Whistleblowing Policy

The operation of the company THEODOROU AUTOMATION SAICT is governed by a holistic approach and by the commitment of all individuals who manage, work for, or collaborate with it to always act with honesty and integrity, consistently adhering to the principles set out in the published Code of Conduct.

With this policy, which has been drafted and approved by the company’s Board of Directors, the company expressly declares its zero tolerance for any illegal, unethical, dishonest, or abusive behavior by its executives, employees, or partners.

Transparent and properly structured internal communication channels are created, and the rights, obligations, and protection of individuals who report violations of the relevant European and harmonized Greek legislation are defined. The policy also sets out the methods for handling internal complaints related to these issues.

• To encourage the submission of reports regarding any form of misconduct described in Article 4 of this policy.
• To provide guidance for raising and reporting concerns about possible violations.
• To ensure confidentiality and that genuine concerns, raised honestly, can be expressed without fear of retaliation, even if they ultimately prove unfounded.

This policy concerns all personnel who manage, work for, or collaborate with the company, including:

• All employees (full-time or part-time, temporary or permanent, active or retired)
• Contractors and subcontractors
• External suppliers
• Consultants and external partners

A person who works for the company as an employee or collaborates with it in any way or form, and who discovers illegal or unethical practices or incidents in the context of their work-related activities that pose threats or harm to the public interest, and decides to report them to the appropriate organizational body or an external authority.

The whistleblower may choose to remain anonymous, but the company encourages the submission of named, confidential reports.

Violations of relevant European and harmonized Greek legislation (Law 4990/2022) include illegal practices and unethical behaviors.

Examples include:

• Abuse of power, bribery, corruption, fraud of any kind such as procurement fraud
• Embezzlement, money laundering, network and information systems security breaches
• Environmental protection violations, personal data protection breaches
• Sexual harassment, sexism, racism, unacceptable behavior
• Threats, discrimination, etc.

Individuals (Article 4) who detect and wish to report illegal practices observed in the company’s broader operating environment should not hesitate to report such situations and illegal practices.

Examples of concerns that may be raised (not exhaustive): any suspicious fraudulent behavior, corrupt behavior, violation of any applicable antitrust or competition laws, breaches of personal data protection or corporate system security rules, threats to an individual’s health and safety, threats to the environment, or the commission of a criminal offense.

Where possible, concerns should first be reported internally. Reports under this policy may be submitted through an independent whistleblowing channel (electronically at This email address is being protected from spambots. You need JavaScript enabled to view it.).

It is necessary to provide descriptive information relevant to the report (time, place, involved persons) that will be used for the investigation, without requiring the reporting person’s personal details. Otherwise, the company undertakes to protect the anonymity of the reporting individual.

To maintain anonymity, the reporting person should create a new email account (e.g., Gmail, Yahoo, Hotmail, etc.) to communicate with the company’s independent reporting line.

The company has appointed as Responsible Officer for Receiving & Monitoring Reports (RORMR) the Board member and advisor Mr. Elias Giannopoulos, who is responsible for guiding and informing individuals confidentially and respectfully regarding any matter related to this policy.

The company is committed to protecting the anonymity of the reporting person and will not take actions that may reveal their identity. Note that disclosure of the informant’s identity may be required by a court or other legal process as part of the investigation.

The storage and processing of personal data are carried out in accordance with applicable data protection legislation.

The company is committed to maintaining confidentiality regarding the identity and personal data of both reporting persons and persons mentioned in reports and takes all appropriate technical and organizational measures throughout the monitoring of the report and communication with competent authorities.

The company commits to treating every report - whether named or anonymous - with due care. The Investigating Officer and, where necessary, the Investigation Team conduct an inquiry into the incidents described in the report as soon as possible.

Within 7 days of submitting the report, the reporting person receives confirmation of receipt of the email and acknowledgment of the Report by the RORMR.

Upon receiving the report, the RORMR will immediately inform the CEO and the ETHOS committee, who will form an investigation team consisting of the above members and the relevant department head. The committee investigates the report promptly and thoroughly and takes the required actions.

To ensure absolute transparency and ongoing information throughout the process, the company undertakes to provide regular updates on the progress of the investigation and the final response.

The reporting person should be available, confidentially or anonymously, to provide additional information if requested. Especially in the case of anonymous reports, the reporting person may choose the communication method or contact process for providing information.

The final response (depending on the nature of the report) will not exceed 3 months.

The company protects every employee or collaborator who detects and submits a report regarding illegal or unethical behavior.

The company protects both the individuals who submit reports and those mentioned in reports.

The investigation is carried out with full discretion and confidentiality at every stage, to the extent possible, to avoid the stigmatization or “victimization” of individuals.

The company commits that workers/collaborators who submit reports will not suffer retaliation, harassment, marginalization, intimidation, threats, or unfair treatment, provided the report is not found to be malicious.

Depending on the results of the investigation, the ETHOS Committee (Committee for Investigating Bribery & Complaints) proposes corrective and/or disciplinary/legal actions.

Any act of retaliation must be reported immediately to the committee, which will investigate and resolve it. If retaliation is confirmed, disciplinary measures will be imposed on the responsible party.

The company maintains zero tolerance for any illegal behavior or behavior inconsistent with the Code of Conduct.

In the case of an unfounded report, disciplinary sanctions are imposed according to the disciplinary procedure, and when necessary, the company may pursue any legal means, including judicial action, to claim any civil or criminal damages.

Updated: March 2025