Ethics via e-mail: a confidential device for raising the alert

GDF SUEZ is now ENGIEThis alert system is for persons employed by the ENGIE Group only, whatever their employment status. Its use is strictly voluntary and will not become compulsory.

This e-mail alert system was set up by the ENGIE Group to enable its employees to notify problems that could considerably affect their work or hold them seriously liable. It is a supplementary tool, rather than a substitute, for other existing channels of alert (reporting to one’s line manager, staff representatives, auditors, public authorities, etc.). The identity of the user of the system is treated as confidential information subject to sanctions should a breach of confidentiality occur.

How the system works

The specific electronic address that was set up directs the factual information given towards specially trained persons. The latter will then, within a strictly confidential framework, arrange for verification of the facts obtained and allow the employer to decide, with full knowledge of the matter, on the steps to be taken to remedy the reported problem area.

 

The facts obtained are verified in accordance with local laws and regulations, especially as regards the relevant provisions for the protection of personal data.

The Group Ethics Officer, assisted by the Director of the Group’s Ethics and Compliance Department, is responsible for the e-mail system.

 

Important information

Any misuse or abuse of the system may be subject to disciplinary proceedings. On the other hand, any employee who uses it in good faith runs no risk of prosecution. The system will not allow any anonymous communications.

 

A structured processing of information…

The information gathered through the system may be processed by the person responsible for the system.

Only the following types of data are processed:

  • identity, role and contact details of the sender of the information;
  • identity, role and contact details of the person about whom the information alert is being submitted;
  • identity, role and contact details of the persons involved in collecting the information and processing it;
  • facts reported;
  • data collected as part of the verification process of the facts reported;
  • reports on verification handling;
  • follow-up carried out on the alert.

 

The person responsible for the system will ensure that the facts reported are accurate, demonstrable and fall directly within the system’s remit before proceeding to any further action.

…and backed up by the law

The person responsible for this alert system will process data collected in this way as specified in the provisions for the French law on personal data protection of January 6, 1978, with its subsequent amendments. He or she will take all the necessary precautions to ensure that the data remains secure, during the collection process as well as during the communication process or when they are filed.

Communication of the alert within the Group: particular cases

It is possible that information gathered via this system may be transmitted to other companies within the Group. This can be done only if the same confidentiality requirements are observed and if necessary to verify the report, or if communication is necessary due to the organization of the Group. It will depend specifically on “the nature and seriousness” of the facts reported. This might be the case, for example, if the facts reported implicate an employee of another Group company, an employee at senior level or a member of the senior management of the company concerned. It will also apply if the facts reported are so serious that, if substantiated, they could have consequences for ENGIE, other Group companies or even the Group as a whole (financial scandal, etc.).

 

The facts collected through the system may also be communicated to some employees of another or several other Group companies as an organizational requirement. Indeed, ENGIE set up a dedicated group-wide network of Ethics Officers dedicated to Business Ethics issues, comprising individuals from different Group entities appointed on the basis of their respective areas of expertise. Details may therefore be forwarded to these officers as part of their duties, to ensure that information is handled according to the appropriate legal procedures, in particular with regards to the necessary measures being taken to ensure that the data handled is kept confidential and secure.

Violations covered by the Ethics via e-mail system

The remit of this system covers facts relating to serious risks for the company in the fields of accounting, finance, the fight against corruption and respect of rules relating to competition. It might involve, for example:

  • accounting and auditing anomalies;
  • forgery of documents;
  • tax fraud;
  • fictitious employment of staff;
  • bribery of public officers.

 

The CNIL logotypeIn accordance with the decision of the CNIL, which was passed on October 14, 2010 and amended the Single Authorization AU-004, only facts relating to serious risks for the company in the fields of accounting, finance, the prevention of corruption and respecting rules relating to competition, may be reported and may if necessary be subject to computerized data processing.

 

The organization in charge of the system will destroy or file the collected data without delay, within a two-month period starting from the completion of the verification process, whenever the information reported does not lead to disciplinary or legal proceedings.

 

In other cases (a report made, which is outside the system’s remit), the sender of the e-mail may simply be advised and directed towards conventional routes (reporting to one’s direct supervisor, information from trade union representatives, Human Resources Department or other relevant department). Data concerning such reports will be immediately destroyed or filed. When disciplinary or legal proceedings are instituted against the person accused or against a person who abuses the system, the information relating to the report is kept by the organization in charge of the system until the end of the procedure.

 

Data that is retained is filed in a separate information system with restricted access, for a period that will not exceed that of any dispute proceedings.

Observance of access and correction rights

In accordance with articles 39 and 40 of the French law of January 6, 1978, with its subsequent amendments, any person identified within the business e-mail system is entitled to access to data that may concern them, and to seek their correction or deletion if they are incorrect, incomplete, ambiguous or outdated.

 

In certain objectively justified cases, the response to a request for access rights may be deferred for the period strictly necessary to safeguard evidence, to ensure that exercise of these rights does not jeopardize the efficiency of verification operations undertaken.

 

In accordance with articles 6 and 32 of the Law of January 6, 1978, the party who is the subject of the report is informed of the formal receipt, electronically or otherwise, of data concerning him or her, in order to allow him or her the opportunity to contest the handling of the data.

 

Where protective measures are necessary, especially to prevent the destruction of evidence concerning the report, this party will only be informed after any such measures have been taken.

 

A person referred to in a submitted report may under no circumstances use the basis of his access rights to obtain information from the person responsible for processing it, about the identity of the author of the report.

Contact Ethics e-mail : ethics@gdfsuez.com