Hydra iT is committed to ensuring the protection of people who wish to report a violation or possible irregularity, under the terms of European Directive 2019/1937 and Law No. 93/2021, of December 20.
Hydra iT prohibits retaliation against any person who, having reasonable grounds to believe that there is a violation or suspected irregularity, reports it and provides information obtained in a professional context.
This Whistleblower Protection Policy applies to your entire organization.
1. What matters to report?
Whistleblowers may communicate information obtained in a professional context, regarding suspected irregularities or violations - current or potential - of:
- Public procurement;
- Financial services, products, and markets and prevention of money laundering and terrorist financing;
- Product safety and compliance;
- Transport security;
- Environmental protection;
- Radiation protection and nuclear safety;
- Food and feed safety, animal health, and animal welfare;
- Public health;
- Consumer defense;
- Protection of privacy and personal data and security of the network and information systems;
- The act or omission contrary to the rules of the internal market, including the rules of competition and state aid, as well as the rules of corporate taxation;
- Violent crime, especially violent and highly organized crime, as well as the crimes provided for in Law n.º 5/2002, of January 11 (terrorism and terrorist organization; Arms trafficking; Passive corruption and embezzlement; Money laundering; Criminal association; Smuggling; Trafficking and addiction of stolen vehicles; Pimping and trafficking in minors; Counterfeiting of currency and securities equivalent to currency);
- Corruption and related infractions, namely, undue receipt and offer of advantage, embezzlement, economic participation in business, concussion, abuse of power, prevarication, influence peddling, money laundering or fraud in obtaining or diverting a subsidy, subsidy or credit, provided for in the Code Penal Code, approved in the annex to Decree-Law n.º 48/95, of March 15, in its current wording, in Law n.º 34/87, of July 16, in its current wording, in the Code of Military Justice, approved as an annex to Law n.º 100/2003, of November 15, in Law n.º 50/2007, of August 31, in its current wording, in Law n.º 20/2008, of April 21, in its current wording, and in Decree-Law No. 28/84, of January 20, in its current wording.
- Portuguese Penal Code, as well as International Criminal Law, regardless of whether it is carried out to the benefit or detriment of Hydra iT.
The denouncement may concern infringements that have been committed, are being committed, or whose commission can reasonably be foreseen, as well as attempts to conceal such infringements. The breach or suspected wrongdoing must be based on reasonable grounds. This means that the whistleblower does not need to prove the violation or irregularity but must be able to substantiate his suspicions based on observations, documents, emails, reports, or photos. A rumor is neither a sufficient nor a reasonable reason to file a report.
2. What can I report?
Anyone who works or has worked for Hydra iT, including, temporary, freelance, interns, volunteers, or applicants for recruitment; contractors; suppliers; and board members, can report information.
3. How can you report it?
Violations or suspected wrongdoing can be reported in writing to firstname.lastname@example.org or verbally via voice message to 962 738 460 or face-to-face meeting at the request of the reporter.
When reporting (in writing or verbally by voice message), the whistleblower may remain anonymous, but must always provide the information necessary to allow the situation to be properly investigated and to be informed of the consequences of the report. Complaints that fall outside the scope identified in point 1, or that are insufficiently substantiated, unreasonable, or lacking in factual information, will not be investigated.
The complaint form must indicate:
- Full name of the whistleblower, although anonymous reports will be accepted;
- E-mail (mandatory, in case you wish to be informed of the developments and conclusions of the process);
- Telephone number (if you allow to be contacted, including for clarification of doubts within the process);
- Relationship to Hydra iT (employee, ex-employee, temporary worker, freelancer, intern, volunteer, applicant for recruitment, contractor, supplier, or board member);
- Type of grievance (corruption, security, privacy and personal data, other);
- Description of the complaint. In this field you must indicate the date and place of the reported facts, people involved, affected and identification of witnesses (if any), and description of the events;
- If the whistleblower has documents (e.g. emails), they should attach them to the complaint in order to assist in the investigation.
The language of the denunciation must be simple and clear, explaining the reasons that support it so that it can be understood by all those involved.
After the complaint is made, a notification of receipt of the complaint is sent to the complainant within 7 days.
Hydra iT will handle reports confidentially and may, if it deems appropriate and necessary, report the breach or suspected breach to third parties, including lawyers, regulatory, governmental, or law enforcement agencies. Within 3 months from the date the complaint is received, or 6 months where the complexity of the complaint warrants, the complainant will be informed of the basis and steps that are planned and taken to pursue and complete the investigation of the complaint, and the complainant will be required to keep all information received confidential.
4. Complaint Handling Procedure?
Hydra iT guarantees and ensures the independence, impartiality, confidentiality, data protection, confidentiality, and absence of conflict of interest of those responsible for handling complaints.
Each report submitted will be assigned a unique code for its identification and will be duly filed in the Complaint Registry.
The team responsible for the management of the Complaints Channel, with Nuno Calado elected to manage the Channel, will conduct a preliminary analysis of the facts reported and the attached evidence and will proceed to the legal qualification of the same.
