Ethics alert system
Why? For who?
Devoteam intensified its commitments in terms of ethics and the fight against corruption, by making a whistleblowing system available to its employees and to all its stakeholders (customers, subcontractors, suppliers, etc.).
The whistleblowing system must allow any victim or witness of the acts mentioned below to report them to an independent actor, who will relay the information to our Ethics Alert Committee.
The reports covered by the whistleblower scheme cover, in particular :
- crimes or offenses, (including corruption)
- serious and manifest violation of a law, regulation, or an international treaty duly ratified or approved by France,
- or all the obligations defined by european regulations, and by the Monetary and financial code “CMF”, or by the General Regulations of the Financial Markets Authority “AMF”,
- and more specifically any conducts or situations contrary to the Group’s code of conduct or our Anti-bribery Charter, concerning acts of bribery or influence peddling.
Any breach reported through our Ethics alert line, will be investigated by the Group’s Ethic Alert Committee
Anonymity & Confidentiality
The whistleblower can decide not to reveal his identity: His/Her anonymity will be preserved !
Devoteam has chosen to outsource the management of this ethics alert system to an external service provider, in order to maximize its effectiveness and ensure complete confidentiality of the actions taken by the whistleblower.
Our external service provider acts independently of the Group, and gives you the opportunity to make a report, in a completely anonymous and confidential manner. It transmits the anonymized information to the Group Ethics Alert Committee.
The Group protects whistleblowers, in particular against potential acts of retaliation or disciplinary sanctions, and ensures that their identity is kept strictly confidential, whether the person is an employee of the Group or a third party.
However, any misuse of the Ethics Alert Line could result in prosecutions or sanctions.
Data protection policy
The Devoteam Group attaches the highest importance to data protection and confidentiality, and complies with the provisions of the European General Data Protection Regulation on the protection of natural persons with regard to the processing of personal data and the free movement of such data” (EU-GDPR) as well as to the applicable national regulations on the protection of personal data.
Before submitting an alert, we ask you to carefully read the present data protection information.
Purpose of the whistleblowing
The Group Ethics Alert System, through the EthicsPoint platform, is intended to collect, process and manage, in complete security and confidentiality, alerts relating to breaches of the code of conduct and ethics charter of the Group or its subsidiaries, as well as alerts concerning the fields covered by the law no. 2016-1691 of 9 December 2016 on transparency, the fight against corruption and the modernisation of economic activity (known as the “Sapin II” Law) and by Law No. 2017-399 of 27 March 2017 on the duty of vigilance incumbent upon parent companies and ordering companies, which specify the legal regime applicable to reports and the protection of whistleblowers.
Responsibility of the system
The Audit and Corporate Internal Control Department of Devoteam is the Head of the Ethics Alert System. It can be contacted at the following address:
Audit and Internal Control Department
73 Rue Anatole France 92300 Levallois-Perret
The platform is managed by a global specialist in outsourced ethics alert lines, NAVEX GLOBAL UK LIMITED, based at : Vantage West, 4th Floor, Great West Road, Brentford, TW8 9AG, United Kingdom.
Personal data collected
By submitting an alert through the EthicsPoint platform, several personal data and information are collected:
- your name, if you disclose your identity;
- your status as an employee within Devoteam SA or the subsidiary of the group concerned, your status as an external employee, as an occasional employee in connection with Devoteam SA or the subsidiary of the group concerned;
- your relationship with a third party, if you disclose it;
- the actions you would like to bring to the group’s management attention;
- the person’s names you mention in your report and other personal data that concern them.
Confidential handling of alerts
Reports are always treated in the strictest of confidence. The Ethics Alert Committee analyse the alert admissibility, discuss with the whistleblower, and carry out the actions and investigations required by the specific case until its closure.
Any person who has access to the database must ensure their strict confidentiality.
Information of the person(s) concerned by the alert
The person mentioned in an alert shall be informed of personal data concerning him or her appearing on the platform. He or she has no information to identify the whistleblower.
If precautionary measures are necessary, in particular to prevent the destruction of evidence or for the purposes of an investigation, this person may be informed after the adoption of these measures, in accordance with the applicable legal provisions.
Rights of data subjects
Under the applicable data protection regulations, the whistleblower and the person(s) concerned by the alert shall have a right of information, access, rectification, erasure and opposition to the processing of personal data concerning them.
When the right to erasure is invoked, the Ethics Alert Committee examines to what extent the stored data is still necessary for processing an alert. Data that is no longer needed is deleted.
If the right to object is invoked, the Ethics Alert Committee shall quickly examine to what extent there are no longer legitimate and compelling reasons for the treatment which prevail over the interests, rights and freedoms of the data subject, or for the establishment, the exercise or defence of legal claims. In addition, the whistleblower and the person(s) referred to in the alert shall have the right to lodge a complaint to a supervisory authority.
Duration of retention of personal data
Personal data is kept for duration necessary for the verification and investigation of the alert or for a period provided for by the applicable law. Once the alert has been processed, this personal data is destroyed within two months of closure. The anonymized alert is archived in compliance with applicable laws.