GUIDELINES FOR DEALING WITH WHISTLEBLOWERS at OBERMEYER Infrastruktur GmbH & Co. KG
1. Purpose: Compliance with laws, rules, and internal guidelines is a high priority within the OBERMEYER Group. Only by acting in accordance with the law and with integrity can we protect our company, our employees, our clients, and our business partners. Serious reports help us to counteract violations at an early stage and to prevent or at least reduce damage. The aim of this policy is to establish a standardized procedure for handling reports of violations. This includes, on the one hand, the initial assessment of reports and the prioritization of reports and, on the other hand, possible measures to clarify suspicious circumstances (“investigation”). The policy sets out the principles, responsibilities, and procedures applicable to the handling of reports. This is intended to enable employees of OBERMEYER Infrastruktur GmbH & Co. KG (hereinafter referred to as “OINF”) who, by reporting information, assume responsibility for the company and therefore deserve protection from discrimination, to report violations of relevant legal provisions and other regulations without being deterred by possible discrimination as a result of their report.
2. Scope This policy applies to all employees and managers of OBERMEYER Infrastruktur GmbH & Co.KG (hereinafter referred to as “OINF”).
3. Subject matter of the report: Whistleblowers can rely on protection against discrimination if they report violations or suspected violations based on concrete facts of the provisions set out in § 2 HinSchG. These include, in particular, the following violations: Violations of criminal provisions: This includes any criminal provision under German law. Violations that are subject to fines, insofar as the violated provision serves to protect life, limb, or health or to protect the rights of employees or their representative bodies. This includes, for example, provisions from the following areas:
Occupational safety,
Health protection,
Violations of the Minimum Wage Act,
Provisions of the Temporary Employment Act,
Fines that sanction violations of disclosure and information obligations towards bodies of the works constitution such as works councils, general works councils, group works councils, and economic committees (Section 121 BetrVerfG). In addition, all violations of legal norms that have been adopted to implement European regulations are included. These include, for example, the following areas:
Regulations to combat money laundering,
Product safety requirements,
Requirements for the transport of dangerous goods,
Requirements for environmental protection and radiation protection,
Consumer protection regulations,
Data protection regulations,
Information technology security,
Public procurement law,
Regulations on accounting for corporations. Whistleblowers enjoy the same protection against discrimination when reporting violations of the Code of Conduct and/or internal compliance guidelines or suspected cases based on specific facts.
4. Reporting channel: Whistleblowers can choose whether to contact the company's “internal reporting office” or an “external reporting office” of the authorities. Irrespective of this, this policy expressly encourages OINF employees to first use the internal reporting procedure provided and to report any grievances, misconduct, hazards, etc. known to them within the meaning of this policy, as well as any violations of the company's own code of conduct and the associated guidelines. Reporting office The internal reporting office within the meaning of this policy is the Compliance Department (Legal Department). It will provide a whistleblower portal that can be accessed via the OBERMEYER homepage under “Whistleblower system” or via the intranet/sharepoint under the heading “Compliance” to enable anonymous reports. It can also be contacted via the email address compliance@obermeyer-group.com, although this latter method is not anonymous. The reporting office must confirm receipt of the report to the whistleblower within seven days.
It is then obliged to examine the report and the information it contains and to take the necessary measures or initiate further steps without delay. The reporting office shall inform the management of this immediately. The whistleblower must be informed of any follow-up measures taken no later than three months after receipt of the report. In addition, the respective managers are also called upon and authorized to receive reports; they shall forward these immediately to the compliance department/compliance officer or their deputy. The names of the Compliance Officer and his/her deputy are published in the OIS Management Portal under the heading “Compliance” and updated promptly in the event of changes.
5. Principles for handling reports of rule violations The principles described below apply to the handling of reports of rule violations. They apply throughout the entire investigation period.
5.1 Fair procedure The principle of fair procedure applies to every investigation. This includes the following points:
Both incriminating and exonerating information is collected during investigations.
Only legally obtained information or evidence is taken into account for the investigation procedure.
No investigations are conducted without suspicion.
All parties involved are treated with respect and in an appropriate manner.
Employees suspected of having committed a violation of the rules (“affected persons”) have the right to be heard and will be informed about the investigation if and as soon as this is possible without jeopardizing the purpose of the investigation.
Affected persons have the right to call on the works council for support in investigations at any time during the proceedings.
5.2 Presumption of innocence The presumption of innocence applies to all affected persons. However, the presumption of innocence does not preclude appropriate personnel measures from being taken in cases of urgent suspicion. Urgent suspicion exists if there are concrete indications that a violation of the rules has been committed with a high degree of probability.
5.3 Protection of whistleblowers Whistleblowers shall be protected in every investigation. Disadvantages or reprisals, including sanctions under labor law, solely on the basis of a report of a whistleblower shall not occur and must be refrained from. This does not apply to reports based on intentional or grossly negligent misinformation.
5.4 Proportionality All measures taken during the investigation must be suitable, necessary, and appropriate to achieve the purpose of the investigation. This also applies mutatis mutandis to measures taken following the investigation (e.g., in response to a violation of rules against the persons concerned).
5.5 Data protection In every investigation, the applicable data protection law and internal OINF guidelines on the handling of personal data shall be observed and complied with. At all stages of the procedure, care shall be taken to ensure that only personal data that is necessary for the investigation is processed.
