Corporate Governance
-
Corporate Governance
-
Responsible Purchasing and Supply Chain Managment
Corporate Governance
Corporate governance refers to a number of principles adopted by a company, aiming to uphold its performance and the interests of its shareholders and all stakeholders.
Recognizing the importance of corporate governance principles and the benefits derived from their adoption, we follow international practice and standards in this area and opt for the systematic implementation of these principles throughout its operations.
The applied by the Company principles and practices are incorporated in the Company’s Articles of Incorporation, the OTE Group Code of Conduct and other Company’s by-laws regulating its operations.
Fundamental Principles of the Corporate Governance System.
The fundamental principles on which the corporate governance system is based involve the following:
- Ensuring transparency and effective control over management
- Two-way communication between company’s stakeholders and company’s management
- Assurance of operational efficiency
The three main pillars for the application of corporate governance rules and practices concern the role of the Board of Directors, the executive members and the control, the protection of shareholders’ rights and the enhancement of transparency and information disclosure.
Compliance Management System
Compliance with the legislation in force, the OTE Group Code of Conduct and the internal Policies is of great importance to our Company.
Ensuring Compliance is a priority of the Company’s Board of Directors.
Compliance stands for a solid commitment to the principles of integrity, transparency, justice, professionalism, team spirit, and of respect to the rules, principles which are essential to govern the functions of the Company.
On this purpose, the Management has adopted and implemented a Compliance Management System (CMS), regarding the compliance of all (Employees and Management) with the legislation in force, with the Code of Conduct and with internal Policies, aiming to avoid financial risks, legal consequences as well as reputational damage for the Company and its Employees. In so doing, the benefit is for all: the Company per se, the Employees, the Customers, the Suppliers and the Shareholders.
The effectiveness of the Compliance Management System relies on the commitment and the support of all: Management and Employees.
The key elements of the CMS are:
- Preventing misconduct and in parallel complying with the policies included in the CMS. As a result, both the Group and its employees are protected from any legal consequences due to misconduct, while potential reputational risks are reduced. Prevention is achieved mainly through:
- Employees’ training about the risks that may arise from any violation of the applicable legal and regulatory framework, such as for example, human rights breaches, corruption incidents (e.g. fraud, bribery, etc.), falsification of accounting records and financial statements, misuse of personal data, money laundering, breach of communications privacy, as well as incidents of violence and harassment at the workplace.
- The internal reporting channels that company employees can use in order to address questions regarding the application of the Code of Conduct and corporate Policies or receive guidance on daily work matters in case they are uncertain about how to deal with specific issues.
- Detecting misconduct and responding to it. The company has established internal reporting channels for submitting reports about potential breaches of corporate policies and procedures, regulations and applicable legislation, including breaches of Union law, as laid down in article 4 of Law 4990/2022 – ‘Protection of persons who report breaches of Union law’.
Τhe Compliance Officer responsible for the planning and adoption of the CMS, reports directly to the Company’s Board of Directors.
The OTE Group Compliance, Enterprise Risks & Corporate Governance Committee has been established with main purpose to support and monitor the implementation of the Compliance Management (CMS), Risk Management (RMS), Corporate Governance Systems and human rights issues of the Group.
Compliance Policies
Our Code of Conduct is the framework for guiding the behavior of all people in the OTE Group of companies. Specifically, the Code confirms our commitment to consistently comply with the laws and regulations governing the operation of the OTE Group of companies as well as with the requirements relating to ethical behavior, and in conjunction with the five Guiding Principles it supports the success of our Group.
OTE Group Policy on Avoiding Corruption and other Conflicts of Interest
This Policy provides the framework for avoiding corruption and other conflicts of interest in relationships with customers and business partners.
OTE Group Code of Ethics for Senior Financial Officers
This Code defines the framework of conduct of the Senior Financial Officers, in order for honesty, integrity, transparency and ethical conduct by those persons to be promoted in the performance of their management responsibilities.
