Whistleblowing policy

  1. Context
     

    This policy is adopted in accordance with the act of 28 November 2022 (Belgian Official Journal of 15 December 2022) on the protection of persons who report breaches of national or Union law within legal entities in the private sector, which transposes the European Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law.

    Fost Plus (hereinafter referred to as "the Company") intends to conduct its business ethically and with integrity, and therefore wishes to ensure that whistleblowers covered by the act have the opportunity to report, under the terms and conditions described below, any potential breach of the legal and regulatory standards referred to in section 4.1 of this policy as serenely and securely as possible.
     

  2. Purpose

    The purpose of this policy is to:
    •    set the conditions to be met by the whistleblower;
    •    determine the matters covered by the report;
    •    determine the procedure to be followed by the whistleblower;
    •    determine how the report is to be managed;
    •    allow and protect confidentiality in the event of whistleblowing, as well as the data processed and the archiving procedures;
    •    set the terms and conditions for changing this policy and the places where the policy is available.
     
  3. Publication of the policy

    This policy is available:
    •    to everyone on the Company's website: https://www.fostplus.be
    •    and to employees on the Company's intranet.
    It does not, of course, in any way prevent dialogue and the communication of information, outside the whistleblowing procedure, with the Company's hierarchy or human resources department when this is more appropriate.
     
  4. Scope of application

    4.1 Areas of application

    Potential breaches in the event of whistleblowing relate to the following areas, as covered by the legal regulations, e.g.:
    •    public procurement;
    •    financial services, products and markets, and the prevention of money laundering and terrorist financing;
    •    product safety and compliance;
    •    transport safety;
    •    protection of the environment;
    •    radiation protection and nuclear safety;
    •    food and feed safety, animal health and welfare;
    •    public health;
    •    consumer protection;
    •    protection of privacy and personal data, and the security of networks and information systems;
    •    fight against tax fraud;
    •    fight against social fraud.

    4.2 Whistleblowers

    Whistleblowers, as provided for in the act of 28 November 2022, are as follows:
    •    employees of the Company, former employees of the Company and candidates for recruitment within the Company;
    •    persons who have collaborated/collaborate with the Company on an independent basis and prospective employees/collaborators within the Company;
    •    trainees;
    •    members of the Company and members of the Company's administrative, management or supervisory bodies;
    •    any person working under the supervision and direction of the Company's contractors, subcontractors and suppliers.
    The aforementioned whistleblowers must act in good faith in the context of this procedure.

    4.3 Whistleblowing conditions
     

    Reports must be made in good faith and may not be based in particular on rumour or hearsay or display defamation. Any malicious, fanciful or abusive report will be inadmissible or unfounded.
    Any person guilty of making such a report may be held criminally and civilly liable.
    Whistleblowers benefit from the legal protection laid down in the regulations, provided that:

    •    they had reasonable grounds for believing that the information they were reporting on breaches was true at the time it was reported and that this information fell within the scope of the regulations and this policy;
    This criterion is assessed with regard to a person in a similar position having comparable knowledge.
    •    and they have made an internal report, an external report or a public disclosure in compliance with the conditions of this policy and the law.

    4.4 Fost Plus whistleblowing manager

    The Company has entrusted the Legal Counsel with the task of following up internal whistleblowing reports.
    The whistleblowing manager will carry out his/her duties in complete independence and without any conflict of interest. He/She is subject to an obligation of confidentiality.
     
  5. Whistleblowing procedures

    5.1 Whistleblowing channels


    Any person referred to in section 4.2 of this policy who has information relating to any wrongdoing referred to in section 4.1 is requested to report this to the Company as soon as possible.
    The Company considers that the whistleblower is in the best position to choose the most appropriate reporting channel depending on the particular circumstances of the situation with which he/she is faced.
    However, internal whistleblowing is the most appropriate way of reporting, since it is a priori the most likely to ensure rapid follow-up of the case on site, within the Company, with supporting measures.
    The following whistleblowing channels may be used:

    5.2 Internal whistleblowing

    This internal channel is strongly recommended for the reasons set out above. 
     

    1-
    Within the Company, internal reports can be made by e-mail: whistleblowing@fostplus.be

    Reports must be sent in French or Dutch. Any report sent in another language will have to be translated, which may alter the accuracy of the content of the report.
    This whistleblowing channel is accessible at all times, 24 hours a day, 7 days a week. However, the whistleblowing manager can only be contacted directly during the Company's opening hours (Monday to Friday, 8.30 am to 12.30 pm and 1.30 pm to 5.30 pm, excluding public holidays).
    This channel is managed securely, so that the confidentiality of the identity of the whistleblower and of any third party mentioned in the report is ensured, as unauthorised members of staff do not have access to the internal whistleblowing channel.
    This channel ensures that the privacy and personal data of the whistleblower and any third parties mentioned in the report are protected at all times.
    This channel is managed completely independently by the whistleblowing manager.