After assessing the complaint, its qualification, and the attached recommendations, the team will take a decision on each case, which may consist of opening an investigation or closing the case when the complaint is totally unfounded. In either case, the reasons for the decision made will be noted in the file.
Hydra iT will ensure that the rights of whistleblowers, whistleblowers, and any third parties who may be involved in the complaint are respected.
5. Alternative whistleblowing methods
Whistleblowers benefit from the legal protection enshrined in Directive 2019/1937 when they first report violations internally. If the whistleblower, after having reported internally, does not get a response or considers that the matter has not been properly investigated, he or she may choose to report the violation or suspected wrongdoing to the competent public authority.
6. Whistleblower protection measures
Acts of retaliation against the whistleblower are prohibited.
An act or omission is considered an act of retaliation if, directly or indirectly, occurring in a professional context and motivated by an internal or external complaint or public disclosure, it causes or may cause the complainant, unjustifiably, material or non-material damage.
Threats and attempts of the acts and omissions referred to in the previous number shall also be considered acts of retaliation.
Whoever commits an act of retaliation shall compensate the complainant for the damage caused.
Independently of the civil liability that may be incurred, the whistleblower may request the measures appropriate to the circumstances of the case in order to avoid the occurrence or expansion of the damage.
The following acts, when committed within two years after the complaint or public disclosure, are presumed to be motivated by internal or external denunciation, or public disclosure until proven otherwise:
a) Changes in working conditions, such as duties, hours, place of work or remuneration, non-promotion of the employee, or failure to comply with work duties;
b) Suspension of employment contract;
c) Negative performance evaluation or negative reference for employment purposes;
d) Failure to convert a fixed-term employment contract into an indefinite-term contract, whenever the employee had legitimate expectations of such conversion;
e) Non-renewal of a fixed-term employment contract;
g) Inclusion on a list, based on an industry-wide agreement, which may lead to the complainant not being able to find employment in the sector or industry in question in the future;
h) Termination of a supply or service contract;
i) Revocation of an administrative act or termination of an administrative contract, as defined pursuant to the Administrative Procedure Code.
The disciplinary sanction applied to the whistleblower until two years after the report or public disclosure is presumed to be abusive.
These measures shall also apply to a natural person who assists the whistleblower in the whistleblowing procedure and whose assistance must remain confidential, including trade union representatives or employee representatives; a third party connected to the whistleblower, such as a work colleague or family member, who may be subject to retaliation in a professional context; and legal persons or similar entities owned or controlled by the whistleblower, for whom the whistleblower works or with whom the whistleblower is otherwise connected in a professional context.
Whistleblowers are generally entitled to legal protection.
Whistleblowers are generally entitled to witness protection measures in criminal proceedings.
The competent authorities shall provide the necessary assistance and collaboration to other authorities for the purpose of ensuring the protection of the whistleblower against acts of retaliation, including by certifying that the whistleblower is recognized as such under this law, whenever the whistleblower so requests.
The Directorate General for Justice Policy shall make information on the protection of whistleblowers available on the Justice Portal, without prejudice to the mechanisms for access to the law and the courts.
7. False reports
A bad faith complaint will be considered one in which the whistleblower is aware of the falsity of the facts reported or acts with manifest disregard for the truth.
If a complaint is found to be in bad faith, the complainant will not benefit from the protection afforded by Directive 2019/1937. In addition, a complaint may be lodged and criminal and civil proceedings initiated against the person of the whistleblower with the competent authority. This communication to the authority can take place either during the investigation phase of the case or at the end of the investigation.
8. Personal Data Protection
Hydra iT is responsible for the data processing of the reports submitted, and uses the information collected only to carry out investigations, to make the necessary communications to the course of the process, and to comply with legal obligations. The basis on which Hydra iT can lawfully process data is to comply with legal obligations.
Hydra iT transfers the personal data collected internally within your organization to better manage the research process and externally where we deem it necessary, including to lawyers, regulators, government agencies, or law enforcement agencies.
The owners may review and update the data provided, being guaranteed the right to confirm the existence of treatment, access to data and correction of incomplete, inaccurate, or outdated data, the right to anonymization, blocking or deletion of unnecessary, excessive data, or treated in violation of the provisions of the Law, the right to data portability, upon express request, in accordance with the General Data Protection Regulation and national legislation, commercial and industrial secrets are observed, the right to the erasure of personal data processed with the consent of the data subject, except in the cases provided for by law, the right to information from public and private entities with which the controller has shared the data, the right to information about the possibility of not giving consent and about the consequences and the right to the revocation of consent.
Any request for access, updating, rectification, opposition, limitation, limitation, removal, portability, opposition or non-submission to automated individual decisions, or any other exercise of the applicable right may be requested by email to email@example.com.The data subject also has the right to lodge a complaint with the CNPD.
The Data Protection Officer can be contacted directly by emailing firstname.lastname@example.org.
This Policy was last updated in June 2022.