Whistleblowing Policy

Last updated on August 29, 2024

Contents

1. Scope
2. Reporting, Investigating And Monitoring
3. Confidentiality
4. Anonymity
5. No Retaliation
6. Privacy
7. Other


This document describes the Whistleblowing policy (“Policy”) of Retail Logistics Excellence – RELEX Oy and its affiliated companies globally (“RELEX”).

This Policy has been approved by RELEX’s Board of Directors on 28th May 2024.

The purpose of this Policy is to reinforce the business integrity of RELEX by providing a safe and reliable means for employees and others to report concerns they may have about the legality and ethicality of business conduct at RELEX. By following this Policy, you can raise concerns, confidentially and anonymously if desired, and free of any retaliation, discrimination, or harassment.

Nothing in this Policy is intended to restrict or prevent employees or anyone else exercising their rights under applicable laws.

This Policy applies to all employees at all levels of RELEX organization globally. All directors, officers, employees (whether permanent, temporary, or fixed-term, including also interns, and trainees freelancers, agency workers and other hired personnel) (“Representatives”) of RELEX are required to be familiar with the Policy and comply with its provisions.

We also encourage all our job applicants, contractors, suppliers and vendors act in a manner which is consistent with the principles set out in this Policy.

We encourage you to speak up.

1. Scope

1.1 What does this policy cover?

This Policy covers suspected breaches of the legal obligations of RELEX and suspected violations of RELEX’s ethical rules.

We ask that you follow this Policy to report good faith concerns regarding any of the following:

  • Suspected violations of our Code of Ethics and Business Conduct and our Anti-Corruption and Anti-Bribery Policy which we refer to in this policy as “Ethics Violations.”
  • Questionable accounting, violations of internal accounting controls, or any other auditing or financial matters, fraud, or the reporting of fraudulent financial information, which we refer to in this policy as “Fraudulent Auditing and Accounting Activities.”
  • Suspected violations of employee health and safety laws and regulations which we refer to in this policy as “Health and Safety Violations”. However, please note that this Policy is not intended for emergencies or other incidents requiring immediate action.
  • Suspected violations of applicable laws, including privacy, tax and competition laws, which we refer to in this policy as “Legal Violations”, and together with the Ethics Violations, Fraudulent Auditing and Accounting Activities and Health and Safety Violations as “Violations.”

This Policy provides a mechanism for RELEX to be made aware of any alleged wrongdoings and address them as soon as possible. However, nothing in this Policy is intended to prevent anyone from reporting information to local law enforcement agencies when the person has reasonable cause to believe that such violation of a local law has occurred that must be reported directly to authorities. A report to law enforcement, regulatory, or administrative agencies in such cases may be made instead of, or in addition to, a report directly to RELEX through the reporting method specified in this Policy.

If requested, we also ask that you provide truthful information in connection with an inquiry or investigation by a court, an agency, law enforcement, or any other governmental body.

1.2 What is this policy not intended for?

The reporting practices and whistleblowing channels documented in this Policy are meant specifically for the Violations reported in good faith. You should not communicate other incidents via the whistleblowing channels. Likewise, other incidents than suspected Violations reported in good faith will not be treated in accordance with this Policy. Good faith means that you genuinely suspect a Violation instead of knowingly and intentionally making a false report.

The practices in this Policy are not meant for situations such as the following:

  • Giving positive or negative feedback for individuals or RELEX
  • Suggesting improvement areas in employee well-being, training or personal development
  • Informing us of disagreements among RELEX employees
  • Providing suggestions on RELEX’s strategy, vision, mission or business in general 
  • Reporting any suspected ethical and legal violations for entities outside RELEX group companies

If you have any development ideas for RELEX, feedback on RELEX’s employment or partner practices and other similar issues that are not Violations, we encourage you to use RELEX’s regular channels such as speaking with your manager, contacting the People Team, or if you are not an employee, your contact person at RELEX.

If you have observed or suspect employment related individual incidents such as workplace harassment by specific individuals that need to be dealt with regarding the individuals involved, we encourage you to report such cases to your team lead or a member of the People Team. The whistleblowing channel is not well-suited for reporting such incidents and is not designed specifically for them. If you are only comfortable reporting such incidents without identifying yourself, you may use the anonymous whistleblowing platform identified in this Policy. However, please note that it is not possible for us to guarantee that your identity will not become apparent in the process for making internal enquiries on such incident. It may also be impossible to conduct any investigation on the matter without knowing the parties involved.

