Whistleblowing Policy - Spadel Group

Title

Whistleblowing Policy (the “Policy”)

Language of the document

English

Department responsible

Legal Department

Author

Philippine De Wolf

Last updated

27 January 2023

Status

Published

Target

All workers, employees and directors (together, the “Employees”) of Spadel SA or any of its subsidiaries (“Spadel” or “Spadel Group”), as well as all persons acting on its behalf (such as consultants and agents) (the “Representatives”) and all relevant external parties.

Scope of application

This Policy applies to all of Spadel’s activities and operations (the “Activities”).

Mandatory review

27 January 2026

Location

Legal Department Public - Whistleblowing - Lanceurs d'alerte - Klokkenluiders - All Documents (sharepoint.com)

Revision

This Policy shall be revised at least once every three (3) years. Where appropriate, the revisions are coordinated and validated by the Legal Department.

Users are advised to consult the latest version of the Policy. The “Major Revisions” section below summarises the latest updates to the Policy.

Major Revisions

These key points only provide an overview of the revisions to the Policy. The latest version of the Policy should be consulted to have a more detailed understanding of the amendments and/or additions to the Policy.

  1. Objective

Spadel is committed to the highest standards of business ethics and legal compliance. It is therefore of great importance for Spadel to have appropriate procedures in place to enable its employees to report any concerns regarding actual or suspected misconduct in Spadel’s operations in a responsible and effective manner, while ensuring that they are protected from retaliation. This Policy is consistent with the “How to Report a Breach” section of the Spadel Group Code of Conduct.

This Policy covers the following questions:

  • What is whistleblowing?
  • Which misconduct to report?
  • When and how to report?
  • What measures are in place to protect Whistleblowers?
  • What is the internal follow-up procedure?
  • How are personal data processed?
  1. What is whistleblowing?

Whistleblowing means the confidential or anonymous reporting by Spadel employees or external parties (e.g. customers, suppliers, etc.) of illegal, dishonest or wrongful conduct within Spadel’s activities, while being protected from retaliation.

The person who reports the misconduct is a “Whistleblower”.

  1. Which misconduct to report?
  • Misconduct

A Whistleblower may report illegal, dishonest or wrongful conduct such as (but not limited to):

  1. a crime or a misdemeanour;
  2. a breach of applicable laws, regulations and/or international treaties;
  3. breach of Spadel’s contractual commitments;
  4. an infringement of Spadel’s Code of Conduct and/or other policies and procedures;
  5. any other type of unethical or dishonest behaviour (“Misconduct”).

Annex 1 provides examples of Misconduct.

A report under the Whistleblowing Policy must be made in the general interest of the Spadel group. Personal grievances and complaints on unacceptable behaviour at work or excessive workload may also be reported under the Whistleblowing Policy. However, given the personal nature of such reports, the internal follow-up process may deviate from the current Policy. The Confidant (or, in their absence, the local HR manager) will nevertheless hear the complaint and will provide information about the applicable local policies and the channels available through which such complaints can be addressed.

  • Reporting in good faith

When making a report, a Whistleblower must always act in good faith and without direct financial reward and the report must be based on reasonable grounds. Where the report contains false, unfounded or opportunistic allegations, or where a report is made for the sole purpose of defaming or causing harm to others, Spadel may take appropriate disciplinary and/or legal action against the Whistleblower.

A Whistleblower is not responsible for investigating the Misconduct or identifying corrective measures. This task is assigned to qualified case managers who perform the relevant functions internally (see Section 6). 

  1. When and how to report?

If you discover, become aware of, or have reasonable grounds to suspect, (potential) Misconduct within Spadel’s operations, you are encouraged to immediately inform Spadel of the relevant incident.

Before reporting a Misconduct under this Policy, you should first consider using the normal reporting channels (i.e. your team leader or hierarchy (for blue-collar workers) or manager (for white-collar workers) or your local HR manager). If, for any reason, you feel uncomfortable or wary in reporting a Misconduct through the normal reporting channels, Spadel’s internal whistleblowing tool offers an alternative channel through which you can report the Misconduct confidentially or anonymously.

