Whistleblower Policy

The Whistleblower regime commenced on 1 July 2019. This regime provides that a person (Whistleblower) can make disclosure, anonymously if they choose, regarding any wrongdoing (Disclosable Matter) and can (in certain circumstances) be protected under the Corporations Act against

• Loss of anonymity
• Loss of confidentiality
• Any detriment.
  
  In addition, on 13 November 2019, ASIC released Regulatory Guide 270 – Whistleblower Policies, setting out comprehensive requirements and guidance on the content of whistleblower policies.
  
  The Company, its officers and other senior people within the Company have obligations under the Corporations Act if they receive a report from a Whistleblower. This policy has been adopted as an important tool for helping the Company to identify wrongdoing that may not otherwise be uncovered unless there is a safe and secure means for disclosing such wrongdoing.
  
  The Board seeks to conduct its business within the law and with integrity and honesty. In particular, the Company seeks to avoid engaging in conduct that, amongst other matters
  
  
• Is an offence under the Corporations Act 2001 (Cth);
• Is an offence against any Commonwealth law; or
• Represents a danger to the public.
  
  Whistleblowers are encouraged to report any wrongdoing by the Company or its employees. However, we recognise that Whistleblowers may not always feel comfortable about discussing concerns internally — especially if the Whistleblower believe that the Company or its officers or employees are responsible for the wrongdoing.
  
  This policy covers a situation where there is misconduct or an improper state of affairs or circumstances in relation to the Company and can include a matter where the discloser has reasonable grounds to suspect the Company, an officer or employee of the Company, has engaged in Improper Conduct.
  
  A potential discloser can obtain further information with respect to this policy from the Eligible Recipient and, if uncertain, should seek independent legal advice.

The aim of this Policy is to ensure:

• Whistleblowers feel confident that to raise any serious matter;
• Whistleblowers know that if they make a report, then it will be taken seriously and treated as confidential (with certain exclusions);
• Whistleblowers know that if they report Improper Conduct, their identity will be protected (with certain exclusions);
• Whistleblowers know no detrimental action will be taken against them as a result;
• The Company meets its legal and regulatory obligations; and
• Tthe Company meets its legal and regulatory obligations; and
  
  In addition to those matters set out above, the purpose of this Policy is to ensure that:
  
  
• People are encouraged to report Disclosable Matters and Improper Conduct;
• People feel safe and protected if they report Disclosable Matters and Improper Conduct and that such reports are dealt with appropriately and in a timely manner;
• There is transparency around the Company’s framework for receiving, handling and investigating disclosures;
• The Company’s values, code of conduct and corporate governance policies and procedures are supported;
• The long-term sustainability and reputation of the Company are supported; and
• Any serious wrongdoing within the Company is stopped and does not recur.
  
  The Whistleblower is protected (e.g. ongoing employment, status, reputation and well-being). The Whistleblower should not be disadvantaged by Whistleblower activity.
  
  Whistleblowers are encouraged to use the procedure set out below if they:
  
  
• Seek to report (verbal, written, electronic communication or otherwise) about a Disclosable Matter or Improper Conduct; or
• Have concerns about wrongdoing at work.

Once a valid Whistleblower Report is made to the Eligible Recipient (or Next Eligible Recipient) by an Eligible Whistleblower, the Whistleblower is entitled under the Whistleblower Act to identity protection, protection from detrimental acts or omissions, compensation and remedies and may, subject to applicable law, be entitled to civil, criminal and administrative protection.

References in this policy to “discloser” is to an Eligible Whistleblower and references to “disclosure” are to a valid Whistleblower Report except where the context otherwise requires.

Any person who works with the Company, or for the Company (i.e. an Eligible Whistleblower), should use this Procedure.

An Eligible Whistleblower is a person who:

• Is employed directly by the Company; or
• Works for the Company via an employment agency; or
• Works for the Company in the capacity of suppliers of goods and services (whether paid or unpaid), including their employees (e.g. contractors, consultants, service providers and business partners); or
• Is an Officer of the Company; or
• Is an associate of the Company; or
• Is a relative, dependent or spouse of an individual mentioned above.