1.3 Who does this policy apply to?

All directors, officers, employees (whether permanent, temporary, or fixed-term, including also interns, and trainees freelancers, agency workers and other hired personnel) of RELEX are covered by this Policy (all referred to as “Representatives””). Additionally, all job applicants, contractors and representatives of the suppliers and vendors of RELEX who are in business connections with RELEX as a part of their work may report Violations and will be treated with the same confidentiality, no retaliation and respect as the employees of RELEX in accordance with this Policy.

2. Reporting, investigating and monitoring

2.1 How can you voice your concern?

If you believe that any Violation has occurred or is occurring or you have a good faith concern regarding conduct that you reasonably believe may be a Violation, we encourage you to promptly inform us.

We encourage you to primarily use our central online whistleblowing platform available at: https://report.whistleb.com/relex

 The whistleblowing platform provides the option for anonymity. Even WhistleB, who is the external service provider of the platform, will have no access to your identity. We will have access to your identity only if you choose to identify yourself.

If for any reason you cannot access the online platform, you may also send your concern by e-mail to whistleblowing(at)relexsolutions.com. RELEX’s Legal Team has access to the e-mail and will handle your message. However, we recommend using the online platform because it is designed specifically for whistleblowing purposes and is a more secure channel.

2.2 How can you use RELEX’s whistleblowing platform?

Our whistleblowing platform is available on at: https://report.whistleb.com/relex. You only need an internet access to access the platform.

You can leave the whistleblowing report by following the instructions on the platform. In short, the platform will guide you to fill in a form to leave the report. The platform will create you a user ID and a password that you can use to later access your report and see our response.

Please remember to save the user ID and password for yourself! You will not be able to access the report and our response without them. It is not possible to recover them later due to the anonymous nature of the platform.

2.3 How will your report of a violation be answered and investigated?

If you have reported your concern via the online whistleblowing platform, you will automatically receive confirmation online that your report was submitted. If you have made the report by e-mail, it will be acknowledged within a reasonable period following its receipt.

All reports of suspected Violation will be taken seriously and will be promptly investigated. The specific action taken in any particular case depends on the nature and gravity of the conduct or circumstances reported and the results of the investigation. 

You will be informed within three months of the receipt of your report on the action taken by RELEX based on the report. However, due to privacy and confidentiality obligations, there may be times when we cannot provide information regarding the corrective or disciplinary action that was taken.

If a Violation has been reported, investigated, and confirmed, we will take corrective action proportionate to the seriousness of the offense. This action may include disciplinary action against the accused party, such as a warning up to and including termination of employment or any other working relationship that the offending party may have with RELEX, if and as appropriate under local laws. Reasonable and necessary steps will also be taken to prevent any further Violation.

However, a party who knowingly and intentionally files a false report or provides false or deliberatively misleading information in connection with an investigation of a report may face disciplinary action, such as a warning up to and including termination of employment or other legal proceedings, if and as appropriate under local laws.

2.4 Who will receive the reports of violations and conduct the investigations?

RELEX has appointed its Legal Team as the main internal department responsible for handling reports of Violations made to RELEX. However, if the report of a Violation directly concerns any members of the Legal Team, the report will be handled by the CFO of RELEX.

The reports of Violations made to the central whistleblowing platform by WhistleB and the whistleblowing e-mail will be handled and investigated centrally by Retail Logistics Excellence – RELEX Oy which is the parent company of RELEX affiliates. By making a report via these channels, you acknowledge and agree to this.

RELEX has engaged an external service provider for managing the reports made through RELEX’s online whistleblowing platform to facilitate objectivity and integrity. The external service provider is:

Name: Fondia Oyj

Address: Aleksanterinkatu 11, PL 4, 00101 Helsinki

(referred as “Partner” in this document)

The Partner will inform the Legal Team of RELEX of the whistleblowing reports received in the online whistleblowing platform, unless the report directly concerns the members of the Legal Team. In such case, the Partner will inform the CFO of RELEX of the whistleblowing report.

RELEX’s whistleblowing e-mail whistleblowing(at)relexsolutions.com is monitored and managed by the Legal Team of RELEX.

The Legal Team will initiate the investigations. This may include forwarding the report to the appropriate person or team for investigation. For example, Health and Safety Violations will be forwarded to the People Team, unless the People Team will be under investigation. Depending on the nature of the Violation, employees from other functions or external resources may also be engaged to conduct the investigation.

No Violation will be investigated directly by persons who are subject to the investigations. No person who is subject to an investigation may influence or attempt to influence the due course of the investigations.

