Compliance Management System

Compliance with legislation in force, with the OTE Group Code of Conduct and the internal Policies is of great importance to our Company.

Ensuring Compliance is a priority for the Company's Board of Directors.

Compliance stands for a solid commitment to the principles of integrity, transparency, justice, professionalism, team spirit, and of respect to the rules, principles which are essential to govern the operation of the Company.

To that end, the Management has adopted and implemented a Compliance Management System (CMS), regarding the compliance of all (employees and management) with the legislation in force, with the Code of Conduct and with internal Policies, aiming to avoid financial risks, legal consequences as well as reputational damage for the Company and its employees. In so doing, the benefit is for all: the Company per se, the employees, the customers, the suppliers and the shareholders.

The effectiveness of the CMS relies on the commitment and the support of both management and employees.

The OTE Group Compliance Management System applied by the Company is based on the international standards ISO 37301:2021 (Compliance Management Systems),  ISO 37001:2016  (Anti-Bribery Management Systems) and ISO 37002:2021 (Whistleblowing Management Systems).

Key elements of the CMS

  • Preventing misconduct and in parallel complying with the policies included in the CMS. As a result, both the Company and its employees are protected from any legal consequences due to misconduct, while potential reputational risks are reduced. Prevention is achieved mainly through:                                                                                                                                                                                                                                                                                                                                               
    • Employees’ training about the risks that may arise from any violation of the applicable legal and regulatory framework, such as for example, human rights breaches, corruption incidents (e.g. fraud, bribery, etc.), falsification of accounting records and financial statements, misuse of personal data, money laundering, breach of communications privacy, as well as incidents of violence and harassment at the workplace.
    • The internal reporting channels that company employees can use in order to address questions regarding the application of the Code of Conduct and corporate Policies or receive guidance on daily work matters in case they are uncertain about how to deal with specific issues.

  • Detecting misconduct and responding to it. The Company has established internal reporting channels for submitting reports about potential breaches of corporate policies and procedures, regulations and applicable legislation, including breaches of Union law, as laid down in article 4 of Law 4990/2022 – ‘Protection of persons who report breaches of Union law’.

CMS Operation

Τhe Compliance Officer responsible for the planning and adoption of the CMS, reports directly to the Company's Board of Directors. 

The OTE Group Compliance, Enterprise Risks & Corporate Governance Committee has been established with main purpose to support and monitor the implementation of the Compliance Management (CMS), Risk Management (RMS), Corporate Governance Systems and human rights issues of the Group.

Management of Human Rights issues  

OTE Group declares that complies with the applicable laws and strives to comply with the international standards so as not to violate human rights and, to this end, it has adopted and applies the "Code of Human Rights & Social Principles", as binding on all Group companies. and has in place the communication channel humanrights@ote.gr for relevant issues.

Furthermore, OTE has designated on a corporate level, the Executive Director Compliance, ERM and Insurance OTE Group, as the responsible Officer for managing Human Rights issues, to whom, together with the designated persons in the group companies, internal and external inquiries as well as any relevant tip offs are addressed.

OTE Group Code of Conduct

The key to our Group of companies' success lies in the adoption of a corporate culture with common values and rules of conduct within and outside it, which is characterized by integrity, ethics and personal responsibility. In this context, the OTE Group Code of Conduct has been adopted. 

Our Code of Conduct is the framework for guiding the behavior of all people in the OTE Group of companies. Specifically, the Code confirms our commitment to consistently comply with the laws and regulations governing the operation of the OTE Group of companies as well as with the requirements relating to ethical behavior, and in conjunction with the Guiding Principles it supports the success of our Group.

Being part of the OTE Group and sharing the corporate identity requires that each and every individual accepts personal responsibility. A single incident of misconduct can damage not only the Group's success, but also the good reputation acquired through the commitment demonstrated by our people on a daily basis.

Our Code of Conduct is applicable to all people who work at OTE Group companies, worldwide: from Board members and Managing Directors to executives and employees. It also equally applies to consultants and individuals whose work is the functional equivalent of that performed by Group employees.

Compliance Policies

The following Policies and Codes apply in the context of implementing the Compliance Management System:

OTE Group Code of Conduct

The Code of Conduct is the framework for guiding the behavior of all people in the OTE Group of companies. Specifically, the Code confirms our commitment to consistently comply with the laws and regulations governing the operation of the OTE Group of companies, as well as with the requirements relating to ethical behavior, and in conjunction with the Guiding Principles it supports the success of our Group.

OTE Group Policy on Avoiding Corruption and other Conflicts of Interest

The Policy provides the framework for the avoidance of corruption and bribery, the prevention of conflict of interest situations and the adoption of measures in order to identify and deal with corruption/bribery incidents as well as to manage existing and potential conflicts of interest situations, which may be detrimental to the interests of the company, its customers and its business partners.[KEA1] 

OTE Group Diversity, Equity & Inclusion Policy

This Policy promotes the values of Diversity, Equity & Inclusion in the workplace (DE&I).