OTE Group Whistleblowing and Non-Retaliation Policy
The OTE Group Whistleblowing and Non-Retaliation Policy sets the framework for the adoption of a reporting system in OTE Group companies regarding violations of corporate policies and procedures, regulations, and applicable legislation, including breaches of Union law, describes the process regarding the submission, receipt and monitoring of reports and provides an integrated framework for the protection of persons who report breaches related to the above-mentioned matters.
Binding Corporate Rules Privacy
These rules contain the necessary requirements for the processing of personal data of both the subscribers and the employees of OTE Group in accordance with applicable Greek and European legislation and ensure the high level of protection of personal data.
OTE Group Policy on Insider Trading
The Policy on Insider Trading describes the responsibilities and obligations of the Employees of OTE Group regarding the Inside Information.OTE Group Policy on Anti-Trust Law
The Policy on Anti-Τrust Law describes the operational framework in the context of antitrust law for the activities of OTE Group of Companies and its employees. It sets down corresponding operational guidelines for employees who conduct discussions or negotiations with competitors, suppliers or customers that have the potential to restrict the competitive freedom of action of OTE’s Group of Companies, its contractual partners or third-party companies.
OTE Group Donation Policy
The Donation Policy defines the specific transparent and mandatory procedures to be followed by OTE Group companies when assessing and implementing Donations, based on the action areas defined by the Sustainable Development strategy.
OTE Group Benefits Policy
This Policy includes provisions for the acceptance and granting of benefits by OTE Group employees from and to persons outside of the Group. It also includes provisions for benefits that may grant the Company to OTE Group employees.
OTE Group Sponsoring Policy
The Sponsoring Policy describes how to deal with Sponsorship issues by setting out clear criteria for implementing the procedure which needs to be followed by the OTE Group companies in order to carry out Sponsorships, ensuring transparency regarding the efficient use of resources allocated for Sponsorships.
OTE Group Anti-Fraud Policy
The Anti-Fraud Policy describes the rules and main guidelines regarding the management of fraud incidents that may occur in OTE Group companies and sets the necessary measures and control mechanisms to prevent such incidents.
OTE Group Event Policy
This Policy describes the basic conditions, principles and rules of conduct to be observed in the conception, planning, execution and monitoring of events.
Policy on Avoiding Sexual Harassment within OTE Group
Target of this Policy is the prevention of sexual harassment acts, the awareness of managers and employees in relation with this issue, and the enhancement of confidence of employees regarding the support they shall have by their superiors in such cases.
OTE Group Sustainability Policy
This Policy sets out the Sustainability strategy and the action plans for OTE and its affiliates, taking into consideration the social and financial circumstances as well as the culture priorities and challenges.
OTE Group Supplier Code of Conduct
Based on the Company’s core values addressing business ethics, social and environmental commitments, the Company requires the Suppliers to adhere to the listed at the Code Principles, which will be attached to the contract entered between the Company and the Supplier. The Supplier shall do its utmost to implement these Principles through its whole supply chain.
Policy on Concluding Transactions with Related Parties
This Policy describes the method with which the Company handles issues regarding transactions with Related Parties, in compliance with current legislation.
OTE Group Diversity, Equity & Inclusion Policy
This Policy promotes the values of Diversity, Equity & Inclusion in the workplace (DE&I).
Policy on the Prevention and Combating Violence and Harassment in the Workplace
This Policy outlines the framework for managing any form of violence and harassment in the workplace in accordance with law No. 4808/2021 on labor protection.
Digital Ethics Guidelines on Artificial Intelligence OTE Group
Digital Ethics Guidelines on Artificial Intelligence OTE Group, set the rules that we need for the work of our developers and designers and for when we collaborate with suppliers and partners. They also provide legal certainty when it comes to the handling of AI products and services. Εach and every guideline is a statement and a promise: for taking on responsibility, for transparency, for data privacy, security, for self-determination in terms of data and for consumer protection.
