Guideline Internal reporting in accordance with the Whistleblower Protection Act (HinSchG)

Company:

Companies of the WAY Group
Frankfurter Ring 150
80807 Munich

Definitions

“Whistleblowing” = The reporting of an incident by contacting the internal reporting office of WAY Group in any way whatsoever.

“Reporting an incident” = Disclosing of information by the whistleblower that describes a situation which, from the reasonable point of view of the whistleblower at the time of the reporting, indicates a legally sanctionable violation as described in this policy under “Reporting violations – examples” in this policy.

“Whistleblower Protection Act” or “HinSchG” = The law for better protection of whistleblowers.

“Violation” = An act or omission in the context of a professional, entrepreneurial or official activity that is unlawful and concerns regulations or areas of law that fall within the scope of the item “Reporting violations – examples” fall within the scope of application. This may also include abusive acts or omissions that run counter to the aim or purpose of the provisions in the regulations or areas of law listed in the “Reporting violations – examples” are described.

“Good faith” = A person acts in good faith if they make a decision to act in honest reliance on their subjective assessment of a situation and are not responsible for their lack of knowledge regarding an objectively different situation.

“Reprisals” = Actions or omissions in connection with the professional activity which are a reaction to a hint or disclosure, and which cause or may cause an unjustified disadvantage to the person making the disclosure.

Aim of the directive

The companies of WAY Group* strive to establish a culture of expression within the company in which concerns about possible unlawful and sanctionable behavior of the company can be expressed without fear of reprisals. The companies therefore encourage employees (and other persons with a connection to the company) who become aware of possible misconduct in an operational context to contact the reporting office.

This guideline describes how to report such matters within WAY Group and serves to specify the legal requirements with regard to the protection of those reporting. This guideline is also intended to:

a) encourage the disclosure of misconduct within the company;
b) promote the company’s values and improve the company’s reputation and sustainability in the long term;
c) promote the Code of Conduct of WAY Group and also reflect our values in ethical and social terms;
d) contribute to the elimination of misconduct within the company and thereby protect the company from liability risks as part of risk management or minimize liability risks;
e) ensure that those who observe and report misconduct are protected to the extent required by law
f) enable prompt processing of information;
g) fulfill the company’s legal obligations under the Whistleblower Protection Act (from now on referred to as “HinSchG”);
h) Create transparency within the company as to how reporting is handled.

What is whistleblowing?

Whistleblowing means that a natural person who has obtained information about violations in connection with their professional activity or prior to a professional activity informs a competent body of these violations.

This does not include personal complaints that cannot be legally sanctioned and that are not in the public interest (for assistance in making the distinction, please refer to “Reporting violations – examples”).

Whistleblowing also expressly does not include any deliberate submission of false facts or the reporting of incidents with the intention of deliberately harming a third party.

WAY Group is aware that employees, suppliers or customers who observe misconduct in their professional activities may be deterred from reporting this misconduct, similar to personal complaints. Potential whistleblowers may fear professional or corporate consequences. We want to firmly counter this and make it clear at this point that all serious reports of violations will be pursued with determination and appropriate countermeasures or follow-up measures will be taken.

We also ask that you do not take any measures of your own in this regard but follow the whistleblowing processes listed here. We would also like to point out that even after the introduction of the internal reporting office for whistleblowing, your contractual confidentiality obligations continue to apply, which may also affect the respective whistleblowing or parts of the whistleblowing. You are only expressly released from the confidentiality obligation with regard to communication in the context of whistleblowing with the responsible bodies defined in this guideline. For their part, the responsible employees of the internal reporting office are bound by contractual confidentiality obligations and the statutory duty of confidentiality pursuant to paragraph 8 of the HinSchG, both towards them and towards WAY Group.

Importance of compliance with the directive

Compliance with this policy is of crucial importance for WAY Group and its employees, suppliers and customers. By adhering to the policy, each individual employee plays a part in the realization of our code of conduct and the moral standards of the entire company and can thus steer the working environment in a positive direction for themselves, their colleagues and business partners. Compliance with the policy should also help to ensure that information about potential breaches is received with due regard for data protection and data security and processed with the necessary confidentiality.

Scope of application

This policy applies to all reports of potential violations submitted to the internal reporting office of WAY Group. This includes not only employees, but also suppliers, customers and other persons who come into contact with WAY Group in their working environment.
The guidelines described here are binding and must be implemented in the individual departments. This policy applies to all managers and employees of the company. It is therefore expected that all managers and employees in the company familiarize themselves with this policy, comply with it and also ensure, as far as possible, that suppliers, customers and other service providers who are in contact with the company are also made aware of the policy and comply with it.