Policy on the Prevention and Combating of Violence and Harassment at the Workplace 

This Policy outlines the framework for managing any form of violence and harassment in the workplace in accordance with Law 4808/2021 for the Protection of Employment.

OTE Group Whistleblowing and Non-Retaliation Policy

The OTE Group Whistleblowing and Non-Retaliation Policy sets the framework for the adoption of a reporting system in OTE Group companies regarding violations of corporate policies and procedures, regulations, and applicable legislation, including breaches of Union law, describes the process regarding the submission, receipt and monitoring of reports and provides an integrated framework for the protection of persons who report breaches related to the above-mentioned matters.

OTE Group Code of Ethics for Senior Financial Officers

This Code defines the framework of conduct of the Senior Financial Officers, in order for honesty, integrity, transparency and ethical conduct by those persons to be promoted in the performance of their management responsibilities.

Binding Corporate Rules Privacy

These rules contain the necessary requirements for the processing of personal data in accordance with applicable Greek and European legislation and ensure the high level of protection of personal data.

OTE Group Policy on Insider Trading

The Policy on Insider Trading describes the responsibilities and obligations of the employees regarding the Inside Information.

OTE Group Policy on Anti-Trust Law

The Policy on Anti-Trust Law describes the operational framework in the context of antitrust law for the activities of OTE Group of Companies and its employees. It sets down corresponding operational guidelines for employees who conduct discussions or negotiations with competitors, suppliers or customers that have the potential to restrict the competitive freedom of action of OTE’s Group of Companies, its contractual partners or third-party companies.

OTE Group Donation Policy

The Donation Policy defines the specific transparent and mandatory procedures to be followed by OTE Group companies when assessing and implementing Donations, based on the action areas defined by the Sustainable Development strategy.

OTE Group Sponsoring Policy

The Sponsoring Policy describes how to deal with Sponsorship issues by setting out clear criteria for implementing the procedure which needs to be followed by the OTE Group companies in order to carry out Sponsorships, ensuring transparency regarding the efficient use of resources allocated for Sponsorships.

OTE Group Policy on Accepting and Granting of Benefits

This Policy provides a description of the rules and regulations of conduct with regard to the acceptance and offering of benefits in business dealings.

OTE Group Anti-Fraud Policy

The Anti-Fraud Policy provides a description of the rules and the basic guiding principles with regard to the fraud incidents that may occur at OTE Group companies and it sets the necessary measures for the prevention of such fraud cases.

OTE Group Event Policy

This Policy describes the basic conditions, principles and rules of conduct to be observed in the conception, planning, execution and monitoring of events.

OTE Group Policy on Avoiding Sexual Harassment within OTE Group

Target of this Policy is the prevention of sexual harassment acts, the awareness of managers and employees in relation with this issue, and the enhancement of confidence of employees regarding the support they shall have by their superiors in such cases.

Policy on Employee Relations within OTE Group

This policy specifies the key elements of employee relations within OTE Group. It describes what we stand for in our relationship with employees in all countries where we operate.

OTE Group Sustainability Policy

The Policy sets out the OTE and its affiliates’ sustainability/ ESG management approach and the framework of the overall action plan implemented by the Group, taking into consideration current and future economic, social and environmental conditions, priorities and challenges. 

OTE Group Supplier Code of Conduct

Based on the Company core values addressing business ethics, social and environmental commitments, the Company requires the Suppliers to adhere to the listed, at the Code, Principles, which will be attached to the contract entered between the Company and the Supplier. The Supplier shall implement these Principles through its whole supply chain.

Policy on Concluding Transactions with Related Parties

This Policy describes the method with which the Company handles issues regarding transactions with Related Parties, in compliance with current legislation.

Digital Ethics Guidelines on Artificial Intelligence OTE Group

Digital Ethics Guidelines on Artificial Intelligence OTE Group, set the rules that we need for the work of our developers and designers and for when we collaborate with suppliers and partners. They also provide legal certainty when it comes to the handling of AI products and services. Εach and every guideline is a statement and a promise: for taking on responsibility, for transparency, for data privacy, security, for self-determination in terms of data and for consumer protection.

Reporting Misconduct

You may report breaches of corporate policies and procedures, of the Code of Conduct, of regulations and applicable legislation (e.g. theft, embezzlement, fraud, active and passive corruption, misappropriation, forgery, property damage, money laundering, falsification of accounting records and financial statements, misuse of personal data, incidents of violence and harassment at the workplace, human rights breaches and in general, any act or omission that may cause a material or non-material damage to the Company) as well as breaches of Union law, as laid down in article 4 of Law 4990/2022 – ‘Protection of persons who report breaches of Union law’, by using the reporting channels mentioned below.

