Whistleblowing channel offers a possibility to confidentially report suspicions of misconduct in our organization. Anyone can do the whistleblowing and do it anonymously.
Elematic strives to achieve transparency and high level of business ethics. We are committed to operating responsibly and in accordance with our values and Code of Conduct and to comply with laws and authorities’ guidelines and regulations in the business.
The Whistleblowing channel is meant to be used to alert the organization about serious risks of wrongdoings or violations related to our operations, community, or environment, including breach of EU.
A person who blows the whistle does not need to have firm evidence for expression a suspicion.
The Whistleblowing channel is not an emergency notification system. If the risk refers to human life, please contact the authorities.
Furthermore, the channel should not be used for business inquiries, customer complaints or product support requests, or to report issues related to personal workplace-related disputes.
Deliberate reporting of false or malicious information is forbidden. Please note that abuse of the whistleblowing service is a serious disciplinary matter.
Anonymously and confidentially through the whistleblowing channel.
REPORT MISCONDUCT
We encourage anybody who shares their suspicions to be open with their identity. However, if you wish to remain anonymous, the Whistleblowing channel offers anonymity and confidentiality.
All messages sent through the Whistleblowing channel are encrypted. First Whistle deletes all meta data, including IP addresses. The person sending the message also remains anonymous in the subsequent dialogue with responsible receivers of the report.
When you blow the whistle, do not include sensitive personal information about anybody mentioned in your message if it is not absolutely necessary for describing your concern.
Elematic whistleblowing channel is administrated by First Whistle powered by Juuriharja Oy, an external service provider.
Access to messages received through our whistleblowing channel is restricted to appointed individuals with the authority to handle whistleblowing cases. Their actions are logged, and handling is confidential.
When needed, individuals who can add expertise may be included in the investigation process. These people can access relevant data and are also bound to confidentiality.
If a person raises a concern directly by contacting the whistleblowing team in person, the message is treated according to these guidelines.
Upon receiving a message, the whistleblowing team decides whether to accept or decline the message. If the message is accepted, appropriate measures for investigation will be taken, please see “Investigation” below.
The whistleblowing team may decline to accept a message if:
If a message includes issues not covered by the scope of these Whistleblowing guidelines, the whistleblowing team should take appropriate actions to get the issue solved.
The notifier will be notified of the receipt of the notification and any additional questions will be asked within 7 days of receipt of the notification and feedback will be given within 3 months (or, in special cases, within max. of 6 months) upon the date of receiving the report.
All messages are treated in accordance with these Whistleblowing guidelines. The following principles are applied in the investigation:
A person expressing genuine suspicion or misgiving according to these guidelines will not be at risk of losing their job or suffering any form of sanctions or personal disadvantages as a result. It does not matter if the whistleblower is mistaken, provided that she or he is acting in good faith.
Subject to considering the privacy of those against whom allegations have been made, and any other issues of confidentially, a non-anonymous whistleblower will be kept informed of the outcomes of the investigation into the allegations.
In cases of alleged criminal offences, the whistleblower’s identity may need to be disclosed during judicial proceedings.
This policy is based on the EU GDPR, EU Directive on whistleblower protection and national legislation on whistleblowing.
For more information on personal data handling at Elematic, please visit our privacy policy.
Personal data included in a whistleblowing messages and investigation documentation is deleted when the investigation is complete, with the exception of when personal data must be maintained according to other applicable laws. Permanent deletion is carried out 30 days after completion of the investigation.
Elematic Group is responsible for the personal data processed within the whistleblowing service.
Juuriharja Oy responsible for the whistleblowing application, including processing of encrypted data, such as whistleblowing messages. Neither Juuriharja or any sub-suppliers can decrypt and read messages. As such, neither Juuriharja nor its sub-processors have access to readable content.