WHISTLEBLOWING NOTICE FOR REPORTING OF BREACHES OF BULGARIAN LAWS OR ACTS OF THE EUROPEAN UNION
1.1. This Whistleblowing Notice (Notice) aims to provide you with clear and easily accessible information on the terms and conditions for reporting breaches through the internal channel of EURO GAMES TECHNOLOGY LTD, UIC 130947038, with headquarters and address of management in Sofia, Vranya area — Lozen — Triangle, 4 Maritsa Str., (Company), under the Protection of Persons Who Report or Publicly Disclose Information on Breaches Act (Act).
2. WHAT BREACHES CAN YOU REPORT?
2.1. According to the Bulgarian legislation, you can report breaches of the Bulgarian laws or the acts of the European Union defined in the field of:
• public procurement;
• financial services, products and markets and the prevention of money laundering and terrorist financing;
• the safety and compliance of products and transport;
• protection of the environment;
• radiation protection and nuclear safety
• food and feed safety, animal health and welfare;
• public health and consumer protection;
• the protection of privacy and personal data;
• the security of network and information systems;
• breaches affecting the financial interests of the European Union as referred to in Article 325 of the Treaty on the Functioning of the European Union;
• breaches of the rules of the internal market as referred to in Article 26, paragraph 2 of the Treaty on the Functioning of the European Union, including the rules of the European Union and the Bulgarian legislation on competition and state aid;
• breaches relating to cross-border tax arrangements the purpose of which is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law;
• a committed criminal offence of a general nature, of which a person under Article 5 has become aware in connection with the performance of his or her work or his or her official duties.
• the rules for payment of outstanding public state and municipal receivables;
• labour law;
• legislation relating to the performance of public service.
3. WHO CAN SUBMIT A REPORT?
3.1. A reporting person within the meaning of this Act shall be a natural person who reports or publicly discloses information on a breach that has become known to him or her in their capacity as:
• a worker, an employee, a civil servant or another person who is employed, regardless of the nature of the work, the manner of pay and the source of the funding;
• a person who works without an employment contract and/or is a freelance worker and/or a craft worker;
• a volunteer or an intern;
• a partner, a shareholder, a sole owner of the capital, a member of the management or supervisory body of a commercial company, a member of the audit committee of an enterprise;
• a person who works for a natural or legal person, its subcontractors or suppliers;
• a candidate for employment who has participated in a competition or another form of recruitment and who has received in that capacity information on a breach;
• a worker or an employee, where the information has been obtained in the framework of an employment or service relationship, which has been terminated at the time of the reporting or the public disclosure.
3.2. Protection is also granted to:
• any other reporting person reporting a breach that has become known to him or her in a work-related context.
• facilitators who assist the reporting person in the reporting process;
• persons who are connected with the reporting person and who could suffer retaliation as a result of the reporting;
• legal entities in which the reporting person holds a shareholding and for which he/she works or with whom he/she is otherwise connected in a work-related context.
3.3. In the event that the report is credible and justified, the protection within the meaning of the Act is provided to you from the moment of the submission of the report or the public disclosure of information about a breach.
4. WHAT ARE THE CONDITIONS TO GET PROTECTION?
4.1. You have the right of protection in case you:
1. has had reasonable grounds to believe that the information submitted about the breach in the report was correct at the time of its submission and that this information falls within the scope of Art. 2.
2. has reported a breach under the conditions and according to the procedure of this Act.
4.2. Proceedings shall not be initiated and you shall not receive protection for submitting anonymous reports (unless you have been subsequently identified) and reports relating to breaches committed more than two years ago.
5. HOW AND WHERE CAN I REPORT IT?
5.1.In the event that you wish to report the breaches referred to in Art. 2 and if there is good reason to believe that the information is true, you can do so in one of the following ways:
— verbally by calling the following phone, where you can record your report: 02 8902524 or request a personal meeting.
5.2. When giving a verbal report, we will record the same in a form that we will ask you to sign.
5.3. The report must contain at least: full name, address and telephone number of the sender, e-mail address (if any), names of the person against whom the report is filed (when it is filed against specific persons and they are known), specific data of an infringement or a real danger of such being committed, place and period of committing the breach, if any, a description of the act or situation and other circumstances, to the extent known to the reporting person, date and signature.
5.4. We will take immediate action to ensure your privacy
5.5. In addition, you have the right to report to an external channel, namely the Commission for Personal Data Protection https://www.cpdp.bg/, as well as the right to publicly disclose information under the terms of the Act.
6. WHAT CAN I EXPECT AFTER I REPORT?
6.1. Once you submit a report, we will check whether it is credible and, if so, take the necessary follow-up action to uncover the objective truth and gather all the necessary evidence, incl. by the affected parties and by the person against whom the report has been filed in compliance with confidentiality as well as confidentiality of your personal data.
6.2. If necessary, we can contact for further information and documentation.
6.3. In the event that there is a reasonable assumption that there is a risk of retaliatory discriminatory actions and that effective measures will not be taken to check the report, the report may be submitted through an external channel, namely to the Commission for Personal Data Protection.
6.4. After we prepare a report and before 3 months have elapsed since the report was submitted, we will contact you to give you feedback on your report.
6.5. When the breach is unimportant and does not require further follow-up actions and in case of a repeated report that does not contain new information essential to the breach, the file on your report may be terminated.
6.6. The Company examines all reports of breaches in compliance with the principles of confidentiality, impartiality, fairness, independence and lack of conflict of interest.
6.7. The Company shall protect reporting persons from retaliatory acts having the character of repression and placing them at a disadvantage and shall not allow such actions to be carried out within its organisation.
7. YOUR RESPONSIBILITY
7.1. For the submission of reports or public disclosure of false information you bare administrative penal responsibility under Art. 45.
7.2. In case of obviously false or misleading statements of facts, your report will be returned with an instruction to correct the allegations and a warning about the liability you bear, namely a fine of up to BGN 7,000.
8. INFORMATION. MODIFICATION OF THIS NOTICE
8.1. This notice is available on our website, namely: www.egt.com («Website»), as well as in a prominent place in our offices.
8.2. More information regarding your rights and the processing of your reports and personal data can be found on our website.
9. PERSONAL DATA
9.1. The Company will process your personal data for the purpose of handling a report.
9.2. The information related to a reported breach, as well as the identity of the Reporting Person and the affected person and the other persons identified in the report or made aware of the report, are protected. Access to your personal data will be granted only to persons responsible for handling reports, as well as state and supervisory authorities, in cases specified by law.
10. UPDATING THE NOTICE
10.1. This notice may be subject to amendment, most recently enforced on 04.05.2023. Any future changes or additions to the processing of personal data described in this notice that affect you will be communicated to you through an appropriate channel, depending on the usual way of communication.