Whistleblowers are encouraged to disclose a Disclosable Matter which leads the Whistleblower to believe that malpractice is occurring, may occur, or has occurred.

In particular, Whistleblowers should disclose the occurrence or likely occurrence of any of the following:

The commission of a criminal offence;

• Any failure to comply with a legal obligation or regulatory requirement applicable to the business;
• Any risk to health and safety that has not been dealt with properly; and
  
  
  The concealment of information that reveals a Disclosable Matter or Improper Conduct.
  
  Disclosures (for example, personal work-related grievances that do not relate to detriment or threat of detriment to the discloser) that are not about Disclosable Matters are not covered by the policy because they do not qualify for protection under the Whistleblower Act. Such disclosures may, however, be protected under other legislation.
  
  

• Have any other significant implications for the Company (or another entity); or
• Relate to any conduct or alleged conduct, about a Disclosable Matter.
  
  Examples of a grievance that may be a personal work related grievance include:
  
  
• An interpersonal conflict between the discloser and another employee;
• A decision that does not involve a breach of workplace laws;
• A decision about the engagement, transfer or promotion of the discloser;
• A decision about the terms and conditions of engagement of the discloser; or
• A decision to suspend or terminate the engagement of the discloser, or otherwise to discipline the discloser.
  
  A work related grievance may, however, still qualify for protection if:
  
  
• It includes information about misconduct, or information about misconduct includes or is accompanied by a personal work-related grievance (mixed report);
• The Company has breached employment or other laws punishable by imprisonment for a period of 12 months or more, engaged in conduct that represents a danger to the public, or the disclosure relates to information that suggests misconduct beyond the discloser’s personal circumstances;
• The discloser suffers from or is threatened for detriment for making the disclosure; or
• The discloser seeks legal advice or legal representation about the operation of the whistleblower protections under the Corporations Act.

As a preliminary step, an individual should consider if they are an Eligible Whistleblower under this Policy. If not, consider other means to deal with the concerns. One alternative would be to have a discussion with a Person Of Responsibility.

Secondly, consider if the matter sought to be disclosed is a Disclosable Matter under this policy. If it is not, one alternative would be to discuss the matter with a Person Of Responsibility.

A disclosure made to a legal practitioner for the purposes of obtaining legal advice or representation in relation to the operation of the Whistleblower provisions in the Corporations Act is also protected. A Whistleblower may also seek external advice from or make a disclosure to parties outside the organisation such as regulatory bodies, journalists and members or parliament under certain circumstances, including where such disclosure is an Emergency Disclosure or Public Interest Disclosure, and such disclosures to external parties may attract the protection of relevant legislation.

Details of the circumstances of an Emergency Disclosure or Public Interest Disclosure are set out in the definitions section of this policy. It is strongly recommended that these circumstances are reviewed, and independent legal advice is obtained, prior to making an Emergency Disclosure or Public Interest Disclosure.

Disclosures of information relating to disclosable matters can also be made to ASIC, APRA or another Commonwealth body prescribed by regulation that qualify for protection under the Corporations Act.

Where it is uncertain if a disclosure qualifies for protection under this policy, the Company may elect, at its discretion, to treat the disclosure as though the disclosure is protected.

The Eligible Recipient is the Company Secretary.

An individual should make a Whistleblower Report only to the Eligible Recipient. The contact details for the Eligible Recipient are available at the website of the Company and will otherwise be provided when this policy is disseminated to potential disclosers.

However, if the Disclosable Matter involves the Company Secretary, or it is believed that it is inappropriate for disclosure of the Whistleblower Report directly to be made to the Company Secretary for any reason, then concerns should be raised with a Next Eligible Recipient.
When seeking to make a Whistleblower Report, a reporting party must at that same time (i.e. during the same communication)

• Clearly identify that the communication is a Whistleblower Report and
• That the reporting party seeks that the communication to be dealt with under this Policy.

