https://www.threod.com/wp-content/uploads/2025/08/messages_icon.svg

Contact

info@threod.com
https://www.threod.com/wp-content/uploads/2025/08/map_pin_icon.svg

Find us

Kaare road 3, Lubja village, Viimsi parish, 74010 Harju county, Estonia

Threod Whistleblowing Policy

Entering into force on 10th September 2025

1. Purpose and Legal Basis

This Whistleblowing Policy sets out the principles, procedures, and protections for reporting breaches of law at Threod Systems AS and its subsidiaries.
It ensures compliance with:

  • Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law1;
  • The Estonian Whistleblower Protection Act2;
  • Other relevant EU and Estonian legislation.

The purpose of this policy is to provide a secure, transparent, and confidential process for employees and stakeholders to report breaches without fear of retaliation.

2. Definitions

For the purposes of this Policy:

  • Whistleblower (Reporting Person): Any natural person who reports or publicly discloses information on breaches acquired in a work-related context, including employees, former employees, job applicants, contractors, subcontractors, suppliers, shareholders, members of the management body, and trainees.
  • Report: The oral or written communication of information on actual or suspected breaches of Union law falling within the scope of this Policy.
  • Breach: Any act or omission that is unlawful or contrary to the purpose of Union or Estonian legislation in the fields covered by this Policy (see Section 3).
  • Work-related context: Current or past work activities through which, irrespective of the nature of those activities, a person acquires information on breaches and within which that person could suffer retaliation if they reported such information.
  • Retaliation: Any direct or indirect act or omission occurring in a work-related context, prompted by a report or public disclosure, which causes or may cause unjustified detriment to the whistleblower. Examples include dismissal, demotion, transfer of duties, harassment, disciplinary measures, reputational harm, or blacklisting.
  • Whistleblowing Officer: The person designated by Threod to receive, assess, and follow up on reports in compliance with EU and Estonian law.
  • Internal reporting channel: Procedures established by [Company Name] to enable whistleblowers to submit reports confidentially within the company.
  • External reporting channel: Procedures established by competent authorities in Estonia or the EU to receive and handle reports of breaches of Union law.
  • Public disclosure: Making information on breaches available in the public domain (e.g., through the media or civil society organizations), under the conditions set out in Directive (EU) 2019/1937.

3. Scope of the Policy

This policy applies exclusively to the reporting of breaches falling under the scope of Directive (EU) 2019/1937 and relevant Estonian law. Reports may concern actual or suspected breaches of Union law in the following areas:

  1. Public procurement;
  2. Financial services, products and markets, and prevention of money laundering and terrorist financing (AML);
  3. Product safety and compliance;
  4. Transport safety;
  5. Protection of the environment;
  6. Radiation protection and nuclear safety;
  7. Food and feed safety, animal health and welfare;
  8. Public health;
  9. Consumer protection;
  10. Protection of privacy and personal data (GDPR) and security of network and information systems,
  11. Breaches affecting the financial interests of the Union (Article 325 TFEU). This simply means situations where the European Union’s money is being misused, wasted, or obtained illegally. This means, for example situations where there is fraud involving EU subsidies or grants, or false reporting in projects funded by the EU, or misuse of EU research or development funds.
  12. Breaches relating to the internal market, including:
    • Breaches related to EU competition and State aid rules. This means for example situations where companies make illegal agreements with competitors (price-fixing, dividing markets, rigging bids), or when a government gives financial support to a company in a way that gives it an unfair advantage over competitors, in violation of EU rules.
    • Breaches relating to corporate taxation, where arrangements are designed to obtain a tax advantage contrary to the object or purpose of the law. For example, situations where companies set up arrangements to pay less tax than they should, using methods that defeat the purpose of the law.

NB! This policy does not apply to general HR disputes or personal grievances, unless they also constitute breaches of the areas listed above.

4. Reporting Channels

Whistleblowers may raise concerns through the following confidential channels:

  1. Internal reporting (preferred first step):
    a) Secure email: report@threod.com and physical mailboxes in Threod manufacturing sites;
    b) Online portal: Threod general SharePoint page3;
    c) Direct report to the Whistleblowing Officer the General Counsel of Threod Systems AS Kristiina Lehtmets through the secure email.
  2. External reporting:
    a) To the Estonian Labor Inspectorate (official external reporting channel);
    b) To the Estonian Data Protection Inspectorate, Competition Authority, The Consumer Protection and Technical Regulatory Authority or other relevant supervisory body;
    c) To EU-level authorities in cases concerning EU-wide regulations.
  3. Public disclosure: Allowed only under the conditions defined by EU and Estonian law (e.g., imminent danger to the public interest, ineffective internal/external reporting, or risk of retaliation).

5. Confidentiality and Data Protection

  • All reports will be handled confidentially, with the identity of the whistleblower protected unless disclosure is required by law.
  • Anonymous reports are accepted and investigated where sufficient detail is provided.
  • Processing of personal data follows the GDPR and Estonian data protection law.

6. Protection Against Retaliation

  • Whistleblowers who act in good faith are protected from retaliation.
  • Prohibited retaliation includes dismissal, demotion, denial of training, negative performance assessments, harassment, or blacklisting.
  • Retaliation is a serious violation and may result in disciplinary or legal action.
  • Support measures may be provided, including legal advice or counselling.

7. Procedure After a Report

After filing a report of a presumed breach, the following steps will follow:

  1. Acknowledgment – Confirmation of receipt within 7 days.
  2. Assessment – The Whistleblowing Officer reviews admissibility and scope.
  3. Investigation – Confidential inquiry with internal or external experts.
  4. Feedback – Whistleblower receives progress and outcome within 3 months (extendable to 6 months if necessary).
  5. Corrective action – If a breach is confirmed, appropriate measures will be taken.

8. Responsibilities and Awareness

Threod undertakes through different levels of company management to create a safe environment for all employees, clients and partners to come forward with concerns, information and data regarding actual or suspected breaches. In general terms these responsibilities include, but are not limited to:

  • Management: Promote a culture of compliance and protect whistleblowers from retaliation, give the Whistleblowing Officer necessary resources, access and tools to perform their duties, make sure all relevant stakeholders in Threod cooperate with the Whistleblowing Officer to apply this policy throughout the company.
  • Whistleblowing Officer: Create a learning space with examples and explanations regarding the scope of this policy, provide information on whistleblowing rights and obligations, administer reporting channels, assess admissibility, ensure impartial investigations, and report results to management.
  • Employees and business partners: Report suspected breaches in good faith.
  • Special focus on all materials, information and training will be given to product safety, AML, security of network and information systems, and competition law, given the Threod’ s business sector.

9. Review

This policy will be reviewed annually and updated as necessary to reflect changes in EU or Estonian law, or in company operations.

1 https://eur-lex.europa.eu/eli/dir/2019/1937
2 Act on Protection of Persons Who Report Work-Related Breaches of European Union Law in Riigiteataja: https://www.riigiteataja.ee/en/eli/510062025002/consolide
3 https://threodsystems.sharepoint.com/SitePages/Home.aspx?e=1%3A9c988f085b5f4348a6eb155d00672ed7