  • Reporting channels
  • Internal whistleblowing channels

An internal online whistleblowing tool (“Whistleblowing Tool”) is available within Spadel. This whistleblowing tool is operated by a third party, Convercent Inc. and is available 24/7, 365 days a year, in two ways:

  • online on the platform: ethicspadel.com;
  • or by phone:
    • in Belgium: 0800.260.39
    • in France: 0805.08.03.39
    • in the Netherlands: 800.022.0441
    • in Bulgaria: 0800.460.38

The tool allows a Whistleblower to report a Misconduct to the group’s headquarters (“Group Reporting Channel”), to the local organisation (“Local Reporting Channel”)[1] or to both channels simultaneously (“Local/Group Reporting Channel”).

When submitting the report, the Whistleblower must decide whether the Misconduct should be investigated locally and/or by the Group Headquarters.

The Whistleblowing Tool gives the option to submit the report to:

  • the local Confidant or the local HR Manager (if there is no local Confidant) within the local organisation (see Annex 2 for the list of local Confidants and other key persons);
  • the Legal Department; or
  • both the Local Confidant/Local HR Manager and the Legal Department.

Reporting via the online tool can be done in writing on the web platform or orally by phone.

  • External reporting channels (European Union)

It is strongly recommended that you first consider reporting Misconduct through the normal reporting channels or via Spadel’s Whistleblowing Tool (see Section 4.1.1). Internal reporting remains the most effective route to allow Spadel to thoroughly investigate the matter and take appropriate action to address the Misconduct.

Within the European Union, a Whistleblower has the option of reporting any Misconduct falling within the scope of Directive (EU) 2019/1937 to a local competent authority responsible for receiving and investigating whistleblowing reports (external reporting). The list of local competent authorities for external reporting is attached in Annex 3.

  • What information should be included in a whistleblowing report?

A report must be sufficiently detailed and documented, and should include the following details (where the relevant information is known):

  • a detailed description of the events and how they came to the Whistleblower’s attention;
  • the date and place of the events;
  • the names and job positions of the persons involved, or information enabling their identification;
  • the names of any other persons who can attest to the reported facts;
  • when submitting a report, the Whistleblower’s name (this information will not be requested if the report is made anonymously); and
  • any other details or information that could help the investigation team to verify the facts.

A Whistleblower is strongly encouraged to submit a report and provide their name. This facilitates the internal investigation as well as the taking of appropriate measures to protect the Whistleblower (see section 5).

  1. What measures are in place to protect the Whistleblower?

Spadel wants to create a safe environment where a Whistleblower feels comfortable reporting any Misconduct within the organisation. To this end, the following protective measures have been put in place:

  • confidential treatment of the Whistleblower’s identity;
  • the possibility for the Whistleblower to remain anonymous when submitting a report, and
  • the prohibition of any form of retaliation against the Whistleblower and related parties.
  • Confidentiality of the Whistleblower’s identity

The Whistleblower’s identity will be treated as strictly confidential. The following measures have been put in place to ensure such strictly confidential treatment:

  • Reports are managed by case managers and the files are kept within the dedicated Whistleblowing Tool, which is only accessible to authorised members of the investigation team;
  • All internal and external parties involved in the investigation and in follow-up actions are subject to strict confidentiality obligations. Unauthorised disclosure of information relating to the investigations, the report or the identity of a Whistleblower will not be tolerated and will result in disciplinary action. Depending on the circumstances, such conduct may also give rise to other measures, including civil or criminal proceedings.

The Whistleblower’s identity will not be disclosed unless:

  • the Whistleblower explicitly consents to its disclosure; or
  • its disclosure is required by law.

Depending on the type of reported Misconduct, there might be a legal requirement to notify the public authorities in order for them to launch an official investigation. In such cases, Spadel may be required to provide the Whistleblower’s name to the public authorities, while preserving the Whistleblower’s strict confidentiality at all times. Spadel will inform the Whistleblower when their identity has been disclosed to the authorities, except where doing so would jeopardise the investigations or judicial proceedings.

  • Anonymity

A Whistleblower has the option to remain anonymous when submitting a report and during the subsequent investigations. In this case, the Whistleblowing Tool guarantees that the Whistleblower’s identity remains protected and cannot be discovered by anyone involved in the investigation.