Reporting Misconduct
You may report breaches of corporate policies and procedures, of the Code of Conduct, of regulations and applicable legislation (e.g. theft, embezzlement, fraud, active and passive corruption, misappropriation, forgery, property damage, money laundering, falsification of accounting records and financial statements, misuse of personal data, incidents of violence and harassment at the workplace, human rights breaches, environmental law breaches, violations regarding the global supply chain of Deutsche Telekom and in general, any act or omission that may cause a material or non-material damage to OTE Group companies) as well as breaches of Union law, as laid down in article 4 of Law 4990/2022 – ‘Protection of persons who report breaches of Union law’, by using the reporting channels mentioned below.
Internal reporting channels:
-
-
- Electronic Whistleblowing Form
- Via e-mail: tellme@cosmote-evalue.gr & tellme@ote.gr
- Via telephone:+30 210 611 2345 (Monday tο Friday: 10am until 5pm)
- Postal address: Attn: Reports Receiving and Monitoring Officer Cosmote E-Value
99 Kifissias Ave., P.C. 15124 Maroussi, Attica, Greece - E-mail: humanrights@ote.gr
for issues related to the Code of Human Rights and Social Principles - https://www.cosmote.gr/static/otegroup/en/page/ypovoli_anaforon
In case the channels included in the above link are used, your report will be received and handled by Deutsche Telekom
-
Please do not use these channels for complaints regarding commercial and technical issues related to company’s products or/and services. These issues should be addressed to Customer Care.
Notice on the Operation of the Internal Reporting Channels, the Reporting Process and the related Processing of Personal Data.
The Company by the name «COSMOTE Ε-VALUE CONTACT CENTER S.Α.», with distinctive title «COSMOTE Ε-VALUE» established in the Municipality of Xanthi (6th klm. Xanthi-Kavala), (‘Company’), as a controller, has established and operates the abovementioned internal reporting channels in the context of Law 4990/2022 ‘Protection of persons who report breaches of Union law’ (Government Gazette 210/A/11-11-2022).
By this form, the Company provides the following information: (a) in the capacity of the Company as person liable according to L. 4990/2022, informs the persons entitled to submit reports through the channels, for the operation of the channels, the processes for monitoring reports and their rights, and (b) in the capacity of the Company as controller, informs data subjects of the processing of their personal data during channels operation and case management.
A. Operation of Internal Reporting Channels and Reporting Process pursuant to L. 4990/2022.
Reporting persons may submit reports eponymously or anonymously, using the abovementioned reporting channels and are informed on the receipt of their report within seven (7) working days from the date of receipt. The Company takes the appropriate technical
and organizational measures when monitoring the report, such as pseudonymization techniques of the personal data being processed in case of eponymous reports.
In case of an oral report submitted by phone, during the phone call, the reporting persons are informed of how they can monitor the progress of their report. During the monitoring of the report, the Reports Receiving and Monitoring Officer (‘RRMO’) of the Company may request from the reporting person to clarify the reported information, or to provide additional information on the subject of the report. Upon completion of the follow-up actions, the RRMO informs the reporting person on the outcome of the investigation as well as on the actions undertaken for the management of the report, within a reasonable timeframe, which does not exceed three (3) months from the acknowledgment of receipt of the report.
Personal data and any kind of information that leads, directly or indirectly, to the identification of the reporting person are confidential and not disclosed to anyone beyond the R.R.M.O. of the Company and the authorized members of OTE Group personnel who are responsible to receive or follow up on the reports, without the explicit consent of the reporting person.
Notwithstanding the above, the identity of the reporting person and any other information related to the report may be disclosed, only where there is an obligation imposed by law, in the context of investigations by competent authorities or in the context of judicial proceedings and provided that this disclosure is necessary to serve the purpose of L. 4990/2022 and safeguard the defense rights of the reported person. The disclosure takes place after the reporting person has been informed in writing and has given the right to submit in writing their objections to the Company.
The operation of the channels as well as the receipt, monitoring, management and archiving of reports are further specified in detail by the specific conditions of the “OTE Group Whistleblowing & Non Retaliation Policy”, as in force.
Without prejudice to law, reporting persons shall not incur, inter alia, liability in relation to (a) the acquisition of information or access to information reported, provided that such acquisition or access does not constitute a self-standing criminal offense, and (b) the reports themselves, if they have reasonable grounds to believe that the report was necessary to reveal a breach.