2.5 How and when can you report locally?

Some RELEX entities have a local whistleblowing channel that you may choose to use for reporting incidents. The local channel is available in cases where the central whistleblowing channel alone is not sufficient for the company under local laws. The local channel is optional – you can always use the central channel.

Below is a list of the entities where a local channel is available.

  • RELEX Solutions GmbH (Germany)
  • RELEX Solutions SAS (France)
  • RELEX Solutions S.r.l. (Italy)
  • Retail Logistics Excellence AB (Sweden)

You can access the local channel from the landing page of the central whistleblowing channel. You can make your report either in writing via WhistleB or by calling WhistleB’s whistleblowing call center. The phone number for the call center and instructions for making the call are included on the web page of the local channel.

You may also report your concern in person to a local appointee. In such case, please indicate your desire for the in-person meeting by either leaving a written message via WhistleB’s local channel or by calling the call center of WhistleB. Remember to leave your name and contact information so that it will be possible to agree on the meeting with you.

The incidents reported to the local channels will be processed by an appointee of the local company. The local appointee is either a board member or the CEO of the entity or a person who has the power of attorney to represent the company.

The principles of confidentiality, anonymity, no retaliation and privacy described in this policy apply to the local whistleblowing channels. The scope of the incidents that you should report to the local channels is also the same as for the central channel with the exception that you should only report incidents that concern the specific local entity. If you wish to report an incident to another RELEX group company, you should use either the central whistleblowing channel or the company-specific channel of the other company.

2.6 How will reports of violations be monitored by the leadership of RELEX?

All reports of Violations will be logged on a whistleblowing matters log, which will include, among other things (1) the date the report was received, (2) a description of the report, and (3) the status and disposition of an investigation of the report and (4) the type of the matter e.g. health and safety or privacy. Additionally, (5) the reporting party (if provided) will be included in the log if the nature of the report and investigations requires it.

The Legal Team will provide the Audit Committee of the Board of RELEX with a quarterly log of all Violations, unless the nature and severity of the report requires faster disclosure, such as in the case of any significant Fraudulent Auditing and Accounting Activities. The Audit Committee shall oversee an investigation of such reports, as well as any reports initially directed to the Audit Committee, as it determines to be appropriate. The Audit Committee may request special treatment for any report and may assume the direction and oversight of an investigation of any such report.

However, the identity of the reporter will be kept confidential and will be redacted from the report before disclosing the report to the Audit Committee. The identity of the person who made the report will not be disclosed to the Audit Committee, unless it is necessary and permitted under applicable local laws. The Audit Committee will keep the identity confidential, if the identity is needed to be shared with the Audit Committee.

2.7 What are the external channels maintained by local authorities?

In some cases, it is possible for you to report a wrongdoing directly to the local authorities in EU countries. You can find information on the whistleblowing channels maintained by the authorities in EU countries here. Please read the instructions of the local authorities before reporting the incident to the external channel of the authorities.

We encourage you to use RELEX’s whistleblowing channel, which should be your primary reporting channel. The external channel of the authorities is typically meant for cases where no internal channel such as RELEX’s channels are available, you have a legitimate reason to believe that the report you have made to the internal channel has resulted in no measures within the allocated time or that it is ineffective, or you have a legitimate reason to believe that you may face retaliation if you report to the internal channel.

3. Confidentiality

If you choose to identify yourself when you report a Violation, your identity will be handled confidentially. As the main rule, if you report to RELEX’s central channel your identity will only be available to the Legal Team of RELEX and the external Partner who monitor RELEX’s online whistleblowing platform. If the Legal Team is under investigation, your identity will be accessible to the CFO of RELEX. If you report to a local channel, your identity will as a main rule only be available to the appointee of the local whistleblowing channel.

Your identity may only be revealed to others when it is necessary for the investigations or otherwise needed under local laws and regulations such as investigations by authorities or court cases. We cannot guarantee that the Legal Team or CFO will have no access to your report in the central whistleblowing channel, if the report concerns them.

If you wish to ensure your anonymity in all situations, we encourage you to use the anonymous whistleblowing option.

All information disclosed during the course of the investigation will, to the extent practical and appropriate, remain confidential except as may be reasonably necessary under the circumstances to facilitate the investigation, take remedial action, or comply with applicable law.

No Representative who is not participating in conducting the investigations but learns the identity of a whistleblower at any time may share the identity with others, unless permitted by the whistleblower themself. For example, if the whistleblower informs another Representative of their intention to report a Violation, the other Representative should keep the identity of the whistleblower in confidence.