Spadel has put in place the following measures to guarantee the anonymity of the Whistleblower:

  • at no time will the Whistleblower be asked to reveal their identity;
  • the Whistleblowing Tool ensures that the Whistleblower’s identity is protected and cannot be discovered by any means;
  • throughout the follow-up process, the Whistleblower may refuse to answer questions that they feel could identify them.

Spadel will make every reasonable effort to investigate an anonymous report. However, it should be noted that in some cases there are limits to what can be accomplished when the Whistleblower chooses to remain anonymous.

  • No retaliation

Any type of retaliation, threat, punishment or discrimination will not be tolerated against the Whistleblower, third parties linked to the Whistleblower (e.g. colleagues or relatives) or anyone who has assisted the Whistleblower in submitting the report or who has taken part in the investigation. Spadel will take appropriate action against anyone who retaliates or threatens retaliation.

If a Whistleblower, third parties linked to the Whistleblower or anyone who has assisted the Whistleblower fear that they may face retaliation or feel that they have already suffered retaliation, they should immediately report their concerns to the Compliance Officer (see Annex 4 for contact details).

The Compliance Officer will investigate the matter in a strictly impartial manner and ensure that appropriate action is taken to prevent or address the retaliation measures.

  1. What is the internal follow-up process?

Internal reports submitted through the normal reporting channels (i.e. without using the Whistleblowing Tool (see section 4.1.1) will be directly handled internally, without following the procedure described below for all the reports submitted via the Whistleblowing Tool.

6.1. Acknowledgement of receipt

Within 7 days of receiving the whistleblowing report, a case manager will send an acknowledgement of receipt to the Whistleblower via the Whistleblowing Tool.

  • Investigation

The report will be investigated promptly and diligently in accordance with this Policy. All investigations will be conducted thoroughly and in accordance with the principles of confidentiality, impartiality and fairness towards all parties involved. The case manager may contact the Whistleblower to obtain further information and/or evidence about the Misconduct. Where necessary to conduct a thorough and confidential investigation, external parties (e.g. external counsel, investigation firms, accounting firms, etc.) may be involved.

The choice of case manager and investigation team will depend on whether the report is submitted to the local Confidant, the Legal Department or both.

  • Local Confidant or local HR Manager

If the report was submitted to the local Confidant/local HR Manager, the investigation is conducted at local level. Other representatives of the local HR department[1] may provide assistance on a strict need-to-know basis. Together they form the local investigation team.

Where the Misconduct reveals a more structural problem or involves more than one Group company, the local Confidant/local HR Manager may request assistance from the Legal Department, the Internal Auditor or the Group HR Department, subject to the confidential treatment of the Whistleblower’s identity. The Whistleblower’s identity may be disclosed to the Legal Department, the Internal Auditor or the Group HR Department only with the Whistleblower’s explicit written consent.

  • Legal Department

If the report was submitted to the Legal Department, the investigation is conducted at group level. The Legal Department will take the lead in the investigation and may involve the Internal Auditor and the Group HR Department on a strict need-to-know basis. Together they form the company’s investigation team. The local HR Department will only take part in the investigation, subject to the confidential treatment of the Whistleblower’s identity. The Whistleblower’s identity will be disclosed to the local HR Department only with the Whistleblower’s explicit written consent.

  • Local Confidant/Local HR Manager and Legal Department

If the report was submitted to the local Confidant/local HR Manager and the Legal Department, the local Confidant/local HR Manager and the Legal Department must consult each other and decide who should take the lead in the investigation, taking into account the type of Misconduct and the persons involved.

The local HR Department, the Internal Auditor or the Group HR Department can take part in the investigation on a strict need-to-know basis.

  • Conflicts of interest

The person(s) involved in the Misconduct reported by the Whistleblower will be excluded from the investigation team and will not be allowed to participate in examining the whistleblowing report or determining what action, if any, should be taken on the basis of said report.

If as a consequence of this procedure the majority of the investigation team members must be excluded from the process, the task of examining the report and determining the appropriate action will be entrusted by the Chairman of the Audit Committee of Spadel SA to an investigating officer who has no such conflicts of interest.

