Whistleblowing System

Why? For who?

Devoteam has strengthened its commitment to protecting whistleblowers by offering a reporting system to all employees and stakeholders (clients, subcontractors, suppliers, etc.).

This mechanism allows anyone—whether a victim or a witness of misconduct to submit a report to an independent party, who will securely and anonymously forward it to our Ethics Alert Committee.

The reports covered by the whistleblower scheme cover, in particular : 

The whistleblowing system covers reports related to violations of laws and regulations, as well as any behavior that is unethical or goes against Devoteam’s values, including but not limited to:

• Crimes or offenses, including corruption, influence peddling, discrimination, or harassment;
• Any serious and obvious breach of law, regulations, or international treaties ratified by France;
• Violations of obligations under European regulations, the Monetary and Financial Code, and the General Regulations of the Financial Markets Authority (AMF);
• Breaches of Devoteam Group’s internal rules, notably those defined in the Code of Conduct and Anti-Corruption Charter.

All reports submitted via the whistleblowing system will be reviewed by the Devoteam Group’s Ethics Alert Committee.

Whistleblower Protection and Anonymity

The whistleblower may choose not to disclose their identity—their anonymity will be strictly preserved.

Devoteam has opted for an external mechanism to collect reports to maximize efficiency and ensure full confidentiality of the whistleblower’s actions.

Our external service provider operates independently from the Group, allowing for completely anonymous and secure reporting. The information collected is then anonymized and forwarded to the Ethics Alert Committee.

The Group is committed to protecting whistleblowers against any form of retaliation or disciplinary action. The identity of whistleblowers remains strictly confidential, whether they are employees or external parties.

However, any misuse of the whistleblowing system may result in legal action or disciplinary sanctions.

How It Works

Reports can be submitted via the web platform or by phone, 24/7 (a list of toll-free international numbers is available).

Data Protection Policy

Devoteam Group places the highest importance on data protection and confidentiality and complies with the European General Data Protection Regulation (EU GDPR) and applicable national data protection laws.

Before submitting a report, we kindly ask you to carefully read this data protection information.

System Governance

The Devoteam Group’s CSR Department manages the whistleblowing system. It can be contacted via email at: group.csr@devoteam.com

The platform is operated by a global specialist in outsourced whistleblowing systems:
NAVEX GLOBAL UK LIMITED
1 Queen Caroline St, Part 4th Floor
Hammersmith, London W6 9HQ, United Kingdom

Personal Data Collected

When submitting a report via the EthicsPoint platform, the following personal data and information may be collected:

• Your name, if you choose to disclose your identity;
• Your employment status with Devoteam SAS or a relevant Group subsidiary, or as an external contractor;
• Your relationship to any third parties involved, if disclosed;
• The actions you wish to bring to the Group’s attention;
• The names of individuals mentioned in your report and other personal data related to them.
  

Confidential Handling of Reports

All reports are handled with the strictest confidentiality. The Ethics Alert Committee reviews the report’s admissibility, engages with the whistleblower, and carries out the necessary actions and investigations until the case is closed.

Anyone with access to the database is bound by strict confidentiality obligations.

Information for Individuals Mentioned in Reports

Persons named in a report must be informed about the personal data concerning them that appears on the platform. However, they will not receive any information that could identify the whistleblower.

If precautionary measures are necessary (e.g., to prevent evidence destruction or facilitate an investigation), the concerned individual’s data may be used after such measures are implemented, in accordance with applicable legal provisions.

Rights of Individuals Concerned

Under applicable data protection regulations, both the whistleblower and individuals mentioned in the report have the right to be informed, to access, rectify, delete, or object to the processing of their personal data.

If the right to deletion is invoked, the Ethics Alert Committee will assess whether the stored data is still necessary for processing the report. Unnecessary data will be deleted.

If the right to object is invoked, the Committee will promptly assess whether there are still compelling legitimate grounds for processing the data that override the interests, rights, and freedoms of the individual, or for the establishment, exercise, or defense of legal claims. Nevertheless, both the whistleblower and persons mentioned in the report have the right to file a complaint with a supervisory authority.

Data Retention Period

Personal data is retained for the duration necessary for verification and investigation, or as required by applicable law. Once the report is processed, personal data will be destroyed within two months of case closure. An anonymized version of the report may be archived in accordance with legal requirements.