Internal reporting channels:

  • Electronic Whistleblowing form
  • Via e-mails:
    tellme@otesat-maritel.com & tellme@ote.gr
  • E-mail: humanrights@ote.gr
    for issues related to the Code of Human Rights and Social Principles (this does not exclude the use of the other channels)
  • Via telephone:
    +30 210 611 2345 (Monday through Friday: 10am until 5pm)
  • Postal address: Attn: Reports Receiving and Monitoring Officer OTESAT-Maritel, 99 Kifisias ave., P.C. 15124, Marousi, Attica, Greece

Please do not use these channels for any issues relevant with products or services provided by the Company. These issues should only be directed to Company's Customer Service.

Notice on the Operation of the Internal Reporting Channels, the Reporting Process and the related Processing of Personal Data.

The Company by the name ‘SATELLITE AND MARITIME TELECOMMUNICATIONS S.A. (OTESAT-Maritel)’, established in 8 Aegaleo str., P.C. 18545 Piraeus Greece (‘Company’), as a controller, has established and operate the abovementioned internal reporting channels in the context of Law 4990/2022 ‘Protection of persons who report breaches of Union law’ (Government Gazette 210/A/11-11-2022).

By this form, the Company provides the following information: (a) in the capacity of the Company as person liable according to L. 4990/2022, informs the persons entitled to submit reports through the channels, for the operation of the channels, the processes for monitoring reports and their rights, and (b) in the capacity of the Company as controller, informs data subjects of the processing of their personal data during channels operation and case management.

A.   Operation of Internal Reporting Channels and Reporting Process pursuant to L. 4990/2022.

Reporting persons may submit reports eponymously or anonymously, using the abovementioned reporting channels and are informed on the receipt of their report within seven (7) working days from the date of receipt. The Company takes the appropriate technical and organizational measures when monitoring the report, such as pseudonymization techniques of the personal data being processed in case of eponymous reports.

In case of an oral report submitted by phone, during the phone call, the reporting persons are informed of how they can monitor the progress of their report. During the monitoring of the report, the Reports Receiving and Monitoring Officer (‘RRMO’) of the Company may request from the reporting person to clarify the reported information, or to provide additional information on the subject of the report. Upon completion of the follow-up actions, the RRMO informs the reporting person on the outcome of the investigation as well as on the actions undertaken for the management of the report, within a reasonable timeframe, which does not exceed three (3) months from the acknowledgment of receipt of the report.

Personal data and any kind of information that leads, directly or indirectly, to the identification of the reporting person are confidential and not disclosed to anyone beyond the R.R.M.O. of the Company and the authorized members of OTE Group personnel who are responsible to receive or follow up on the reports, without the explicit consent of the reporting person.

Notwithstanding the above, the identity of the reporting person and any other information related to the report may be disclosed, only where there is an obligation imposed by law, in the context of investigations by competent authorities or in the context of judicial proceedings and provided that this disclosure is necessary to serve the purpose of L. 4990/2022 and safeguard the defense rights of the reported person. The disclosure takes place after the reporting person has been informed in writing and has given the right to submit in writing their objections to the Company.

The operation of the channels as well as the receipt, monitoring, management and archiving of reports are further specified in detail by the specific conditions of the "OTE Group Whistleblowing & Non Retaliation Policy", as in force.

Without prejudice to law, reporting persons shall not incur, inter alia, liability in relation to (a) the acquisition of information or access to information reported, provided that such acquisition or access does not constitute a self-standing criminal offense, and (b) the reports themselves, if they have reasonable grounds to believe that the report was necessary to reveal a breach.

Any form of retaliation against reporting persons, their colleagues or relatives, against facilitators and companies owned by the reporting persons or for which the reporting persons work, is prohibited, including threats of retaliation and attempts of retaliation. In case of retaliation, the persons against whom retaliation was undertaken, are entitled to full compensation for the damage suffered and may request the things to be restored to the state they were before the retaliation, if this is objectively possible and not disproportionately onerous for the Company. The termination of an employment contract that takes the form of retaliation, is in any case void.

The reporting person has the right to submit an external report to the National Transparency Authority (‘EAD’) in the following ways: (a) electronically by sending an e-mail to kataggelies@aead.gr or by completing a digital form on the website https://aead.gr/submit-complaint/ (b) by post, sending a written letter to the following address: National Transparency Authority, 195 Lenorman Ave. and Amfiaraou, 10442, Athens, as well as (c) in person at EAD headquarters mentioned above.

