Whistleblower Policy
The American College of Sofia (ACS) is committed to the principle of public accountability and to developing a culture where it is safe and acceptable for all employees and other individuals who have become aware of violations in work-related context to submit a report if they have a reasonable belief that wrongdoing is taking place. The purpose of this Whistleblower Policy is to foster an environment that promotes and empowers individuals to disclose perceived breaches of law and conduct in accordance with the Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Infringements (“Bulgarian Whistleblowing Act”).
Submission of Reports under the Bulgarian Whistleblowing Act
Every individual falling within the scope of the Bulgarian Whistleblowing Act is encouraged to promptly report any confirmed or suspected breaches of relevant laws related to prevention of money laundering, protection of privacy and personal data, etc. Instances that should be reported as infractions within the purview of this Policy encompass, though are not restricted to, fraudulent activities, theft, embezzlement, misappropriation of funds, and unlawful behavior.
Anonymous reports or reports relating to infringements committed more than two years ago shall not be considered under the Bulgarian Whistleblowing Act but may be reviewed in accordance with ACS’s Code of Conduct.
The means, responsible parties, process of report submission under the Bulgarian Whistleblowing Act, along with the proposed reporting Form adopted by the Personal Data Protection Commission, are outlined in Appendix A to this Policy, titled “Legislative Whistleblowing Procedures”. This Appendix A is also available [www.acs.bg].
Without Retaliation
ACS encourages the reporting of any suspected breaches falling within the scope of this Policy through whistleblowing. The school strictly prohibits any retaliation against individuals who, in good faith, report incidents believed to fall within the boundaries of the Policy or who take part in investigations related to such reports. In the event one perceives to have faced retaliation, they should promptly inform the Designated Employee. Any individual found to have engaged in retaliatory actions against those making a good-faith report of an actual or alleged transgression under this Policy will be subject to disciplinary measures, including possible termination of employment.
Designated Employee
The Designated Employee at the American College of Sofia bears the responsibility for initiating investigation of all reports falling within the scope of this Policy. Reports may be submitted in writing or orally, оr at the reporter’s request, by means of a physical meeting with the Designated Employee within a reasonable timeframe after a prearranged day and time.
Good Conduct
Individuals submitting a report about an actual or alleged violation under this Policy are required to do so in good faith, and with reasonable grounds to believe that the disclosed information signifies a violation. Any allegations found to be baseless and made with malicious intent or with knowledge of their falsity will be regarded as a serious disciplinary transgression.
Confidentiality
Reports concerning actual or suspected violations are to be treated as confidential.
Implementation
These Whistleblowing Policy and Appendix A thereto were approved on December 17, 2023 by Emily Sargent Beasley, President of the American College of Sofia, and the Board of Trustees of the American College of Sofia.
APPENDIX A. LEGISLATIVE WHISTLEBLOWING PROCEDURES
These Whistleblowing Procedures set forth the terms and the procedure for internal submission of Reports to the American College of Sofia, in accordance with the Whistleblowing Act, as defined below.