Any form of retaliation against reporting persons, their colleagues or relatives, against facilitators and companies owned by the reporting persons or for which the reporting persons work, is prohibited, including threats of retaliation and attempts of retaliation. In case of retaliation, the persons against whom retaliation was undertaken, are entitled to full compensation for the damage suffered and may request the things to be restored to the state they were before the retaliation, if this is objectively possible and not disproportionately onerous for the Company. The termination of an employment contract that takes the form of retaliation, is in any case void.
The reporting person has the right to submit an external report to the National Transparency Authority (‘EAD’) in the following ways: (a) electronically by sending an e-mail to kataggelies@aead.gr or by completing a digital form on the website https://aead.gr/submit-complaint/ (b) by post, sending a written letter to the following address: National Transparency Authority, 195 Lenorman Ave. and Amfiaraou, 10442, Athens, as well as (c) in person at EAD headquarters mentioned above.
Following their request, the RRMO provides, in absolute confidentiality, to reporting beneficiaries and reporting persons appropriate information regarding the possibility to submit a report as well as information on the procedures according to which an external report can be submitted to EAD and, where applicable, to public authorities or institutions and other bodies or organizations of the European Union.
For any issue regarding the process of submitting, receiving, monitoring, managing and completing/archiving reports, the protection of the reporting and reported persons and, in general, the operation of the channels as well as the submission of external reports to EAD, you can contact the RRMO of your Company, by sending a relevant request to the following email account: tellme@cosmote-evalue.gr.
B. Processing of Personal Data during the Operation of Internal Reporting Channels
During the operation of the channels, the Company as controller may process the data of the following categories of data subjects, as defined in L. 4990/2022: (a) reporting persons, (b) reported persons, (c) facilitators, and (d) third parties referred to in the reports or whose data may be included in documented monitoring actions.
The data, which are processed, are data included in reports as well as data that are processed during the submission, monitoring, management and archiving of reports, the protection actions of the reporting persons and, in general, the operation of the channels and the application of the ‘OTE Group Whistleblowing & Non Retaliation Policy’ and which concern or are related, inter alia, to legal rules breaches that fall within the scope of L. 4990/2022. Data sources are the reporting persons, the reported persons, the facilitators as well as third parties from whom data is collected when performing monitoring actions.
The purposes of the processing are the following: (a) the fulfillment of the obligation to establish and operate the channels, (b) the submission, monitoring, management and archiving of reports, (c) the execution of monitoring actions and, in general, the adoption of the necessary measures for the follow-up of submitted reports, (d) the protection of reporting persons, in particular against retaliation, (e) the adoption of disciplinary measures or even legal actions against reported persons who commit violations, (f) the provision of information on criminal offenses to the competent investigative and judicial authorities, (g) the safety and confidentiality of the process regarding the monitoring of reports and the processed data related to it, (h) the establishment, exercise or defense of legal claims of the Company or third parties, and (i) the improvement of Company’s organization and management.
The legal basis of the processing is, on the one hand, the compliance with the legal obligations of the Company, as defined in L. 4990/2022, as well as the pursuance of OTE Group legitimate interests for the proper operation of its companies and the prevention, suppression, criminal prosecution and compensation for violations within those companies (Article 6 § 1 (c) and (f) GDPR) and, on the other hand, the processing for the establishment, exercise or defense of legal claims of the Company or third parties as well as for reasons of substantial public interest based on L. 4990/2022 [article 9 § 2 (f) and (g) GDPR].
Our Company will keep your personal data for a period of five (5) years from the completion of the follow up of the report or from the adoption of measures to protect the reporting persons or the adoption of disciplinary measures or/and legal actions against the reported persons or third parties. Our Company may retain your personal data after the abovementioned period in the following limited cases: (a) if this is necessary and for as long as it is required in the context of pursuance of the processing purposes, or (b) if there is a legal obligation from a relevant law provision, or (c) for defending our rights and legitimate interests before any competent Court and any other public authority within the provided limitation period.
