1. OBJECTIVE
This policy outlines the obligations related to the 'Law of November 28, 2022, on the protection of reporters of breaches of Union or national law established within a legal entity in the private sector.' More specifically, it concerns the reporting channels available to whistleblowers.
2. SCOPE
This policy applies to individuals who, in a work-related context, identify and report breaches within the company as listed in Article 3. These reports can be made through internal or external reporting channels.
Individuals include:
● employees;
● freelancers;
● anyone working under the supervision and direction of contractors, subcontractors and suppliers;
● former employees who obtained information on breaches during the employment relationship between the employee and employer;
● future employees who obtained information on breaches during the recruitment process or other pre-contractual negotiations;
● facilitators, natural people assisting a reporter in the reporting process and whose assistance must remain confidential;
● third parties connected to the reporter and potentially subject to retaliation in a work-related context, such as colleagues or family members;
● legal entities owned by reporters, for whom reporters work, or with whom reporters are otherwise connected in a work-related context.
The reporter is protected against reprisals (adverse measures) if :
● the reporter had reasonable grounds to believe that the reported information on breaches was accurate at the time of reporting;
● the information falls within the scope of the Whistleblower Act; and
● the whistleblower reports the information via an internal or external channel or discloses the information within the provisions of the Whistleblowers' Act.
Reporters are penalized according to Articles 443 to 450 of the Penal Code if it is determined that they intentionally reported or disclosed false information. People who suffer damage as a result of such reports or disclosures are entitled to compensation measures according to contractual or non-contractual liability.
3. BREACHES
This concerns the protection of whistleblowers reporting breaches of Union law. It only concerns breaches:
1. linked to:
i. public procurement;
ii. financial services, products, and markets, prevention of money laundering and terrorist financing;
iii. product safety and conformity;
iv. transport safety;
v. environmental protection;
vi. radiation protection and nuclear safety;
vii. food and feed safety, animal health, and welfare;
viii. public health;
ix. consumer protection;
x. protection of privacy and personal data, security of network and information systems;
xi. combating tax fraud;
xii. combating social fraud;
2. those harmful to the financial interests of the EU, as referred to in Article 325 TFEU (fraud prevention);
3. related to the internal market (including state aid and competition), namely the free movement of goods, persons, services, and capital based on Article 26(2) TFEU.
The provisions of this law do not apply to:
● the field of national security, except with regard to reports of breaches of rules concerning public procurement in the field of defense and security;
● classified information;
● information covered by medical confidentiality, nor to information and intelligence received by lawyers from their clients or obtained about their clients;
● information covered by the secrecy of judicial deliberations.
4. REPORTS
Reports in accordance with the Whistleblower Act can be made through 3 channels:
1. internal channel: Reporters should use the internal reporting channel, in accordance with Article 5, as much as possible. The internal channel aims to detect and remedy breaches within the organization.
2. external channel: The external channel is set up by the government, namely a report to a federal ombudsman.
3. press/public disclosure: When an internal or external report does not lead to appropriate action, there are serious reasons to believe there is an immediate danger to the public interest, or there is a risk of retaliation or destruction of evidence.
5. INTERNAL REPORTING CHANNEL
A person who has identified a breach or has reasonable suspicions of a breach, contrary to one or more of the areas mentioned in Article 3 and involving the company, can report this via internal reporting channels.
5.1. Internal reporting channel
The reporter has the following reporting ways within the company:
● report via this URL link of the company’s website;
● report via this form on the company’s Intranet page, accessible via this link.
The reporter can also request to report a breach in person within a reasonable timeframe via a physical meeting by appointment with Sofie Tavernier. The appointment for a personal report can be scheduled with Sofie Tavernier at the mobile number 0476 09 16 37 or via email to sofie.tavernier@aviobook.aero .
5.2. Handling of internal reports
The internal reporting channels are managed internally. At the latest within 7 calendar days of receiving the report, the reporter will receive an acknowledgment of receipt. An impartial person will be responsible for monitoring the report and communicating with the reporter. Within the company, Sofie Tavernier (internal confidential advisor and internal prevention advisor) will be responsible for this. The risk of conflicts of interest is hereby reduced to a strict minimum and external investigative resources can be used, if necessary.
5.3. Disclosure to Government Authorities
If a report contains information that must be transmitted by law to a government authority responsible for following up crimes within the areas of Article 3, the person or department handling the report within the company, after thorough consultation with the employer, will forward the information to the government authority concerned.
