-up Actions” means any action taken by the recipient of the report or by any authority or body to which the report is referred due to competence, for the purpose of assessing the accuracy of the allegations contained in the report and addressing the reported breach, such as internal investigation, inquiry, prosecution, action for recovery of funds, or closure of the procedure.
  9. “Feedback” means the provision of information to reporting persons regarding the measures envisaged or taken as part of the follow-up and the reasons for such measures.
  10. “Work-related Context” means current, past, or prospective work-related activities in the public or private sector, regardless of the nature of those activities, through which persons acquire information on breaches and within which those persons could suffer retaliation if they reported such information.
  11. “Breaches” means acts or omissions that are unlawful under Union law or that defeat the object or purpose of the rules of Union law falling within the material scope of this Policy.
  12. “Information on Breaches” means information, including reasonable suspicions, regarding actual or potential breaches that have occurred or are very likely to occur in the organisation where the reporting person works, has worked, or is about to work, or is in negotiations to work, or in other entities with which the reporting person has been in contact through their work, as well as information on attempts to conceal such breaches.
  13. “External Partners” means third parties contractually associated with the Company, as well as their personnel, including consultants, subcontractors, contractors, suppliers, all kinds of business partners, shareholders, etc.
  14. “Reports Receiving and Monitoring Officer” or “R.R.M.O.” means the person responsible for receiving and monitoring the progress of reports.
  15. “Reports Management Committee” (“R.M.C.”) means the committee responsible for managing and investigating reports.
  16. “Employee” means a person employed by the Company under a fixed-term or indefinite-term employment agreement, or a person otherwise connected with the Company through another work relationship, or seasonal personnel, or a trainee engaged by the Company.
  17. “Reporting Channels” means the channels through which reports are submitted, including the means used for submitting reports and the persons to whom reporting persons may address them.
  18. “Malicious Report” means a report made by the reporting person while knowing that it is untrue.
  19. “Good Faith” means the state in which the reporting person reasonably believes that the information they provide is true.
  20. “Platform” means the specially designed electronic platform that is accessible online via computer or mobile device.

3. Scope of Application – Reporting Persons

Under this Reporting Policy, reporting persons may include:

  1. Persons working for the Company who have acquired, in the context of their work, information regarding breaches and report them, in particular:
    • (aa) employees, namely persons who provide services to the Company under its instructions and receive remuneration for such services, regardless of whether their employment is full-time or part-time, permanent or seasonal, or whether they are seconded from another entity;
    • (ab) self-employed persons, consultants, or home-based workers;
    • (ac) shareholders and persons belonging to the administrative, management, or supervisory body of the Company, including non-executive members, as well as volunteers and paid or unpaid trainees;
    • (b) persons who report or publicly disclose information on breaches acquired in the context of a work relationship that has ended for any reason, including retirement, as well as reporting persons whose work relationship has not yet begun, where the information on breaches was acquired during the recruitment process or at another stage of pre-contractual negotiations.
  2. 2. The protective measures for reporting persons also apply, where relevant, to:
    • (a) facilitators,
    • (b) third persons connected with the reporting persons who could suffer retaliation in a work-related context, such as colleagues or relatives of the reporting persons, and
    • (c) legal entities or personal businesses owned by, working for, or otherwise connected in a work-related context with the reporting persons.

Persons reporting breaches are entitled to protection, provided that, at the time of reporting, they had reasonable grounds to believe that the information regarding the reported breaches was true and fell within the scope of Law 4990/2022.

