Whistleblower policy rules at zondacrypto

Whistleblower policy rules at zondacrypto

Whistleblower status

A whistleblower is a natural person who is a current or former: employee, person conducting business activity cooperating directly with zondacrypto, contractor, employee or contractor of an external entity with which zondacrypto has concluded an outsourcing agreement concerning personnel, member of the Management Board or Supervisory Board of zondacrypto, business partner, shareholder, volunteer, or intern of zondacrypto who reports a breach that they have become aware of in connection with the performance of their professional duties and has reasonable grounds to believe that the breach was directly initiated or committed.

Whistleblowers can count on protection provided that their reports are based on reasonable grounds. Each report should be based on reliable information and the belief that it is true.

Fulfilling these requirements grants the person the status of a whistleblower and they become subject to protection.

Contact information for whistleblowers to submit reports to zondacyprto

The whistleblower may submit a report verbally (at the registered office of zondacrypto) or in writing.

  1. zondacrypto address: BB Trade Estonia OÜ, registry code 14814864 - Human Resources Department, Tähesaju tee 9, Tallinn, 13917, Estonia;

  2. Email address for submitting reports: [email protected]  

zondacrypto personnel may report violations to their immediate supervisors or managers.

Submission procedure

A whistleblower report should include:

  1. the full name and contact details of the person making the report (providing the name and contact details is recommended as it facilitates further investigation, but is not mandatory), with the proviso that the person making the report may also remain anonymous, unless prohibited by applicable law; and

  2. facts about the violation, i.e., the nature of the alleged violation, detailed information about the person(s) who likely committed the violation or was aware of the violation or was involved in it; the area to which the violation relates; the place and time of the violation; other persons who have been notified of the violation or are aware of the violation; other persons who can corroborate the report or potential witnesses; and any other information that the reporter considers relevant, and any evidence, such as emails, documents, text messages, notes, and photos.

Confirmation of receipt of the report will be sent to the reporter within seven days of receipt of the report, unless the reporter has expressly refused to send confirmation or there are reasons to believe that the confidentiality of the reporter would be compromised.

Upon receipt of a breach report, zondacrypto will assess:

  1. the report and determine whether it falls within the scope of zondacrypto's whistleblowing policy and whether it should be investigated, and by whom; and

  2. the risk of harm to the reporter or another person arising from the report and, where appropriate, develop and implement strategies to eliminate or at least minimize any risk to the reporter or another person arising from the report, while enabling an appropriate investigation of the alleged violation to be conducted.

Whistleblowers should receive feedback on the results of the investigation and any follow-up actions taken as soon as possible, but no later than within three months or, in the case of reports made through an external reporting channel, in duly justified cases, within six months of receipt of the breach report. Feedback shall not be provided only where the reporting person has expressly refused to receive it or where there are reasons to believe that it would breach the confidentiality of the reporting person.

Investigations must be conducted in a fair, impartial, and objective manner. Although investigations may vary in complexity and duration, they must be initiated promptly and, where possible, should not take longer than is justified by the scope of the investigation.

All reports and measures taken to manage the alleged breach must be documented and stored in a secure and confidential manner for a period of three years from the date of feedback on the report.

Whistleblower protection

zondacrypto strictly prohibits any form of retaliation against individuals who report misconduct and is committed to protecting them from any negative consequences resulting from their reports. Retaliation constitutes a serious violation and may result in disciplinary action, including termination of cooperation on any basis.

Furthermore, any actions intended to hinder, block, or discourage the reporting of violations are strictly prohibited. This includes, but is not limited to, intimidation, threats, coercion, or any other behavior that may discourage individuals from reporting violations in good faith. Violation of this prohibition may also result in disciplinary measures, legal consequences, or both.

Whistleblowers are also protected from the following actions in connection with their reporting:

  1. civil liability (e.g., any legal action against the person reporting the violation for breach of contract, confidentiality obligations, or other contractual obligations);

  2. criminal liability (e.g., attempting to prosecute the person reporting the violation for unlawful disclosure of information or other use of the disclosed information against the person reporting the violation in criminal proceedings (except in cases of false reporting); and

  3. administrative liability (e.g., disciplinary proceedings for disclosure of information).

Confidentiality and personal data processing policy

zondacrypto and any recipient of information from the whistleblower are required to treat all reports of violations and the identity of the whistleblower as strictly confidential. However, necessary information may be disclosed to the extent required to ensure the proper investigation of the alleged violation. Failure to comply with this confidentiality obligation may result in civil liability and, in some cases, external criminal sanctions imposed on both zondacrypto and the persons responsible for the breach.

Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance). 

Personal data obtained is processed in connection with the acceptance of the application or follow-up actions. The processing referred to above will be carried out on the basis of Article 6(1)(c) or Article 9(2)(g) of the GDPR. If the whistleblower consents to the disclosure of personal data, the personal data will be made available on the basis of Article 6(1)(a) of the GDPR.

The personal data of the whistleblower, which allows for the identification of the whistleblower, shall not be disclosed to unauthorized persons, unless the whistleblower consents in writing to the disclosure of their personal data.

The personal data that is clearly irrelevant to the processing of a specific request is not collected and, if collected accidentally, is deleted without undue delay. Detailed information on the processing of personal data can be found in the “Privacy Policy” available via the link https://zondacrypto.com/en/legal/zondacrypto-exchange/privacy-policy