Basis of the directive

The legal basis for the policy is the HinSchG, which obliges our company to provide an internal reporting office for the HinSchG. In addition, the aforementioned corporate philosophy and our internal values form the basis of the policy. We want to demonstrate responsibility in practice in our company and it is therefore our self-image to always act transparently and in compliance with the law in our business activities and to remedy any violations.

Description of relevant aspects

Person providing information

A whistleblower is a natural person who reports information about violations obtained in connection with their work activities. This includes officers, employees and members of the companies (both current and former employees, including interns, temporary workers and those working for us as service providers). It also includes all suppliers, business partners and customers of the companies, including the respective employees.

Reporting violations – examples

To give you an idea of the potentially reportable violations, here is a non-exhaustive list of possible violations covered by the HinSchG:
โ€ข Offering or accepting bribes (corruption)
โ€ข Money laundering, i.e. the legitimization of illegally acquired funds by feeding them into the legal economic cycle
โ€ข Misappropriation of funds or systematic theft beyond the petty theft threshold
โ€ข Fraud, in any form
โ€ข any disclosure of trade secrets in violation of the company’s confidentiality rules
โ€ข Violations of antitrust law, tax law or public procurement law
โ€ข Violations of occupational safety, the General Equal Treatment Act or other regulations that serve to protect the rights of employees
โ€ข Violations of the General Data Protection Regulation (GDPR), i.e. in particular the disclosure or improper handling of personal data of other employees, customers or suppliers
โ€ข Any violations of food safety, food quality and cleanliness certificates, the use of unauthorized pesticides and other quality standards that are relevant to our company
โ€ข Offenses that affect road safety
โ€ข any other violations that are likely to damage the company’s reputation

Confidentiality/ Anonymity

According to the Whistleblower Protection Act, there is only a legal obligation to maintain confidentiality with regard to the whistleblower and others named in the report when handling reports (paragraph 8 HinSchG). However, we are convinced that the effectiveness of the internal reporting office will be increased if we also offer the option of submitting reports anonymously. We therefore offer whistleblowers the opportunity to submit information completely anonymously.

If the whistleblower chooses not to make the report anonymously, only the responsible employees will initially have access to the personal data. They are also covered by the legal obligation to maintain confidentiality in accordance with paragraph 8 HinSchG.
The obligation of confidentiality also applies to personal data of third parties that are disclosed in the context of the tip-off. Processing outside the statutory framework is also excluded with regard to this data when processing tips.

Please note, however, that a valid report may ultimately lead to colleagues and/or an accused person being able to establish the identity of the whistleblower. There are limits to confidentiality and anonymity, especially when internal investigations or interviews are conducted.

If the report reveals misconduct on the part of a person that constitutes misconduct independently of the report, be it the submission of a deliberately false report or misconduct on the part of a third party that is uncovered by the report, it is nevertheless possible that consequences may arise from the misconduct that was disclosed as part of the hint. In doing so, we adhere to the statutory “guard rails” that provide for exceptions to the confidentiality requirement (ยง 9 (4), ยง35 an ยง38 HinSchG). At this point, however, we would like to emphasize once again that WAY Group endorses and supports reports of potential violations made in good faith. The person providing the information acts loyally, lawfully and in accordance with our understanding of the values at WAY Group.

Protection of the whistleblower

Any whistleblower who points out potential violations in good faith is protected from “reprisals”. This is prescribed by law (ยง 36 HinSchG) and is also practiced in our company.

Reprisals also include threats or attempts to exercise reprisals. We categorically reject any professional discrimination against whistleblowers. This would not only constitute a breach of the statutory provisions, but would also be inconsistent with the values of WAY Group.

Protection against reprisals under the HinSchG also includes a claim for compensation for the resulting damage if reprisals have actually taken place (ยง 37 HinSchG). WAY Group hereby clarifies that reprisals against the whistleblower, which employees decide to take independently, will not be tolerated by the company and that WAY Group expressly reserves the right to take legal action in this case.

The protection of the whistleblower also extends to the exclusion of responsibility for obtaining or accessing information in the context of whistleblowing, provided that accessing the information does not constitute a criminal offense for the person in the normal course of their professional activity. This could constitute a criminal offense under the legal situation prior to the HinSchG and is now a protected form of action.