  • Feedback

No later than 3 months after the acknowledgement of receipt, the Whistleblower will receive feedback via the Whistleblowing Tool about the (ongoing or completed) investigation of his report.

  • Report

Upon conclusion of the investigation, the investigation team will draw up a summary report describing the investigative steps carried out. An anonymised, non-confidential version of this summary report may be shared outside the investigation team (see point 6.2 above) with local or executive management on a strictly need-to-know basis, in order to come to a final decision.

  • Decision

The investigation team, in cooperation with local management or executive management (as appropriate), will make a final decision as to whether the Misconduct has been proven and will determine the appropriate actions necessary to stop the Misconduct and protect the company.

A member of the investigation team will draft a final report with a description of the facts and the final decision taken:

  • In the event that the Misconduct is proven, appropriate measures will be defined in order to put an end to the Misconduct and protect the company; or
  • If the investigations conclude that there is no or insufficient evidence of Misconduct, no further action will be taken.

The Whistleblower is informed through the Whistleblowing Tool of the conclusions contained in the final report and of the decision taken.

6.6. Record keeping

Records of the reports submitted by the Whistleblower will be kept in the Whistleblowing Tool, ensuring strict confidential treatment of said reports.

If the whistleblowing report was made orally on the phone, the case manager will prepare a transcript of the recording to facilitate the processing of the report. In the case of oral reporting, the Whistleblower will have the opportunity to check and correct the transcript or the minutes of the meeting and will be asked to validate them.

No record will be kept longer than necessary and proportionate, and all records will be deleted 2 years after the closure of the investigation.

The investigation shall be considered closed (i) when a decision to take no further action has been made, or (ii) when all the action items identified in the final decision have been implemented or completed. In the event that the whistleblowing report results in legal actions or proceedings, the investigation shall be considered closed once the time limits for legal remedies have expired, or those remedies have been exhausted.

  1. Whistleblowing data protection notice

This Policy, and in particular this section, is intended to provide you with information and comply with our legal obligations in respect of data protection and whistleblowing. If you are a Whistleblower, a person reported or another third party mentioned, we will process your personal data. This section about data protection explains how your personal data will be processed for the purposes of this Policy.

  • General

Your personal data will be processed by us (Spadel SA, avenue des Communautés 110, 1200 Brussels) as data controller or by any other entity belonging to the Spadel group, when necessary to process your report. For the provision of the internal reporting channel (Whistleblowing Tool), we use a service provider (currently Convercent Inc.), which is designated as the data processor and recipient of your personal data.

If you have any questions about the processing of your personal data, you can contact us by e-mail at privacy@spadel.com.

  • What types of personal data do we process?

When you are the Whistleblower, the person reported or another third party mentioned, we will process the information reported to us. This may include your name, job position, relationship with us, information about misconduct, criminal offences, or suspected misconduct or offences, and information about sanctions. The reported information may also include other special categories of personal data such as information on race and ethnic origin, information on political beliefs, information on religious or philosophical beliefs, information on trade union affiliation, health information and information on sexual relations or sexual orientation.

Where the Whistleblower has chosen to submit the report anonymously, the report contains no information that we can link to the Whistleblower.

  • Why do we process your personal data?

We will only process the above-mentioned types of personal data to the extent that such personal data is provided to us. In addition, we will process the report in order to handle, investigate and follow up the report, including the investigation of allegations made in the report. The processing of your personal data for these purposes is based on our legitimate interest in creating a safe and pleasant working environment and in ensuring the safety and security of our business activities. Please note that if the report concerns breaches of EU law, we will have a legal obligation to process the above-mentioned personal data. In addition, if the report concerns breaches of specific labour laws intended to ensure well-being at work, we may have a legal obligation to process such personal data.

If the report mentions special categories of personal data, we will rely, depending on the content of the report, on the need to process such data based on an overriding public interest, on the vital interests of the data subject if he or she is physically or legally incapable of giving consent, or on the need to process such data for occupational health purposes.

In addition to these purposes, we may also process your personal data for the following purposes:

Purposes

Legal basis

To comply with legal obligations or to comply with any reasonable request from agents or representatives of any law enforcement, judicial, administrative or public authority, including data protection authorities.