Following their request, the RRMO provides, in absolute confidentiality, to reporting beneficiaries and reporting persons appropriate information regarding the possibility to submit a report as well as information on the procedures according to which an external report can be submitted to EAD and, where applicable, to public authorities or institutions and other bodies or organizations of the European Union.

For any issue regarding the process of submitting, receiving, monitoring, managing and completing/archiving reports, the protection of the reporting and reported persons and, in general, the operation of the channels as well as the submission of external reports to EAD, you can contact the RRMO of the Company, by sending a relevant request to the following email accounts: tellme@otesat-maritel.com & tellme@ote.gr.

B.   Processing of Personal Data during the Operation of Internal Reporting Channels

During the operation of the channels, the Company as controller may process the data of the following categories of data subjects, as defined in L. 4990/2022: (a) reporting persons, (b) reported persons, (c) facilitators, and (d) third parties referred to in the reports or whose data may be included in documented monitoring actions.

The data, which are processed, are data included in reports as well as data that are processed during the submission, monitoring, management and archiving of reports, the protection actions of the reporting persons and, in general, the operation of the channels and the application of the ‘OTE Group Whistleblowing & Non Retaliation Policy’ and which concern or are related, inter alia, to legal rules breaches that fall within the scope of L. 4990/2022. Data sources are the reporting persons, the reported persons, the facilitators as well as third parties from whom data is collected when performing monitoring actions.

The purposes of the processing are the following: (a) the fulfillment of the obligation to establish and operate the channels, (b) the submission, monitoring, management and archiving of reports, (c) the execution of monitoring actions and, in general, the adoption of the necessary measures for the follow-up of submitted reports, (d) the protection of reporting persons, in particular against retaliation, (e) the adoption of disciplinary measures or even legal actions against reported persons who commit violations, (f) the provision of information on criminal offenses to the competent investigative and judicial authorities, (g) the safety and confidentiality of the process regarding the monitoring of reports and the processed data related to it, (h) the establishment, exercise or defense of legal claims of the Company or third parties, and (i) the improvement of Company’s organization and management.

The legal basis of the processing is, on the one hand, the compliance with the legal obligations of the Company, as defined in L. 4990/2022, as well as the pursuance of OTE Group legitimate interests for the proper operation of its companies and the prevention, suppression, criminal prosecution and compensation for violations within those companies (Article 6 § 1 (c) and (f) GDPR) and, on the other hand, the processing for the establishment, exercise or defense of legal claims of the Company or third parties as well as for reasons of substantial public interest based on L. 4990/2022 [article 9 § 2 (f) and (g) GDPR].

Our Company will keep your personal data for a period of five (5) years from the completion of the follow up of the report or from the adoption of measures to protect the reporting persons or the adoption of disciplinary measures or/and legal actions against the reported persons or third parties. Our Company may retain your personal data after the abovementioned period in the following limited cases: (a) if this is necessary and for as long as it is required in the context of pursuance of the processing purposes, or (b) if there is a legal obligation from a relevant law provision, or (c) for defending our rights and legitimate interests before any competent Court and any other public authority within the provided limitation period.

The following categories of data processors on behalf of the joint data controllers have access to the personal data: (a) IT service providers in the context of supporting and hosting Company's IT systems, (b) professional advice providers in the context of supporting the monitoring of reports and (c) auditors in the context of conducting audits for the fulfillment of Company's legal obligations. The Company may transfer personal data to lawyers and law firms for the provision of legal services for the purpose of establishing, exercising, or defending Company's legal claims. Finally, transfers of relevant information to the competent supervisory, investigative, and judicial authorities may take place in the context of the execution of the Company's legal obligations or the exercise or defense of its legal claims.

Your personal data is exclusively stored at Company's premises, where it is protected by appropriate security measures. We will not transfer your data to third countries outside the European Economic Area (EEA).

Without prejudice to law, employees or third parties who report incidents of misconduct as well as employees or third parties who may be included in the above reports may exercise, as applicable, the rights provided for in articles 15-22 of the GDPR regarding access, rectification, erasure, restriction of processing, data portability or objection to the processing of their personal data or objection to automated decision-making, including profiling, by sending a relevant request to the email account: privacy@ote.gr.

The Company may reject the relevant requests of the involved parties for the period of time that will be deemed as critical in order to avoid obstructing investigations or to implement the actions towards the conclusion of the case or the protection of the reporting persons.

Alternatively, in case you consider that we have not adequately satisfied your request and the protection of your personal data is adversely affected in any way, you can file a complaint to the Hellenic Data Protection Authority (Kifisias Ave. 1-3, P.C. 115 23, Athens, phone: 210 6475600). Detailed instructions for submitting a complaint are provided on the Authority's website: Complaint to the Hellenic DPA | Hellenic Data Protection Authority