Skip to main content
Get in touch

Whistleblower Policy

1. Introduction

1.1         Purpose and Scope

CDC is committed to a strong culture of corporate compliance and ethical behaviour. CDC recognises the importance of providing a supportive environment in which CDC’s employees and stakeholders feel safe and confident to report any concerns regarding potential unethical, illegal, fraudulent or undesirable conduct, without fear of reprisal and with the support and protection of CDC.

The purpose of this Policy is to ensure that those within the CDC community are well informed as to the protections available to them under law, as well as the types of behaviour that should be reported and to whom those reports can be made.

This Policy details how CDC will support you in making a disclosure so that:

  • you are encouraged to disclose your concerns and support an ethical culture
  • you know how to express concerns you may have
  • you know the process that will occur once they have been expressed
  • you know you are always safe to express them.

This Policy is important in regulating the ethical nature of CDC’s corporate environment and is a useful tool by which to encourage prospective whistleblowers to step forward to call out misconduct or an improper state of affairs without fear of recrimination or having the confidentiality of their report breached.

The Policy supports CDC’s values as set out in the Code of Conduct. It should be read in conjunction with:

  • CDC’s Code of Conduct
  • CDC’s Fraud and Corruption Control Plan
  • CDC’s Grievance Handling Policy.

This Policy is available on the CDC intranet and the CDC website.

1.2         Policy statement

This Policy is compliant with the obligations imposed by the Corporations Act 2001 relating to the protection of Whistleblowers, and outlines for the processes that are required to achieve compliance with the Act.

2.       Scope

The Policy applies to:

(a)         Employees

(b)         Stakeholders

(c)         The relatives, dependants and spouses of the individuals listed in (a) and (b).

CDC strongly encourages you or anyone who has a concern about potential Disclosable Matter to speak up if they are aware of any suspected wrongdoing. It is essential that people who have genuine concerns over misconduct or an improper state of affairs report those concerns to CDC. The company will then be better equipped to address issues and uphold its values as well as serving the public interest.

3. What types of conduct are reportable under the Whistleblower Protection Scheme?

3.1         Whistleblower Protection Scheme

For information to be disclosable and benefit from the protections under the Whistleblower Protection Scheme, the discloser must be an eligible whistleblower with reasonable grounds to suspect that the information relates to a disclosable matter. 

Eligible Whistleblower

An Eligible Whistleblower includes a current or former:

(a) director, officer or employee of CDC, or a related company or organisation

(b) contractor, or an employee of a contractor, who has supplied goods or services to CDC or a related company or organisation

(c) in the case of the Corporations Act, a relative of an individual referred to in (a) or (b) or a dependent of such an individual (or of the individual’s spouse)

(d) in the case of the Tax Act, a spouse or child of an individual referred to in (a) or (b) or a dependent of such an individual (or of the individual’s spouse).

If you are an eligible whistleblower and you have reasonable grounds to suspect that you hold information that constitutes a disclosable matter, you are strongly encouraged to disclose that information under this Policy.  “Reasonable Grounds” means that a reasonable person in the same position would also suspect the information indicates misconduct or a breach of the law.

Whilst you do not have to prove the allegations raised in your disclosure, you must have some form of supporting information underlying your belief in order to qualify for protection. You cannot make a completely baseless allegation. See section 9 for the potential consequences of making a false report.

3.2         Examples of disclosable matters include:

The following are examples of concerns which are considered to be 'disclosable matters':

·         Conduct that is contrary to, or a breach of, CDC’s policies, including the Code of Conduct or this Policy; Unethical or unprofessional behaviour, including conduct that does not meet CDC’s “client first” objective, or is contrary to CDC’s positive impact on the wider community

·         Illegal conduct by a director, officer or employee of CDC, such as fraud, corruption, bribery, theft, violence, harassment, intimidation, criminal damage to property or breach of other applicable laws

·         Conflicts of interest, improper payments or donations

·         Breaches of privacy or confidentiality

·         Potential breaches of human rights standard

·        Conduct at CDC that represents a danger to the public, including to public health, safety or the environment

·         Concerns that pose a danger to the public or financial system

·         Misconduct or an improper state of affairs or circumstances in relation to CDC, including in relation to corporate governance, accounting or audit matters, tax affairs or the substantial mismanagement of CDC resources

·         A practice or behaviour of concern that relates to your current or past employment at CDC that is significant to CDC, presents a danger to the public or financial system, or is otherwise a breach of law

·         Concealing disclosable matters

Disclosable matters might typically relate to the conduct of a CDC Employee but can also be related to the actions of a third party, such as a customer, supplier or service provider.

