Whistleblower Channel

Hydra iT is committed to ensuring the protection of people who wish to report a violation or a possible irregularity, under the terms of European Directive 2019/1937 and Law No. 93/2021, of December 20. Hydra iT prohibits retaliation against anyone who, having reasonable grounds to believe that a violation or suspected wrongdoing exists, reports it and provides information obtained in a professional context. This Whistleblower Protection Policy applies to your entire organization.


1. What matters should be reported?

Whistleblowers may report information obtained in a professional context, regarding suspected irregularities or violations - current or potential - of:

  • Public contracting;
  • Financial services, products and markets and prevention of money laundering and terrorist financing;
  • Product security and compliance;
  • Transport security;
  • Environmental protection;
  • Radiation protection and nuclear safety;
  • Food and animal safety, animal health and animal welfare;
  • Public health;
  • Consumer protection;
  • Protection of privacy and personal data and security of network and information systems;
  • Act or omission contrary to internal market rules, including competition and state aid rules, as well as corporate taxation rules;
  • Violent crimes, especially the ones that are violent and highly organized, as well as the crimes provided for in Law n.º 5/2002, of January 11 (terrorism and terrorist organization; Arms trafficking; Passive corruption and embezzlement; Money laundering; Criminal association; Smuggling; Traffic and addiction of stolen vehicles; Probation and trafficking of minors; Counterfeiting of currency and currency-like securities);
  • Corruption and related offenses, namely, undue receipt and offer of an advantage, embezzlement, economic participation in a business, concussion, abuse of power, malfeasance, influence peddling, money laundering or fraud in obtaining or diverting a subsidy, subsidy or credit, provided for in the Penal Code, approved in annex to Decree-Law n.º 48/95, of March 15, in its current wording, in Law n. current wording, in the Military Justice Code, approved as an annex to Law n.º 100/2003, of 15 November, in Law n. 20/2008, of April 21, in its current wording, and in Decree-Law no. 28/84, of January 20, in its current wording;
  • Portuguese Criminal Code, as well as in International Criminal Law, regardless of whether for the benefit or detriment of Hydra iT.

The denunciation may relate to infringements that have been committed, that are being committed or that can reasonably be expected to be committed, as well as attempts to conceal such infringements.

A violation or suspected irregularity must be based on reasonable grounds. This means that the whistleblower does not need to prove the violation or wrongdoing, but must be able to substantiate his suspicions based on observations, documents, emails, reports or photos. A rumor is not a sufficient or reasonable reason to file a report.


2. What matters should be reported?

All workers who perform or have performed work with Hydra iT can report information, including temporary workers, self-employed workers, interns, volunteers or recruiting candidates; service providers; Providers; and board members.


3. How can you report?

Violations or suspected irregularities can be reported by writing to the email address or verbally via voice message to contact +351 962 738 460 or in a face-to-face meeting at the request of the whistleblower.

Upon reporting (written or verbal by voice message), the author may remain anonymous, but must always provide the information necessary to allow the situation to be properly investigated and the consequences of the denunciation communicated. Denunciations outside the scope identified in point 1, or those that are insufficiently substantiated, lacking reasonableness or lack of factual information, will not be investigated.

In the denunciation form they must indicate:

  • Full name of the whistleblower, although anonymous reports are accepted;
  • Email (mandatory, if you wish to be aware of the developments and conclusions of the process);
  • Phone number (if you authorize to be contacted, namely for clarification of doubts within the scope of the process);
  • Relationship with Hydra iT (employee, ex-employee, temporary worker, self-employed, intern, volunteer, recruiting candidate, service provider, supplier or board member);
  • Type of denunciation (corruption, security, privacy and personal data, others);
  • Description of the denunciation. In this field, they must indicate the date and place of the denounced facts, people involved, affected and identification of witnesses (if any) and description of the events; if the whistleblower has documents (e.g. emails), he/she must attach them to the denunciation, in order to assist the investigation.

The language of the denunciation must be simple and clear, explaining the reasons that support it so that it can be understood by all of the people involved.
After the denunciation, a notification of receipt of the denunciation is sent to the author, within a maximum period of 7 days.
Hydra iT will manage reports confidentially, and may, if it deems appropriate and necessary, communicate the violation or suspected irregularity to third parties, including lawyers, regulatory bodies, government agencies or criminal police bodies.
Within a maximum period of 3 months from the date of receipt of the denunciation, or 6 months when the complexity of the denunciation justifies it, the author will be informed about the reasons and the measures planned and adopted to follow up and conclude the investigation process of the denunciation. The whistleblower must maintain confidentiality regarding all the information received.


4. Denunciations management procedure?

Hydra iT guarantees and assures independence, impartiality, confidentiality, data protection, secrecy and the absence of conflicts of interest of those responsible for the management of denunciations.
Each denunciation presented will be assigned a unique code for its identification and will be duly filed in the Denunciations Register.
The team responsible for managing the Whistleblower Channel, having been elected Eng.º Nuno Calado to direct the Channel, will carry out a preliminary analysis of the reported facts and the attached evidence and will proceed with the legal qualification of the same.
After considering the denunciation, its qualification and the attached recommendations, the team will make a decision on each case, which may consist of opening an investigation or closing the case, when the denunciation is totally unfounded. In any case, the reasons for the decision taken will be noted in the process file.
Hydra iT will guarantee respect for the rights granted to whistleblowers, the accused and third parties who may be involved in the whistleblowing.


