Adopted on 29 August 2024
1. INTRODUCTION AND PURPOSE
1.1. Magnetic Group is committed to conducting its business with honesty, integrity, and in compliance with all applicable laws and regulations.
1.2. The purpose of this Policy is to:
a) encourage all Reporting person to Report about suspected or committed Breach; b) establish procedures for whistleblowing concerns about suspected Breach;
c) establish procedures for ensuring of confidentiality of Whistleblower’s identity; d) protect Whistleblowers from retaliation.
1.3. This Policy applies to all Reporting persons.
2. DEFINITIONS
2.1. "Authorised employee(s)" means one or more employees of the Company’s Quality Department who are authorised and assigned to receive Reports, administer the Whistleblowing system, manage the investigation of Reports, and protect the confidentiality of Whistleblowers.
2.2. "Breach" refers to the criminal or administrative offense, the violation of job duties, or other infringements that may endanger or violate the public interest as specified under European Union law. This includes Breaches in the areas listed in Clause 2. These Breaches can be either in preparation to be performed or already executed, and they become known to the Whistleblower, either during their current or past work-related activities or in any other circumstances.
2.3. "Company" refers to the Magnetic MRO AS, commercial register code 10865988, VAT payer’s code EE100764615, having its registered office at Väike-Sõjamäe 1A, Tallinn 11415, the Republic of Estonia.
2.4. "Directive" means the EU Whistleblower Protection Directive (Directive (EU) 2019/1937), which establishes minimum standards for the protection of persons who report breaches of European Union law.
2.5. "External reporting" means the oral or written communication of information on Breaches to the competent local authority.
2.6. "Local laws" means local jurisdiction regulations, under which the Company or Subsidiary is registered and acts, including, but not limited to, laws related to the protection of Whistleblowers.
2.7. "Magnetic Group" refers to the Company and its Subsidiaries.
2.8. "Policy" means this whistleblowing policy.
2.9. "Report" or "to Report" means a reported or communicated by the Whistleblower information, including reasonable suspicions through the Whistleblowing system about suspected or committed Breach in the Company or its Subsidiary in which the Whistleblower works or has worked or in another organization with which the Whistleblower is or was in contact due to it’s his or her work. The Report may be submitted through the online Whistleblowing system at www.reporting.magneticgroup.co.
2.10. "Reporting person" means any former or current worker associated with the Company or its Subsidiary, including but not limited to: employees at all levels (whether permanent, temporary, or agency workers), directors, officers, shareholders, and persons within the administrative, management, or supervisory bodies, including non-executive members. This term also includes volunteers, paid or unpaid trainees, interns, self-employed persons, freelance workers, contractors, subcontractors, suppliers, consultants, and any person in a business relationship with the Company or its Subsidiary. Furthermore, it encompasses individuals who have acquired information on breaches during the recruitment process or any pre-contractual negotiation stage.
2.11. "Subsidiary" means any corporation where more than half of the outstanding voting securities are owned directly or indirectly by the Company, by the Company along with one or more other subsidiaries, or by one or more other subsidiaries.
2.12. "Whistleblower" refers to a Reporting person who Reports on committed or suspected Breach through the Whistleblowing system.
2.13. "Whistleblowing system" means a reporting system through which Whistleblower can Report about Breach.
3. REPORTING PROCEDURE AND INVESTIGATION PROCESS
3.1. Reporting persons who become/became aware of suspected misconduct or violations of laws or regulations should Report their concerns promptly.
3.2. The Report may be submitted through the online Whistleblowing system at www.reporting.magneticgroup.co.
3.3. Employees, directors, officers, shareholders, trainees, contractors, subcontractors of Magnetic Group are required to use the internal MMRO Reporting System (RS) for reporting occurrences listed in EU Regulation No 2015/1018 and Procedure Notice 2015- 05. The RS is designed to comply with EU Regulation No 376/2014, EU Regulation 2015/1018, and EASA AMC 20-8. This ensures that all such occurrences are reported in a standardised and compliant manner.
