Whistleblower Policy
Last updated: 29 June 2026 · Operated by VirtuVault Technologies EOOD
Alpha Monnaies is committed to the highest standards of integrity, transparency, and accountability. This Policy explains how anyone can report a concern about wrongdoing connected to VirtuVault Technologies EOOD ("Alpha Monnaies", "we", "us") safely and confidentially, and how we protect people who speak up. It is designed to align with the EU Whistleblower Directive (Directive (EU) 2019/1937) and the Bulgarian Act on the Protection of Persons Who Report or Publicly Disclose Information about Breaches.
Report a concern: whistleblower@alphamonnaies.io
This mailbox is access-restricted to our designated reports officer. You may report anonymously.
1. Who can report
This Policy is open to anyone in a work-related relationship with Alpha Monnaies, including current and former employees, directors, contractors, interns, job applicants, suppliers, partners, clients, and their staff. You do not need to be certain that wrongdoing has occurred — a reasonable, good-faith belief is enough.
2. What you can report
Use this Policy to report any actual or suspected breach connected to Alpha Monnaies, including:
- money laundering, terrorist financing, sanctions evasion, or breaches of our Sanctions & Forbidden Activities Policy;
- fraud, bribery, corruption, theft, or financial misstatement;
- breaches of financial-services, payment-services, consumer-protection, or anti-money-laundering law;
- breaches of data-protection or information-security obligations;
- conflicts of interest, abuse of position, or misuse of company or client assets;
- endangerment of health and safety, or environmental harm;
- any attempt to conceal any of the above.
This Policy is not the route for personal grievances unrelated to a breach (those should go to your usual HR or contract contact), although such matters will be redirected appropriately.
3. How to report
You can raise a concern by:
- Email — whistleblower@alphamonnaies.io, monitored only by our designated reports officer.
- Post — marked "Strictly private & confidential — Reports Officer", to VirtuVault Technologies EOOD at the registered office below.
- Anonymously — you are not required to give your name. If you want feedback, consider providing a secure, anonymous way for us to reach you.
To help us act, please include what happened, who was involved, when and where, and any evidence you can safely provide. Do not put yourself at risk to gather evidence.
4. Protection from retaliation
Alpha Monnaies prohibits retaliation of any kind against anyone who makes a good-faith report or assists an investigation. Prohibited retaliation includes dismissal, demotion, loss of business, intimidation, harassment, discrimination, or any other detriment. Anyone who retaliates will be subject to disciplinary or contractual action. If you believe you have suffered retaliation, report it immediately using the channels above.
5. Confidentiality & data protection
We will keep your identity, and the identity of any person named in a report, confidential and will share it only where strictly necessary and lawful — for example, with investigators or competent authorities. Personal data in reports is processed in line with the GDPR and our Privacy Policy, kept secure, restricted to those who need it, and retained no longer than necessary for the investigation and any follow-up.
6. How we handle your report
- Acknowledgement — we aim to confirm receipt within 7 days (where you have given us a way to reply).
- Assessment & investigation — a designated, impartial person assesses the report and, where warranted, investigates, escalating conflicts of interest away from anyone implicated.
- Feedback — we aim to provide feedback on action taken within 3 months of acknowledgement, so far as confidentiality and the law allow.
- Action — we take appropriate corrective, disciplinary, or legal action and, where required, notify the relevant authority.
7. Good faith & false reports
You are protected if you report on the basis of a reasonable belief that the information is true, even if it later proves mistaken. Knowingly making a false or malicious report is itself a breach of this Policy and may lead to disciplinary or legal action.
8. External & public reporting
You may always report directly to a competent external authority instead of, or as well as, using our internal channel, without losing protection. In Bulgaria, the Commission for Personal Data Protection (Комисия за защита на личните данни) acts as the central external whistleblowing authority (cpdp.bg); other competent national authorities (for example, financial-sector or AML supervisors) may also apply. EU institutions, bodies, and agencies provide reporting channels for matters within their remit. Where you have a Switzerland- or UAE-related concern, the competent local authority for that matter may also be used.
9. Contact
VirtuVault Technologies EOOD — Reports Officer
49A Bulgaria Blvd, fl. 1, Triaditsa, Sofia 1404, Bulgaria
Email: whistleblower@alphamonnaies.io