    2-
    Once a report has been submitted via the above-mentioned channel, the whistleblower will receive an acknowledgement of receipt of the report within 7 days of receipt by the whistleblowing manager. A case number will be issued to ensure that the report is followed up.

    3-
    The whistleblowing manager will ensure that the report is received and followed up and will maintain communication with the whistleblower. Where appropriate, he/she will ask the whistleblower for any additional information required to investigate the report.

    4-
    Follow-up refers to any action taken by the whistleblowing manager to verify and assess the accuracy of the allegations made in the report and, where appropriate, to remedy the reported breach, including measures such as an internal investigation.
    The purpose of feedback within 3 months is to provide the whistleblower with information about the measures planned or taken as part of the follow-up and the reasons for this follow-up.
     

    5.3 External whistleblowing
     

    1-
    We strongly recommend that you start with the internal channel via our whistleblowing manager before using any other channel. Your problem will be dealt with effectively and more quickly on site, within the Company, so that pragmatic and immediate action can be taken.

    2-
    The Federal Ombudsman (Rue de Louvain 48, box 6, 1000 Brussels) has been appointed by the Belgian legislator as the body responsible for coordinating whistleblowing through external channels.
    Basically, this body will be responsible for receiving external reports, checking their admissibility and forwarding them to the competent authority for investigation. This will vary depending on the subject matter of the report.
    For example, it could be the Public Procurement Service of the FPS Chancellery (for public procurement), the FSMA, the NBB or the Collège de supervision des réviseurs d'entreprise (Belgian Audit Oversight Board) (for financial services, products and markets), the FPS Economy (for consumer protection), the Data Protection Authority (for the protection of privacy and personal data), etc.
    In exceptional cases, the Federal Ombudsman may also conduct the in-depth investigation.

    5.4 Public disclosure

    Public disclosure can only be used under the strict conditions set out in the act of 28 November 2022.
    Any person who knowingly discloses false information or fails to comply with the conditions laid down in section 4.3 above is liable to criminal penalties, as set out in Articles 443 to 450 of the Criminal Code, relating to slander and defamation, as well as civil penalties (damages, etc.).
     
  6. Protective measures

    6.1 Preserving confidentiality

    Whistleblowers report internally in complete confidentiality.
    The identity of the whistleblower may not be disclosed without the whistleblower's express and free consent to any person other than authorised staff who are competent to receive or follow up on whistleblower reports.
    This also applies to any information from which the identity of the whistleblower can be directly or indirectly deduced.
    Notwithstanding the previous paragraph, the identity of the whistleblower may be disclosed where this is necessary and proportionate under legislation in the context of investigations conducted by national authorities or in the context of judicial proceedings, in particular with a view to safeguarding the rights of defence of the person concerned.

    6.2 Processing of personal data
     

    Under the internal whistleblowing procedure, the Company is considered to be the controller of the personal data processed as part of the internal whistleblowing procedure.
    In this respect, we refer you to the Data Protection Manager (DPM) via e-mail: privacy@fostplus.be for more information about the processing of your personal data by the Company.
    Under the external whistleblowing procedure, the Company may not be considered to be the controller: this will be the competent authority or, in the absence of a competent authority, the Federal Ombudsman.

    Any processing of personal data carried out under this policy shall be carried out in compliance with the applicable standards, and in particular with the requirements of the General Data Protection Regulation (GDPR).
    The name, position and contact details of the whistleblower and of any person to whom the protective and support measures extend, as well as those of the person concerned, including, where appropriate, his/her company number, will be kept until the reported breach has been remedied.
     

  7. Archiving reports

    The Company keeps a register of all reports received, in compliance with the confidentiality measures set out in section 6.1 of this policy.
    Reports will be kept for as long as the contractual relationship between the whistleblower and the Company lasts, subject to any other applicable legal requirement. As regards third parties to the Company, reports will be kept for a period of 10 years, subject to any other applicable legal requirement.
     
  8. Applicable law

    This policy guarantees compliance with the legal framework governing the protection of whistleblowers, and more specifically the act of 28 November 2022 on the protection of persons who report breaches of national or Union law within legal entities in the private sector.
     
  9. Modification of this policy

    The Company reserves the right to unilaterally amend this policy at any time, at its sole discretion, in particular in the light of changes in the relevant legislation and the operating requirements of the Company or the service of the whistleblowing manager.
    All such amendments will be communicated via the channels set out in Article 3 of this policy.
     
  10. Entry into force

    This policy takes effect as of 7 November 2023 for an indefinite period, subject to any modifications in legislation in this respect or modifications made by the Company.