To comply with a legal obligation.

To transfer your personal data to the police or judicial authorities as evidence if there are legitimate suspicions that you committed an unlawful act or a misdemeanour.

To comply with a legal obligation.

To exercise or defend a right in a legal claim or organise our defence.

Our legitimate interest in defending ourselves in legal proceedings.

  • With whom do we share your personal data?

In principle, we will not share your personal data with anyone, exception made for trusted case managers working for us and the provider of our internal reporting channel (Whistleblowing Tool).

Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential. This means that only the following recipients will receive your personal data:

  • you;
  • trusted case manager(s);
  • governmental or judicial authorities to the extent that we are required to transmit your personal data to them (e.g. tax authorities, police or law enforcement authorities);
  • supplier of the internal whistleblowing tool.

The supplier of the internal whistleblowing tool will transfer your personal data outside the European Economic Area (which consists of the EU, Liechtenstein, Norway and Iceland); but, we will take appropriate safeguards to protect your personal data when it is transferred.

  • How long do we keep your personal data?

Your personal data will only be processed for as long as necessary to achieve the purposes described above. In any event, we will delete personal data relating to a report or investigation in accordance with section 6.6 of this Policy, unless we are required to retain it for a longer period in connection with legal proceedings.

  • What do we do to keep your personal data safe?

The security and confidentiality of your personal data that we process is very important to us. Consequently, we have taken steps to ensure that all personal data processed is kept securely. These steps include processing only the personal data required to achieve the purposes we have communicated to you. We have also taken technical and organisational measures to secure the internal reporting channel (Whistleblowing Tool).

  • What are your rights?

You have the right to obtain information about your personal data processed by us and, subject to certain legal requirements, the right to obtain rectification, erasure and restriction of processing, as well as the right to object to the processing of your data. If you wish to exercise your rights, please contact us at the email address below.

  • Questions or complaints?

If you have any questions or complaints about the way we process your personal data, please contact us by e-mail at privacy@spadel.com. You also have the right to lodge a complaint with the competent data protection authority.

ANNEX 1 - EXAMPLES OF REPORTABLE CONDUCT

This list provides examples of unlawful, dishonest or improper conduct that can be reported. This list is not exhaustive.

Domain

Example of Misconduct

Product and food safety, product integrity

You are forced by your manager to put on the market products that breach food safety standards, such as certain microbiological standards, without the official approval of the quality department.

 

You know that a product labelled “100% ingredients of natural origin” and claiming to be made up of ingredients of exclusively Belgian origin is in fact neither made up of 100% ingredients of natural origin, nor of ingredients of exclusively Belgian origin. After initially thinking the claim was made by mistake, you reported the mislabelling to your manager, who justified the mislabelling on economic grounds.

Public health and environment

A kerosene-fuelled passenger plane crashed near one of the “Spa” springs causing extensive soil pollution. The relevant Spadel managers are aware of the situation but are turning a blind eye.

Data protection and network system security

You notice that one of your colleagues, who has access to the personal data of Spadel employees, is selling them to a third company for financial gain.

Competition and antitrust

You attend a meeting between Spadel and two of its main competitors. The purpose of the meeting is to agree on price fixing for certain products. Such an agreement is illegal because it is a cartel, which is strictly prohibited under competition law.

All forms of financial wrongdoing or irregularity such as fraud, corruption, bribery and theft

Your manager asks you to pay certain invoices, but you know that the amount is much higher than the value of the goods delivered. You are not convinced by the answers given by your manager when you asked them for explanations.

Discrimination and harassment

A co-worker has told you that they are the victim of a group of other colleagues who constantly belittle them and their work. Your co-worker is in great distress.

 

One of your co-workers continually makes sexist remarks to another worker.

Money laundering and terrorism financing

You notice that funds coming from a company we have no active business with are transiting via Spadel before being redistributed to a subsidiary of that company.

Insider trading

You hear one of your “insider” colleagues tell someone on the phone that Spadel’s financial results are not good and advise them to sell their shares now.

Corporate or tax arrangements, accounting and auditing matters

You notice that Spadel, through its foreign subsidiaries, is systematically engaging in tax evasion activities.