If an individual fails to clearly identify the communication as a Protected Communication at the first instance, then it cannot be dealt with under this Policy and will not be treated as a Whistleblower Report.

A written Whistleblower Report may be made anonymously. This discloser can refuse to answer questions that they feel could reveal their identity at any time, including during follow-up conversations.

It is suggested that a discloser who wishes to remain anonymous should maintain ongoing two-way communication so follow-up questions can be asked and feedback can be provided.

To protect the anonymity of the discloser, the following measures may be implemented:

• Use of an anonymous telephone line or email when communicating; and
• A discloser may adopt a pseudonym for the purposes of their disclosure – this may be appropriate in circumstances where the discloser’s identity is known to their supervisor, the whistleblower protection officer or equivalent but the discloser prefers not to disclose their identity to others.
  
  If the initial Whistleblower Report is verbal, the reporting party may be requested to put the concerns in writing if that is essential for the matter to be dealt with.
  
  In making a Whistleblower Report, the report party expressly affirm and promise that it is not being made for a Wrongful Purpose or for Wrongful Purposes.

The recipient of a valid Whistleblower Report shall both (i) seek to resolve the Disclosable Matter (i.e. cause wrongdoing to cease and not recur) and at the same time seek to (ii) protect the confidentiality, anonymity and interests of the Whistleblower under the provisions of this Policy.

The Company will acknowledge a discloser after receiving their disclosure.

As a preliminary step, the Company will assess each disclosure to determine whether it qualified for protection and if a formal, in-depth investigation is required.

To be clear, the purpose of this Policy is to ensure that wrongdoing is stopped (and does not recur) and that the broad interests (e.g. ongoing employment, status, reputation and well-being) of the valid Whistleblower are protected. A legitimate Whistleblower should not be disadvantaged by the valid Whistleblower activity.

The Company will investigate the Disclosable Matter as soon as is reasonably practicable and will endeavour to finalise an investigation as expeditiously as possible.

Typically the Eligible Recipient will need to determine if the matter is a disclosure to which protection will apply and, if so, if the Company needs to investigate the disclosure.

Once it is established that an investigation is warranted, the Company will determine the nature and scope of that investigation, the person(s) (either internal, external or both) who should lead the investigation, the nature of any technical, financial or legal support required to support the investigation and the timeframe for the investigation.

Following the parameters of the investigation being set as described above, the person(s) leading the investigation will determine the appropriate way forward, including the documentation to be obtained and persons to be interviewed. Once all relevant information has been obtained, the person(s) leading the investigation shall provide a report on their findings to the Eligible Recipient (or Next Eligible Recipient, as applicable) for consideration and action by the Board and the Company generally whilst maintaining confidentiality of the Discloser.

Where possible, the Company will endeavour to provide the discloser with a copy of the findings as received from the person(s) leading the investigation and the proposed action to be taken. It is further anticipated that the findings will be communicated to each Person of Responsibility.

Notwithstanding the above, the method of documenting and reporting findings will be dependent upon the nature of the disclosure and there may be circumstances where it is not appropriate for the Company to provide details of the outcome to the discloser.

Investigations shall be objective, fair and independent. The confidentiality of the investigation shall be paramount. To ensure fairly and independence, investigations shall be independent of the discloser (subject to keeping the discloser informed as set out below), individuals who are subject of the disclosure and the department or business unit involved.

All investigations where additional specialist skills or expertise may be necessary shall be undertaken jointly with an external investigation firm.

It is noted however that the process for and time within which a Disclosable Matter may be investigated is dependent upon the circumstances on a case by case basis.

In addition, the Company may not, without the discloser’s consent, disclose information that is likely to lead to the identification of the discloser as part of its investigation process, unless:

• The information does not include the discloser’s identity;
• The entity removes information relating to the discloser’s identity or other information that is likely to lead to identification of the discloser; and
• It is reasonably necessary for investigating the issues raised in the disclosure.
  
