IntegrationsUse CasesLearn
Sign inSign up

Legal

terms

General

Corporate

Additional Features

Professional Services

Acceptable Use

privacy

Privacy Policy

Cookies

Data Protection

Subprocessors

Legal Requests

Private Information Removal

Sensitive Data Removal

Trust & Safety

Trust & Safety

Community Guidelines

Malware & Exploits

Bullying & Harassment

Disruptive Behavior

Doxxing

Hate & Discrimination

Usernames

Impersonation

Veracity

Obscenity

Violence

User Reports

Government Reports

Appeals

Whistleblowing

Sanctions

Suppliers

developers

Contributing

Individuals

Organizations

Third-Party Credits

HASH License

Repo Licensing

Intellectual Property

Intellectual Property

Trademark Policy

Copyright Policy

Copyright Notices

Copyright Counter-Notices

More Resources

Developers
Contact Support

Legal

Whistleblowing Policy

1. Introduction

The information on this page (our “Policy”) sets the general principles and the operational framework through which HASH receives, assesses, and investigates reports alleging irregularities, omissions or offenses that come to the attention of our employees, customers, suppliers, or other stakeholders.

The Policy constitutes a means of ensuring our integrity, internal governance, and reputation of HASH, contributing to the identification of risks and to the adoption of the appropriate corrective measures, including but not limited to, detecting in advance incidents of fraud or other serious offenses, applying the appropriate measures to liable parties and, when required, notifying any competent Authorities, as the case may be.

Ensuring an environment of trust and safety for our employees, customers and suppliers, HASH encourages reporting in good faith any perceived illegal acts or serious offenses, which may come to their attention.

2. Regulatory Compliance

A. Strengthening Effect

This Policy does not impair any right of a reporting person under existing laws and should not be interpreted to contravene existing laws, regulations, and rights thereunder. In addition, this Policy does not intend and shall not be deemed to prohibit or restrict a reporting person in any way from communicating directly with, cooperating with, responding to any inquiry from investigatory or other agency, authority or body, foreign regulatory, investigatory or other agency regarding any possible violation or suspected wrongdoing.

In jurisdictions where local laws or regulations set stricter rules than those set out in the present Policy, the stricter rules prevail.

B. EU Regulations

The Policy complies with the requirements of the regulatory framework, as stipulated in the Directive (EU) 2019/1937 of the European Parliament and of the Council on “the protection of persons who report breaches of Union law” as well as relevant legal and regulatory provisions.

3. Scope

A. Definitions

For the purposes of this Policy, the following definitions shall apply:

  • "Breach" is the unlawful act or omission which relates to the laws and regulations applicable to HASH, as set out below.

  • "Report" is the oral or written communication of an actual or potential breach or a concern.

  • "Reporting person" or "Whistleblower" is the natural person who reports or discloses information on breaches in the context of their work-related activities with HASH.

  • "Reported Person" is the individual against whom an allegation has been made, a natural or legal person who is referred to in the report as a person to whom the irregularity is attributed or with whom that person is associated.

  • "Retaliation" is any direct or indirect act or omission which occurs in a work-related context, prompted by reporting, which causes or may cause unjustified detriment to the whistleblower. Retaliatory actions may include, but are not necessarily limited to, harassment, discriminatory treatment, inappropriate performance appraisal, salary freeze or adjustment, work assignments, demotion, termination of employment, or the withholding of an entitlement.

  • "Responsible personnel" is an impartial person or department of HASH designated to assess the information provided by the reporting person in the report (see below Section 4).

B. Reporting Persons

This Policy applies to the following categories of reporting persons:

  • a. All employees of HASH,

  • b. All contractors, subcontractors and suppliers of HASH, as well as persons working under their supervision,

  • c. All HASH shareholders or members of our Board of Directors,

  • d. Any persons whose work-based relationship with HASH has ended or is yet to begin for information on breaches acquired during the recruitment process, pre-contractual information or information acquired during the course of their employment,

The present Policy also applies to colleagues and relatives of reporting persons, as well as to legal entities that the reporting persons own, work for or are otherwise connected with in a work related context.

C. Breaches

HASH encourages and considers critical the provision of information by reporting persons regarding offenses and suspected illegal behavior, mismanagement incidents or serious irregularities-omissions in connection with HASH's regulations, policy and procedures, financial reporting and financial statements, whenever the reporting person reasonably believes that the information disclosed is substantially true.

Information on breaches may include both known information and reasonable suspicions about either actual or potential breaches, which occurred or are very likely to occur, and about any attempts to conceal such breaches.

Reporting persons are encouraged to report in good faith any such information that may relate to any laws and regulations that apply to HASH, such as:

  • Acts or omissions involving gross negligence, potential fraud or corruption;

  • Breach of laws and regulations regarding the prevention of money laundering and terrorist financing;

  • Acts or omissions conflicting with the interests of HASH involving serious violations of HASH's policies and procedures;

  • Acts or omissions which endanger the safety of an employee;

  • All kinds of harassment (e.g. sexual, racial, religious, gender identity etc.), as well as abuse of power.

  • Offering or accepting a bribe by a HASH employee;

  • Expropriation, theft or mismanagement of assets and money belonging to HASH or to customers of HASH;

  • Breach of confidentiality and data protection laws;

  • Consumer protection;

  • Infringement of the legal framework applicable to HASH;

  • Acts or omissions relevant to the integrity and accuracy of HASH's financial statements and reporting;

  • Acts harmful to the environment.