4. Scope of Application – Types of Breaches

  1. Reports under this Policy are admissible when they concern the following types of misconduct or breaches. Any person falling within the category of “Reporting Persons” who becomes aware of any misconduct or breach within the Company relating to the following categories should immediately submit a Report.
    • (a) Breaches of Union law in the areas of:
      • public procurement;
      • financial services, products, and markets, and the prevention of money laundering and terrorist financing;
      • product safety and compliance;
      • transport safety;
      • environmental protection;
      • radiation protection and nuclear safety;
      • food and feed safety, animal health, and animal welfare;
      • public health;
      • consumer protection;
      • protection of privacy and personal data, and security of network and information systems.
    • (b) Breaches affecting the financial interests of the Union referred to in Article 325 of the Treaty on the Functioning of the European Union (TFEU) and as further specified in the relevant Union measures.
    • (c) Breaches relating to the internal market, as referred to in Article 26(2) TFEU, including breaches of Union competition and State aid rules, as well as breaches relating to the internal market concerning acts which violate the rules of corporate taxation or arrangements aimed at obtaining a tax advantage that defeats the object or purpose of the applicable corporate tax law.
  2. This scope of application shall not affect the application of provisions concerning:
    • the protection of classified information;
    • the protection of legal professional privilege and medical confidentiality;
    • the secrecy of judicial deliberations or other proceedings designated as confidential by applicable law;
    • the rules of criminal procedure;
    • the exercise of employees’ rights concerning advice from their representatives or trade unions, as well as protection against any unjustified detrimental measure resulting from such consultations, and the autonomy of social partners and their right to conclude collective agreements, without prejudice to the level of protection provided by this Policy.

5. Reporting Channels

The Company establishes easily accessible reporting channels, encourages the submission of reports concerning incidents that fall within the scope of this Policy, and guarantees that all reports received are handled confidentially. Reports may be submitted either by name or anonymously. In the case of a named report, the personal details of the reporting person may be disclosed to the reported person, if requested by them, subject to the terms and conditions of the applicable personal data legislation. If the reporting person does not wish to submit the report by name, they may choose to submit it anonymously.

Reports may be submitted through the following channels:

Through the electronic reporting platform

  1. The platform meets all security specifications concerning:
    • information systems;
    • personal data;
    • confidentiality or anonymity of the reporting person, where so chosen.

    Access to the electronic platform is available on the Company’s website, and reporting persons are encouraged to use it, as it constitutes the most comprehensive and secure reporting channel.

  2. In writing, by name, via email
    Reports may be submitted to: whistleblowing@hellecon.com
  3. In writing, by name or anonymously, via postal mail

    Reports may be sent to the Company’s R.R.M.O. at: 26 Smyrnis Street, Nea Philadelphia, Postal Code 14341, with the indication “personal and confidential”.
    The letter must also specify the company to which the report relates.
  4. Orally

    Reports may be submitted:
    • by telephone at 214 4069004, or
    • through a personal meeting with the R.R.M.O., following a request by the reporting person.

Regardless of the reporting channel used, all reports are received and managed by the R.R.M.O., who is also responsible for communication with the reporting person.

6. Guidance for the Submission of Reports

The following general guidance and instructions apply to the submission of reports:

  1. The Report should be made in good faith and without delay, immediately upon becoming aware of the incident.
  2. The Report should be clear, specific, and contain as much information and detail as possible in order to facilitate its investigation.
  3. The Report should include the name of the person or persons who may have committed the misconduct, the date/time period and place where the incident occurred, the type of misconduct, and as detailed a description as possible.
  4. Special categories of personal data and other sensitive information unrelated to the incident should not be included in the Report.
  5. The reporting person must have reasonable grounds to believe that, at the time of reporting, the information concerning the reported breaches was true and fell within the scope of Law 4990/2022. The reporting person must also refrain from engaging in unlawful actions that could endanger themselves, the Company, or a third party in order to seek and collect further evidence to support their Report.
  6. The reporting person should remain available, either confidentially or anonymously through the electronic reporting platform, to provide further information if requested.

7. Responsibilities of the Reports Receiving and Monitoring Officer (R.R.M.O.)

Mr Filippos Pakos has been appointed as the R.R.M.O. and has the following responsibilities:

  1. Provides appropriate information regarding the possibility of submitting a report within the organisation and ensures that such information is displayed in a visible location within the organisation.
  2. Receives reports concerning breaches falling within the scope of this Policy.
  3. Acknowledges receipt of the report to the reporting person within seven (7) working days from the date of receipt.
  4. Takes the necessary actions in order for the Report to be handled by the Reports Management Committee (R.M.C.), or closes the procedure by archiving the report if it is incomprehensible, submitted abusively, does not contain facts constituting a breach of Union law, or lacks serious indications of such a breach, and communicates the relevant decision to the reporting person, who may resubmit the report to the National Transparency Authority (N.T.A.), which operates as an external reporting channel, if they consider that the report was not handled effectively.
  5. Ensures the protection of the confidentiality of the identity of the reporting person and of any third party named in the report, by preventing access by unauthorised persons.
  6. Monitors reports and maintains communication with the reporting person and, where required, requests further information from them.
  7. Provides feedback to the reporting person on the actions taken within a reasonable timeframe, not exceeding three (3) months from the acknowledgement of receipt, or, if no acknowledgement has been sent, three (3) months from the expiry of seven (7) working days from the submission of the report.
  8. Provides clear and easily accessible information on the procedures under which reports may be submitted to the National Transparency Authority and, where relevant, to public bodies or institutions, bodies, offices, or agencies of the European Union.
  9. Designs and coordinates training activities relating to ethics and integrity and participates in the development of internal policies to strengthen integrity and transparency within the organisation.

The R.R.M.O.:

  1. performs their duties with integrity, objectivity, impartiality, transparency, and social responsibility;
  2. respects and observes the rules of discretion and confidentiality regarding matters that come to their knowledge in the course of their duties;
  3. refrains from handling specific cases and declares a conflict where a conflict of interest arises.

The Company ensures that, where the R.R.M.O. performs other duties as well, the performance of such duties does not affect their independence and does not lead to a conflict of interest in relation to their responsibilities.

8. Responsibilities of the Reports Management Committee (R.M.C.)

The management of reports submitted through the reporting channels is carried out by the R.M.C., in accordance with the Reports Management Procedure.

The Committee consists of the following members:

  1. Regular members

    who are responsible for handling all reports, except where alternate members are required:
    • Chairwoman and Chief Executive Officer
    • Human Resources Director
    • Chief Financial Officer
  2. Alternate members

    who assume their duties where one or more regular members are relieved of their responsibilities because they are implicated in the report under investigation.

The Committee may be assisted by third parties — whether employees or partners of the Company, or third-party external consultants — where specialised knowledge is required for the investigation of the report and the proper completion of the procedure.

9. Reports Management Procedure

The reporting procedure consists of the following steps:

  1. The reporting person submits the report through one of the reporting channels.
  2. The R.R.M.O. receives the report and confirms its receipt to the reporting person within 7 days.
  3. The R.R.M.O. assesses whether the report falls within the scope of the Law and forwards it to the R.M.C.
  4. If the report does not fall within the scope of the Law, the R.R.M.O. informs the R.M.C. and, unless the R.M.C. makes a different assessment, closes the procedure and informs the reporting person.
  5. If the report falls within the scope of the Law, the R.R.M.O. forwards it to the R.M.C., which undertakes the internal investigation. If the reported person is a member of the R.M.C., that member is relieved of their duties and replaced by one of the alternate members.
  6. The R.R.M.O. informs the reporting person that the report has been accepted.
  7. The investigation is carried out.
  8. The R.M.C. informs the R.R.M.O. at regular intervals about the progress of the investigation, and the R.R.M.O. must inform the reporting person, no later than 3 months after receipt of the report, of the results of the investigation, even if the investigation has not yet been completed.
  9. Upon completion of the investigation, the R.M.C. informs the R.R.M.O., who in turn informs the reporting person of the final outcome.

10. Rights of the Reporting Person and the Reported Person

The reporting person has the right to be informed both of the receipt of their Report, no later than within 7 working days, and of the outcome of the investigation, no later than within 3 months.

The reporting person has the right to submit the Report directly to the National Transparency Authority (N.T.A.), in accordance with Articles 11 and 12 of Law 4990/2022, where they reasonably believe that the Report cannot be effectively handled by the R.R.M.O. or that there is a risk of retaliation.