  
  The Company will ensure the confidentiality of its disclosure handling and investigation process and will ensure appropriate records and documents are maintained for the investigation.
  
  The investigative process of the Company may be limited. The Company may not be able to adequately undertake an investigation if it is not able to contact the discloser. The Company may investigate a disclosure by requesting the discloser for consent to a limited disclosure. The Company may also investigate a disclosure by conducting a broad review on the subject matter or the work area disclosed.
  
  In addition, the Company could investigate an anonymous disclosure, even if it cannot get in contact with the discloser, if the discloser has provided sufficient information and the Company removes information that is likely to lead to identification of the discloser.
  
  If the discloser has provided contact details (including anonymously), the Company will keep the discloser informed as to how progress is being made. The frequency of updates may vary depending on the nature of the disclosure. The Company will ensure that anonymity of the discloser is not compromised as a result of providing regular updates.
  Updates are proposed to be provided to the discloser when the investigation has commenced, is in progress and has been finalised. If possible, the Whistleblower will be informed of the outcome of the investigation and of any action that is proposed to rectify any wrongdoing or malpractice.
  
  The Company intends to conduct its investigations on the substance of all disclosures, without regard to the motives of the discloser (unless such motive is directly relevant to the disclosure).
  
  All investigations of disclosures will be conducted in accordance with this policy. The Company will, where possible, review the investigation in respect of a disclosure to ensure it has been made in accordance with this policy and the processes and procedures have been adhered to.

Any disclosure properly made under this policy will be treated as confidential.

The identity of the discloser or information that is likely to lead to the identification of the disclosure cannot be disclosed. This prohibition applies to all persons, including those which have obtained the details directly or indirectly because the discloser has made a disclosure that qualifies for protection.

The preceding paragraph does not apply if a person discloses the identity of the discloser:

• To ASIC, APRA, or a member of the Australian Federal Police
• To a legal practitioner for the purposes of obtaining legal advice or legal representation about the Whistleblower provisions in the Corporations Act;
• To a person or body prescribed by regulations; or
• With the consent of the discloser.
  
  
  In addition, a person can disclose the information contained in a disclosure with or without the discloser’s consent if:
  
  
• The information does not include the discloser’s identity;
• The Company has taken reasonable steps to reduce the risk that the discloser will be identified by from the information; and
• It is reasonably necessary for investigating the issues raised in the disclosure.
  
  It is illegal for a person to identify a discloser, or disclose information that is likely to lead to identification of a discloser, outside the above exceptions. The discloser can lodge a complaint with the Eligible Recipient or a Next Eligible Recipient about any actual or believed breach of confidentiality. The discloser may lodge a complaint with a regulator, such as ASIC, APRA or the ATO, for investigation.
  
  It is proposed that the Company will, where considered appropriate, implement the following actions to reduce the risk of the discloser being identified:
  
  
• The redaction of all personal information or reference to the discloser witnessing an event;
• The discloser being referred to in a gender-neutral context;
• Where possible, the discloser will be contacted to help identify certain aspects of their disclosure that could inadvertently identify them; and
• Disclosures will be handled and investigated by qualified staff.
  
  
  To ensure secure record keeping and information sharing process, it is proposed that:
  
  
• All paper and electronic documents and other materials relating to the disclosure will be stored securely;
• Access to all information relating to a disclosure will be limited to those directly involved in or managing and investigating the disclosure;
• Only a restricted number of people who are directly involved in handling and investigating a disclosure will be made aware of a discloser’s identity (subject to a discloser’s consent) or information that is likely to lead to the identification of the discloser;
• Communications and documents relating to the investigation of a disclosure will not be sent to an email address or to a printer that can be accessed by other staff; and
• Each person who is involved in handling and investigating a disclosure will be reminded about the confidentiality requirements, including that an unauthorised disclosure of a discloser’s identity may be a criminal offence.
  
  The Eligible Recipient is responsible for discussing and managing the Company’s measures for ensuring confidentiality of the identity of the discloser.
  
