1.1 Responsible and ethical business is the core of Lemeks Grupp companies. When promoting trust and transparency among its employees, customers, and partners, Lemeks Grupp considers it important to act in accordance with the law and respects public interest. Lemeks Grupp values the integrity and law-abiding behaviour of its employees and other co-operation partners and encourages reporting any breaches and misconduct at the workplace, while ensuring full protection for those reporting such breaches.
1.2 The Procedure for Reporting Work-related Breaches (hereinafter Procedure) specifies the procedure for submitting and processing reports of work-related breaches concerning companies belonging to Lemeks Grupp (hereinafter Lemeks Grupp or the Group) and the protection of the reporting person from retaliation.
13 The objective of the Procedure is to eliminate such breaches as quickly as possible and with minimal public attention, so as to prevent their possible impact on the safety and security of employees, co-operation partners, customers, etc., as well as on the performance of work and the reputation of companies and institutions.
1.4 The Procedure applies and internal reporting is intended for all employees of the Lemeks Grupp, regardless of their position or status (including, for example, job applicants, former employees, temporary employees, and trainees), members of the Management Board and Supervisory Board, as well as all persons providing services to the Group, such as external consultants, employees of service providers and co-operation partners, etc.

2.1 By work-related breaches, including potential breaches, Lemeks Grupp means misconduct resulting from acts or omissions in which case a company belonging to the Group or an employee, associated co-operation partner, subcontractor, or other party associated with the Group violates applicable legislation, or if its actions are contrary to the purpose of the law or the Group’s internal rules and may damage the reputation or financial results of the Group or a specific company or the society as a whole.
2.2 Such breaches may be related to any domain, incl. public procurements, financial services, products and markets, prevention of money laundering and terrorist financing, product safety and compliance, transport safety, environmental protection, public health, etc.
2.3 Examples of misconduct include:
2.3.1 breach of procedures and internal rules established within the Group;
2.3.2 endangering people’s health and safety;
2.3.3 inappropriate or unethical behaviour;
2.3.4 discrimination, harassment, persecution, incl. workplace bullying;
2.3.5 breach of contract;
2.3.6 misuse of resources;
2.3.7 misappropriation of the Group’s assets;
2.3.8 fraud or intentionally committed mistake upon the preparation, evaluation, review, and/or audit of financial statements and documents;
participation in, or approval of, breaches through deliberate suppression or concealment of information related thereto or other acts or omissions at the workplace that are in conflict with legal and moral standards.
2.3.9 participation in, or approval of, breaches through deliberate suppression or concealment of information related thereto or other acts or omissions at the workplace that are in conflict with legal and moral standards.

3.1 Reports of potential breaches (hereinafter Report of Breach) can be submitted electronically to the e-mail address teavita@lemeks.ee
3.2 A person reporting a breach (hereinafter Reporting Person) may submit a Report of Breach complete with his or her personal data or anonymously. In cases where a Report of Breach is submitted anonymously, it will not be possible to contact the Reporting Person and provide feedback, request additional information if necessary, and inform about the application of follow-up actions.
3.3 When reporting a breach, Lemeks Grupp requests provision of at least the following information:
3.3.1 the Reporting Person’s first and last name (optional);
3.3.2 the Reporting Person’s contact details (optional);
3.3.3 the Reporting Person’s position or co-operation relationship (optional);
3.3.4 circumstances of the breach:
1) time and place of the breach
2) description of the breach
3) persons associated with the breach
4) consequences of the breach, if any
5) names of persons also aware of the breach
6) whether and to whom the breach has been reported and with what result
7) evidence supporting the claims (if any)
8) if the Report is submitted at the request of another person, the name of the person
3.3.4 request or refusal to receive confirmation of receipt of the Report of Breach;
3.3.4 request or refusal to receive feedback about the processing;
3.3.4 request or refusal to receive notification about the outcome of the processing.
3.4 The Reporting Person must act in good faith and have reasonable belief in that the submitted Report of Breach and the claims contained therein are true. Deliberate submission of a false Report of Breach is prohibited.

