Why? For who?
Devoteam intensified its commitments in terms of ethics and the fight against corruption, by making a whistleblowing system available to its employees and to all its stakeholders (customers, subcontractors, suppliers, etc.).
The whistleblowing system must allow any victim or witness of the facts mentioned below to report them to an independent actor, who will relay the information to our Ethics Alert Committee.
The reports covered by the whistleblower scheme cover, in particular :
- crimes or offences, (including corruption)
- serious and manifest violation of a law, regulation, or an international treaty duly approved by France,
- or all the obligations defined by european regulations, and by the Monetary and financial code “CMF”, or by the General Regulations of the Financial Markets Authority “AMF”,
- and more specifically any conducts or situations contrary to the Group’s code of conduct or our Anti-bribery Charter, concerning facts of bribery or influence peddling.
Any breach reported through our Ethics alert line, will be investigated by the Group’s Ethic Alert Committee.
Anonimity & Confidentiality
The whistleblower can decide to don’t reveal his identity : His anonymity will be preserved !
Devoteam has chosen an external mechanism for collating reports, in order to maximize its effectiveness and ensure complete confidentiality of the steps taken by the whistleblower.
Our external service provider acts independently of the Group, and gives you the opportunity to make a report, in a completely anonymous and confidential manner. It transmits the anonymized information to the Group Ethics Alert Committee.
The Group protects whistleblowers, in particular against potential acts of retaliation or disciplinary sanctions, and ensures that their identity is kept strictly confidential, whether the person is an employee of the Group or a third party.
However, any misuse of the Ethics Alert Line could result in prosecutions or sanctions.
Data protection policy
The Devoteam Group attaches the highest importance to data protection and confidentiality, and complies with the provisions of the European Regulation “relating to the protection of individuals with regard to the processing of personal data and the free movement of such data” (EU-GDPR) and to the applicable national regulations on the protection of personal data.
Before submitting an alert, we ask you to carefully read the present data protection information.
Purpose of the whistleblowing
The mechanism set up by Devoteam, through the EthicsPoint platform, for collecting reports, in complete security and confidentiality, relating to breaches of the codes of ethical conduct and compliance of the Group or its subsidiaries with alerts concerning the fields covered by the law no. 2016-1691 of 9 December 2016 on transparency, the fight against corruption and the modernisation of economic activity (known as the “Sapin II” Law) and by Law No. 2017-399 of 27 March 2017 on the duty of vigilance incumbent upon parent companies and ordering companies, which specifies the legal regime applicable to reports and the protection of whistleblowers.
Responsibility of the system
The Audit and Corporate Internal Control Department of Devoteam is the Head of the Ethics Alert System. It can be contacted at the following address:
Audit and Internal Control Department
73 Rue Anatole France 92300 Levallois-Perret
The platform is managed by a global specialist in outsourced ethics alert lines, NAVEX GLOBAL UK LIMITED, based at : Vantage West, 4th Floor, Great West Road, Brentford, TW8 9AG, United Kingdom.
Personal data collected
By submitting an alert through the EthicsPoint platform, several personal data and information are collected:
- your name, if you disclose your identity;
- your status as an employee within Devoteam SA or the subsidiary of the group concerned, your status as an external employee, as an occasional employee in connection with Devoteam SA or the subsidiary of the group concerned;
- your relationship with a third party, if you disclose it;
- the actions you would like to bring to the group’s management attention;
- the person’s names you mention in your report and other personal data that concern them.
Confidential handling of alerts
Reports are always treated in the strictest of confidence. The Ethics Alert Committee analyse the alert admissibility, discuss with the whistleblower, and carry out the actions and investigations required by the specific case until its closure.
Any person who has access to the database must ensure their strict confidentiality.
Information of the person(s) concerned by the alert
The person mentioned in an alert shall be informed of personal data concerning him or her appearing on the platform. He or she has no information to identify the whistle-blower.
If precautionary measures are necessary, in particular to prevent the destruction of evidence or for the purposes of an investigation, this person’s information may be used after the adoption of these measures, in accordance with the applicable legal provisions.
Rights of data subjects
Under the applicable data protection regulations, the whistleblower and the person(s) concerned by the alert shall have a right of information, access and rectification, erasure and opposition to the processing of personal data concerning them.
When the right to delete is invoked, the Ethics Alert Committee examines if the stored data are still necessary for the processing of an alert. Data that is no longer needed is deleted.
If the right to oppose is invoked, the Ethics Alert Committee shall quickly examine to what extent there are no longer legitimate and compelling reasons for the treatment which prevail over the interests, rights and freedoms of the data subject, or for the finding, the exercise or defence of legal rights. However, the whistleblower and the person(s) referred to in the alert shall have the right to lodge a complaint to a supervisory authority.
Duration of retention of personal data
Personal data are kept for duration necessary for the verification and investigation of the alert or as provided for by the applicable law. Once the alert has been processed, these personal data are destroyed within two months of closure. The anonymized alert is archived in compliance with applicable laws.