March 2019
1
This policy provides details on how you can report unethical, improper, or illegal behavior or
questionable activities regarding Disney’s business, including where you might have concerns about
an employee or Cast Member’s conduct with respect to the business.
It sits alongside the Employee Policy Manual, Standards of Business Conduct, the Employee Data
Protection Notice, which are applicable to you according to the Disney entity that employs you. The
employing Disney entity is the data controller of your personal information regarding your
employment please contact your local Human Resources if you have any questions about your
employing entity.
When you have a concern or a question, you can:
• Talk to your local Line Manager.
Contact your local Human Resources.
Contact the local Legal Department.
• Contact the local Compliance Committee, if appropriate.
• Contact the Guideline.
To contact the Guideline, please use the details listed for your country in the Appendix A to this policy.
WHAT IS THE GUIDELINE?
The Guideline is a phone line that provides employees and Cast Members with a way to:
• Make the Company aware of any questionable activities regarding the Company’s business. Please
refer to “What can be reported to the Guideline?”, below, and the Appendix A to this policy for
further information.
• Ask for guidance on any business conduct related issues.
The Guideline is available 24 hours a day, 365 days a year.
WHAT CAN BE REPORTED TO THE GUIDELINE?
What can be reported to the Guideline varies from country to country due to different national laws.
This being the case, it is important that you consult Appendix A to this policy to determine what you
can and cannot report.
The Guideline should not be used to report trivial or minor issues.
If you are unsure about what you can report to the Guideline, or wish to report something not covered
by the Guideline, you should speak to your Line Manager, Human Resources and/ or the Legal
Department as appropriate. Please note that such reports are not covered by this policy.
March 2019
2
Abuse of the Guideline reporting system by making a report known to be false may result in
disciplinary or legal action being taken against you.
HOW WILL MY INFORMATION BE USED BY THE GUIDELINE?
We will use the information you provide to assess your concern and take action as necessary.
The details of your report will be kept confidential. However, where it is reasonably necessary and
appropriate, we will share reports made to the Guideline and the results of investigations of such
reports on a need-to-know basis with other persons whose assistance is required, (e.g., security
department or Legal Department of your local organization or, in exceptional cases, with other
affiliated companies, or outside counsel). The extent of sharing of your personal information in such
circumstances will be proportionate to the need to share such information and will take into account
the seriousness of the misconduct alleged and the legitimate interests of all concerned parties.
In addition to the details of your report, you are strongly encouraged to provide certain personal
information, including your identity, to assist in our investigations and our compliance with law.
Providing this information will enable us to investigate your concerns effectively. Where you provide
your personal information as part of a report, your identity will remain confidential and will not be
disclosed to persons about whose conduct a report is made, but may need to be disclosed to personnel
of the organization involved in dealing with or investigating your concern, such personal is held to the
strictest confidentiality and receives special training. In certain circumstances, including where we
bring formal proceedings against a perpetrator, we may be compelled by applicable laws to disclose
your personal information to the perpetrator, in which case we will first ensure that such disclosure is
permitted by the national law and then inform you in advance of the identified disclosure. In any other
case, we will disclose your personal information to a person about whose conduct a report is made
only with your explicit consent.
For further information and guidance on how we process and handle your personal information,
please refer to the policies linked above.
WHAT WILL HAPPEN AFTER I MAKE A REPORT?
The Company strictly prohibits any form of retaliation against anyone who in good faith makes a
complaint or reports any suspected wrongful conduct to the Company, including any disciplinary
action, dismissal, transfer or change of role or refusal of promotion.
How the report is the processed varies from country to country due to different national laws. This
being the case, it is important that you consult Appendix A to this policy to understand how it is
processed.
HOW LONG WILL WE RETAIN YOUR REPORT?
If you report behavior or activities that are not covered by the scope of this policy, we will immediately
delete, or anonymise and archive, the information you provided.
If, after investigation, no disciplinary or judicial actions are taken, we will delete, or anonymise and
archive, the information provided in your report within two months of the end of the investigation.
March 2019
3
Where any disciplinary or judicial actions are taken, we will keep the information provided in your
report until the expiration of our records retention schedule for such information.
Further details
We ensure that all data processing systems (both automated and manual) used in connection with the
Guideline provide for adequate technical and organizational precautions to preserve security and
confidentiality of personal information and to avoid accidental or unlawful destruction or accidental
loss and unauthorized disclosure to third parties, in accordance with applicable laws and regulations.