Good faith reports received in relation to any other applicable laws or regulations are furthermore encouraged.

Reporting persons are strongly encouraged to submit substantiated information on breaches, so that HASH may reasonably undertake actions to investigate and follow-up on the information provided.

4. Anonymity & Confidentiality

HASH has put in place a secure process which ensures the anonymity of any reporting person, as well as the confidentiality of their identity and that of any third party mentioned in the report.

Whistleblowers shall be protected against retaliation or reprisal actions, on the following grounds:

  • The identity of the Whistleblower, should they have opted not to be anonymous, shall be protected and confidentiality shall be ensured.

  • Submitted reports are communicated only to predefined persons, the number of which is narrowed to those responsible for carrying the investigation and are entitled to act in discretion and confidentiality. By respecting the above would also result in protecting the identity of the reported persons.

HASH ensures that the Whistleblower is properly protected against possible negative consequences, such as threats or attempts of retaliation, or discrimination or any other form of unfair treatment.

Revealing the identity of the Whistleblower may be required by a judicial or other legal procedure in the context of investigating the corresponding case. In particular, the Whistleblower shall be informed before their identity is disclosed, unless such information would jeopardize the related investigations or judicial proceedings. When informing the Whistleblower, HASH shall provide an explanation for sharing the confidential data concerned.

HASH ensures that Reported Persons are fully protected against potential negative impact, in such cases where the assessment of the report does not reveal a Policy breach. Even when the investigation decides upon a justified violation and measures have been taken against the Reported Persons, their protection is ensured against involuntary negative effects, irrespective of potential sanctions imposed by the competent bodies.

HASH takes all necessary technical and organizational measures to protect personal data. Any processing of personal data under this Policy is carried out in accordance with relevant national and European regulation. Personal data of the parties involved is protected and is processed for the sole purpose of verifying their validity. The Legal Department retains in electronic format, a file, which includes all submitted reports, as well as the corresponding documentation. The records are not stored longer than is necessary and are deleted in accordance with applicable laws and regulations.

5. Procedure

A. Reporting Channels

Reports can be submitted by e-mail to [email protected], or optionally by post to: HASH Legal, 2109 Broadway #1141, New York, NY, 10023

Upon request of the Whistleblower, the report may also be submitted by means of a physical meeting. In such a case, the responsible staff ensures that, subject to the consent of the Whistleblower, the conversation is recorded in a durable and retrievable form.

In order to facilitate the proper examination and assessment of the submitted reports, the reporting persons are encouraged to provide all available information, including the facts giving rise to the suspicion/concern related with the report, indicating the date and nature of the event, the name(s) of the person(s) involved as well as potential witnesses, or other evidence, including documents and locations.

B. Processing of Reports

HASH's responsible personnel shall process reported breaches in the following manner:

  • Upon receipt of the report, the responsible personnel undertakes to assess the information provided by the reporting person in the report. All persons assigned the examination or assessment of a particular case are obliged to disclose to HASH any conflicts of interest prior to performing any actions with regard to the case and abstain from any further involvement in that case.

  • The responsible personnel shall follow-up on any report and an acknowledgement of receipt will be provided to the reporting person within seven days.

  • If the case is out of scope of the present Policy, obviously unsubstantiated or no investigation can be undertaken, the report is closed and archived. The reporting person is notified via email.

  • If the case can be investigated, the responsible personnel will begin an internal investigation by engaging other competent functions of HASH based on the circumstances and the specific areas of the business and by requesting additional information from the reporting person if necessary. The reported person may be asked to provide relevant information, as well.

  • Based on the outcome of the investigation, the responsible personnel decides on remediating actions and informs the whistleblower of the decision taken on their report. If the reported breach is material the Board of Directors may be informed about the breach.

In any case, HASH shall provide feedback to the reporting person within a reasonable timeframe, not exceeding three months from the acknowledgement of receipt. Such feedback may indicatively include:

  • referral to other channels or procedures in the case of reports exclusively affecting individual rights of the reporting person;

  • closure of the procedure based on lack of sufficient evidence or other grounds;

  • launch of an internal enquiry and, possibly, its findings and any measures taken to address the issue raised;

  • referral to a competent authority for further investigation, in accordance with applicable laws

C. External reporting

The present Policy does not preclude the reporting of breaches or relevant information to external channels maintained by competent authorities, in accordance with applicable laws. Any reporting undertaken in accordance with the present Policy does not constitute a precondition for the submission of reports to external channels maintained by competent authorities.

6. Responsible Personnel

HASH shall ensure that the designated responsible personnel possess the necessary professional skills and knowledge to assess and investigate reportable breaches in accordance with HASH's policies and the applicable legal framework. Designated responsible personnel have a duty to maintain professional secrecy and confidentiality when transmitting the information both inside HASH and outside towards any competent or judicial authority.

Responsible personnel may be designated from the Legal Department. If the investigation requires special knowledge or skills, the responsible personnel considering the particulars of the case may also assign the investigation to other members of the HASH's staff (e.g. staff members of HASH's HR function).

In any event, any detected conflicts of interest that have not been disclosed or breach of confidentiality by involved staff members shall be considered a serious breach of professional conduct by the responsible staff member and will be subject to appropriate disciplinary measures.

7. Review

This Policy will be reviewed once a year or whenever significant regulatory changes take place.

Create a free account

Sign up to try HASH out for yourself, and see what all the fuss is about

By signing up you agree to our terms and conditions and privacy policy