Social media

You notice on LinkedIn that a group of your colleagues are disclosing a lot of details about a project you know is confidential. You have shared your concerns with your colleagues, but they refuse to remove the post, claiming that it is good for their CVs.

Public procurement - bribery

Your superior asks you to send a very expensive watch to a public officer with a brief message stating that “Spadel looks forward to working with” the public officer in the near future

More generally, the following conduct can also be reported:

  • Violation of legal obligations, laws and regulations;
  • Any form of criminal activity;
  • Improper conduct or unethical behaviour that undermines universal values and core ethical values such as integrity, respect, honesty, accountability and fairness;
  • Failure to disclose conflicts of interest;

Attempt to conceal unlawful, dishonest or fraudulent conduct.

ANNEX 2 - LIST OF LOCAL CONFIDANTS AND OTHER KEY PERSONS

This list identifies the local confidants and other key persons per group entity.

Spadel SA or Group

Confidant

Sophie Keller

s.keller@spadel.com

Legal Department

Philippine De Wolf

p.dewolf@spadel.com

and

Sophie Keller

s.keller@spadel.com

Internal Auditor

David Coumans

d.coumans@spadel.com

HR Department

Tatiana Goeminne

t.goeminne@spadel.com

Local HR Manager

Christine Barbé

c.barbe@spadel.com

Spa Monopole SA

Confidant

None

Local HR Manager

For technical workers:

Hervé Sommelette

h.sommelette@spadel.com

For office workers:

Hervé Sommelette

h.sommelette@spadel.com

Bru-Chevron SA

Confidant

None

Local HR Manager

Hervé Sommelette

h.sommelette@spadel.com

Spadel Nederland B.V.

Confidant

None

Местен мениджър по човешките ресурси

Christine Barbé

c.barbe@spadel.com

Les Eaux Minérales de Ribeauvillé SA

Confidant

None

Local HR Manager

Rachel Donnadieu

r.donnadieu@spadel.com

Les Grandes Sources de Wattwiller SAS

Confidant

None

Местен мениджър по човешките ресурси

Rachel Donnadieu

r.donnadieu@spadel.com

Devin EAD

Confidant

None

Local HR Manager

Ekaterina Kararizova

E.Kararizova@spadel.com

ANNEX 3 - LIST OF LOCAL COMPETENT AUTHORITIES
FOR EXTERNAL REPORTING

Belgium

Competent authorities for external reporting

Предстои да бъде посочен компетентния орган (или органи) с Кралски декрет. В очакване на това да се случи тази роля се изпълнява от федералния омбудсман.

Федерален омбудсман

www.federaalombudsman.be

Netherlands

Competent authorities for external reporting

Huis voor Klokkenluiders/Dutch Whistleblowers Authority

www.huisvoorklokkenluiders.nl

Autoriteit Consument en Markt (ACM) for breaches of consumer law

www.acm.nl

Autoriteit persoonsgegevens (AP) for breaches of personal data rules

www.autoriteitpersoonsgegevens.nl

De Nederlandsche Bank N.V. (DNB) and Autoriteit Financiële Markten (AFM) for breaches of economic and financial law

www.dnb.nl

www.afm.nl

France

Competent authorities for external reporting

General Directorate for Competition Policy, Consumer Affairs and Fraud Control (DGCCRF)

French National Authority for Health (HAS)

National Commission on Informatics and Liberty (Cnil)

General Directorate for Labour (DGT)

General Delegation for Employment and Vocational Training (DGEFP)

Defender of Rights

Judicial authorities

European Union (EU) institution, body, office or agency responsible for a breach of EU law

More information on the site: Lanceurs d'alerte en entreprise | Service-public.fr (or https://www.service-public.fr/particuliers/vosdroits/F32031)

България

Competent authorities for external reporting

Commission for personal data protection

1592, Sofia, 2 prof. Tzvetan Lazarov Blvd.

More information on the site: https://www.cpdp.bg/

ANNEX 4 - CONTACT DETAILS OF THE COMPLIANCE OFFICER

The Group Compliance Officer at the date of the last update of this Policy is:

Philippine De Wolf

p.dewolf@spadel.com

+32 497 485 415