1. DEFINITIONS
Unless otherwise specified in these Whistleblowing Procedures, the capitalized terms below shall have the following meaning:
(i) “ACS” or “the College” means the American College of Sofia, a private school, with an address in Sofia, Mladost municipal region, Mladost 2 living quarters, Floyd Black Lane, BULSTAT 000678378; Mailing Address: P. O. Box 873, 1000 Sofia, Bulgaria;
(ii) “EU” means the European Union;
(iii) “Whistleblowing Act” means the Bulgarian Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Infringements;
(iv) “Affected Person” means a natural or legal person, who is identified upon submission of a Report as the person, to whom an Infringement is attributed or with whom that person is connected;
(v) “PDPA” means the Bulgarian Personal Data Protection Act;
(vi) “Secondary Designated Employee” means an employee, designated by ACS and responsible for the receipt, registration and review of Reports, which may not be accepted and reviewed by the Designated Employee due to a conflict of interest or due to absence of the Designated Employee from work at the moment of submission of the Report;
(vii) “Infringement Information” means information, including reasonable suspicions, of actual or potential Infringements, that have occurred or are likely to occur at ACS, as well as for attempts to cover up Infringements;
(viii) “PDPC” means the Bulgarian Personal Data Protection Commission;
(ix) “Persons connected with the Reporter” are persons who are connected with the Reporter through work-based relations or who are relatives of the Reporter, and who could suffer Retaliation due to the submission of a Report;
(x) “Personal data” means any information relating to an identified natural person or an identifiable natural person (“Data Subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, psychological, mental, economic, cultural or social identity of this natural person;
(xi) “Infringement” means an act or omission which is:
illegal and related to the Bulgarian legislation or the acts of the EU in the areas, specified in Art. 2 below; or
contrary to the subject or purpose of the rules in the acts of the EU in the areas, as specified Art. 2 below;
(xii) “Feedback” means providing the Reporter with information about the action that is intended or has already been taken as a Follow-up Action, as well as the reasons for this Follow-up Action;
(xiii) “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
(xiv) “Retaliation” means any direct or indirect act or omission that occurs in a Work-related Context, which results from the submission of a Report, and that causes or is likely to cause adverse consequences detrimental to the Reporter;
(xv) “Designated Employee” means an employee, designated by ACS, who is responsible for the receipt, registration and review of Reports;
(xvi) “Reporter” means a person who submits a Report within the scope of these Procedures;
(xvii) “Procedures” means these Legislative Whistleblowing Procedures;
(xviii) “Follow-Up Actions” means any action, taken by the Designated Employee to assess the accuracy of the allegations, presented in the Report, and, where appropriate, to address the reported Infringement, including through actions, such as internal inquiry, investigation or closing the procedure;
(xix) “Work-related Context” means current or past working activities performed for/at/for the benefit of ACS through which, regardless of their nature, an individual has received Infringement Information and within which such an individual may be subject to Retaliation if s/he reports such information.
(xx) "Report" means a report that contains Infringement Information and that is submitted under the terms and conditions of these Procedures;
(xxi) “UIN” means a unique identification number generated on the website of the PDPC for the purpose of registration of a Report by the Designated Employee as required by the Whistleblowing Act;
(xxii) “Form” means the form to be used by the ACS for registration of Reports as approved by PDPC resolution of 19.04.2023, as subsequently amended and supplemented, and attached as Enclosure No1 to these Procedures.
2. SCOPE
2.1. These Procedures apply only to Reports related to:
(a) infringements of Bulgarian legislation or acts of the EU legislation in the area of:
- public procurement;
- inancial services, products and markets and the prevention of money laundering and the financing of terrorism;
- product safety and compliance;
- transport safety;
- environmental protection;
- radiation protection and nuclear safety;
- food and feed safety, animal health and humane treatment towards them;
- public health;
- consumer protection;
- protection of privacy and personal data;
- security of networks and information systems;
(b) infringements affecting the financial interests of EU within the meaning of Article 325 of the Treaty on the Functioning of the European Union (“TFEU”) and as further specified in relevant Union measures;
(c) infringements of the rules of the internal market of EU within the meaning of Article 26, para 2 of the TFEU, including the rules of EU and Bulgarian legislation concerning competition and state aid;
(d) infringements relating to cross-border tax schemes, the purpose of which is to obtain a tax advantage that is contrary to the subject or purpose of the applicable law in the field of corporate taxation;
(e) publicly prosecuted crimes, of which the Reporter has become aware in connection with the performance of his or her employment duties;
(f) infringements of Bulgarian legislation in the area of:
the rules for the payment of outstanding public state and municipal receivables;
labor legislation.
2.2. Reporters should observe these Procedures when they report Infringements falling within the scope of Art. 2.1 above. For violations that do not constitute Infringements within the meaning of these Procedures, other ACS procedures or policies may apply.