If the whistleblower tells their team lead of the Violation or their intention to report the Violation, the team lead may not share the identity of the person with others in or outside the team. The team lead must not perform investigations of the Violation themself. The team lead should agree with the team member on whether the team member or the team lead will report the Violation via the appropriate channels. The team lead may only report the identity of the team member at the permission of the team member.

Nothing in this Policy in any way prohibits or is intended to restrict or impede employees from discussing the terms and conditions of their employment with co-workers or union representatives or exercising their protected rights under local laws. Such action is always permitted.

4. Anonymity

As described in this policy, the whistleblowing platform by WhistleB allows you to make reports of Violations without giving your name or contact information. However, we cannot guarantee that it will never be possible to deduct your identity from the content of the report and the circumstances of the suspected Violation.

If you wish to minimize the possibility of your identity becoming known by anyone, we recommend that you avoid using catchphrases and idioms typical to you and that you seek to give a description of the Violation in a way that does not indicate your role or position.

On the other hand, please also note that it may not always be possible for us to investigate a suspected Violation without knowing your identity.

5. No retaliation

RELEX strictly prohibits and does not tolerate unlawful retaliation against anyone reporting a Violation or suspected Violation in good faith or otherwise cooperating in an investigation of a Violation. All forms of unlawful retaliation are prohibited, including any form of adverse action, discipline, threats, intimidation, or other form of retaliation for reporting under or complying with this Policy. RELEX considers retaliation a Violation itself, which may result in disciplinary action, such as a warning up to and including termination of employment or any other working relationship with RELEX, if and as appropriate under local laws.

If you have been subject to any conduct that you believe constitutes retaliation for having made a report in compliance with this Policy or for having participated in any investigation relating to an alleged Violation, please immediately report the alleged retaliation to Director of Legal, Corporate Governance and Regulatory Risk Manager or CFO or via the whistleblowing channel mentioned in this Policy ideally within ten days of the offending conduct.

Your complaint should be as detailed as possible, including the names of all individuals involved and any witnesses. RELEX will directly and thoroughly investigate the facts and circumstances of all perceived retaliation and will take prompt corrective action, if appropriate.

Additionally, any manager or team lead who observes retaliatory conduct must report the conduct to the Director of Legal, Corporate Governance and Regulatory Risk Manager or CFO or via the whistleblowing channel mentioned in this Policy so that an investigation can be made and corrective action taken, if appropriate.

Bringing any alleged retaliation to our attention promptly enables us to honor our values, and to promptly and appropriately investigate the reported retaliation in accordance with the procedures outlined above.

Any Representative, regardless of position or title, who has been determined to have engaged in retaliation in violation of this Policy, will be subject to appropriate disciplinary action, such as a warning up to and including termination of employment or any other working relationship with RELEX, if and as appropriate under local laws.

Regarding Representatives located at United States and others subject to the laws of the USA: No employee will be subject to liability or retaliation for disclosing a trade secret if it is done in compliance with 18 U.S.C. §1833 and is made either:

  • In confidence to a federal, state, or local government official or to an attorney solely for the purpose of making a report in compliance with this Policy or participating in any investigation relating to an alleged violation of law; or
  • In a complaint or other document filed in a lawsuit or other proceeding under seal.

Regarding individuals in other countries than the USA: No Representative will be subject to liability or retaliation for disclosing a trade secret if it is done in compliance with local laws and is made either:

  • in confidence to applicable, local authorities for the purpose of making a report in compliance with this Policy or participating in any investigation relating to an alleged violation of law or
  • in a court of law or other legal proceeding when required to do so by law.

6. Privacy

6.1 How does RELEX handle personal data in relation to whistleblowing?

We respect the privacy of our Representatives and others. If the whistleblower provides us with their name, contact and any other personal data, we will use the personal data for the purposes of investigating the report made by the person, performing any remedial and other follow-up action, documenting the report and communicating with the person regarding the report of the Violation. We have a legal duty to perform these measures.

We will collect no other personal data of the person who made the report of the Violation, unless it is necessary for the investigations or other related actions. If the reporter provides RELEX with further personal data concerning themself or others, we will handle it with care. We will also inform the people whose personal data we received if it is reasonably possible, and we consider it can be done without jeopardizing the investigations or other related actions. A situation where it may not be possible to inform the individuals is when we receive personal data without any contact information for the person. Another example is a situation where a person is suspected of a crime that we report to the police and the criminal investigations could be jeopardized if the person is informed of the report.

RELEX will store the personal data received by RELEX in connection with a report of a Violation for the course of the investigations and for as long as we deem it reasonably necessary to keep the data to perform remedial measures or other necessary actions relating to the ethical and legal obligations of RELEX or as proof for possible future proceedings.