5.6 Confidentiality / Need-to-know principle All persons involved in the conduct of an investigation must treat information obtained in the course of the investigation as confidential. This applies in particular to information that could directly or indirectly reveal the identity of the whistleblower or the persons affected by the investigation. Only those persons who are necessary for the processing and clarification of the report will be involved, and they will only receive the information that is necessary for them (strict need-to-know principle).
5.7 Rehabilitation If an investigation reveals that no violation of the rules has been committed, the management will, in cooperation with the investigating units, take appropriate measures to rehabilitate the persons concerned and protect their reputation.
5.8 Duty of access and cooperation The persons authorized to investigate a reported violation, i.e., the appointed Compliance Officer and his or her deputy, shall have unrestricted access to all OINF locations and to all OINF property, including business documents, data, and correspondence, for the duration of the investigation for the purposes of this investigation. Exceptions are data protected by a GBV on private email accounts, in the H: directory, in the personal OneDrive Cloud, or documents including correspondence from the works councils, which are not subject to access rights. However, this authorization only applies to the extent that it is related to and necessary for the investigation. All employees are obliged to support the Compliance Officer and/or the Deputy Compliance Officer if requested to do so.
5.9 Documentation All information and investigation procedures relevant to the investigation shall be documented. This includes evidence, interview records, and decisions made in the course of the investigation. The Compliance Officer shall document information and investigation procedures.
6. Initial assessment of reports The Compliance Officer shall carry out the initial assessment of the report. The initial assessment shall be documented; the dual control principle shall be observed, involving the Deputy Compliance Officer. The initial assessment shall examine
whether the report is plausible or obviously unfounded or irrelevant, and
whether the report gives rise to suspicion of a breach of rules.
7. Classification of the possible rule violation (minor or serious) After the initial assessment, the Compliance Officer shall examine whether the report gives rise to suspicion of a serious rule violation or a minor rule violation. A serious rule violation is suspected if there are actual indications that
the interests of the OINF, in particular financial or reputational interests, are seriously impaired, or
the ethical principles of the OINF are seriously violated. As a rule, a serious breach of rules exists if one of the following criteria is met:
Significant economic damage to the OINF is to be expected.
There is a risk of a significant fine or similar adverse official measures being imposed on the OINF.
Economically quantifiable damage to reputation is to be expected because the breach of rules is publicly known or is highly likely to become publicly known.
There is suspicion of criminal offenses or violations of data protection and antitrust laws with significant fines. The decision on whether a serious violation has occurred is made by the Compliance Officer together with another person (Deputy Compliance Officer) in accordance with the dual control principle. The decision must be documented.
8. Conducting the investigation If there is a plausible indication of a simple or serious breach of the rules, an investigation shall be initiated.
8.1. Conducting the investigation in the event of a suspected simple breach of the rules As a rule, the Compliance Officer conducts the investigation himself in consultation with the Legal Department (with external support if necessary); this applies in particular to simple breaches of the rules. The Compliance Officer may involve individual persons in conducting the investigation or delegate the investigation to another central department or decentralized unit, which shall conduct the investigation in accordance with the provisions of this guideline. If the investigation is delegated, it must be ensured that the Compliance Officer is closely involved and kept informed of the progress of the investigation.
8.2. Conducting the investigation in the event of a suspected serious breach of the rules If there is a suspicion of a serious breach of the rules (Section 3.2), the Compliance Officer shall immediately inform the Management Board. The Management Board shall set up an investigation team to lead and conduct the investigation in accordance with the provisions of this policy.
8.3. Corporate communications In order to ensure a consistent external image and to comply with agreements with authorities regarding external communications, any communication in connection with internal investigations shall only take place with the involvement of the Compliance Officer and after the content has been approved by the management.
8.4. Informing the whistleblower If the investigation is based on a report, the person who made the report will receive feedback on the status of the investigation within three months of making the report, in addition to the confirmation of receipt after seven days. It should be noted that only information that does not jeopardize the investigation will be disclosed.
9. Investigation report Each investigation shall be concluded with an investigation report to be prepared by the investigating unit. The investigation report must contain at least the following:
The result of the investigation, including a detailed description of the violation, if applicable;
A presentation and description of the essential evidence on which the findings are based;
Recommendations on how to deal with identified breaches of rules, including recommendations on measures to remedy unlawful situations and measures to be taken against the person concerned and, where appropriate, (compensatory) measures to be taken against external stakeholders (remedial measures);
The findings on possible causes of the breach and possible weaknesses in the OINF's internal processes, as well as recommendations for remedying weaknesses (process improvement) and reducing the risk of recurrence (prevention). In the case of a simple breach of rules, the presentation in the investigation report may also be abbreviated. If the Compliance Officer did not conduct the investigation himself, he shall be kept informed of the status of the investigation and the preparation of the investigation report and shall be informed immediately of the final results of the investigation. The Compliance Officer shall review the investigation report and document this accordingly. Investigation reports on serious breaches of rules shall be forwarded to the management.
10. Remedial measures, process improvement, and prevention If the investigation report identifies a rule violation or process deficiencies, remedial measures, process improvements, or preventive measures shall be proposed in the investigation report. In the event of serious rule violations, the management shall decide on the implementation of these measures. In the case of minor breaches of rules, the respective responsible units shall decide. The Compliance Officer shall be informed of the status of the recommended measures.
11. Conflicts of interest If there is a conflict of interest with regard to a person involved in the investigation process or if this person is even the subject of the matter to be clarified, they shall not be involved in the investigation process.
12. Informing management Management receives an annual report on the number and type of reported and identified violations of the rules.