3. A REPORTER
A Reporter may be:
(i) a worker, within the meaning of Article 45(1) TFEU, including an employee, а worker, or another person who is hired to work for the College, regardless of the nature of the work, method of payment, or source of funding;
(ii) a person having self-employed status, within the meaning of Article 49 TFEU, including a person, who works for ACS without an employment relationship or is a self-employed person or a craftsman;
(iii) a volunteer, a paid or unpaid trainee;
(iv) a Member of Sofia American Schools, Inc. or a Trustee of the Board of Trustees of the American College of Sofia;
(v) a person who works for ACS, its contractors, subcontractors or suppliers;
(vi) a person whose employment relationship with the College is yet to begin in cases where the Infringement Information has been acquired during the recruitment process or other
pre-contractual relations;
(vii) a worker or an employee who has obtained Infringement Information within an employment relationship with ACS that was terminated at the time of the submission of the Report.
4. SUBMISSION, RECEPTION AND REGISTRATION OF A REPORT
4.1. A Report may be submitted orally or in writing to the Designated Employee. The contact details of the Designated Employee are as follows:
Oral Reporting: by arranging a personal meeting via the email address or by direct meeting with the Designated Employee.
Written reporting: by sending a message to
the Designated Employee at the email address below or by direct meeting with the Designated Employee.
Name: Elka Dacheva
Email address: designatedemployee@acsbg.org
4.2. If a Reporter wishes to submit a Report against the Designated Employee or when the Designated Employee is absent from work, he/she should address the Report to the Secondary Designated Employee. The Secondary Designated Employee shall review only Reports submitted against the Designated Employee or when the Designated Employee is absent from work. In these cases, the Secondary Designated Employee shall have all rights and responsibilities of the Designated Employee and all references to the Designated Employee in these Procedures shall be considered references to the Secondary Designated Employee. The contact details of the Secondary Designated Employee are as follows:
Name: Mark McGivern
Email address: secondarydesignatedemployee@acsbg.org
4.3. An oral Report may be submitted to the Designated Employee by means of a physical meeting with the Designated Employee within a reasonable timeframe held on ACS premises, where the workplace of the Designated Employee is, or on other suitable premises, but in all cases, without the presence of other parties and where no video surveillance (including video and/or sound recording) is implemented. Oral Reports shall be documented by completing the Form by the Designated Employee, who shall then invite the Reporter to sign it if he/she is willing to do so. The Reporter’s agreement or refusal shall be noted at the appropriate space in the Form, after verifying his/her identity by review of the Reporter’s ID card. The Reporter should sign the Form no later than 7 (seven) days after the invitation.
4.4. A written Report may be:
(i) submitted by email;
(ii) presented personally to the Designated Employee;
(iii) sent by post/courier to ACS’ address, specified in Article 1, item (i) above, where the package should be mandatorily addressed to the Designated Employee.
4.5. It is recommended that Reports be submitted using the submission methods specified in Article 4.4, item (i) or item (ii) above, and only if this is impossible or too burdensome, to use the method specified in Article 4.4, item (iii) above.
4.6. Upon submission of a written Report as per Art. 4.4 above, the Reporter may, but is not obligated, to, use the Form by completing only sections I - V, and sign it. If the Report is handed to the Designated Employee or sent by post/courier service the Reporter should have it signed by hand, and if the Report is sent by email – by means of a qualified electronic signature. The Form is available at the website of the PDPC, on ACS website www.acs.bg) as well as in the ACS Faculty and Staff Handbook.
