Whistleblower Policy

The reports can concern the following areas:

• a crime;
• an offence;
• a threat or harm to the general interest;
• a violation or an attempt to conceal a violation of an international commitment regularly ratified or approved by France, of a unilateral act of an international organisation taken on the basis of such a commitment, of European Union law, of the law or of the regulations;
• a breach of the Code of Ethics and Good Conduct, and any related policies.

In particular:

• Acts of corruption
• Fraud
• Theft
• Harassment
• Violations in the area of respect for human rights
• Environment
• Conflict of interests
• Assets misappropriation
• Data privacy
• Discrimination
• Health and safety standards

• Within the Group:
  Each member of staff*; as well as shareholders, members of the administrative, management or supervisory body;
• Third parties:
  Contractors of the Group, their sub-contractors, their members of the administrative, management or supervisory body

* The “staff” includes external and occasional employees; former employee, where the information was obtained in the course of the employment relationship that ended; job candidate, where the information was obtained as part of the job application

Acting in good faith, a natural person who makes a warning without seeking any direct financial reward, having reasonable grounds for believing, in light of the circumstances and the information available to them at the time of reporting, that the matters reported by them are true.

The whistle-blower can report facts obtained in the course of his or her work which he or she does not know personally but which have been reported to him or her. If the information was not obtained in the course of his or her work, he or she must have personal knowledge of it.

The Group guarantees that acting in good faith, the whistle-blower is not subject to retaliation or other forms of negative consequences in connection with his or her report.

In general, the whistle-blower is not civilly liable for damages caused by his or her report and is not criminally liable.

However, if a report is made in a malicious, fanciful, or abusive manner, the whistle-blower is exposed to legal liability measures.

The same protection applies to (i) any natural person or any legal entity under private law with a non-profit-making purpose who helps the Whistle-blower to make a report (the facilitators); (ii) natural persons who are at risk of being subjected to one of the following retaliatory measures in the course of their professional activities by their employer, client or the recipient of their services; (iii) legal entities controlled, within the meaning of Article L. 233-3 of the French Code of Commerce, by the Whistle-blower, for which he/she works or with which he/she is linked in a professional context.

Designated Referents

The General Secretary of the Monnoyeur Group, the Legal Director of the Monnoyeur Group and the Internal Audit and Compliance Director of the Monnoyeur Group are the exclusive recipients for all subjects of reports made via the Digital Procedure.

For matters relating to harassment, discrimination, respect for human rights, health and safety and the environment, reports are also sent to the Human Resources Director of the Monnoyeur Group. Reports in these areas are processed by the Human Resources Director of the Monnoyeur Group and the Legal Director of the Monnoyeur Group.

The processing of reports relating to the other areas covered by the internal alert system is handled by the Legal Director of the Monnoyeur Group and the Internal Audit and Compliance Director of the Monnoyeur Group.

Confidentiality

Reports are processed in accordance with the provisions of the applicable laws and the Company's internal procedures guaranteeing strict confidentiality of the identity of the whistle-blowers, of the persons concerned by the report and of any third party mentioned in the report and of the information collected by all the recipients of the report. Violation of the confidentiality of this information, as well as of the process of collecting and processing reports, may result in disciplinary action being taken against the persons responsible for receiving and processing reports (the Designated Referents). The person who is the subject of a report cannot, under any circumstances, obtain from the Designated Referents information concerning the identity of the whistle-blower.

Procedure

The whistle-blower will receive an acknowledgement of receipt within seven working days.

The whistle-blower will receive feedback on the processing of the report within a period not exceeding three months from the acknowledgement of receipt of the report.

This includes any action taken by the Company to assess the accuracy of the allegations made in the report and, where appropriate, to remedy the reported violation, including measures such as an internal investigation, action to recover funds, or closure of the case.

The whistle-blower may be contacted by the Designated Referent to obtain further information on the reported facts.

The whistle-blower shall be informed in writing of the closure of the case on the processing of his or her report, which shall take place when the allegations are inaccurate or unfounded, or when the report has become irrelevant.

In general, no anonymous report will be accepted or processed. Anonymous reports can only be processed if the following conditions are met (i) the seriousness of the facts mentioned is established, and (ii) the factual elements are sufficiently detailed.

External reports may concern information relating to a crime, a tort, a threat or harm to the general interest, a violation or an attempt to conceal a violation of an international commitment regularly ratified or approved by France, a unilateral act of an international organisation taken on the basis of such a commitment, European Union law, a law or regulation.