3.3         Examples of concerns that are not reportable:

·         Customer or supplier complaints – if you are a customer or supplier of CDC and you want to report a concern that relates to a deliverable, service or product please contact CDC directly through your usual liaison.

·         Personal work-related grievances – if you are a current or former Employee of CDC and wish to report a grievance that relates to you alone in the context of your tenure at CDC please contact CDC’s People & Culture team or your manager (for current Employees) to discuss the matter. Examples of personal work-related grievances might include:

o    an interpersonal conflict between you and another Employee

o    a decision relating to your employment or a transfer or promotion

o    a decision relating to the terms and conditions of your employment including your remuneration

o    a complaint of bullying, harassment, discrimination or other unfair treatment

o    a decision to suspend or terminate your employment or disciplinary action taken against you

If you have any doubt as to whether a matter constitutes a disclosure under this Policy or would be considered a personal work-related grievance, you are encouraged to follow the procedure for reporting outlined in this Policy. The eligible recipient who is assigned to manage the disclosure will then assess whether it should be dealt with under this Policy or referred elsewhere.

3.4         Reasonable basis for making the disclosure

It is imperative that you have a reasonable basis for making a disclosure. You will not be punished for making an incorrect disclosure on reasonable grounds. However, you must not knowingly make a false disclosure. Making a false report is a serious matter that would be a breach of CDC’s Code of Conduct and legal consequences may arise if this were to occur.

4.       Disclosure Recipients

4.1          How and to whom is an internal disclosure made?

  • There are multiple channels available for a person who wishes to disclose information of the nature and in the circumstances described in this Policy (Whistleblower Report). A Whistleblower Report may be made in person, online or by telephone, email or post.

A Whistleblower Report should disclose the grounds for the disclosure and include all details and supporting documentation that may be relevant to the report. It is important that you comply with the disclosure requirements set out in this Policy to ensure you obtain the protections afforded to you under the Whistleblower Protection Scheme.

Whistleblower Reports under the Whistleblower Protection Scheme

If you are an eligible whistleblower with reasonable grounds to suspect that the information you hold relates to a disclosable matter, you are strongly encouraged to disclose that information to a Whistleblower Protection Officer. This ensures that a disclosure can be appropriately and expertly dealt with.

CDC’s Whistleblower Protection Officers (WPOs) are as follows:

1.       Company Secretary

2.       Chief Financial Officer

Contact details are set out in the Attachment to this Policy.

If the Whistleblower Report relates to a WPO, you may submit your Whistleblower Report to the Chair of the Audit and Risk Committee.  Contact details are set out in the Attachment to this Policy.

Under the Whistleblower Protection Scheme, an eligible whistleblower may also make a Whistleblower Report to any of the following “Eligible Recipients” (instead of, or addition to, a WPO):

·       a senior manager or officer of CDC or a related body corporate (being the directors, company secretary or members of the CDC Senior Leadership Team)

·       an actuary or auditor of CDC or a related body corporate

·       a registered tax agent or officer who has functions or duties that relate to CDC’s tax affairs

·       the Eligible Whistleblower’s lawyer

·       Your Call

Further information relating to disclosures made and protections offered under the Tax Act are set out in Annexure A.

Your Call

Your Call is an external and independent third-party whistleblowing hotline service provider engaged by CDC to receive and manage Whistleblower Reports with impartiality and confidentially.

If you contact Your Call, you may elect to remain completely anonymous, to identify yourself to Your Call only, or to identify yourself to both Your Call and CDC.

The Your Call reporting options include:

Online

https://www.yourcall.com.au/cdc

Online reports can be made 24/7 via the website address listed above.

Telephone

1300 790 228 (Monday-Friday business hours AEST)

Your Call remains the intermediary at all times, receiving and forwarding communication between you and CDC. The CDC officers who will have access to a Whistleblowing Report submitted via Your Call include the Authorised Officers (in the case of an Internal Disclosure only), the WPOs (in the case of any other disclosure) or, if the Report relates to a WPO, the Chair of the Audit & Risk Committee.