5. Alternative reporting methods

Whistleblowers benefit from the legal protection enshrined in Directive 2019/1937 when, first of all, they internally communicate information about violations. If the author, after having denounced internally, does not receive a response or considers that the matter has not been properly investigated, he may choose to report the violation or suspected irregularity to the competent public authority.


6. Whistleblower protection measures

Retaliation against the whistleblower is prohibited.
An act of retaliation is considered to be the act or omission that, directly or indirectly, occurring in a professional context and motivated by an internal or external denunciation or public disclosure, causes or may cause the whistleblower, in an unjustified way, property or non-property damage.
Threats and attempts of the acts and omissions referred to in the previous number are also considered acts of retaliation.
The person who performs an act of retaliation, compensates the whistleblower for the damages caused.
Regardless of the civil responsability that may arise, the whistleblower may request the appropriate measures to the circumstances of the case, in order to avoid the verification or expansion of damages.
The following acts are presumed to be motivated by internal or external denunciation or public disclosure, until proven otherwise, when practiced within two years after the denunciation or public disclosure:

a) Changes in working conditions, such as functions, hours, place of work or remuneration, non-promotion of the worker or non-compliance with work duties;
b) Suspension of employment contract;
c) Negative performance appraisal or negative reference for employment purposes;
d) Non-conversion of a fixed-term employment contract into an open-ended contract, whenever the worker had legitimate expectations in this conversion;
e) Non-renewal of a fixed-term employment contract;
f) Dismissal;
g) Inclusion on a list, based on sector-wide agreement, which could lead to the inability of the whistleblower in the future to find employment in the sector or industry in question;
h) Termination of a supply or service provision contract;
i) Revocation of an act or resolution of an administrative contract, as defined in the terms of the Code of Administrative Procedure.

The disciplinary sanction applied to the whistleblower up to two years after the denunciation or public disclosure is presumed to be abusive.
These measures are also applicable to a natural person who assists the whistleblower in the whistleblowing procedure and whose assistance must be confidential, including union representatives or workers' representatives; a third party who is linked to the whistleblower, namely a co-worker or family member, and may be the target of retaliation in a professional context; and legal persons or similar entities that are owned or controlled by the whistleblower, for which the whistleblower works or with which he is somehow connected in a professional context.
Whistleblowers are entitled, in general terms, to legal protection.
Whistleblowers may benefit, in general terms, from measures for the protection of witnesses in criminal proceedings.
Competent authorities provide the necessary assistance and collaboration with other authorities for the purpose of guaranteeing the whistleblower’s protection against acts of retaliation, including by certifying that the whistleblower is recognized as such under this law, whenever the whistleblower requests it..
The Directorate-General for Justice Policy provides information on the protection of whistleblowers on the Justice Portal, without prejudice to the mechanisms of access to law and courts.


7. Bad faith denunciations

A denunciation in bad faith will be considered one in which the whistleblower is aware of the falsity of the facts narrated, or acts with a manifest disregard for the truth.
If a denunciation is found to be in bad faith, the whistleblower does not benefit from the protection afforded by Directive 2019/1937. In addition, a denunciation may be filed and the respective criminal and civil procedure may be filed against the person of the whistleblower, with the competent authority. This communication to the authority can take place during the investigation phase of the case or when the investigation is concluded.


8. Personal Data Protection

Hydra iT is responsible for processing the data processed within the scope of the denunciation presented, and it uses the information collected only to carry out investigations, to make the necessary communications for the development of the process and for the fulfillment of legal obligations. The legal basis that allows Hydra iT to process data is compliance with legal obligations. Hydra iT internally transfers the personal data collected, within the scope of its organization, in order to better manage the investigation processes and to the outside entities, whenever it deems necessary, namely for lawyers, regulatory, governmental or criminal police bodies.
The holders can review and update the data provided, being guaranteed the right to confirm the existence of treatment, access to data and correction of incomplete, inaccurate or outdated data, the right to anonymization, blocking or elimination of unnecessary, excessive or treated in violation of the provisions of the Law, the right to data portability, upon express request, in accordance with the General Data Protection Regulation and national legislation, observing commercial and industrial secrets, the right to delete personal data processed with the consent of the data subject, except in the cases provided in the Law, the right to information of public and private entities with which the data controller shared the data, the right to information about the possibility of not providing consent and about the consequences and the right to the revocation of consent.
Any request for access, updating, rectification, opposition, limitation, removal, portability, opposition or non-subjection to automated individual decisions, or any other exercise of applicable law, may be requested by email to
The holder also has the right to file a denunciation with the CNPD.
The Data Protection Officer can be contacted directly via the email

For more information, see our Privacy Policy.
This Policy was last updated in June 2022.