3.4. The specific details regarding the committed or suspected Breach, which will be requested in the whistleblowing form and are necessary to proceed with the investigation, including:
a) Who: the person(s) involved;
b) When: the date or timeframe of the Breach;
c) How: the manner in which the Breach was committed or is planned to be committed;
d) What: a description of the Breach itself.
3.5. Any documents, data, or information that can provide evidence of the suspected infringement and any related circumstances should be included or attached.
3.6. Upon Reporting, the Whistleblower must confirm that they agree to receive a confirmation of receipt and any subsequent follow-ups through the contact details they have provided.
3.7. Upon receiving a Report, Authorised employee(s) will conduct a thorough and impartial investigation. All Reports will be treated confidentially to the extent possible and will be investigated promptly and impartially. If a Report is related to any Authorised employee, an alternate Authorised employee shall be designated to handle the Report.
3.8. Upon receipt of a Report, a confirmation of receipt will be sent to the Whistleblower within a maximum of one week (if notification allowed).
3.9. If the Company’s Quality Department determines it cannot effectively investigate a Report, it may delegate the investigation to another competent team or person within the Magnetic Group, ensuring that impartiality and confidentiality are maintained throughout the process. The delegation must be documented, and the Whistleblower must be informed of any changes in the handling of their Report (if notification allowed).
3.10. Magnetic Group follows “Just Culture” principles – a culture in which the handling of the reports will be done with a view to preventing the use of information for purposes other than investigation purposes and will appropriately safeguard the confidentiality of the identity of the Whistleblower and of the persons mentioned in Report.
3.11. The investigation of the Breach will be conducted within a reasonable timeframe, not exceeding three months from the date of acknowledgment of receipt of the Report, or if no acknowledgment was sent to the Whistleblower, three months from the expiry of the seven-day period following the date the Report was made.
3.12. Whistleblowers will be kept informed of the status and outcome of the investigation, particularly when significant developments occur, while preserving confidentiality. Updates will include information on the progress of the investigation and any key decisions made. If there are major changes or decisions in the investigation process, the Whistleblower will be notified as soon as possible.
3.13. If the Company’s Quality Department determines that it cannot effectively investigate a Report, and if no other team or person within the Magnetic Group is available or suitable for handling the Report, the Report may be transferred to the competent authorities for investigation, or as required by Local laws. This transfer will be conducted in accordance with applicable legal requirements, ensuring that all necessary procedures and confidentiality obligations are upheld.
4. ACTIONS CONSTITUTING A BREACH
4.1. The Report shall be submitted with the purpose of reporting a Breach to protect the Magnetic Group, Reporting Persons, or/and public interest. Submitting a Report solely for the protection of personal interests will not be deemed as Report.
4.2. The Directive lists the areas which are protected by European Union law, the violation of which can be reported through the Whistleblowing system:
a) Breaches of European Union Acts concerning:
∙ Public procurement;
∙ Financial services, products, and markets; prevention of money laundering and terrorist financing;
∙ Product safety and compliance;
∙ Transport safety;
∙ Environmental protection;
∙ Radiation protection and nuclear safety;
∙ Food and feed safety; animal health and welfare;
∙ Public health;
∙ Consumer protection;
∙ Privacy and personal data protection; security of network and information systems.
b) Breaches affecting the financial interests of the European Union, including fraud or misuse of European Union funds;
c) Breaches related to the internal market of European Union, such as violations of competition law, state aid rules, and tax arrangements designed to evade corporate tax obligations.
5. PROTECTION AGAINST RETALIATION AND WHISTLEBLOWER’S LIABILITY
5.1. Magnetic Group prohibits retaliation against individuals who Report Breaches in good faith. Retaliation against Whistleblowers will result in disciplinary action, up to and including termination of employment contracts or other contracts. This includes, but is not limited to, protection from:
a) Adverse employment actions such as termination or reduction in compensation; b) Unfair work assignments or changes in job duties;
c) Threats of physical harm or other forms of intimidation.
5.2. Any Whistleblower who believes he/she is being retaliated against must contact the local competent authority.
5.3. If the Whistleblower reasonably believes that the information disclosed is accurate, true, and meets the requirements applicable to the Report, they shall not be subject to any contractual or non contractual liability, or liability for defamation arising from the Report.