Any whistle-blower, either after having made an internal report or directly, can make an external report to the following authorities

Report matter	Competent authority
Tenders	Agence française anticorruption (AFA), for breaches of integrity ; Direction générale de la concurrence, de la consommation et de la répression des fraudes (DGCCRF), for anti-competitive practices; Autorité de la concurrence, for anti-competitive practices
Financial services, products and markets and prevention of money laundering and terrorist financing	Autorité des marchés financiers (AMF), investment services providers and market infrastructure; Autorité de contrôle prudentiel et de résolution (ACPR), for credit and insurance institutions
Product safety and compliance	Direction générale de la concurrence, de la consommation et de la répression des fraudes (DGCCRF) ; Service central des armes et explosifs (SCAE).
Transportation safety	Direction générale de l'aviation civile (DGAC), for air transportation safety Bureau d'enquêtes sur les accidents de transport terrestre (BEA-TT), for the safety of land transportation (road and rail); Direction générale des affaires maritimes, de la pêche et de l'aquaculture (DGAMPA), for the safety of maritime transportation.
Protection of the environment	Inspection générale de l'environnement et du développement durable (IGEDD).
Radiation and nuclear safety	Autorité de sûreté nucléaire (ASN)
Food safety	Conseil général de l'alimentation, de l'agriculture et des espaces ruraux (CGAAER) ; Agence nationale chargée de la sécurité sanitaire de l'alimentation, de l'environnement et du travail (ANSES)
Public health	Agence nationale chargée de la sécurité sanitaire de l'alimentation, de l'environnement et du travail (ANSES) ; Agence nationale de santé publique (Santé publique France, SpF) ; Haute Autorité de santé (HAS) ; Agence de la biomédecine ; Etablissement français du sang (EFS) ; Comité d'indemnisation des victimes des essais nucléaires (CIVEN) ; Inspection générale des affaires sociales (IGAS) ; Institut national de la santé et de la recherche médicale (INSERM) ; Conseil national de l'ordre des médecins, pour l'exercice de la profession de médecin ; Conseil national de l'ordre des masseurs-kinésithérapeutes, pour l'exercice de la profession de masseur-kinésithérapeute ; Conseil national de l'ordre des sages-femmes, pour l'exercice de la profession de sage-femme ; Conseil national de l'ordre des pharmaciens, pour l'exercice de la profession de pharmacien ; Conseil national de l'ordre des infirmiers, pour l'exercice de la profession d'infirmier ; Conseil national de l'ordre des chirurgiens-dentistes, pour l'exercice de la profession de chirurgien-dentiste ; Conseil national de l'ordre des pédicures-podologues, pour l'exercice de la profession de pédicure-podologue ; Conseil national de l'ordre des vétérinaires, pour l'exercice de la profession de vétérinaire.
Consumer protection	Direction générale de la concurrence, de la consommation et de la répression des fraudes (DGCCRF)
Protection of privacy and personal data, security of networks and information systems	Commission nationale de l'informatique et des libertés (CNIL) ; Agence nationale de la sécurité des systèmes d'information (ANSSI)
Violations affecting the financial interests of the European Union	Agence française anticorruption (AFA), pour les atteintes à la probité ; Direction générale des finances publiques (DGFIP), pour la fraude à la taxe sur la valeur ajoutée ; Direction générale des douanes et droits indirects (DGDDI), pour la fraude aux droits de douane, droits anti-dumping et assimilés
Internal market violations	Direction générale de la concurrence, de la consommation et de la répression des fraudes (DGCCRF), pour les pratiques anticoncurrentielles ; Autorité de la concurrence, pour les pratiques anticoncurrentielles et les aides d'Etat ; Direction générale des finances publiques (DGFIP), pour la fraude à l'impôt sur les sociétés
Activities conducted by the Ministry of Defence	Contrôle général des armées (CGA) ; Collège des inspecteurs généraux des armées
Public statistics	Autorité de la statistique publique (ASP)
Agriculture	Conseil général de l'alimentation, de l'agriculture et des espaces ruraux (CGAAER)
National and higher education	Médiateur de l'éducation nationale et de l'enseignement supérieur
Individual and collective labour issues/conditions, working conditions	Direction générale du travail (DGT)
Employment and professional training	Délégation générale à l'emploi et à la formation professionnelle (DGEFP)
Culture	Conseil national de l'ordre des architectes, pour l'exercice de la profession d'architecte ; Conseil des maisons de vente, pour les enchères publiques
Rights and freedoms in relation to State administrations, local authorities, public establishments and bodies with a public service mission; Best interests and rights of the child; Discrimination ; Ethics of persons engaged in security activities	Défenseur des droits

Each authority empowered to receive an external report shall publish on its website the procedure it has established for collecting and processing reports.

The collection and processing of reports is a collection and processing of personal data within the meaning of both Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and Law No. 78-17 of 6 January 1978 on information technology, files and freedoms.

This processing of personal data is implemented in order to collect and process reports aimed at revealing a breach of a specific rule of law or of the Company's Anti-Corruption Code. The implementation of this professional report system results from the legal obligations incumbent on the Data Controller (provided for in Articles 8 and 17 of Law No. 2016-1691 of 9 December 2016 on transparency, the fight against corruption and the modernisation of economic life).

The processing associated with this whistle-blowing system is recorded in the Monnoyer Group register of data processing activities.

All persons who issue a report via this system and the persons mentioned or targeted by the report are considered as data subjects of the processing operations related to this report system.