The Guideline is administered from the United States by NAVEX Global, Inc. in accordance with the
instructions of your employing entity. The data will be transferred to the United States under the
execution of the Disney Intra-Group Agreement for Transfers of Personal Data (May 2018) based on
model clauses 2004/915 EC.
March 2019
4
Appendix A
Scope of Guideline Reports
Country
What types of issues can be
reported?
About whom can
reports be made?
Telephone numbers
for the Guideline
(See footnote for
dialling
instructions.)
i
Austria
Questionable activities in the fields of
accounting, internal accounting
controls, auditing matters, corruption,
banking, and financial crime including
severe infringements of other rules
and regulations (including the
Company’s code of conduct).
Senior staff or grave
allegations concerning
all staff.
AT&T:
0800-200-288
Guideline:
800-699-4870
Belgium
Any acts or issues which constitute (i)
a serious breach of the law, or (ii) a
serious threat to the Companys
legitimate interests or to the sound
structure of the Company which it is
not possible to deal with through
normal reporting channels (e.g. theft
where it is not possible to report the
matter through the normal reporting
channels because the issue concerns
the normal manager about whom
report would be made or because it
has been reported and not addressed
properly).
Such matters would include reports on
questionable activities in the fields of
accounting, internal accounting
controls, auditing matters, corruption,
banking, and financial crime.
Matters may only be reported to the
United States Guideline manager if
they cannot be dealt with at a local or
EU level
or the impact exceeds the
Belgian or EU organisation. See
Appendix B for further details.
All Company staff.
Report to local HR.
Czech Republic
There are no restrictions on the
subject matter of reports under Czech
law.
There are no
restrictions on the
personnel about whom
a report can be made
under Czech law.
Direct Dial Guideline:
800-143-385
Denmark
Severe offences which may have an
impact on the company as a whole or
Any person connected
to the Company (i.e.
AT&T:
8001-0010
March 2019
5
be imperative to a persons life or
health, e.g. serious financial crime,
bribery, fraud, forgery, environmental
pollution, serious breach of the safety
of workers, violence and sexual
violations.
Such offences would include reports
on questionable activities in the fields
of accounting, internal accounting
controls, auditing matters, corruption,
banking, and financial crime.
Minor offences (such as thefts from
stores) and sensitive personal
information should not be processed
through the Guideline.
employees, board
members, suppliers,
lawyers and
accountants).
Guideline:
800-699-4870
Dubai
There are no restrictions on the
subject matter of reports under UAE
law.
There are no
restrictions on the
personnel about whom
a report can be made
under UAE law.
AT&T:
8000-021
Guideline:
800-699-4870
Finland
The subject matter of reports must
relate to the Company’s operations.
Other than this, there are no
restrictions on the subject matter of
reports under Finnish law.
There are no
restrictions on the
personnel about whom
a report can be made
under Finnish law.
AT&T:
0-8001-10015
Guideline:
800-699-4870
France
Reports on:
(i) a crime or offence;
(ii)
a manifest and serious
infringement of any
international commitment
duly ratified or approved by
France;
(iii)
a manifest and serious
infringement of any unilateral
act enacted by an
international organisation
adopted on the basis of an
international commitment
duly ratified or approved by
France;
(iv) a manifest and serious
violation of laws and
regulations;
(v) a serious threat or damage to
the public interest of which
you have had personal
knowledge; and
There are no
restrictions on the
personnel about whom
a report can be made
(e.g. employees,
including ad-hoc
consultants/agents).
Direct Dial
Guideline:
0800-90-6152
March 2019
6
(vi) the existence of behaviors or
situations contrary to the
company
s code of conduct,
with respect to corruption or
traffic of influence, as soon as
the processing is implemented
by the data controller to
comply with any legal
obligation or to pursue its
legitimate interest.
Reports must not relate to facts
protected by national defence
secrecy, medical secrecy or legal
professional privilege.
See Appendix C for further details.
Germany
Reports relative to financial security in
financial markets, internal accounting
controls, auditing, bribery, banking
and financial crime, prevention of
fraud, insider trading, any acts against
human dignity, the German Equal
Treaty Act (Allgemeines
Gleichbehandlungsgesetz), protection
of the environment and acts affecting
the Company’s ethics rules.
Any person connected
to the Company (i.e.
employees, board
members, suppliers,
lawyers and
accountants).
Direct Dial
Guideline:
0800-180-7608
Greece
Questionable activities in the fields of
accounting, internal accounting
controls, auditing matters, corruption,
banking, and financial crime. Reports
may also concern violations of
applicable law and internal policies.
