Whistleblowing Policy

 

Adopted on 29 August 2024

1. INTRODUCTION AND PURPOSE 

1.1. Magnetic Group is committed to conducting its business with honesty, integrity, and in compliance  with all applicable laws and regulations.  

1.2. The purpose of this Policy is to:  

a) encourage all Reporting person to Report about suspected or committed Breach;  b) establish procedures for whistleblowing concerns about suspected Breach;  

c) establish procedures for ensuring of confidentiality of Whistleblower’s identity;  d) protect Whistleblowers from retaliation.  

1.3. This Policy applies to all Reporting persons.  

2. DEFINITIONS  

2.1. "Authorised employee(s)" means one or more employees of the Company’s Quality Department  who are authorised and assigned to receive Reports, administer the Whistleblowing system, manage  the investigation of Reports, and protect the confidentiality of Whistleblowers.  

2.2. "Breach" refers to the criminal or administrative offense, the violation of job duties, or other  infringements that may endanger or violate the public interest as specified under European Union  law. This includes Breaches in the areas listed in Clause 2. These Breaches can be either in  preparation to be performed or already executed, and they become known to the Whistleblower,  either during their current or past work-related activities or in any other circumstances.  

2.3. "Company" refers to the Magnetic MRO AS, commercial register code 10865988, VAT payer’s code  EE100764615, having its registered office at Väike-Sõjamäe 1A, Tallinn 11415, the Republic of  Estonia.  

2.4. "Directive" means the EU Whistleblower Protection Directive (Directive (EU) 2019/1937), which  establishes minimum standards for the protection of persons who report breaches of European  Union law.  

2.5. "External reporting" means the oral or written communication of information on Breaches to the  competent local authority.  

2.6. "Local laws" means local jurisdiction regulations, under which the Company or Subsidiary is  registered and acts, including, but not limited to, laws related to the protection of Whistleblowers.  

2.7. "Magnetic Group" refers to the Company and its Subsidiaries.  

2.8. "Policy" means this whistleblowing policy.  

2.9. "Report" or "to Report" means a reported or communicated by the Whistleblower information,  including reasonable suspicions through the Whistleblowing system about suspected or committed  Breach in the Company or its Subsidiary in which the Whistleblower works or has worked or in  another organization with which the Whistleblower is or was in contact due to it’s his or her work.  The Report may be submitted through the online Whistleblowing system at  www.reporting.magneticgroup.co.  

2.10. "Reporting person" means any former or current worker associated with the Company or its  Subsidiary, including but not limited to: employees at all levels (whether permanent, temporary, or agency workers), directors, officers, shareholders, and persons within the administrative,  management, or supervisory bodies, including non-executive members. This term also includes  volunteers, paid or unpaid trainees, interns, self-employed persons, freelance workers, contractors,  subcontractors, suppliers, consultants, and any person in a business relationship with the Company  or its Subsidiary. Furthermore, it encompasses individuals who have acquired information on  breaches during the recruitment process or any pre-contractual negotiation stage.  

2.11. "Subsidiary" means any corporation where more than half of the outstanding voting securities are  owned directly or indirectly by the Company, by the Company along with one or more other  subsidiaries, or by one or more other subsidiaries.  

2.12. "Whistleblower" refers to a Reporting person who Reports on committed or suspected Breach  through the Whistleblowing system.  

2.13. "Whistleblowing system" means a reporting system through which Whistleblower can Report  about Breach.  

3. REPORTING PROCEDURE AND INVESTIGATION PROCESS 

3.1. Reporting persons who become/became aware of suspected misconduct or violations of laws or  regulations should Report their concerns promptly.  

3.2. The Report may be submitted through the online Whistleblowing system at  www.reporting.magneticgroup.co.  

3.3. Employees, directors, officers, shareholders, trainees, contractors, subcontractors of  Magnetic Group are required to use the internal MMRO Reporting System (RS) for  reporting occurrences listed in EU Regulation No 2015/1018 and Procedure Notice 2015- 05. The RS is designed to comply with EU Regulation No 376/2014, EU Regulation  2015/1018, and EASA AMC 20-8. This ensures that all such occurrences are reported in  a standardised and compliant manner.  