You will be able to securely upload any relevant documentation and/or material to the Your Call online portal relevant to your Whistleblower Report.

After submitting a Whistleblower Report online, you will be provided with a unique Issue ID and access to a secure online Message Board.

The Message Board allows ongoing anonymous communication with Your Call and/or CDC. The Message Board can be used to receive updates, share further information/evidence and request support or report retaliation. If you cannot access the Message Board, you can contact Your Call via phone (above) for verbal updates.

National Relay Service: If you are deaf, or have a hearing or speech impairment, you can contact Your Call online or through the National Relay Service. Simply choose your contact method at www.relayservice.gov.au and request Your Call’s hotline 1300 790 228.

If you have difficulty speaking or understanding English, contact Your Call through the Translating and Interpreting Service (TIS) 131 450 and ask for Your Call on 1300 790 228.

4.2         Who you can contact to obtain additional information before making a disclosure?

If you need to seek information in addition to that contained in this Policy or peace of mind prior to making a disclosure, please contact the Company Secretary.

5. Reporting to an External Authority

Nothing in this Policy prevents you from making a disclosure externally to ASIC, APRA, the

Commonwealth Ombudsman or the Commissioner of Taxation (each, an External Authority), or from talking to an independent lawyer to seek legal advice in relation to a potential disclosure.

The protections under the Whistleblower Protection Scheme will also apply if you make a qualifying disclosure directly to an External Authority. ASIC and APRA have issued information sheets or guides on whistleblowers’ rights and protections, which are available on their websites.

6. Legal protections for disclosers

Under this Policy, if you make a disclosure you will be afforded legal rights to confidentiality and protection against victimisation or recrimination for making a disclosure or being suspected to have made one.

Disclosers must use one of the reporting avenues outlined in this Policy to gain the protections available under the Whistleblower Protection Scheme. Those protections include confidentiality and immunity from criminal or civil liability or disciplinary action.

6.1  Protection of identity and confidentiality

For disclosures made under this Policy, CDC must keep any information received from Disclosers confidential except as required or allowed by law, or where disclosure is necessary to an External Authority or a professional adviser. CDC is not permitted to disclose the identity, or information that may lead to the identification, of a Discloser unless CDC is authorised to do so under the relevant Whistleblower Protection Scheme. Subject to compliance with any legal requirements, upon receiving a Whistleblower Report, CDC will not, nor will any recipient or WIO, disclose any details that would suggest or reveal the Discloser’s identity unless the Discloser consents to such disclosure or CDC is otherwise authorised at law to make the disclosure. Any such disclosure will be made strictly on a confidential basis only.

Criminal penalties are imposed under the Whistleblower Protection Scheme for the unauthorised disclosure of information that may identify a Discloser, and for the disclosure or misuse of information obtained from an investigation into a Whistleblower Report.

To help protect you and your identity, please do not share details of the issue you are disclosing, your report itself or what CDC tells you with people other than to a WPO and relevant stakeholders. This is of course, subject to your right to communicate with External Authorities.

6.2         Protection from Detrimental Conduct

It is important that Disclosers feel protected and empowered to speak up about their concerns. CDC does not allow anyone to cause or threaten to cause detriment to a person because they believe or suspect that the person has made, may have made, or could make, a Whistleblower Report.

Detrimental Conduct includes:

  • dismissal of an employee or injury in their employment
  • alteration of an employee’s position or duties to their disadvantage
  • harassment or intimidation of a person
  • harm or injury to a person, including psychological harm 
  • damage to a person’s property, reputation or financial position.

If you feel you have been subject to Detrimental Conduct for speaking up about a concern or if you become aware of another Employee or Stakeholder suffering Detrimental Conduct for doing so, CDC strongly encourages you to report that conduct immediately to a WPO or to Your Call. If an allegation of Detrimental Conduct is substantiated, disciplinary action, including termination of employment, may be taken against the person(s) responsible for such conduct.

7. What happens after a Whistleblower Report is submitted?

CDC will investigate and record all reports and concerns fairly, objectively and confidentially.

After a Whistleblower Report is made, the investigation process followed by the Eligible Recipient will vary depending on the nature of the conduct reported. All investigations must be conducted in a manner that is fair and objective to all people involved. All documents, reports and records relating to the investigation of a disclosure will be securely stored to retain confidentiality. The Recipient will be tasked with the responsibility of protecting and safeguarding the interest of Disclosers in accordance with the Whistleblower Protection Scheme.