In addition, the reporting person has the right to make a public disclosure regarding the breach, provided that one of the following conditions is met, in accordance with Article 13 of Law 4990/2022:

  • (a) the person first submitted the report internally to the Company and externally to the N.T.A., or directly externally to the N.T.A., but no appropriate action was taken in response within three (3) months from the acknowledgement of receipt of the report or from the expiry of seven (7) working days from its submission, in the case of an internal report to the Company, and within three (3) months, or six (6) months in duly justified cases, in the case of a report to the N.T.A.; or
  • (b) the person has reasonable grounds to believe that the breach may constitute a danger to the public interest, or where there is an emergency or risk of irreversible harm, or, in the case of a report to the N.T.A., where there is a risk of retaliation, or where there is little prospect that the breach will be effectively addressed due to the particular circumstances of the case, such as where evidence may be concealed or destroyed or where any authority or body may be in collusion with the perpetrator of the breach or involved in the breach.

11. Protection of Reporting Persons

Persons reporting breaches are entitled to protection, provided that, at the time of reporting, they had reasonable grounds to believe that the information relating to the reported breaches was true and fell within the scope of Law 4990/2022.

In this context, any kind of adverse conduct against any person who has made a Report is prohibited, even if the Report ultimately proves to be incorrect. The Reports Management Committee and the Management ensure that no retaliation occurs where any person submits a Report in good faith. More specifically, the Company is committed to ensuring that employees who submit a Report shall not suffer retaliation, harassment, marginalisation, intimidation, threats, or acts of revenge as a result of their Report. Furthermore, unjustified changes to the employment relationship as a result of the Report are not permitted, such as dismissal, demotion, denial of promotion, salary reduction, change of workplace, removal of duties, change in working hours, etc. In the case of a malicious Report, the above protection does not apply.

The same level of protection also applies to third persons connected with reporting persons who could suffer retaliation in a work-related context, such as colleagues or relatives of the reporting persons.

Where the reporting person is an external partner, the premature termination or cancellation of a contract for goods or services as a result of the Report is not permitted.

Any act of retaliation must be reported immediately to the R.M.C., will be investigated by it, and will be resolved accordingly. If the investigation determines that retaliation has indeed occurred, disciplinary measures shall be imposed against the person who committed it. The person accused of having committed the retaliation bears the burden of proving that their actions are unrelated to the Report made by the employee.

12. Confidentiality and Anonymity

The Company encourages employees and external partners to raise concerns regarding potential misconduct through the existing reporting channels. It also undertakes to make every possible effort, and to take every appropriate measure, to protect the identity of both the reporting person and the persons named in reports, and to handle the matter with full confidentiality and discretion.

Personal data and all kinds of information leading, directly or indirectly, to the identification of the reporting person shall not be disclosed to anyone other than authorised staff members competent to receive or follow up on reports, namely the members of the Reports Management Committee, the Investigation Officer, and the Investigation Team, including any specialised external consultants specifically appointed for the investigation of the incident. The identity of the reporting person and any other information may be disclosed only where required by Union or national law, in the context of investigations by competent authorities or judicial proceedings, and where such disclosure is necessary for the purposes of this Policy or for safeguarding the rights of defence of the reported person, and subject to the additional requirements of Law 4990/2022.

13. Personal Data

Any processing of personal data under this Policy is carried out in accordance with the applicable national and European legislation on personal data, as well as with the Company’s Privacy Policy. The data of all persons involved is protected and processed exclusively in connection with the relevant Report and solely for the purpose of assessing whether the Report is well founded and of investigating the specific incident.

The Company takes all necessary technical and organisational measures for the protection of personal data, in accordance with the Company’s Privacy Policy.

Sensitive personal data and any other data not directly related to the Report are not taken into account and are deleted.

Access to the data included in reports is restricted only to those involved in the management and investigation of the incident, such as the members of the Reports Management Committee, the Investigation Officer, and the Investigation Team, including specialised external consultants.

The personal data and materials generated during the handling of a report shall be deleted within a reasonable period following the completion of the investigation initiated on the basis of that Report.

14. Information and Training

The Company ensures that all employees shall be informed and trained regarding the content of this Policy and any new revision thereof.

External partners undertake to provide corresponding information to their personnel. This shall be achieved primarily through the communication of this Reporting Policy and, additionally, through the provision of material supplied by the Company.

Information and awareness-raising actions shall be continuous, both internally and externally, in order to establish a positive corporate culture for reporting, supporting the principles of integrity, honesty, and transparency.