3.4. The specific details regarding the committed or suspected Breach, which will be requested in the  whistleblowing form and are necessary to proceed with the investigation, including:  

a) Who: the person(s) involved;  

b) When: the date or timeframe of the Breach;  

c) How: the manner in which the Breach was committed or is planned to be committed;  

d) What: a description of the Breach itself.  

3.5. Any documents, data, or information that can provide evidence of the suspected infringement and  any related circumstances should be included or attached.  

3.6. Upon Reporting, the Whistleblower must confirm that they agree to receive a confirmation of receipt  and any subsequent follow-ups through the contact details they have provided.  

3.7. Upon receiving a Report, Authorised employee(s) will conduct a thorough and impartial investigation.  All Reports will be treated confidentially to the extent possible and will be investigated promptly and  impartially. If a Report is related to any Authorised employee, an alternate Authorised employee  shall be designated to handle the Report.  

3.8. Upon receipt of a Report, a confirmation of receipt will be sent to the Whistleblower within a  maximum of one week (if notification allowed).  

3.9. If the Company’s Quality Department determines it cannot effectively investigate a Report, it may  delegate the investigation to another competent team or person within the Magnetic Group, ensuring  that impartiality and confidentiality are maintained throughout the process. The delegation must be  documented, and the Whistleblower must be informed of any changes in the handling of their Report  (if notification allowed). 

3.10. Magnetic Group follows “Just Culture” principles – a culture in which the handling of the reports will be done with a view to preventing the use of information for purposes other than investigation  purposes and will appropriately safeguard the confidentiality of the identity of the Whistleblower and of the persons mentioned in Report.  

3.11. The investigation of the Breach will be conducted within a reasonable timeframe, not exceeding  three months from the date of acknowledgment of receipt of the Report, or if no acknowledgment  was sent to the Whistleblower, three months from the expiry of the seven-day period following the  date the Report was made.  

3.12. Whistleblowers will be kept informed of the status and outcome of the investigation, particularly  when significant developments occur, while preserving confidentiality. Updates will include  information on the progress of the investigation and any key decisions made. If there are major  changes or decisions in the investigation process, the Whistleblower will be notified as soon as  possible.  

3.13. If the Company’s Quality Department determines that it cannot effectively investigate a Report, and  if no other team or person within the Magnetic Group is available or suitable for handling the Report, the Report may be transferred to the competent authorities for investigation, or as required by Local  laws. This transfer will be conducted in accordance with applicable legal requirements, ensuring that  all necessary procedures and confidentiality obligations are upheld.  

4. ACTIONS CONSTITUTING A BREACH  

4.1. The Report shall be submitted with the purpose of reporting a Breach to protect the Magnetic Group,  Reporting Persons, or/and public interest. Submitting a Report solely for the protection of personal  interests will not be deemed as Report.  

4.2. The Directive lists the areas which are protected by European Union law, the violation of which can  be reported through the Whistleblowing system:  

a) Breaches of European Union Acts concerning:  

∙ Public procurement;  

∙ Financial services, products, and markets; prevention of money laundering and terrorist  financing;  

∙ Product safety and compliance;  

∙ Transport safety;  

∙ Environmental protection;  

∙ Radiation protection and nuclear safety;  

∙ Food and feed safety; animal health and welfare;  

∙ Public health;  

∙ Consumer protection;  

∙ Privacy and personal data protection; security of network and information systems.  

b) Breaches affecting the financial interests of the European Union, including fraud or misuse of  European Union funds;  

c) Breaches related to the internal market of European Union, such as violations of competition  law, state aid rules, and tax arrangements designed to evade corporate tax obligations.  

5. PROTECTION AGAINST RETALIATION AND WHISTLEBLOWER’S LIABILITY 

5.1. Magnetic Group prohibits retaliation against individuals who Report Breaches in good faith.  Retaliation against Whistleblowers will result in disciplinary action, up to and including termination of employment contracts or other contracts. This includes, but is not limited to, protection from:  

a) Adverse employment actions such as termination or reduction in compensation;  b) Unfair work assignments or changes in job duties;  

c) Threats of physical harm or other forms of intimidation.  

5.2. Any Whistleblower who believes he/she is being retaliated against must contact the local competent  authority.  

5.3. If the Whistleblower reasonably believes that the information disclosed is accurate, true, and meets  the requirements applicable to the Report, they shall not be subject to any contractual or non contractual liability, or liability for defamation arising from the Report.  