4.7. If the Reporter decides not to use the Form, (Art. 4.6), the Report must contain at least the following information:
full name, address for correspondence and telephone number of the Reporter, as well as email address, if any;
the capacity of the Reporter as per Art. 3 above;
the name of the Affected Person, and his/her/their place of work (name and UIC/ BULSTAT of the employer), if the Report is filed against a specific person and he/she/they is known;
specific details about an Infringement or about a real danger that an Infringement will be committed, the place and date/ period of commitment of the Infringement, if it was committed, a description of the act or the situation and other circumstances, as far as these are known to the Reporter;
date of submission of the Report;
signature, electronic signature or other identification of the Reporter;
within which of the areas as per Art. 2.1 above the Infringement falls.
4.8. In the Report, the Reporter may specify which persons other than the Reporter should benefit from protection by specifying:
persons who assist the Reporter in the submission of a Report;
Persons connected with the Reporter who may be subject to Retaliation due to the submitted Report;
legal entities in which the Reporter has an equity interest, works for, or is otherwise associated within a Work-related Context.
4.9. The Reporter may attach to the Report any sources of information (evidence) supporting the allegations made therein and/or refer to documents, as well as provide information regarding persons who can confirm the reported data or can themselves provide additional information.
4.10. A Report may be also submitted through a representative with an explicit written power of attorney (notarization is not required). The original power of attorney should be attached to the Report.
4.11. Anonymous Reports or Reports relating to Infringements committed more than two years ago shall not be considered under the terms and procedure of these Procedures. Such Reports, however, may be reviewed in accordance with other ACS procedures or policies, of which the Reporter will be duly notified.
5. ACKNOWLEDGEMENT OF THE REPORT AND FOLLOW-UP ACTIONS
5.1. After receipt of the Report, the Designated Employee shall obtain UIN from the website of the PDPC.
5.2. Within 7 (seven) days as of receipt of the Report, the Designated Employee shall acknowledge to the Reporter the receipt and registration of the Report, informing him/her/them of its UIN, date of registration and the ACS entry registration number. Any subsequent information or communication regarding the Report shall be attached to this UIN.
5.3. Any new information or information that was not disclosed at the time of the Report may be subsequently provided by the Reporter. Upon submission of such information, the Reporter should specify the Report’s UIN.
5.4. In the event that the facts set out in the Report are confirmed, the Designated Employee shall arrange for Follow-Up Actions to be taken.
5.5. he Designated Employee shall provide Feedback to the Reporter on the action taken within a period not exceeding three months as of acknowledgement of the receipt of the Report or, if no acknowledgement was sent to the Reporter, within a period not exceeding three months as of the expiry of the seven-day period under Art. 5.2 for acknowledgement of the receipt of the Report.
5.6. The Reports and the materials attached thereto, including subsequent documentation related to their review, shall be stored for a period of 5 years after the conclusion of the review of the Report and shall be destroyed thereafter, except where criminal, civil, labor law and/or administrative proceedings in connection with the submitted Report have been initiated.
6. CONFIDENTIALITY
6.1. The identity of the Reporter and of any other individual mentioned in the Report shall be known only to the Designated Employee and those ACS employees who need this information in order to perform their official duties related to review of the Report and undertaking Follow-up Actions.
6.2. ACS shall implement appropriate measures to protect the information related to the submitted Reports. The Designated Employee may provide information related to а Report in the event that there is no conflict of interest and on a strictly “need to know” basis, only to:
(i) the President of the College or individuals authorized by the President of the College, as well as to members of the Board of Trustees of the American College of Sofia – in the event that their access to the information is necessary for the performance of ACS’ obligations under the Whistleblowing Act (more specifically – in view of taking measures to stop or prevent the Infringement);
(ii) other employees of the College, to whom, in the specific case, this information is necessary for the performance of their duties (e.g., ACS employees in whose functional competence the alleged reported Infringement falls; ACS employees who assist the Designated Employee in connection with the review of the Report and/ or with taking and implementation of Follow-up Actions);
(iii) external legal or other consultants/advisors of the College (including, but not limited to, law firms, etc.), if in the specific case their assistance is necessary for the review of the Report or for undertaking of Follow-up Actions by ACS.