  It is noted that, in practice, people may be able to guess the discloser’s identity if:
• The discloser has previously mentioned to other people that they are considering making a disclosure;
• The discloser is one of a very small number of people with access to the information; or
• The disclosure relates to information that a discloser has previously been told privately and in confidence.

The discloser or any other person are protected from detriment in respect of a disclosure.

A person cannot engage in conduct that causes detriment to a discloser (or another person), in relation to a disclosure, if:

• The person believes or suspects that the discloser (or other person) made, may have made, proposes to make or could make a disclosure that qualifies for protection; and
• The belief or suspicion is the reason, or part of the reason, for the conduct.
  
  In addition, a person cannot make a threat to cause detriment to a discloser (or another person) in relation to a disclosure. A threat may be express or implied, or conditional or unconditional. A discloser (or another person) who has been threatened in relation to a disclosure does not have to actually fear that the threat will be carried out.
  
  Detrimental conduct may include, but is not limited to:
  
  
• Dismissal of an employee;
• Alteration to an employee’s position or duties to their disadvantage;
• Discrimination between an employee and other employees of the same employer;
• Harassment or intimidation of a person;
• Harm or injury to a person, including psychological harm;
• Damage to a person’s property, reputation, business or financial position or other damage.
  
  The following are examples of actions that are not detrimental conduct. The following examples are not an exhaustive list:
  
  
• Administrative action that is reasonable for the purpose of protecting a discloser from detriment (e.g. moving a discloser who has made a disclosure about their immediate work area to another office to prevent them from detriment); and
• Managing a discloser’s unsatisfactory work performance, if the action is in line with the Company’s performance management framework.

The Company shall ensure that the discloser understands the reason for the Company undertaking the relevant administrative or management action.

A discloser or other person can seek compensation and other remedies through courts if:

• They suffer loss, damage or injury because of a disclosure; and
• The Company failed to take reasonable precautions and exercise due diligence to prevent the detrimental conduct.

Disclosers are encouraged to seek independent legal advice.

A discloser may, subject to applicable law, be protected from any of the following in relation to their disclosure:

• Civil liability (e.g. any legal action against the discloser for breach of an employment contract, duty of confidentiality or another contractual obligation);
• Criminal liability (e.g. attempted prosecution of the discloser for unlawfully releasing information, or other use of the disclosure against the discloser in a prosecution (other than for making a false disclosure)); and
• Administrative liability (e.g. disciplinary action for making the disclosure).
  

These protections do not grant immunity for any misconduct a discloser has engaged in that is revealed in their disclosure.

The following are measures that the Company may adopt to protect disclosers from detriment:

• Implementing processes for assessing the risk of detriment against a discloser and other persons which will commence as soon as possible after receiving a disclosure;
• Support services being made available to disclosers;
• Implementing strategies to help a discloser minimise and manage stress, time or performance impacts, or other challenges resulting from the disclosure or its investigation;
• Completing actions for protecting a discloser from risk of detriment (for example, allowing the discloser to perform duties in another location, making modifications to the discloser’s workplace or the way they perform their work duties);
• Implementing processes to ensure management are aware of their responsibilities to maintain the confidentiality of a disclosure, address the risks of isolation or harassment, manage conflicts and ensure fairly when managing the performance of, or taking other management action in relation to, a discloser;
• Implement procedures on how a discloser can lodge a complaint if they have suffered detriment, and the action the Company may take in response to such complaints (for example, the complaint could be investigated as a separate matter by an officer who is not involved in dealing with disclosures and the investigation findings could be provided to the Board or the audit and risk committee); or
• Undertake intervention for protecting a discloser if detriment has already occurred (for example, investigating and addressing the detrimental action, including disciplinary proceedings against the perpetrator of such detrimental conduct).
  
  
  The discloser may wish to seek independent legal advice or contact regulatory bodies, such as ASIC, APRA or the ATO, if they believe they have suffered detriment.
  
  The Company will consider the risks of detriment as part of its risk management framework and will ensure appropriate records are kept in connection with the consideration and action taken in respect of detriment.