The following categories of data processors on behalf of the joint data controllers have access to the personal data: (a) IT service providers in the context of supporting and hosting Company’s IT systems, (b) professional advice providers in the context of supporting the monitoring of reports and (c) auditors in the context of conducting audits for the fulfillment of Company’s legal obligations. The Company may transfer personal data to lawyers and law firms for the provision of legal services for the purpose of establishing, exercising, or defending Company’s legal claims. Finally, transfers of relevant information to the competent supervisory, investigative, and judicial authorities may take place in the context of the execution of the Company’s legal obligations or the exercise or defense of its legal claims.
Your personal data is exclusively stored at Company’s premises, where it is protected by appropriate security measures. We will not transfer your data to third countries outside the European Economic Area (EEA).
Without prejudice to law, employees or third parties who report incidents of misconduct as well as employees or third parties who may be included in the above reports may exercise, as applicable, the rights provided for in articles 15-22 of the GDPR regarding access, rectification, erasure, restriction of processing, data portability or objection to the processing of their personal data or objection to automated decision-making, including profiling, by sending a relevant request to the email account: privacy@ote.gr.
The Company may reject the relevant requests of the involved parties for the period of time that will be deemed as critical in order to avoid obstructing investigations or to implement the actions towards the conclusion of the case or the protection of the reporting persons.
Alternatively, in case you consider that we have not adequately satisfied your request and the protection of your personal data is adversely affected in any way, you can file a complaint to the Hellenic Data Protection Authority (Kifisias Ave. 1-3, P.C. 115 23, Athens, phone: 210 6475600). Detailed instructions for submitting a complaint are provided on the Authority’s website: Complaint to the Hellenic DPA | Hellenic Data Protection Authority.
Enterprise Risk Management System
OTE Group has developed an Enterprise Risk Management (ERM) System that supports Management in its strategic decisions, through the identification, evaluation, communication and management of enterprise risks.
In this context, the OTE Group ERM System defines the strategy for monitoring, response and management of enterprise risks, in order to:
Ensure that existing OTE Group risks are systematically identified, analyzed and evaluated and that information relevant to risks and corresponding opportunities is promptly communicated to the competent decision-making bodies.
Record OTE Group response to identified risks as well as to evaluate mitigating alternatives (such as transfer the risk to third parties, e.g. insurance companies).
Establish tolerance limits (thresholds) for each level of risk assessment and evaluation. In case these limits are exceeded, relevant reporting takes place.
Implement a common methodology across the OTE Group for the identification, evaluation and management of enterprise risks.
Methodology
The OTE Group Enterprise Risk Management System, whose main objective is to safeguard the smooth operation and the future corporate success of OTE Group, is based on the COSO ERM Framework, and has received attestation according to the international risk management Standard ISO 31000:2018 “Risk Management-Guidelines” by an independent certification body.
At OTE Group, Risk Assessment is a structured process for risk identification, analysis, evaluation and management of enterprise risks, in order to ensure better decision making by the company’s competent bodies and that appropriate mitigation has been developed to address these risks and monitor the implementation of relevant measures.
In this context, a common Risk Assessment methodology is being applied to all risk assessments that are being performed by business units, with specific criteria for risk evaluation and assessment, in accordance with the requirements of the Standard ISO 31000 and based on the unified ERM OTE Group methodology. The same methodology is also being used in order to determine the risk impact and severance of each material topic, concerning the evaluation and analysis of material sustainability issues (Materiality Analysis) for the Group. The results of all individual risk assessments performed by business units and Group subsidiaries are included in the OTE Group Corporate Risk Register, for the systematic analysis and monitoring of enterprise risks, facilitating and supporting the implementation of effective risk management practices.
The OTE Group Enterprise Risk Management Framework is illustrated in the following figure:
RMS Operation
Τhe Business Unit of Executive Director Compliance, Enterprise Risk Management & Insurance OTE Group, which is responsible for the planning and adoption of the ERM System, reports directly to the Company’s Board of Directors. The Business Unit is, inter alia, responsible for the maintenance and continuous monitoring of the OTE Group Corporate Risk Register, which is the central repository of all Group risks.