6.3. All persons who have access to information related to Reports are bound by obligations to keep such information confidential and not to disclose it to third parties, including to other ACS employees.
6.4. The disclosure of the identity of the Reporter or information related to the submitted Reports is only allowed with the express written consent of the Reporter.
6.5. The identity of the Reporter and any other information which may directly or indirectly reveal the Reporter may be disclosed only where this is a necessary and proportionate obligation imposed by Bulgarian law or by EU law in the context of investigations by national authorities or judicial proceedings, including in view of ensuring the Affected Person’s right of defense. In these cases, before disclosing the identity of the Reporter or the information related to the submitted Reports, the Designated Employee shall notify the Reporter of the need for such disclosure. The notification shall be in writing and shall contain the reasons for the disclosure. The Reporter shall not be notified when such notification would jeopardize the respective investigation or court proceedings.
7. PERSONAL DATA
7.1. ACS processes Personal Data for the purposes of implementation of these Procedures in accordance with the GDPR and the PDPA, subject to the Privacy Notice attached as Enclosure No 2 to these Procedures. By submitting a Report, the Reporter acknowledges that he/she/they has read and understood this Privacy Notice.
7.2. Personal Data that is clearly not relevant to the review of the particular Report shall not be collected and, if accidentally collected, shall be deleted.
8. PROTECTION OF THE REPORTERS AND OTHER INDIVIDUALS
8.1. The College shall not engage in any form of Retaliation (including, but not limited to, dismissal, change in the place or nature of the work, direct or indirect discrimination, unequal or unfavorable treatment, etc.) against a Reporter that is repressive in nature and puts them at a disadvantage, and shall not threaten them or attempt to do any of the above.
8.2. The Protection under the above Article 8.1 shall be provided also to:
(i) persons who assist the Reporter in the submission of a Report and whose assistance should be confidential;
(ii) Persons, connected with the Reporter;
(iii) legal entities in which the Reporter has an equity interest, works for, or is otherwise associated with in a Work-related Context.
8.3. A Reporter, who has submitted a Report internally, is entitled to protection provided that the following conditions are simultaneously met:
(i) the Reporter had reasonable grounds to believe that the Infringement Information was true at the time of reporting and that such information falls within the scope of Art. 2.1 above; and
(ii) the Reporter has filed a Report under the terms and conditions of these Procedures.
9. LIABILITY OF THE REPORTER
9.1. For false or misleading statements, the Reporter shall be liable for false accusation under Article 286 of the Bulgarian Criminal Code.
9.2. Where it is established that the Reporter has knowingly submitted a Report containing false information, he/she/they may be sanctioned by the relevant authorities with a fine in the range of BGN 3,000 to BGN 7,000.
9.3. If the Reporter has knowingly submitted a Report containing false information, the Affected Person may claim compensation for pecuniary and non-pecuniary damages suffered as a result of such Report.
9.4. The Reporter shall be responsible for any action or omission that is not related to the submission of a Report or is not necessary for the disclosure of an Infringement.
10. EXTERNAL SUBMISSION OF REPORTS
10.1. Except as provided for in these Procedures, reports on Infringements may be also submitted externally, to the PDPC, at the contact details, specified on the website of the PDPC.
10.2. In view of the possibility of quick prevention of an Infringement or remedy of the consequences of such an Infringement, Reporters are encouraged to submit reports internally, unless there is a risk for the Reporter to be subject to retaliatory, discriminatory actions or that no effective measures for review of the report will be taken.
11. ENCLOSURES
The following Enclosures form an integral part of these Procedures:
(i) Enclosure No 1 - Form for Registration of a Report;
(ii) Enclosure No 2 – Privacy Notice.
12. ENTRY INTO FORCE AND REVIEW
12.1. These Procedures are effective as of 17 December 2023.
12.2. These Procedures are subject to review and, if necessary, update, at least once every three years.