The Eligible Recipient will decide whether to investigate the Whistleblower Report, having regard to the requirements of the Whistleblower Protection Scheme and to this Policy. Where a Eligible Recipient decides to investigate, they may choose to appoint an internal CDC employee as Whistleblower Investigation Officer (WIO) and/or an external investigator contracted by CDC to conduct or to assist in the conduct of the investigation. While the WIO will be appointed on a case-by-case basis, the WIO will not be a person associated with the area under investigation.

The WIO, external investigator or Eligible Recipient will also assess the risk of Detrimental Conduct being suffered by the Discloser and take reasonable action to protect the Discloser from the risk of such conduct. The WIO, external investigator or Eligible Recipient will carry out the disclosure investigation in a timely manner, having regard to the nature of the disclosure, and will provide the Discloser with regular updates as and when appropriate. In some instances, CDC may not be able to commence or progress an investigation into a Whistleblower Report or provide an update to the Discloser on an investigation because, for example, the Report was submitted anonymously and did not provide any contact details to allow CDC to obtain more information.

If there is insufficient information to warrant further investigation, or the initial investigation immediately identifies there is no case to answer, the  WIO, external investigator or Eligible Recipient (as applicable) will notify the person, as relevant, who made the disclosure at the earliest possible opportunity.

If an investigation has been carried out under this Policy, the WIO, external investigator or Eligible Recipient (as applicable) will confidentially report on its investigation to CDC’s Audit and Risk Committee (ARC).

At the conclusion of an investigation, where appropriate, a report will be prepared by the WIO, external investigator or Eligible Recipient (as applicable) and provided to the ARC at the next scheduled meeting. 

8. No protection for deliberate false reporting

An Employee or Stakeholder considering disclosing potential wrongdoing or maladministration under this Policy must have Reasonable Grounds for doing so and must act in good faith. If you deliberately make a malicious, false or vexatious allegation under this Policy, you will not be able to access the whistleblower protections under the Whistleblower Protection Scheme and you may be subject to disciplinary proceedings.

However, if you reasonably suspect misconduct or have some information leading to a suspicion (but lack all the details) CDC encourages you to nonetheless come forward. Provided you make your disclosure in good faith, you may still be protected even if your allegation is then found to be incorrect, unfounded or unable to be substantiated in a subsequent investigation.

9. Breach of this policy

Breach of this policy may be regarded as misconduct, which may lead to disciplinary action (including termination of employment or engagement). An individual may also be exposed to criminal or civil liability for breach of relevant legislation.

We will report serious criminal matters to the police or other appropriate regulatory authorities. We will assess and report compliance incidents in accordance with CDC’s policies.

Any alleged breach of this policy will be taken seriously and, if appropriate, will be separately investigated. Potential or realised breaches of obligations outlined in this policy must be brought to the attention of the WPOs.

For further information regarding this policy please contact the Company Secretary.

10. Policy governance

10.1    Approver

Chief Executive Officer

10.2    Owner

Company Secretary

10.3    Review Cycle

Annual

11. Glossary of key terms

CDC

CDC Data Centres Pty Ltd ABN 59 125 710 394

Contractors

Individuals who are not Employees, and corporations or organisations, engaged to perform services.

Detrimental Conduct

Has the meaning given to that expression in section 6.2.

Director

Director of a board of directors.

Disclosable Matter

 

A Disclosable Matter is information that:

         i.            concerns misconduct, or an improper state of affairs or circumstances, in relation to CDC or a related body corporate of CDC;

       ii.            in the case of the Tax Act:

a.       indicates misconduct, or an improper state of affairs or circumstances, in relation to the tax affairs of CDC; or

b.       which the Eligible Whistleblower considers may assist the Eligible Recipient to perform functions or duties in relation to the tax affairs of CDC; or

     iii.            indicates that CDC, a related body corporate of CDC, or a director, officer or employee of either entity, has engaged in conduct that:

a.        constitutes an offence against, or a contravention of, the Corps Act or other financial services sector laws enforced by ASIC or APRA;

b.       constitutes an offence against any other law of the Commonwealth that is punishable by imprisonment for a period of 12 months or more; or

c.       represents a danger to the public or the financial system.