The Company is committed to ensuring fairness in connection with any disclosure, both for the discloser and any person named in the disclosure. This section sets out the measures and/or mechanisms the Company may implement for ensuring the fair treatment of individuals mentioned in a disclosure:

• Disclosures will be handled confidentially, when it is practical and appropriate in the circumstances;
• Each disclosure will be assessed and may be subject to an investigation;
• The objective of an investigation is to determine whether there is enough evidence to substantiate or refute the matters reported;
• When an investigation needs to be undertaken, the process will be objective, fair and independent;
• An employee who is the subject of a disclosure will be advised about the subject matters of the disclosure as and when required by principles of natural justice and procedural fairness prior to any action being taken by the Company;
• An employee who is the subject of a disclosure may contact the Company’s support services (if any).
  
  

An individual the subject of a disclosure will be informed about the investigation prior to the Company making any adverse findings against them. The Company will balance the need to inform the individual the subject of a disclosure with the potential for same to compromise the effectiveness of the investigation of the disclosure.

If a discloser is dissatisfied with the way that the Company is dealing with its Whistleblower Report, then those concerns should be expressed in writing to the Eligible Recipient or a Next Eligible Recipient. The Company undertakes to respond to concerns.

If such concerns arise in respect of an investigation of a Whistleblower Report then the Company may determine to review the investigation to ensure it was conducted in accordance with this Policy and the processes and procedures set out herein.

Some matters are difficult to deal with. If a reporting party is dissatisfied with the way that the Company is dealing with its Whistleblower Report, it many need to make a further Whistleblower Report to External Authorities.

If a discloser believes that confidentiality, anonymity or Whistleblower Protection are not being dealt with properly then they should immediately inform the Eligible Recipient or a Next Eligible Recipient Under this Policy the Company undertakes to take appropriate action.

Some matters are difficult to deal with. In such cases, the Company itself may engage with External Authorities to report or resolve the wrongdoing. If this is necessary, then the Company reserves the right to involve one or more External Authorities with or without the prior consent of the Whistleblower. Where possible, the Company will seek to preserve the anonymity of the Whistleblower, but will make legally required disclosures which may include the identity of the Whistleblower and the Whistleblower Report.

If an External Agency is engaged, then confidentiality and anonymity of the Whistleblower shall be in the hands of the External Agency and their subsequent activities.

he Whistleblower Act is intended to protect authentic Whistleblowers. This Policy will not be used for purposes other than as provided for in the Whistleblower Act. Use of this Policy for Wrongful Purposes is not protected by this Policy or the Whistleblower Act.

Making a Whistleblower Report for Wrongful Purposes or use of this Policy for Wrongful Purposes will constitute misconduct and may result in the Company

• Taking disciplinary action against the reporting party under their employment contract or
• Reporting the conduct to External Authorities.

Making a Whistleblower Report for Wrongful Purposes or use of this Policy for Wrongful Purposes will not be covered by anonymity or confidentiality provisions of this Policy.

The policy will be held within the Company’s online filing system and will be maintained and updated by the Company Secretary. The Company will endeavour to send this policy to all existing and future internal staff and contractors. The Company will also make this policy (with redactions as necessary) available on its website.

A copy of the policy as available on the website can be provided in soft copy on request to the Company Secretary.

This policy will also form part of the materials received by new employees at induction.

Any updates to this policy shall be disseminated as set out above.

The Company will endeavour to arrange for training in respect of this policy, and in particular training for those persons who have a specific role under this policy (Eligible Recipient and Next Eligible Recipient) and management so that they are aware of their obligations. The Company will further endeavour to arrange for training of all employees, including those based overseas.

If the CEO or Company Secretary become aware of a breach of this Policy, then they should notify the Board without delay.

The Board will review this Policy from time to time. The Policy may be amended by resolution of the Board. This Policy is a public document and may be placed on the Company’s web site in satisfaction of regulatory obligations.

