Whistleblowing notice for reporting of breaches of Bulgarian laws or acts of the European Union


    1. This Whistleblowing Notice (Notice) aims to provide you with clear and easily accessible information on the terms and conditions for reporting breaches through the internal channel of FICOSOTA LTD, UIC 837055835 („Company“), under the Protection of Persons Who Report or Publicly Disclose Information on Breaches Act („Act“).

    1. According to the Bulgarian legislation, you can report breaches of the Bulgarian laws or the acts of the European Union defined in the field of:

- public procurement; 

- financial services, products and markets and the prevention of money laundering and terrorist financing;

- the safety and compliance of products and transport;

- protection of the environment;

- radiation protection and nuclear safety; 

- food and feed safety, animal health and welfare;

- public health and consumer protection;

- the protection of privacy and personal data;

- the security of network and information systems;

- breaches affecting the financial interests of the European Union as referred to in Article 325 of the Treaty on the Functioning of the European Union;

- breaches of the rules of the internal market as referred to in Article 26, paragraph 2 of the Treaty on the Functioning of the European Union, including the rules of the European Union and the Bulgarian legislation on competition and state aid;

- breaches relating to cross-border tax arrangements the purpose of which is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law;

- a committed criminal offence of a general nature, of which a person under Article 5 has become aware in connection with the performance of his or her work or his or her official duties.

- the rules for payment of outstanding public state and municipal receivables;

- labour law;

- legislation relating to the performance of public service.

    1. A reporting person within the meaning of this Act shall be a natural person who reports or publicly discloses information on a breach that has become known to him or her in their capacity as:

-a worker, an employee, a civil servant or another person who is employed, regardless of the nature of the work, the manner of pay and the source of the funding;

- a person who works without an employment contract and/or is a freelance worker and/or a craft worker;

- a volunteer or an intern;

- a partner, a shareholder, a sole owner of the capital, a member of the management or supervisory body of a commercial company, a member of the audit committee of an enterprise;

- a person who works for a natural or legal person, its subcontractors or suppliers;

- a candidate for employment who has participated in a competition or another form of recruitment and who has received in that capacity information on a breach;

- a worker or an employee, where the information has been obtained in the framework of an employment or service relationship, which has been terminated at the time of the reporting or the public disclosure.

  1. Protection is also granted to: 

- any other reporting person reporting a breach that has become known to him or her in a work-related context.

- facilitators who assist the reporting person in the reporting process;

- persons who are connected with the reporting person and who could suffer retaliation as a result of the reporting;

- legal entities in which the reporting person holds a shareholding and for which he/she works or with whom he/she is otherwise connected in a work-related context. 

  1. In the event that the report is credible and justified, the protection within the meaning of the Act is provided to you from the moment of the submission of the report or the public disclosure of information about a breach.

  1. You have the right of protection in case you:

- has had reasonable grounds to believe that the information submitted about the breach in the report was correct at the time of its submission and that this information falls within the scope of Art. 2.

- has reported a breach under the conditions and according to the procedure of this Act. 

  1. Proceedings shall not be initiated and you shall not receive protection for submitting anonymous reports (unless you have been subsequently identified) and reports relating to breaches committed more than two years ago. 

- sending an e-mail to: We will contact you within 7 days for referral to sign the required form,  as well as in case of need to correct irregularities.

- verbally via a personal meeting with the director of HR department.

  1. Once you submit a report, we will check whether it is credible and, if so, take the necessary follow-up action to uncover the objective truth and gather all the necessary evidence, incl. by the affected parties and by the person against whom the report has been filed in compliance with confidentiality as well as confidentiality of your personal data.
  2. If necessary, we can contact for further information and documentation.
  3. After we prepare a report and before 3 months have elapsed since the report was submitted, we will contact you to give you feedback on your report.
  4. When the breach is unimportant and does not require further follow-up actions and in case of a repeated report that does not contain new information essential to the breach, the file on your report may be terminated.
  5. The Company examines all reports of breaches in compliance with the principles of confidentiality, impartiality, fairness, independence and lack of conflict of interest.
  6. The Company shall protect reporting persons from retaliatory acts having the character of repression and placing them at a disadvantage and shall not allow such actions to be carried out within its organisation.

  1. You are liable according to Bulgarian legislation and the law of the Union for any action or omission that is not related to the submission of the report or is not necessary for the disclosure of the violation. You may be liable, according to the Criminal Code of the Republic of Bulgaria, for assault.
  2. in case of obviously false or misleading statements of fact, your report will be returned with an instruction to correct the statements and a warning about the responsibility you bear, namely up to a fine of up to BGN 7,000.

  1. This notice is available on our website, namely: ("Website"), and in a prominent place at our offices.
  2. More information regarding your rights and the processing of your signals and your personal data can be found on our website.

  1. The Company will process your personal data for the purpose of handling a report. 
  2. The information related to a reported breach, as well as the identity of the Reporting Person and the affected person and the other persons identified in the report or made aware of the report, are protected. Access to your personal data will be granted only to persons responsible for handling reports, as well as state and supervisory authorities, in cases specified by law.