Protected disclosure policy

The law in various jurisdictions has moved to protect people who ‘blow the whistle’ on serious wrongdoing within their organisation. Where jurisdictions in which we operate impose a higher standard, those local standards are deemed to be incorporated into and supplement this policy.

This policy, aligned to Datacom’s values and Code of Conduct, provides an avenue for a variety of stakeholders to raise concerns and reassurance that their concerns will be addressed in a timely and confidential manner and they will be protected from reprisals or victimisation, in accordance with this Policy.

Datacom will treat any disclosure of serious wrongdoing properly, and you are encouraged to speak up to help us identify and deal with any of this type of behaviour.

This policy applies to all current and former employees, directors, officers, contractors, and/or third parties engaged by Datacom or working at Datacom – and any family member of those people.

You can still qualify for protection even if your disclosure turns out to be incorrect, as long as you have reasonable grounds for making the disclosure and are not acting in “bad faith”.

To avoid doubt, Reportable Conduct does not include general or personal work-related grievances unless these separately qualify as Reportable Conduct. These grievances should be reported to your manager in accordance with our usual HR practice or referred to a member of the people and culture team.

To qualify for protection under the law, unless it is an exception as noted below, you must make a disclosure of Reportable Conduct to an “eligible recipient”, who are described in this section.

You may disclose any Reportable Conduct to a Whistleblower Protection Officer as listed below:

• Quentin Lowcay, head of legal & commercial
• Annette Highnam, manager, people and culture
• Siobhan Gallacher, group director people
• Joanne Dickson, risk & assurance advisor
• Mike Porteous, head of corporate strategy

If you are unable to use any of the above reporting channels, or feel uncomfortable doing so, you can disclose to any member of the Group Leadership Team (GLT), the Group CEO or Group CFO, or any member of the Legal & Commercial Team (Legal_CommercialTeam@datacom.co.nz ).

If you do not feel comfortable making an internal report, then you can contact the Chair of the Audit Committee of the Board, Mr Chris Day or any other Board member.

You may also report any Reportable Conduct to our auditors, an external lawyer or to any regulator such as the Financial Markets Authority in New Zealand, or the Australian Securities and Investments Commission (ASIC) in Australia. This policy will also apply to those disclosures.

As an exception to the recipients mentioned above, in certain circumstances in Australia, you may make a public interest or emergency disclosure to journalists and Members of Parliament for Reportable Conduct, or in New Zealand to any “appropriate authority” at any time. These processes are set out in Appendix 1 (for Australia) and Appendix 2 (for New Zealand).

If you wish to obtain additional information before making a disclosure, please contact one of our Whistleblower Protection Officers or the Chair of the Audit Committee.

You can make an anonymous disclosure, but it may be difficult for us to properly investigate the matters disclosed if a report is submitted anonymously. Therefore, we encourage you to share your identity when making a disclosure, although you are not required to do so. If you share your identity, we will use our best endeavours to keep confidential any information that might identify you as the discloser.

Where a disclosure has been made externally and you provide your contact details, those contact details will only be provided to a Whistleblower Protection Officer with your consent or otherwise where this is allowed.

We will investigate all disclosures as soon as practicable, after the matter has been reported. A Whistleblower Protection Officer will investigate the matter and where necessary, may appoint an external investigator to assist in conducting the investigation. All investigations will be conducted in a fair, independent and timely

manner and we will use our best endeavours to preserve confidentiality during the investigation and not identify you if you have requested anonymity.

The process you can expect is set out in Appendix 3.

If the report is not anonymous, the Whistleblower Protection Officer or external investigator will contact you to discuss the investigation process and any other matters that are relevant to the investigation.

Where you have chosen to remain anonymous, subject to the provisions allowing disclosure as set out below, your identity will not be disclosed to the investigator or to any other person conducting the investigation unless you consent in writing or where we reasonably believe that disclosure of identifying information is essential:

• for the effective investigation of the disclosure; or
• to prevent a serious risk to public health, public safety, the health or safety of any individual, or the environment; or
• to comply with the principles of natural justice; or
• to an investigation by a law enforcement or regulatory agency for the purpose of law enforcement.