Protection of the accused person

The accused person should also be protected from unjustified accusations. Even though we take the protection of whistleblowers very seriously at WAY Group, we make it clear that the internal reporting office is not to be used for unjustified retaliation against colleagues or similar measures. These persons are also protected by the confidentiality of the internal reporting office. In addition, as part of the careful examination of any incoming accusation, the plausibility of the report will be checked in each case and, if possible, contact will be established with the individuals named in order to ensure that a transparent picture of the situation is available before any decisions are made. If a person has been culpably and unjustifiably accused by a whistleblower, we will also work in the interests of WAY Group to compensate the accused person for the damage incurred (cf. ยง 38 HinSchG).

Under no circumstances should employees get the impression that WAY Group is biased towards the whistleblower with regard to potential violations that are reported.

Follow-up measures

If a notification is received, the companies of WAY Group are obliged to define suitable follow-up measures (ยง17 (1) No. 6 HinSchG). Possible follow-up measures in accordance with ยง 18 HinSchG include (not exhaustive):

โ€ข conducting internal investigations and contacting the individuals and departments concerned;
โ€ข referring the whistleblower to other competent bodies;
โ€ข the conclusion of the proceedings for lack of evidence or for other reasons; or
โ€ข the transfer of the case for further investigation to a competent authority or to another competent department of the company.

Follow-up measures are defined by the internal reporting office in cooperation with our external partner aigner business solutions GmbH. However, the final decision on a follow-up measure always remains with WAY Group.

How the reporting works

Internal reporting works as follows:
Primarily, an external digital whistleblower system is made available for submitting information on relevant violations of legal regulations and our corporate values in accordance with the Whistleblower Protection Act. This is provided and managed by our partner aigner business solutions. It can be accessed with any internet-enabled device, whether smartphone, PC, laptop or tablet.

You can find a link to this digital whistleblower system in the footer, i.e. at the bottom of the WAY Group homepage (domain: www.waygroup.de) or in our intranet. As soon as you click on the link, you will be provided with all the information you need to submit a report. There is also a FAQ section with answers to most of the questions in question. You can use the digital whistleblowing system 365 days a year, 24/7.

In addition, you will find contact details for contacting us via telephone in the same place. Telephone contact is only possible from Monday to Friday from 09:00 a.m. to 5:00 p.m.. Finally, at the request of the whistleblower, we also offer the possibility of a personal meeting for the purpose of whistleblowing. The contact details are as follows:

TELEPHONE CONTACT
Telephone (Germany): +49 800 3800 999
Telephone (abroad): +49 69 999 988 39

Once a person has submitted a report, they will receive a confirmation of receipt within 7 days, depending on which contact option they have used.

In addition, we carefully check the information with our partner aigner business solutions GmbH and contact the person who provided the information again after three months at the latest.

If a violation reported internally at WAY Group is not remedied, the whistleblower is free to contact the external federal reporting office in accordance with the HinSchG. Information on external reporting offices can be found on the website of the Federal Ministry of Justice under the following link: https://www.bundesjustizamt.de/DE/MeldestelledesBundes/MeldestelledesBundes_node.html

Documentation of the notes

The information is documented by the internal reporting office in accordance with ยง 11 HinSchG. In particular, the documentation of the whistleblowing alert is generally kept permanently accessible for the duration of three years after the conclusion of the procedure, unless legal requirements demand that it be kept longer. The documentation is stored in a strictly access-protected manner.

Concluding remarks

This guideline may change due to new legal or business circumstances. It therefore applies in the latest published version. The status of this version is May 2025.

With regard to the data protection aspects of the whistleblowing system, please consult the data protection information on the internal reporting office under the HinSchG, which is also linked in the context of the digital whistleblowing system. You can also find this under the following link: https://www.waygroup.de/hinweisgeberschutz/

* The WAY Group is a brand of the following companies:

WAY Business Solution GmbH | Branch: Munich | Registry court Munich | HRB 164739 | Managing director: Simon Al Chnaah
WAY People+ GmbH | Branch: Munich | Registry court Munich | HRB 201037 | Managing director: Simon Al Chnaah
WAY Engineering GmbH | Branch: Munich | Registry court Munich | HRB 230904 | Managing director: Simon Al Chnaah
WAY HR Professionals & Experts GmbH | Branch: Munich | Registry court Munich | HRB 232533 | Managing director: Simon Al Chnaah
WAY Digital Solutions GmbH | Branch: Munich | Registry court Munich | HRB 231140 | Managing director: Simon Al Chnaah