We ask you never to give any personal data of others than yourself when you report a Violation, unless it is necessary for the report. We also ask you to treat the personal data with due care and in accordance with applicable laws and the privacy practices and policies of RELEX.

6.2 To which external parties will RELEX disclose the personal data?

RELEX uses the SaaS provider WhistleB to provide RELEX’s online whistleblowing platform. WhistleB will not actively access the reports and any other data stored by RELEX in the platform, but the storing and hosting of the personal data is arranged by WhistleB.

The Partner as defined above in section 2.4. has access to the reports and data stored in RELEX’s online whistleblowing platform. The access is limited to appointed persons of the Partner who are responsible for supporting RELEX’s whistleblowing activities.

RELEX’S whistleblowing e-mail is provided by Microsoft Outlook. Access to the e-mail is limited to RELEX’s Legal Team. The system administrators of RELEX also have technical access but they will not read the e-mails.

RELEX may disclose the personal data to external service providers who will be engaged in the investigations of a Violation on a case-by-case basis. The service providers will be subject to confidentiality obligations.

RELEX may also disclose the personal data to authorities, such as the police, if it is necessary for investigations by the authorities. Additionally, RELEX may disclose the personal data if it is necessary for court cases or required under applicable law.

6.3 Will RELEX transfer personal data outside the EU?

RELEX will mainly process the personal data within the EU. The data in the online whistleblowing platform will be hosted in the EU or EEA.

RELEX may transfer the personal data other than the identity and contact information of the whistleblower to the affiliates of RELEX located outside the EU and EEA if it is necessary for the performance of the investigations, remedial actions or the legal obligations of RELEX. RELEX may also otherwise transfer the personal data outside the EU and EEA if it is necessary for the investigations, remedial actions or legal obligations of RELEX. For example, RELEX may need to engage certain employees of RELEX USA and external consultants from the USA to investigate reported Violations of US laws.

RELEX’s US Legal Counsel may take part in the investigations and other activities for whistleblowing reports made in connection with RELEX’s group entity in the USA in which case they may be given access to the personal data, including the identity and contact information of the whistleblower.

RELEX will ensure it has safeguards in place before transferring the personal data outside the EU and EEA.

6.4 What are your rights under the General Data Protection Regulation of the EU?

You have the right to know what personal data RELEX has stored of you. You also have the right to request the correction, removal and restriction of your personal data and the right to object to the use of your personal data. In case you want to exercise these rights, please use the contact information given in this Policy. However, please note that due to the nature of the reports of Violations, there may be cases where RELEX has compelling reasons to refrain from acting in accordance with your request on your rights. For example, it may not be possible to give your access to your personal data or delete your personal data if the personal data is part of a crime investigation after a report of a Violation that may constitute a crime, or the disclosure or deletion of the information would jeopardize RELEX’s investigations on the Violation.

You also have the right to lodge a complaint with a supervisory authority in case you think that your legal privacy rights have been violated. You may choose to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

6.5 What kind of security measures does RELEX have for the personal data?

RELEX has implemented and maintains access control to the reports of the Violations as described in this Policy. RELEX has also limited the processing activities of the personal data to the extent necessary for the purposes of dealing with the reports of the Violations as described in this Policy. The personal data will be periodically deleted from the whistleblowing e-mail and stored in the more secure online whistleblowing platform for as long as needed to facilitate security.

As a part of the evaluation process conducted by RELEX on the service provider of the online whistleblowing platform, RELEX has assessed its security. The provider of the online whistleblowing platform, WhistleB, is contractually committed to maintaining security measures. WhistleB complies with ISO 27001 security principles. WhistleB has more information on their security measures in their website https://whistleb.com/.

7. Other

7.1 Modification

RELEX expressly reserves the right to change, modify, or delete the provisions of this Policy without notice.

7.2 Administration

The Legal Team is responsible for the administration of this Policy. All Representatives are responsible for consulting and complying with the most current version of this Policy. If you have any questions regarding this Policy or concerning the scope or delegation of authority, please contact the Legal Team.

7.3 Contact information

Questions on this Policy, including privacy related to this Policy, can be sent to the Legal Team of RELEX to legal@relexsolutions.com:

The data controller for any personal data processed in relation to this Policy is:

Retail Logistics Excellence – RELEX Oy

Address: Postintaival 7, 00230 Helsinki, Finland

7.4 Effective date

This Policy is effective as of 17th December 2021 and has been updated on 28 May 2024.