Where possible, the Whistleblower Protection Officer will provide you with feedback on the progress and expected timeframes of the investigation, including consulting with you where we reasonably believe that disclosure of identifying information is required. The person against whom any allegations have been made will also be informed of the concerns and will be provided with an opportunity to respond (unless there are any restrictions or other reasonable bases for not doing so).

To the extent permitted by law and if appropriate, the Whistleblower Protection Officer may inform you and/or a person against whom allegations have been made of the findings of the investigation.

We are committed to ensuring that any person who makes a disclosure in good faith is treated fairly and does not suffer detriment. The protections listed below will apply even if the discloser:

• Is mistaken and there is no serious wrongdoing
• Does not refer to the name of the legislation when making the disclosure
• The discloser technically fails to comply with sections 11 or 14 the Protected Disclosures Act 2022 (for New Zealand only)
• Makes the disclosure to another person, as long as they do so on a confidential basis and for the purposes of seeking advice about whether or how to make a protected disclosure in accordance with the relevant legislation in Australia or New Zealand.

If your disclosure qualifies as a protected disclosure, you will not be subject to any civil, criminal or administrative legal action (including disciplinary action) for making a disclosure under this policy. These protections do not protect you from your misconduct which is uncovered during an investigation or if you have acted in bad faith.

Datacom (or any person engaged by Datacom) will not engage in “Detrimental Conduct” against you if you have not acted in bad faith and you have made a proper disclosure of Reportable Conduct under this policy, or have signalled you intend to, or where you have encouraged someone else to make a disclosure.

Detrimental Conduct includes actual or threatened retaliatory conduct or less favourable treatment such as the following:

• Termination of your employment or dismissal, or causing you to resign
• Injury to your employment including demotion or disciplinary action
• Failing to give you the same employment terms, benefits, or opportunities as similar employees
• Altering your position or duties
• Discrimination or unusual detriment or disadvantage
• Harassment, bullying or intimidation
• Victimisation
• Retiring you or causing you to retire
• Harm or injury including psychological or mental harm
• Damage to your property, reputation or your business or financial position, or
• Any other damage to you or your family, relatives, or associates.

We will take all reasonable steps to protect you from Detrimental Conduct in accordance with this Policy and will take necessary action where such conduct is identified.

We will ensure fair treatment of all people involved in a matter.

If you are subjected to Detrimental Conduct as a result of making a disclosure under this policy or participating in an investigation, you should inform a Whistleblower Protection Officer as set out above.

In Australia you may also seek remedies including compensation, civil penalties or reinstatement where you have been subject to any Detrimental Conduct. In New Zealand you may be able to raise a personal grievance under the Employment Relations Act 2000.

All information received from you will be treated confidentially and sensitively – to the same extent as any HR complaint or issue. All recipients will use their best endeavours to keep confidential any identifying information about you to the same extent as our Privacy Act obligations or otherwise in accordance with this Policy.

If you make a disclosure under this policy, your identity (or any information which would likely to identify you) will only be shared if:

• You give your consent to share that information
• There are reasonable grounds to believe the release of your identity is essential for effective investigation of the disclosure, to comply with natural justice, to prevent a serious risk to public health, public safety, the environment, or the health and safety of any individual (all only for New Zealand, and only after we have consulted with you prior to sharing as to why we need to)
• The disclosure is allowed or required by law (for example, where the concern is raised with a lawyer for the purposes of obtaining legal advice), or in certain circumstances where required to inform law enforcement or regulatory authorities (for New Zealand only)
• The concern is reported to the ASIC, the Australian Prudential Regulation Authority (APRA), the Australian Taxation Office (ATO) or the Australian Federal Police (AFP) (for Australia only).

Any recipient of your disclosure is required under this Policy not to disclose your identity unless one of these exemptions apply. Where it is necessary to disclose information for the effective investigation of the matter, and this is likely to lead to your identification, all reasonable steps will be taken to reduce the risk that you will be identified.

All our employees have access to our Employee Assistance Programme (EAP) for any ongoing concerns you have about any disclosure under this policy.

Details of our EAP providers for employees may be obtained via our People and Culture team or from a Whistleblower Protection Officer.

Any breach of this policy will be taken seriously and may result in disciplinary action up to and including termination of employment.