1. PURPOSE OF THE COMPLIANCE PROGRAM
The company EUROSOFTWARE, s.r.o. introduces this Compliance Program to ensure the compliance with legal regulations, internal guidelines and generally accepted ethical standards and principles of fair business practices in its day-to-day business practice. The main goal of this Compliance Program is to determine comprehensively, intelligibly and clearly the basic principles of activities within the company and introduce effective preventive, control and repressive measures so that any risk of illegal or unethical behavior within the company is eliminated and consequently any liability claims against the company, incl. criminal liability are avoided.
The confidence in the Compliance Program is ensured by the possibility of anonymous reporting of compliance incidents, protection of the reporting person and by creating an independent and impartial position of a compliance officer. The company has been acting on the IT market since 1997 and is an important employer in the Pilsner Region. Since its establishment, the company has been very mindful of its good reputation and therefore places a great emphasis on fair, legal, ethical and transparent conduct and behavior both in the company and towards its customers, suppliers and other third parties. The company declares zero tolerance for unlawful conduct and takes every effort to eliminate any possible unlawful behavior of both its employees and statutory bodies.
The company expects that evaluating the effectiveness of the Compliance Program on a regular basis and its continuous improvement will contribute to the formation of the company's corporate culture and to the development of a professional, decent and fair business in the Czech Republic and abroad.The Compliance Program as a whole is binding for the company and is available to employees especially via a corporate internal computer network. To ensure maximum transparency, the Compliance Program is also accessible by the general public via the company's website. In case of additional questions or uncertainties regarding the Compliance Program, the compliance officer can be contacted.
2. BASIC COMPLIANCE PRINCIPLES
EUROSOFTWARE, s.r.o. believes that it is necessary to introduce and to comply with the following basic principles to prevent effectively the unlawful or unethical behavior:
2.1 PREVENTION PRINCIPLES
- Monitoring the development of legal regulations particularly in the company's sphere of business, incl. judicial decisions and interpretation opinions of public administration authorities on a regular basis
- Checking which specific rights and obligations apply to the company according to these legal regulations
- Taking necessary actions to meet legal obligations
- Making the company's employees familiar with legal obligations
- Observing the company's legal obligations, ethical principles and fair business practices
- Determining competence and sphere of action of employees, incl. clear determination of responsibilities of the individual employees for meeting the legal obligations
- Refraining from taking an intended action in cases of doubt regarding the compliance of such action with legal regulations
- Avoiding behaviors or activities that may damage the good reputation of the company or may be considered unethical, contrary to good morals or otherwise inappropriate
- Cooperating with experts in the given field and taking their advice on debatable questions
- Acting in such a way so that the good reputation of the company is not harmed and the company's interests are protected
- Evaluating risks systematically
- Paying attention to keeping the company's activities transparent
- Actively contributing to meeting the objectives of the Compliance Program
- Examining business partners with whom the company enters into contractual or other relationships (using especially publicly available sources and references – e.g. Commercial Register, Insolvency Register, ARES /Administrative Register of Economic Subjects/ and common Internet search engines) and evaluating the information found while maintaining the principles of equal treatment
- Filling vacancies with professionally and morally qualified employees
- Keeping proper documentation of the Compliance Program; all records must be true, complete and correspond to activities actually performed
- Archiving the Compliance Program documents for a necessary period of time so that the company has relevant evidence to submit to law-enforcement authorities or other authorities (detailed conditions can be specified in the company's Document Filing and Shredding Rules)
- To exclude corrupt conduct it is necessary to eliminate, to maximum possible extent, giving and receiving gifts (a gift shall be accepted or given only in usual situations and should be of usual value, e.g. presentation gifts with the company's logo; however these gifts alone or in connection with other circumstances must not have any effect on the business judgment and on business decisions) and not to accept from third parties/closely related persons and not to provide third parties/closely related persons with any rewards, services, vouchers or other similar benefits in connection with the company's business
- When negotiating with business partners, keeping impartial approach and using only objective criteria for supplier selection, in particular the product quality, the price of products and services offered and related business conditions
- Refraining to act in a conflict of interests, i.e. not making decisions affected by family ties, emotional attachments, financial relations or other ties of employees and third parties
2.2 CONTROL PRINCIPLES
- Checking the observance of legal regulations, internal guidelines and ethical rules by company's employees or other persons that participate in company business activities and actively identifying risk situations
- If any risk of breach of legal regulations is identified, informing the employee's superior, the statutory body of the company or the compliance officer immediately
- Monitoring and evaluating the effectiveness of the Compliance Program
- Enabling anonymous reporting of compliance incidents by company's employees and third parties
- Ensuring protection of reporting persons and refraining to take any countermeasures, discriminatory measures or other negative actions against them
- Reporting to the compliance officer if an employee believes that an order/instruction of the employee's superior does not comply with legal regulations, ethical rules or fair business practices.
2.3 REACTION PRINCIPLES
- Not tolerating unlawful behavior
- Pointing out a breach of duty to employees and explaining them how to proceed correctly in future
- In case of a severe or repeated misconduct, drawing the necessary consequences for the responsible persons
- If any misconduct is identified, taking measures to avoid unlawful behavior, to avert detrimental consequences and to eliminate damage and at the same time taking measures to prevent similar misconduct in future
- Analyzing the causes of the breach of duty and updating the Compliance Program to eliminate or minimize these causes in the future.
3. TOOLS OF THE COMPLIANCE PROGRAM
3.1 CREATING THE COMPLIANCE OFFICER POSITION
EUROSOFTWARE, s.r.o. establishes the position of the compliance officer to create conditions and prerequisites for effective functioning of the Compliance Program. The managing director of the company commissions a company's employee or a third party to act as the compliance officer of the company. The compliance officer should be a person with relevant knowledge and experience who is morally qualified and without a criminal record. If necessary, several compliance officers can be appointed, usually for the individual branches of company business activities or branches of law. It is also possible to appoint an internal compliance officer (e.g. to ensure and check internal processes in the compliance area) and an external compliance officer (e.g. to eliminate the risks of company's criminal liability). If several compliance officers are appointed, it is necessary to determine the scope of their activities. The decision on appointing a person (persons) to the position of compliance officer is enclosed to this directive as Appendix 1. The company makes the employees acquainted with the person (persons) of the compliance officer, incl. his/her (their) contact details.
The rights and obligations of a compliance officer are in particular:
- Monitoring the current legal regulations and obligations arising for the company from these regulations, incl. judicial decisions, expert articles, comments, recommendations and opinions of public administration authorities or entities specialized in the given topic
- Consulting company's obligations with experts in the given sphere
- Informing the managing director and if necessary the management personnel about new legal regulations
- Checking whether the company's internal rules are in compliance with the legal regulations and cooperating on the creation of internal rules
- Checking whether the company has taken actions to meet its obligations in compliance with the legal regulations and whether it has appointed a person responsible for meeting these obligations
- Checking the effectiveness of the actions taken on a regular basis and informing the managing director or the management personnel if the actions taken are insufficient and suggesting corrective actions
- Checking the observance of legal regulations, internal guidelines and ethical rules by the company's employees or other persons taking part in company business activities
- Requiring necessary cooperation from employees
- Proceeding independently and impartially to accomplish the goals of the Compliance Program
- Giving employees advice on meeting the obligations arising from legal regulations, internal rules or ethical code of conduct, answer their questions and explain any uncertainties regarding the Compliance Program
- Keeping records related to the compliance area (especially according to par. 3.3 of this directive)
- Ensuring that the employees are made familiar with legal regulations, internal and other rules of the company
- Submitting the draft plan for employees training to the managing director or the management personnel (training frequency, training area, training scope)
- Accepting initiatives to verify the compliance of company's activities with legal and other regulations
- Accepting suggestions regarding improvement of the Compliance Program
- If any company's misconduct is identified, suggesting measures to the managing director or the management personnel to prevent similar misconduct in future
- If corrective actions are taken, supervising the implementation of the actions taken by the person in charge of this implementation and checking whether the actions taken are respected
- Usually once a year, preparing a report on the compliance officer activities and submitting it to the managing director of the company (the report includes generally the inspection results, changes in internal rules and guidelines, information about new legal regulations, actions taken, received compliance reports, etc.)
- Other rights and obligations stated in this directive or in other internal rules of the company.
For the avoidance of doubt, it is to be stated that the compliance officer's activities are not meant to substitute for the activities of the company management and the compliance officer has no decision-making powers. The main task of the compliance officer is to advise the company in compliance matters, to help the company with the implementation of measures leading to fulfilment of legal obligations and to the elimination of a company's liability risk (incl. criminal liability), to check continuously and evaluate the effectiveness of the actions taken and investigate compliance incidents. The decision-making powers are concentrated solely in the hands of the managing director or the management personnel.
3.2 ORGANIZATIONAL RULES
The company has set up organizational rules that define the company's organizational structure and describe relations between the individual organizational units, workplaces or employees of the company. The organizational rules show superior-subordinate relation of individual employees, their powers, competences and spheres of actions and thus also their scope of responsibility. The Appendix 2 to this directive shows a sample overview of basic legal obligations of legal entities, divided into the individual areas. It is supposed to help the company in creating organizational rules while checking which specific duties the company must comply with and whether the responsibility for ensuring the fulfillment of these duties and the control of fulfillment of duties are assigned to specific persons or specific job positions in the organizational rules.
The sample overview is not and cannot be an exhaustive list of all legal obligations of the company, should, however, help to facilitate the creation of organizational rules and serve as inspiration when determining competences of individual employees. The compliance officer ensures that the sample overview is continuously controlled and completed and discusses related issues with experts in the given field. If in the organizational rules neither a specific person nor a specific position has been assigned responsibility for ensuring the fulfillment of duties and the control of fulfillment of duties, so this responsibility lies with the managing director of the company. Further, the organizational rules can optionally contain (in addition to legal duties) employee's competences in connection with the business activities being performed.
The organizational rules shall constitute Appendix 3 to this directive. The compliance officer cooperates with the relevant responsible persons in accordance with the organizational rules - usually with the management personnel, superiors or otherwise determined responsible persons who are familiar with usual day-to-day activities of the company in the given field (hereinafter referred as „responsible person“).
Responsible person:
- shall provide the compliance officer with information, documents and cooperation that are necessary to check the compliance of company's activities with legal and other regulations
- shall consult the compliance officer on debatable questions
- shall consult the compliance officer on new legal obligations of the company and on the possible ways of how to integrate them into the company's activities
- shall consult the compliance officer on the current actions taken and their effectiveness and feasibility in practice
- shall consult the compliance officer on questions concerning training of subordinates (training needs, scope and frequency of training, etc.)
- shall draw attention to the weak points of the individual actions taken
- shall submit their proposals and recommendations
- shall control the observance of legal regulations, internal guidelines and ethical rules of conduct by subordinates.
However, the aforementioned does not exclude possible cooperation of the compliance officer with other company's employees and does not affect the duty of other employees to provide the compliance officer with necessary cooperation.
3.3. KEEPING COMPLIANCE RECORDS
The compliance officer is obliged to keep records related to compliance that generally include:
- overview of current company's internal rules issued (incl. appendices to this directive)
- overview of completed employees trainings and employees training plans
- registering reports on possible breach of legal regulations in the company received from employees
- reports on compliance officer's work
- records of inspections performed on company's activities and of actions taken
- minutes of meetings (with responsible persons, managing director, company's employees, etc.)
- experts' opinions on debatable questions.
3.4 PREVENTIVE MEASURES
The company is aware of the fact that rebuilding a damaged company's reputation is always difficult and therefore the company strives to prevent adverse events and their negative consequences by taking preventive actions as it is better to remove or at least eliminate possible causes than solve the negative consequences of adverse events. For this purpose, the company makes maximum effort to prevent illegal or unethical behavior of employees and reduce opportunities of employees to act contrary to legal regulations or other standards.
The preventive measures are based on:
- sufficient awareness of employees on their duties and on company's obligations
- continuous training and education of employees
- functioning control mechanism
- regular meetings where the compliance officer and the managing director or management personnel discuss about problematic matters and evaluate the effectiveness of the actions taken.
The compliance officer ensures that company's employees are made familiar with the Compliance Program of the company. Every employee confirms by their signature on the signature sheet enclosed to this directive as Appendix 4 that they have been made familiar with the Compliance Program. The compliance officer proposes and discusses the employee training plan in the compliance area with the managing director or management personnel. The purpose of the training plan is to familiarize employees with the relevant issues, forms and manners of how poor behavior is expressed and to improve their ability to recognize undesirable behavior, thereby eliminating the risk of its occurrence. For the avoidance of doubt, it is to be stated that the compliance training concerns only prevention of unlawful behavior of employees and is not aimed at improving or deepening their qualification or other specialized education related to their working area. The specialized training plan does not fall within the competence of the compliance officer and is set up separately, outside the Compliance Program.
The training plan is usually prepared for the period of a year and contains:
- training scope, frequency and topics
- overview of new employees' initial trainings and trainings for existing employees
- overview of trainings on company's internal rules
- indication of whether the training will be provided by internal or external instructors
- estimated costs associated with the employees' training
- The training plan is approved by the managing director or a senior manager of the company.
The compliance officer keeps records of approved employee training plans and of trainings completed by the employees. The records of completed employee trainings also include a signature sheet with signatures of employees who attended the training.
3.5 CONTROL MEASURES
The prevention of unlawful behavior involves establishing an effective control system whose purpose is to verify the compliance of individual company's activities with legal regulations, internal guidelines, ethical rules and fair business practices. The control is performed continuously, usually once a year (or more frequently, if necessary or in case of an essential change in the legal regulations) by the compliance officer in cooperation with management personnel and superiors.
The control includes especially:
- checking the observance of legal regulations, internal rules and actions taken
- verifying the knowledge of subordinates in the compliance area
- checking whether planned trainings have been completed
- evaluating the effectiveness of actions taken
- reporting the occurrence of negative phenomena, breach of legal or other regulations.
The compliance officer has to prepare a report about the control results, discuss it with the managing director or the management personnel and propose corrective actions. The managing director or a senior manager decide on taking corrective actions. An in-depth audit of the company is usually performed at an interval of 3 to 5 years (or more frequently, if necessary or in case of an essential change in the legal regulations).
The in-depth audit can be performed by external entities or in cooperation with them and shall be focused on:
- checking whether and how the legal obligations have been incorporated into company's activities
- accordance of the internal rules and actions taken with the legal regulations
- way of complying with the legal regulations, internal rules and observing the actions taken
- checking whether the continuous control system is sufficient and working
- checking whether the training plan is sufficient and covers the compliance area to the maximum possible extent
- keeping compliance records
The compliance officer organizes the in-depth audit and especially informs the managing director about the need of an in-depth audit or proposes to perform an external audit (or to perform the audit in cooperation with a third party) incl. the person of the external auditor to the managing director. The managing director shall decide whether the in-depth audit is going to be performed and whether it will be performed by the compliance officer or an external entity (or in cooperation with it) and also approves the person of the external auditor. The compliance officer or the external auditor shall prepare a report on the results of the in-depth audit, discuss it with the managing director or the management personnel and propose corrective actions. The managing director or a senior manager decide on taking corrective actions.
3.6 REPORTING COMPLIANCE INCIDENTS
When breach of legal regulations is suspected, so each employee and third party is entitled to report such case to their manager or superior or directly to the compliance officer. All reported incidents will be passed on to the compliance officer. The company strives to encourage its employees and third parties to cooperate in the identification of unlawful behavior and enables anonymous reporting of such suspected unlawful behavior and at the same time declares that no retaliatory, discriminatory or other negative measures will be taken against them. The compliance officer is obliged to investigate indiscriminately all reports. In case of non-anonymous reports, the compliance officer is obliged to protect the identity of the reporting person and not to disclose to any person any data related to this reporting person.
The report is expected to include:
- description of the wrongful act and presentation of the decisive facts
- the date when such action happened
- description of why the reporting person considers it a wrongful act.
In case of a non-anonymous report, the reporting person is informed about the result of the incident investigation, usually in the same way as the incident was reported. Ways to report an incident:
- to the compliance officer by e-mail or phone using the contact details stated in Appendix 1. No other person will be granted access to the compliance officer's e-mail box and if necessary (with regard to the number and extent of the incident reports), an e-mail box intended exclusively for compliance incidents can be established (i.e. separately from the compliance officer's e-mail box used for other matters)
- in writing to the address of the company and by adding the wording “compliance” on the envelope. Such envelopes will be directly passed on to the compliance officer without being opened
- by putting the incident report into the box labelled Compliance Incident Reports that is placed in the company's headquarters and is accessible only by the compliance officer
- via a form that is available on the company's website.
The compliance officer is obliged to immediately investigate all incident reports received, with maximum confidentiality and discreetness. If any misconduct is identified, the compliance officer is obliged to inform the managing director or a senior manager and propose corrective actions. The corrective actions are taken by the managing director or a senior manager. Untrue reports or reports made with the intention of unfairly defaming another person or the company contradict the Compliance Program with all consequences arising from this behavior. The compliance officer keeps records of the incident reports received (without personal data of the reporting person).
The appoined Compliance officer is: Jiří Lapšanský,+420 777 478 347, This email address is being protected from spambots. You need JavaScript enabled to view it..
3.7 THE GK REPORTING CHANNEL
For GK, it is a top priority that applicable laws, rules and regulations as well as internal instructions are complied with. It is therefore of great importance to GK that any potential wrongdoing be detected as early as possible so that it can be remedied, and where necessary, further consequences may be drawn from it.
Accordingly, in compliance with EU Directive 2019/1937, the so-called Whistleblowing Directive, we have set up a reporting channel with an external provider. This allows anyone to report information in various ways while retaining their anonymity.
The aim of this reporting channel is to draw the company’s attention to possible serious breaches of regulations or the law. This primarily refers to violations that have the potential to damage the reputation or financial interests of GK or, indirectly, of our business partners. In particular, this includes violations of human rights, fair competition and environmental protection.
Click here to access the GK reporting channel