5.4. If the Whistleblower submits allegations maliciously and without reasonable grounds for believing  them to be substantially true, they shall be held liable for damages resulting from the submission of  such allegations. Providing false information is a serious violation that may result in internal  disciplinary and/or legal consequences according to applicable criminal or administrative procedures.  

5.5. Reporting persons have the right to report breaches of European Union law externally to the  competent local authority. External reporting may be appropriate in situations where:  

a) Internal whistleblowing channels cannot reasonably be expected to function properly, for  example if the Reporting person has valid reasons to believe they may suffer retaliation  because of Reporting, including breaches of confidentiality.  

b) The competent authorities are deemed more suitable to take effective action, especially when  the Breach requires urgent action to safeguard the health and safety of individuals or to protect  the environment.  

c) European Union or national law requires reporting to competent authorities, for example,  where the breach constitutes a criminal offense.  

6. CONFIDENTIALITY AND ANONYMOUS REPORTS  

6.1. Confidentiality will be maintained to the extent possible throughout the whole investigation process.  

6.2. Information related to the investigation will be shared only with individuals who have a legitimate  need to know.  

6.3. The Whistleblowing system enables confidential Reporting solely through the online Whistleblowing  system on the Magnetic Group website. To ensure full confidentiality Reporting persons shall not use  company’s equipment (laptops, mobile phones, etc.) provided by employer when submitting Report.  

6.4. The Authorised employee(s) shall not be obligated to ensure the confidentiality of the Whistleblower  if:  

a) The Whistleblower explicitly requests in writing that their identity be disclosed; or  

b) The Whistleblower’s Report is determined to be knowingly false at the time of submission; or  

c) The information contained in the Report is already publicly known or in the public domain prior  to its disclosure.  

6.5. The Whistleblowing system allows to report anonymously. In the case of an anonymous Report, the  identity of the Whistleblower will remain unknown to the Company and Authorised employee to the  extent possible, provided this does not prevent a thorough investigation or conflict with Local laws. 

6.6. In case the anonymous Report is received, such Disclosure will be accepted and treated equally with  those bearing a name. Anonymous Report can at times be more difficult to investigate as there is no  option to seek further information during the investigation, and Whistleblower cannot be contacted  to discuss the outcome, however, this should not act as a barrier to making an anonymous Report  if the Whistleblower feels that this is the best course of action for him/her.  

6.7. The disclosure of the identity of the Whistleblower or other information to the competent authorities  investigating the Breach shall not be considered as a breach of confidentiality obligation under this  Policy.  

7. PROCESSING OF PERSONAL DATA  

7.1. The processing of personal data is necessary to fulfil the stipulated by the Directive legal obligations  of the Company and/or Subsidiaries. All personal data provided by the Whistleblowers and received  in accordance with this Policy will be processed for the purpose of investigating the Breach and  safeguarding the legal interests of the Magnetic Group.  

7.2. Personal data shall be processed in accordance with Regulation (EU) 2016/679 of the European  Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to  the processing of personal data and on the free movement of such data, and repealing  Directive 95/46/EC and Privacy Policy of Magnetic Group (accessible here:  https://www.magneticgroup.co/privacy-policy/) on the legal basis of legal obligations mentioned above or, if necessary, to keep such data regarding possible investigations on allegedly illegal or  criminal acts.  

7.3. The data will be retained throughout the investigation of the Breach and stored for a maximum  period of 5 (five) years from the date of the last decision or action taken during the investigation of  the Report. To safeguard the aforementioned interests the duration of data retention beyond this  period will be determined based on the nature of the infringement, whether civil, administrative, or  criminal.  

8. FINAL PROVISIONS  

8.1. This Policy may be subject to Local laws, which could enforce stricter rules regarding Reporting. In  the event of any inconsistencies between the standards and requirements outlined in this Policy and  the relevant Local laws, the more stringent standards and requirements shall prevail, to the extent  permitted by Local laws and Directive. In the event of any above-mentioned inconsistencies,  Reporting persons can contact the Company for clarification and guidance.  

8.2. The Authorised employee(s) shall be responsible for the timely implementation of this Policy, the  supervision of implementation, and the initiation of amendments to this Policy or individual rules.  

_________________________  

Risto Mäeots  

Management Board Member of the Company