5.4. If the Whistleblower submits allegations maliciously and without reasonable grounds for believing them to be substantially true, they shall be held liable for damages resulting from the submission of such allegations. Providing false information is a serious violation that may result in internal disciplinary and/or legal consequences according to applicable criminal or administrative procedures.
5.5. Reporting persons have the right to report breaches of European Union law externally to the competent local authority. External reporting may be appropriate in situations where:
a) Internal whistleblowing channels cannot reasonably be expected to function properly, for example if the Reporting person has valid reasons to believe they may suffer retaliation because of Reporting, including breaches of confidentiality.
b) The competent authorities are deemed more suitable to take effective action, especially when the Breach requires urgent action to safeguard the health and safety of individuals or to protect the environment.
c) European Union or national law requires reporting to competent authorities, for example, where the breach constitutes a criminal offense.
6. CONFIDENTIALITY AND ANONYMOUS REPORTS
6.1. Confidentiality will be maintained to the extent possible throughout the whole investigation process.
6.2. Information related to the investigation will be shared only with individuals who have a legitimate need to know.
6.3. The Whistleblowing system enables confidential Reporting solely through the online Whistleblowing system on the Magnetic Group website. To ensure full confidentiality Reporting persons shall not use company’s equipment (laptops, mobile phones, etc.) provided by employer when submitting Report.
6.4. The Authorised employee(s) shall not be obligated to ensure the confidentiality of the Whistleblower if:
a) The Whistleblower explicitly requests in writing that their identity be disclosed; or
b) The Whistleblower’s Report is determined to be knowingly false at the time of submission; or
c) The information contained in the Report is already publicly known or in the public domain prior to its disclosure.
6.5. The Whistleblowing system allows to report anonymously. In the case of an anonymous Report, the identity of the Whistleblower will remain unknown to the Company and Authorised employee to the extent possible, provided this does not prevent a thorough investigation or conflict with Local laws.
6.6. In case the anonymous Report is received, such Disclosure will be accepted and treated equally with those bearing a name. Anonymous Report can at times be more difficult to investigate as there is no option to seek further information during the investigation, and Whistleblower cannot be contacted to discuss the outcome, however, this should not act as a barrier to making an anonymous Report if the Whistleblower feels that this is the best course of action for him/her.
6.7. The disclosure of the identity of the Whistleblower or other information to the competent authorities investigating the Breach shall not be considered as a breach of confidentiality obligation under this Policy.
7. PROCESSING OF PERSONAL DATA
7.1. The processing of personal data is necessary to fulfil the stipulated by the Directive legal obligations of the Company and/or Subsidiaries. All personal data provided by the Whistleblowers and received in accordance with this Policy will be processed for the purpose of investigating the Breach and safeguarding the legal interests of the Magnetic Group.
7.2. Personal data shall be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and Privacy Policy of Magnetic Group (accessible here: https://www.magneticgroup.co/privacy-policy/) on the legal basis of legal obligations mentioned above or, if necessary, to keep such data regarding possible investigations on allegedly illegal or criminal acts.
7.3. The data will be retained throughout the investigation of the Breach and stored for a maximum period of 5 (five) years from the date of the last decision or action taken during the investigation of the Report. To safeguard the aforementioned interests the duration of data retention beyond this period will be determined based on the nature of the infringement, whether civil, administrative, or criminal.
8. FINAL PROVISIONS
8.1. This Policy may be subject to Local laws, which could enforce stricter rules regarding Reporting. In the event of any inconsistencies between the standards and requirements outlined in this Policy and the relevant Local laws, the more stringent standards and requirements shall prevail, to the extent permitted by Local laws and Directive. In the event of any above-mentioned inconsistencies, Reporting persons can contact the Company for clarification and guidance.
8.2. The Authorised employee(s) shall be responsible for the timely implementation of this Policy, the supervision of implementation, and the initiation of amendments to this Policy or individual rules.
_________________________
Risto Mäeots
Management Board Member of the Company