In this Policy:

• Board means the Board of Directors of the Company.
• CEO means the Chief Executive Officer of the Company.
• Company means Cocoon Data Technologies Limited [ACN 632 374 531].
• Company Secretary means the company secretary of the Company.
• Corporations Act means the Corporations Act 2001.
• Director means a director of the Company.
  
  

Disclosable Mattermeans a matter where the discloser has reasonable grounds to suspect that the information concerns serious misconduct or an improper state of affairs or circumstances in relation to the Company and can include a matter where the discloser has reasonable grounds to suspect the Company, an officer or employee of the company, has engaged in conduct that:

• Is an offence under the Corporations Act 2001 (Cth) or other applicable legislation;
• Is an offence against any Commonwealth law punishable for 12 months or more by imprisonment;
• Represents a danger to the public or the financial system; or (iv) is prescribed by regulation.
  
  

Eligible Recipient means person authorised by the Company to receive disclosures under the Policy, being the Company Secretary.

Eligible Whistleblower means a person who can rely on the rights and protections afforded under this Policy and the law if they report misconduct as set out in section 1.4.

Emergency Disclosureis a disclosure of information to a journalist or parliamentarian, where:

• The discloser has previously made a disclosure of the information to ASIC, APRA or another Commonwealth body prescribed by regulation;
• The discloser has reasonable grounds to believer that the information concerns a substantial or imminent danger to the health and safety of one or more persons or the natural environment;
• Before making the emergency disclosure, the discloser has given written notice to the body noted in (a) above that:
  

• Includes sufficient information to identify the previously disclosure; and
• States that the discloser intends to make an emergency disclosure; and
• The extent of the information disclosed in the emergency disclosure is no greater than is necessary to inform the journalist or parliamentarian of the substantial and imminent danger.
  
  

Employee means any employee of the Company.

External Authorities means authorities such as Australian Securities Exchange (ASX), Australian Securities and Investments Commission (ASIC) or Police (State or Federal).

Improper Conduct means an officer or employee of the company has engaged in conduct that:

• Is an offence under the Corporations Act 2001 (Cth);
• Is an offence against any Commonwealth law punishable for 12 months or more by imprisonment; or
• Represents a danger to the public.
  
  

Next Eligible Recipient means a person other than the Eligible Recipient authorised to receive Whistleblower Reports. This includes a Person Of Responsibility or the auditor of the Company. Details of the auditor of the Company are available in the annual report or financial information of the Company.

Person Of Responsibility means a Director or the CEO.

Policy means this whistleblower policy (including as amended from time to time).

Protected Communication means a communication from an Eligible Whistleblower that clearly identifies to the Eligible Recipient (or the Next Eligible Recipient) both

• That the communication is a Whistleblower Report and
• That the Eligible Whistleblower seeks the communication to be dealt with under this Policy.

Public Interest Disclosure is a disclosure of information to a journalist or a parliamentarian, where:

• At least 90 days have passed since the discloser made the disclosure to ASIC, APRA or another Commonwealth body prescribed by regulation;
• The discloser does not have reasonable grounds to believe that action is being, or has been taken, in relation to the disclosure;
• The discloser has reasonable grounds to believe that making a further disclosure of the information is in the public interest; and
• Before making the public interest disclosure, the discloser has given written notice to the body noted at (a) above that:
• Includes sufficient information to identify the previously disclosure; and
• States that the discloser intends to make an emergency disclosure; and
  
  
  
  Whistleblower means a person reporting a matter under the Policy and invoking protections under the Whistleblower Act.
  
  Whistleblower Act means Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019.
  
  Whistleblower Protection means the Whistleblower is protected i.e. their ongoing employment, remuneration rates, promotion opportunities, status, reputation and well-being shall not be disadvantaged by the legitimate Whistleblower activity.
  
  Whistleblower Report means a communication (verbal, written, electronic communication)
  
  Wrongful Purpose(s) means for example, purpose or purposes:
  
  
• Other than provided for in the Whistleblower Act,
• For malicious or mischievous purposes or
• To pursue a grudge or vendetta against another employee or the Company.