Eligible Recipient

Means a person who is authorised to receive a Whistleblower Report made in accordance with this Policy.

Eligible Whistleblower

An individual as identified under section 3 of the Policy.

Employee

Past and current directors, officers and employees (whether employed on a permanent, temporary or casual basis), secondees, consultants, contractors and volunteers of CDC.

Reasonable Grounds

has the meaning given to that expression in Section 3.

Stakeholders

persons who supply goods or services to CDC (whether personally, or in their capacity as an officer, employee, agent or contractor of a supplier entity).

Whistleblower(s)

An Eligible Whistleblower who makes a disclosure of Disclosable Matter in the manner described by this Policy.

Whistleblower Protection Scheme

The Corporations Act 2001 (Cth) (Corporations Act) and the Taxation Administration Act 1953 (Cth) (Tax Act) set out a regime for Eligible Whistleblower to disclose information concerning misconduct or an improper state of affairs (including, in the case of the Tax Act, in respect of tax affairs) to certain persons.

Whistleblower Protection Officer or WPO

Means a person identified as such in Section 4.

Whistleblower Report

Means a disclosure of Detrimental Conduct or a Disclosable Matter in accordance with this Policy.

You

Reference to ‘You’, ‘you’, ‘your’ refer to a Whistleblower or someone contemplating making a disclosure.

Your Call

means the third party external and independent whistleblowing hotline service provider engaged by CDC, the details of which are set out in Section 4.

Annexure A - Additional protection relating to tax matters

 

1. Overview of eligibility

The Tax Act gives you special protection for disclosures about a breach of any Australian tax law

or misconduct in relation to tax affairs where all of the following conditions are satisfied:

(a) you are a person to whom the tax protections apply, being a person identified in Section 3 of the Policy;

(b) you report the matter to a Whistleblower Protection Officer or to any of the Eligible Recipients identified in section 4 (each, a Company Recipient), the Commissioner of Taxation (Commissioner), or a lawyer for the purpose of obtaining legal advice or representation in relation to a disclosure; and

(c)     if the disclosure is made to:

i)        a Company Recipient, you:

(1)    have reasonable grounds to suspect that the information indicates misconduct, or an improper state of affairs or circumstances, in relation to the tax affairs of CDC or an associate of CDC; and

(2)    consider that the information may assist the Company Recipient to perform functions or duties in relation to the tax affairs of CDC or an associate of CDC; or

(ii)                the Commissioner, you consider that the information may assist the Commissioner to perform functions or duties in relation to the tax affairs of CDC or an associate of CDC.

 

2. What protections are available?

The protections given by the Tax Act when the above conditions are met are as follows:

  • protection from civil, criminal and administrative legal action relating to your disclosure
  • protection from detriment (or threat of detriment) engaged in on the belief or suspicion that you have made, may have made, propose to make or could make a disclosure, and certain rights to compensation for damages caused by such detriment
  • protection of your identity, unless you consent to the disclosure or where:

i)        the disclosure is only to the extent reasonably necessary for the effective investigation of the allegations raised in your disclosure

ii)       the concern is reported to the Commissioner or the Australian Federal Police

iii)     the concern is raised with a lawyer for the purpose of obtaining legal advice or representation where the disclosure was made to the Commissioner, non-admissibility of the reported information in criminal proceedings or in proceedings for the imposition of a penalty (except where the proceeding relates to the veracity of the information); and unless you have acted unreasonably, protection from any adverse costs-order in legal proceedings relating to the disclosure.

 

Version Control

Version and Date

Author

Notes

1.1 January 2020

Michael Woodward – GM, Legal & Risk

Initial Release

2.1 25 March 2024

General Counsel & Company Secretary

Revised version to address Corporations Act and Tax Act changes and the appointment of a new external provider.

 

WPO Contact Details

1.       Company Secretary:

Email: companysecretary@cdc.com.au

Post:  11 Tom Price Street, FYSHWICK ACT 26

2.       Chief Financial Officer:

Email: cfo@cdc.com

Post: 11 Tom Price Street, FYSHWICK ACT 26

3.       Chair of the Audit and Risk Committee:

Email: ChairARC@cdc.com

Post: 11 Tom Price Street, FYSHWICK ACT 26