For the implementation of the ERM System, Risk Managers have been designated at the business units as well as at the Group subsidiary companies. The tasks of Risk Managers include the reporting and monitoring of the risks managed by their business units / subsidiary companies of the Group, in compliance with the OTE Group ERM methodology.
Moreover, the OTE Group Compliance, Enterprise Risks & Corporate Governance Committee has been established. The main purpose of the Committee is to support and monitor the implementation of the Compliance Management (CMS), Risk Management (RMS) and Corporate Governance Systems.
In this context, the Committee supports the Executive Director Compliance, Enterprise Risk Management & Insurance OTE Group on compliance, enterprise risk management, corporate governance and human rights issues, reviews the periodic Compliance and Risk reports by assessing the completeness, correctness and accuracy of the relevant reports and notifies accordingly the Company’s Audit Committee and the Board of Directors.
ERM policies
In the context of implementation of the OTE Group Enterprise Risk Management System, the following Policies apply:
OTE Group Enterprise Risk and Insurance Management Policy
This policy describes the current requirements for enterprise risk and insurance management of the OTE Group and the associated responsibilities.
OTE Group Risk Appetite Statement
This Statement describes the approach of OTE Group companies’ management towards risk, taking into consideration the most significant risks to which OTE Group is exposed, in the context of OTE Group Enterprise Risk Management (ERM) framework, and defines as Risk Appetite, the level of risk which is considered by OTE Group as acceptable and justifiable in order to achieve its strategic goals.
Guiding Principles
OTE Group, as a modern and competitive technology company, recognizes that the strong corporate culture is, not only the key to the Group’s success, but also his competitive advantage. Our culture is characterized by integrity, ethics and personal responsibility and it is reflected in our Principles, as shared values and rules of conduct that inspire Group’s employees. In this context, OTE Group has adopted the Guiding Principles creating “a better world, for all”.
Code of Conduct
The key to our Company’s success lies in the adoption of a corporate culture with common values and rules of conduct within and outside it, which is characterized by integrity, ethics and personal responsibility. In this context, the OTE Group Code of Conduct has been adopted.
Our Code of Conduct is the framework for guiding the behavior of all people in the OTE Group of companies. Specifically, the Code confirms our commitment to consistently comply with the laws and regulations governing the operation of the OTE Group of companies as well as with the requirements relating to ethical behavior, it is in conjunction with the five Guiding Principles and supports the success of our Group.
Being part of the OTE Group and sharing the corporate identity requires that each and every individual accepts personal responsibility. A single incident of misconduct can damage not only the Group’s success, but also the good reputation acquired through the commitment demonstrated by our people on a daily basis.
Our Code of Conduct is applicable to all people who work at OTE Group companies, worldwide: from Board members and Managing Directors to Executives and Employees. It also equally applies to Consultants and individuals whose work is the functional equivalent of that performed by Group Employees.
Code of Human Rights & Social Principles
OTE Group, recognizes, as part of its business as a leading Telekom Company, its responsibility respecting internationally recognized human and social rights. Our success is based on our high standards of quality, integrity and excellence and in our absolute respect for human rights. We make sure our employees are properly trained to observe, respect and apply the above mentioned principles throughout their operations and business relationships and be able to manage any violations. In this context, OTE Group has adopted the “Code of Human Rights and Social Principles” and has in place the communication channel humanrights@ote.gr for relevant issues.
Supplier Code of Conduct
Based on the Company’s core values addressing business ethics, social and environmental commitments, the Company requires the Suppliers to adhere to the listed at the Code Principles, which will be attached to the contract entered between the Company and the Supplier. The Supplier shall do its utmost to implement these Principles through its whole supply chain.
Responsible Purchasing and Supply Chain Managment
Supply chain management is now equally vital to the sustainability of all businesses, regardless of the geographic area they are operating in or the products / services they supply.
A number of different suppliers are involved in the procurement process, constituting a process that manages materials, products, services, systems and information to deliver the end product to the customer.
In view of the increased pressures arising from current economic, environmental, financial and social conditions on the global market, it is imperative to have a supply chain policy. A successful supply chain management strategy is a significant competitive advantage.
For further information click here.