5.4. Feedback
The reporter receives feedback on the handling of the report within a reasonable timeframe and no later than 3 months after sending the acknowledgment of receipt. The reporter receives information about whether corrective measures have been taken, process improvements or changes, and/or other further steps planned or already taken. This feedback does not contain details about specific individuals and is generally oriented. If additional investigation is appropriate, the person or department designated in Article 5.2 shall ensure the confidentiality of investigative acts and compliance with the rights of third parties.
If it is not possible to provide any feedback, the reporter will be notified accordingly, including the reasons for the unavailability of information.
5.5. Confidentiality and Non-disclosure
The person or department designated in Article 5.2 ensures that information about the report is kept in such a way that it is physically and digitally accessible only to authorized people. All information regarding reports, the associated investigation reports, decisions, communications, etc., will be treated with the utmost confidentiality.
A strict 'need to know' basis is applied for the disclosure of relevant information. All individuals involved in reports will maintain strict confidentiality about their contents. Under no circumstances may the identity and all information from which the identity of the reporter can be directly or indirectly deduced be disclosed to anyone other than the authorized persons or services without the reporter’s free and explicit consent. Exceptionally, this may be disclosed if it is a necessary and proportionate obligation under special legislation in the context of investigations by national authorities or judicial proceedings, also to safeguard the defense rights of the individual concerned. The reporter will be informed in advance, unless it would endanger the investigation.
5.6. Registration of reports
The received reports are recorded in a register, which tracks the receipt of the report, its investigation, and its resolution. These records are kept for the duration of the contractual relationship between the reporter and the employer.
Investigation reports and supporting information are kept for a minimum of 5 years after the end of the investigation.
When the report is made verbally, it is retained in the following ways:
● report via a phone line or other voice messaging system with call recording:
⁻ by making a recording of the conversation in a durable or retrievable form; or
⁻ by a complete and accurate written record of the conversation prepared by the personnel responsible for handling the report;
● report via a phone line or other voice messaging system without recording:
⁻ by a complete and accurate written record of the conversation prepared by the personnel responsible for handling the report;
● report by a personal meeting:
⁻ by a complete and accurate written record of the conversation prepared by the personnel responsible for handling the report.
In the case of a written record, the reporter is given the opportunity to review, correct and sign it for approval.
6. PROCESSING OF PERSONAL DATA
All personal data are processed in accordance with applicable data protection legislation, including the General Data
Protection Regulation (GDPR).
Personal data is processed solely for the purpose of conducting the required investigations based on a legal obligation, and only the strictly necessary data is processed. The data may be shared with government authorities if the report contains information that must be legally disclosed or with other external parties involved in the investigation.
Personal data is retained at least as long as the contractual relationship between the reporter and the employer runs and at most until the limitation period for the reported breach has expired.
7. EXTERN REPORTING CHANNEL
A person who has identified a breach or has reasonable suspicions that a breach has occurred or will occur, which contradicts one or more of the areas mentioned in Article 3 and in which the company is involved, can also report this through external reporting channels. This can be done either after first reporting through an internal reporting channel or directly.
7.1. Competent authorities
The following authorities, each for their own domain, are designated as competent authorities for external reports:
● the Federal Public Service Economy, SMEs, Self-Employed, and Energy;
● the Federal Public Service Finance;
● the Federal Public Service Public Health, Food Chain Safety and Environment;
● the Federal Public Service Mobility and Transport;
● the Federal Public Service Employment, Labour and Social Dialogue;
● the Programming Public Service Social Integration, Poverty Reduction, Social Economy, and Urban Policy;
● the Federal Agency for Nuclear Control;
● the Federal Agency for Medicines and Health Products;
● the Federal Agency for the Safety of the Food Chain;
● the Belgian Competition Authority;
● the Data Protection Authority;
● the Financial Services and Markets Authority;
● the National Bank of Belgium;
● the College of Supervision of Auditors;
● the Authorities mentioned in Article 85 of the law of September 18, 2017, on the prevention of money laundering and terrorist financing and the restriction of the use of cash;
● the National Committee for the Security of the Supply and Distribution of Drinking Water;
● the Belgian Institute for Postal Services and Telecommunications;
● the National Institute for Health and Disability Insurance;
● the National Institute for the Social Insurance of the Self-Employed;
● the National Social Security Office;
● the Social Information and Investigation Service;
● the Autonomous Coordination Service;
7.2. External report
The reporter can make an external report via the Federal Ombudsman, who will be in charge of coordinating external reports in the private sector.
The report can be made in the following ways:
1. via a reporting form: https://www.federaalombudsman.be/nl/meldingsformulier;
2. by email to integriteit@federaalombudsman.be ;
3. by appointment with one of the employees of the Integrity Center. You can make an appointment via integriteit@federaalombudsman.be or by calling 0800 999 61.
More information on external reports can be found on the following website: