Reporting a workplace violation

If you have learned of a work-related breach of requirements established by the European Union law, please proceed based on the following information and report the breach to vihje@baltispoon.ee.

What should be reported?

In the meaning of subsection 2 (1) of the Act on Protection of Persons Who Report Work-Related Breaches of European Union Law, breaches are defined as breaches of the requirements arising from European Union law which have become known in the context of work-related activities in the areas listed in the same subsection:

  • public procurements;
  • financial services, products, and markets and prevention of money laundering and terrorism financing;
  • product safety and compliance;
  • transport safety;
  • protection of the environment;
  • radiation protection and nuclear safety;
  • food and feed safety, animal health and welfare;
  • public health;
  • consumer protection;
  • protection of privacy and personal data, and security of network and information systems;
  • breaches affecting the financial interests of the European Union (Article 325 TFEU);
  • breaches relating to the internal market, including rules relating to corporate tax and breaches related to tax advantages.

It is also possible to report other work-related breaches, unrelated to the European Union law.

The reporting person must have reasonable grounds to believe that the breach has been directly commenced or it has been completed and the presented information is true. Knowingly submitting a false report of a breach is prohibited.

Who can report breaches?

First and foremost, the following persons may report work-related breaches at Balti Spoon OÜ:

  • a person who performs work on the basis of an employment contract or another contract under the law of obligations at the company;
  • a person undergoing training at the company;
  • a person acting as a volunteer at the company;
  • a person engaged in pre-contractual negotiations or otherwise preparing a contract with the company;
  • a person whose employment relationship with the company has ended;
  • a person working with a contractual partner of the company in the form specified in one of the clauses above.

What should a report of a breach include?

Before submitting a report of a breach, you should think about describing the incident as succinctly and accurately as possible. If feasible, follow these points when preparing a report of a breach:

  • Time of the incident. If possible, indicate the time of the incident with the accuracy of a date (day/month/year). If the precise date is unknown, make note of an approximate time or period with the accuracy of a month and a year.
  • Place of the incident.
  • Parties related to the incident (name, position, legal entity).
  • Description of the incident. Describe the facts of the incident as accurately as possible, as well as the potential damage that has occurred or might occur.
  • Evidence. If possible, add evidence to the report of the breach that prove the facts stated in the description of the incident. The evidence should be linked to the facts and substantiate a specific factual claim or claims (such as documents, images, videos).
  • Origin of the information. Describe the source of the information (or the person who disclosed it) and whether and how you are involved with the case. Is there any evidence or do you know any witnesses regarding the case?
  • Contact details. If you do not wish that you would be informed or contacted about the receipt of the report, processing of the report, and the implementation of the follow-up measures in the proceedings after you have sent the report, state it explicitly in the report of the breach.

How is a report of a breach processed?

Committee for Processing Reports handles the receipt of reports of breaches and processing these, and if needed, it will include specialists and other competent persons in the process or forwards the report to a competent person or authority for further processing.

The Committee gives feedback to the reporting person about the receipt of the report, proceedings, and the implementation of follow-up.

The Committee sends an acknowledgement of receipt of a report of a breach to the reporting person within seven days of receiving the report. If the report does not belong in the scope of the Act and the requirement of protection does not apply to the reporting person, the Committee informs the reporting person of this fact.

If Balti Spoon OÜ is not competent to process a report of a breach, the Committee will forward the report at the first opportunity, but no later than within five working days from receiving the report, to a competent authority, informing the reporting person of this fact.

The Committee gives feedback to the reporting person about the implementation of follow-up and the final outcome of the proceedings at the first opportunity, but no later than within three months from the receipt of the report of a breach, or when justified, within six months when reporting the breach through an external channel for reporting.

Notifications and feedback are not sent when the reporting person has explicitly prohibited sending feedback or there is reason to believe that it would jeopardise the confidentiality of the reporting person or the report is submitted anonymously.

Reports of breaches are stored for three years from the time of giving feedback to the reporting person.