Reports cannot include sensitive data,
namely, information in r
elation to
racial or ethnic origin, political
opinions, religious or philosophical
beliefs, trade union membership,
health, social protection, sexual life,
criminal prosecutions or criminal
convictions.
There are no
restrictions on the
personnel about whom
a report can be made
under Greek law.
AT&T:
00-800-1311
Guideline:
800-699-4870
Hungary
Questionable activities in the fields of
accounting, internal accounting
controls, auditing matters, corruption,
banking, and financial crime, and
substantial of
fences in relation to
violations of environmental
protection rules and prevention of
workplace accidents provided that
There are no
restrictions on the
personnel about whom
a report can be made
under Hungarian law.
Direct Dial
Guideline:
06-800-20-140
March 2019
7
reports are in relation to material
issues.
Reports cannot include sensitive data,
namely information
in relation to
racial or ethnic ori
gin, political
opinions, religious or philosophical
beliefs, trade union membership,
health, social protection, sexual life,
criminal prosecutions or criminal
convictions. See also Appendix C
attached.
Ireland
There are no restrictions on the
subject matter of reports under Irish
law.
There are no
restrictions on the
personnel about whom
a report can be made
under Irish law.
AT&T:
1-800-550-000
Guideline:
353-800-699-4870
Israel
Violations of code of ethics, corporate
policies, laws and regulations, and
prevention of fraud and corruption.
Such matters would include reports on
questionable activities in the fields of
accounting, internal accounting
controls, auditing matters, corruption,
banking, and financial crime.
Employees
Direct Dial
Guideline:
180-941-9858
Italy
There are no restrictions on the
subject matter of reports under Italian
law.
There are no
restricti
ons on the
personnel about whom
a report can be made
under Italian law.
Direct Dial
Guideline:
800-787634
Luxembourg
Questionable activities in the fields of
accounting, internal accounting
controls, auditing matters, corruption,
banking, and financial crime (but also
any other type of infringement if the
Company
s vital interest or the
physical or moral wellbeing of the staff
is threatened).
Reports cannot include sensitive data,
namely, information
in relation to
racial or ethnic origin, political
opi
nions, religious or philosophical
beliefs, trade union membership,
health, social protection, sexual life,
criminal prosecutions or criminal
convictions.
All company
employees whose
activities are related to
the permissible issue
types.
AT&T:
800-2-0111-352
Guideline:
800-699-4870
March 2019
8
Netherlands
There are no restrictions on the
subject matter of reports under Dutch
law.
There are no
restrictions on the
personnel about whom
a report can be made
under Dutch law.
Guideline:
0800-4444-002
Norway
There are no restrictions on the
subject matter of reports under
Norwegian law.
There are no
restrictions on the
personnel about whom
a report can be made
under Norwegian law.
AT&T:
800-190-11
Guideline:
47-800-699-4870
Poland
There are no restrictions on the
subject matter of reports under Polish
law other than that reports must not
relate to banking secrets,
telecommunications secrets, trade
secrets and issues covered by legal
professional privilege.
There are no
restrictions on the
personnel about whom
a re
port can be made
under Polish law.
Direct Dial
Guideline:
0-0-800-111-1986
Portugal
Questionable activities in the fields of
bookkeeping, internal accounting
controls, auditing matters, corruption,
banking, and financial crime.
Note: No anonymous reports allowed.
Employees in
managerial positions
and who are involved
in decisions on
bookkeeping, internal
accounting controls,
auditing matters,
corruption, banking,
and financial crime
matters.
AT&T:
800-800-128
Guideline:
800-699-4870
Russia
Russian laws do not provide for any
specific restrictions on the subject
matter of reports to be made
pursuant to this policy.
Russian laws do not
provide for any specific
restrictions on the
personnel about whom
a report can be made.
AT&T:
363-2400 (Moscow)
Guideline:
800-699-4870
South Africa
There are no restrictions on the
subject matter of reports under South
African law.
There are no
restrictions on the
personnel about whom
a report can be made
under South African
law.
Direct Dial
Guideline:
0800-99-9673
Spain
The commission of acts or conduct,
either inside the Company or when
engaging with third parties, that may
be contrary to the general or sector
specific legislation applicable to the
Company. This includes, among
Employees and third
parties engaging with
the Company.
Direct Dial
Guideline:
900-97-1014
March 2019
9
others, questionable activities in the
fields of accounting, internal
accounting controls, auditing matters,
corruption, banking, and financial
crime.
Sweden
Serious improprieties concerning
accounting, internal accounting
controls, auditing matters, bribery,
banking and financial crime; or other
serious improprieties concerning the
vital interests of the organisation or
the life and health of individuals, such
as serious environmental crimes,
major deficiencies as regards security
in the workplace and very serious
forms of discrimination or
harassment.
Except for criminal offences, no
sensitive personal data may be
reported. Under EU law (the GDPR),
sensitive data are defined as
information relating to race or ethnic
origin, political opinions, religious or
philosophical beliefs, membership of
a trade union, health, sex life or sexual
orientation, as well as genetic and
biometric data.
People in key or
management positions
within the Company or
its group.
AT&T:
020-799-111
Guideline:
800-699-4870
Switzerland
Questionable activities in the fields of
accounting, internal accounting
controls, auditing matters, corruption,
banking, and financial crime and any
other Company-related activities that
appear to violate law or company
directives. No minor issues may be
reported.
Employees, business
partners, customers
and other third parties.
AT&T:
0-800-890011
Guideline:
800-699-4870
Turkey
There are no restrictions on the
subject matter of
reports under
Turkish law.
There are no
restrictions on the
personnel about whom
a report can be made
under Turkish law.
AT&T:
0811-288-0001
Guideline:
800-699-4870
UK
There are no restrictions on the
subject matter of reports under UK
law.
There are no
restrictions on the
personnel about whom
a report can be made
under UK law.
Direct Dial
Guideline:
0808-234-6062
March 2019
10
i
The dialling instructions contained in this footnote do not apply to the following countries because
employees may reach the Guideline from these countries by dialling direct using only the listed
Guideline telephone number: Czech Republic, France, Hungary, Israel, Italy, Netherlands, Poland,
South Africa, Sweden, Spain, and the U.K.
Dialling instructions for employees in countries other than those listed in the footnote
hereinabove: The Disney Guideline telephone number is provisioned for toll-free international
calling through AT&T's Direct Access Service. You must first dial the AT&T access number listed for
your convenience which is specific to the country from which you are calling. This number will
connect you to an AT&T center in the United States.
You will then hear a musical tone and an AT&T branding statement: "(bing) AT&T." After hearing
this tone, you will dial the Guideline number listed, and AT&T will connect your call to Global
Compliance in the United States.
Appendix C
Once you have made your report
Acknowledgement of safe receipt of your report will be given to you with the information
on the reasonable and predictable time period required for the examination of
admissibility, based on the reported facts. You will be also informed of the actions taken
following the admissibility and of whether or not an investigation is necessary.
Within two months of the closure of the investigation, you will be informed if the file is
closed without follow-up or if it is subject to disciplinary or judicial proceedings.
At the end of the disciplinary or judicial proceedings, only the results will be
communicated to you.
Should no actions have been taken in examining the admissibility of the report within
the prior communicated period of time, you can disclose the report with the judicial or
administrative authority or the professional corporation. Should none of these
authorities process the report within a three-month period, you can disclose it publicly.
Exceptionally, in the event of a serious and imminent danger or the risk of irreversible
damages, you can directly disclose your report to the above-mentioned authorities and
to the public.
The Head of Legal Department of your employing entity will inform the person subject
of the report at the time of the recording of the data, in order that he or she can object
to the processing of his or her personal data. When protective measures are
necessary, in particular to prevent destruction of evidence related to the report, this
person will be informed after these measures have been taken.
Should the report not be followed by disciplinary or judicial proceedings against the
person subject of the report, he or she will be informed that the reported facts have not
been considered as established, within two months of the closure of the investigations.
He or she will also be informed, as the case may be, that the report was abusive, and
that judicial proceedings and/or other appropriate actions have been taken against the
author of the report (whose identity will nonetheless not be disclosed).
Elements that might allow the author to be identified, cannot be disclosed, except to
judicial authorities, without the authors consent. Elements that might allow the person
subject of the report to be identified, cannot be disclosed, as long as the grounds of
the report have not been established, except to the judicial authority.
The information collected within the framework of this system will be communicated
solely to your employing entity, TWDC and the Guideline provider, Navex Global, Inc,
located in Lake Oswego, Oregan, United States, for the purpose of managing and
processing of the professional alerts. According to the provisions of French law n°78-
17 of January 6, 1978 on Data Processing, Data Files and Individual Liberties, as
amended, and the General Data Protection Regulation 2016/679, any person identified
within the system has the right to access, correct and delete personal information
relating to herself. You can exercise these rights by contacting directly your dedicated
point of contact in your employing entity (see the Employee Data Protection Notice of
your employing entity).
For The Walt Disney Company France: Employees are directed to
DToolsHR.disney.com to self-serve or contact HR on
TWDC.EMEA.GDPR.Enquiries@disney.com.
In addition: EMEA.Data.Protection.Office@disney.co.uk is available for internal
requests. dataprotection@disney.co.uk is available for external requests.
For Euro Disney Associés SAS: Employees are invited to use the following address:
dlp-donneesperso-cm@disney.com.
Appendix C
Une fois que votre alerte est effectuée
Un accusé réception de lalerte vous sera délivré, indiquant le délai raisonnable et
prévisible nécessaire à lexamen de sa recevabilité, qui sera fonction des faits signalés.
Vous serez informé également des suites données quant à cette recevabilité et la
nécessité de diligenter une opération de vérification.
Dans un délai de deux mois à compter de la clôture des opérations de vérifications, il
vous sera précisé si le dossier est classé sans suite ou sil fait lobjet dune procédure
disciplinaire ou judiciaire.
Au terme de la procédure disciplinaire ou judiciaire, seuls les résultats de celle-ci vous
seront communiqués.
Ce nest quen labsence de diligences quant à lexamen de la recevabilité à lissue du
délai dexamen préalable communiqué, que vous pourrez adresser le signalement à
l’autorité judiciaire ou administrative ou aux ordres professionnels. Ce nest quà défaut
de traitement par l'une de ces autorités dans un délai de trois mois que vous pourrez
le rendre public. A titre exceptionnel, en cas de danger grave et imminent ou en
présence d'un risque de dommages irréversibles, vous pourrez le porter directement
à la connaissance de ces organismes et du public.
C’est le Responsable de la Direction Juridique de l’entité qui vous emploie qui
informera la personne qui fait l'objet du signalement dès l'enregistrement de données
la concernant afin de lui permettre de s'opposer au traitement de ses données.
Lorsque des mesures conservatoires sont nécessaires, notamment pour prévenir la
destruction de preuves relatives à l'alerte, l'information de cette personne intervient
après l'adoption de ces mesures.
Dans le cas dune alerte non suivie d'une procédure disciplinaire ou judiciaire à
l’encontre de la personne ayant fait lobjet de lalerte, celle-ci sera informée de ce que
les faits dénoncés nont pas été avérés, dans un délai de deux mois à compter de la
clôture des opérations de vérification. Elle sera également informée, le cas échéant,
du caractère abusif de lalerte dont elle a fait lobjet et de lexistence de poursuites
judiciaires et/ou toutes autres mesures appropriées prises à lencontre de lauteur de
l’alerte (sans toutefois révéler lidentité de ce dernier).
Les éléments permettant didentifier lauteur de lalerte ne peuvent pas être divulgués,
sauf à lautorité judiciaire, sans le consentement de celui-ci. Les éléments permettant
d’identifier la personne visée par lalerte ne peuvent pas être divulgués, sauf à lautorité
judiciaire, sans que le caractère fondé de lalerte ne soit établi.
Les informations recueillies dans le cadre de ce dispositif sont à destination
uniquement de lentité qui vous emploie, de TWDC et du prestataire fournissant la
Guideline, Navex Global Inc., situé à Lake Oswego, Oregon, Etats-Unis, et sont
collectées aux fins de gestion et de traitement des alertes professionnelles.
Conformément aux dispositions de la loi n°78-17 du 6 janvier 1978 relative à
l'informatique, aux fichiers et aux libertés, telle que modifiée, et du Règlement Général
sur la protection des données 2016/679, toute personne identifiée dans le dispositif
dispose, le cas échéant, d'un droit d'accès, de rectification et de suppression des
données personnelles la concernant. Ces droits sexercent en contactant directement
le point de contact dédié à lentité qui vous emploie (voir le Employee Data Protection
Notice de lentité qui vous emploie).
Pour The Walt Disney Company France : les employés sont dirigés vers
DToolsHR.disney.com en libre-service ou peuvent contacter HR via l’adresse
TWDC.EMEA.GDPR.Enquiries@disney.com.
Par ailleurs : EMEA.Data.Protection.Office@disney.co.uk est disponible pour
les requêtes internes. dataprotection@disney.co.uk est disponible pour les
requêtes externes.
Pour Euro Disney Associés SAS : les employés sont invités à utiliser ladresse
suivante : dlp-donneesperso-cm@disney.com.