4.1 Lemeks Grupp ensures that the reporting channel is managed and accessed only by the Chief Financial Officer of Lemeks Grupp, who forwards received Reports of Breach to the person designated to process Reports of Breach or to his or her deputy (hereinafter Competent Person). All Reports of Breach are processed confidentially to protect the identity of the Reporting Person and any third parties mentioned in the Report.
4.2 A confirmation of the receipt of the Report of Breach will be sent to the Reporting Person no later than 7 (seven) days after the receipt of the Report, unless the Reporting Person has expressly prohibited the sending of the confirmation or there is reason to believe that this would endanger the Reporting Person’s confidentiality.
4.3 Investigation and processing of the information provided in a Report of Breach submitted anonymously may be waived if the information provided is insufficient for conducting an investigation and additional information is not available because of the anonymous submission.
4.4 A Report of Breach is processed thoroughly and comprehensively. If necessary, additional explanations regarding the breach are requested from the Reporting Person or other persons involved in the processing while ensuring the confidentiality of the Reporting Person.
4.5 The Competent Person draws up a conclusion regarding the case stated in the Report of Breach, in which conclusion the follow-up action plan and the persons required to submit a report on the outcome of the processing to the Competent Person are specified.
4.6 The Reporting Person is provided with feedback on the conclusion and follow-up actions as soon as possible, but no later than 3 (three) months from the receipt of the Report of Breach. The Reporting Person is also provided with feedback on the outcome of the processing of the breach. No feedback is provided if the Reporting Person has explicitly prohibited sending the feedback or if there is reason to believe that it would endanger the Reporting Person’s confidentiality, if providing feedback would be contrary to the law, or if the Report was submitted anonymously.
4.7 If no breach is ascertained during the investigation, the processing is concluded and the case is closed.
4.8 If a Report of Breach cannot be processed based on this Procedure in accordance with requirements provided by law, the Report of Breach is forwarded immediately, but no later than on the 5th (fifth) working day from its receipt, complete with the relevant annexes, to another competent authority and the Reporting Person is notified about this, unless the Reporting Person has expressly prohibited the sending of confirmation or there is reason to believe that it would endanger the confidentiality of the Reporting Person.
4.9 If information provided in a Report of Breach should give rise to the suspicion that an offence has been committed or is being planned, in addition to other legal measures, a report of criminal offence may be filed with the prosecutor’s office and the Police.
4.10 In the interests of a potential or ongoing investigation, the Reporting Person undertakes not to disclose information about the reporting of the breach or the existence or progress of the investigation.
4.11 A Report of Breach is stored for 3 (three) years from the date of feedback provision. The procedure for storing Reports of Breaches is established by a regulation of the Government of the Republic.

5.1 Confidentiality is granted to a Reporting Person and he or she is guaranteed the most efficient protection against any retaliation, whether actual or intended.
5.2 The content of a Report of Breach is published and used only for the purpose of identifying the breach and implementing follow-up actions. The identity of a Reporting Person may be disclosed to anyone other than the person authorised to receive and process the Report only with the written consent of the Reporting Person. If criminal or misdemeanour proceedings are initiated based on a Report of Breach, the confidentiality of the fact of the reporting is ensured with variations provided for in the relevant code.
5.3 A Reporting Person is always presumed to act in good faith until proven otherwise. This is an important safeguard ensuring that protection endures if the Reporting Person has submitted an incorrect Report in good faith.
5.4 If the Reporting Person submits a Report of Breach maliciously or for personal gain and the Report is based on knowingly false or misleading information, the person is not considered a Reporting Person for the purposes of this Procedure and appropriate action under the law, including disciplinary action, may be taken.
5.5 Lemeks Grupp ensures fair treatment of all persons submitting relevant reports of breaches or inappropriate activities and protects Reporting Persons against discrimination and unfavourable or unfair treatment, as well as unjustified disciplinary action (hereinafter jointly referred to as Retaliation).
5.6 A Reporting Person believing retaliation is being planned or effected against him or her must report this to the Chief Financial Officer of Lemeks Grupp, who will investigate without delay any occurrence of unfair treatment and changes in employment potentially constituting retaliation against an employee engaged in any protected activity.
5.7 If it is established that an employee of the Lemeks Grupp has taken retaliation, made a corresponding attempt, or threatened to take retaliation against a Reporting Person, the case will be investigated and, if necessary, action taken to eliminate the retaliation. Any employee associated with taking retaliation shall be liable for his or her actions in accordance with the procedure prescribed by law.

6.1 The Procedure enters into force from the moment of its publication on the Lemeks Grupp website.
6.2 In matters not regulated by the Procedure, the Act on Protection of Persons Who Report Work-Related Breaches of European Union Law (leitav https://www.riigiteataja.ee/akt/13005202400, Directive (EU) 2019/1937 of the European Parliament and of the Council (EU) 2019/1937 of 23 October 2019 on the protection of persons who report breaches of Union law, and other applicable legislation and the company’s internal rules are to be followed.
6.3 Additional information and explanations regarding the reporting procedure and the rights of the Reporting Person can be obtained by sending inquiries to the e-mail address teavita@lemeks.ee. The confidentiality of the person requesting the explanations is guaranteed.