gridsum holding inc. (collectively with its subsidiaries and consolidated affiliated entities, “company”) is committed to promoting high standards of ethical business conduct and compliance with applicable laws, rules and regulations. as part of this commitment, the company has adopted this whistleblower and complaint policy (“policy”). employees are encouraged to use the guidance provided by this policy to report all known and suspected improper activities. this policy is designed to provide employees with a confidential or anonymous avenue of communication for reporting any improper activities. for purposes of this policy, the company has designated the company’s chief financial officer as its compliance officer (“compliance officer”).
i. reporting violations
employees should report to their supervisors or managers any known or suspected violations of:
laws, governmental rules and regulations;
accounting, internal accounting controls and auditing matters; or
any company policies.
this includes complaints or reports received from persons outside the company. supervisors and managers shall promptly consider the information submitted to them and take appropriate action in accordance with the law, governmental rules and regulations and otherwise consistent with good business practice. supervisors and managers shall also provide any such information to the compliance officer, who shall then provide it to the chairperson of the audit committee (“audit committee chair”).
if an employee is not comfortable discussing the suspected violation with any of their direct supervisors or managers or the compliance officer, the employee may report the suspected violation confidentially and anonymously by any of the following means:
1. by calling the company’s compliance hotline: +86 10 8261 9988 x 8881;
1. 通过致电的合规热线: +86 10 8261 9988 x 8881；
2. by letter addressed to the company’s corporate headquarters marked “attention: compliance officer”;
3. by email addressed to firstname.lastname@example.org, if you report by email, your report will automatically be directed to the compliance officer; or
3. 通过发送邮件至邮箱 email@example.com，如果通过此邮箱举报，你的举报将自动转给首席合规官；或者
4. if you wish to make a report that does not go to any employee or officer of the company but rather goes directly to the audit committee, you may send an email to: firstname.lastname@example.org or you may send a letter addressed to the company’s corporate headquarters marked “attention: audit committee chair.” the audit committee will take whatever steps it deems necessary to respond to a report that it receives, including whether to refer the matter to the compliance officer for investigation.
4. 如果你不想通过任何员工，而是直接将举报发送给审计委员会，可以发送邮件致 email@example.com 或者寄信致总部，并注明“注意:审计委员会主席”。审计委员会对其收到的举报采取任何必要的措施，包括是否将被举报的情况提交给首席合规官进行调查。
note: since it is more difficult to follow up and investigate anonymous complaints, we want to encourage you to select a reporting avenue that is comfortable for you so that you can be available to provide follow up information during our investigation. nonetheless, if you wish to report anonymously, please follow the instructions to ensure your anonymity is maintained.
any employee reporting a suspected violation is encouraged to provide as much detail as possible regarding the subject matter of the complaint or concern, since the ability to investigate will be largely dependent on the quality and specificity of the information. the compliance officer (or his or her designees) will be responsible for reviewing, or overseeing the review, of any report of a suspected violation from any source. the compliance officer will promptly notify the sender and acknowledge receipt of the report, unless the report was submitted anonymously or directly to the audit committee. the compliance officer can be reached at firstname.lastname@example.org.
if you wish to report directly to the audit committee, you may send an email, as described earlier in this policy, or, you may send a letter addressed to the company’s corporate headquarters marked “attention: audit committee.” you may report confidentially and anonymously if you wish. the audit committee will take whatever steps it deems necessary to respond to a report that it receives, including whether to refer the matter to the compliance officer for investigation.
ii. statement of non retaliation
it is against company policy and, in many jurisdictions, a crime for anyone to intentionally retaliate against any person who provides truthful information to a law enforcement official concerning such person’s reasonable good faith belief that a possible violation of any federal, state or foreign law has occurred. moreover, the company will not permit any form of intimidation or retaliation by any employee, contractor, subcontractor or agent of the company against any employee because of any lawful act done by the employee to:
provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably and in good faith believes constitutes a violation of laws, rules, regulations or any company policies; or
file, cause to be filed, testify, participate in, or otherwise assist in a proceeding filed or about to be filed relating to a violation of any law, rule or regulation.
the prohibited forms of intimidation or retaliation include, but are not limited to, discharge, demotion, suspension, threats, harassment or any other manner of discrimination with respect to an employee’s terms or conditions of employment based on lawful actions of such employee with respect to a good faith report or cooperation or assistance with an investigation conducted by the company.
iii. statement of confidentiality
in cases in which an employee reports a suspected violation in good faith and is not engaged in the questionable conduct, the company will attempt to keep its discussions and actions confidential to the greatest extent possible and in compliance with applicable laws and regulations governing employee privacy. all reports and records associated with complaints or reports made under this policy are considered company confidential information and access will be restricted to members of the board of directors of the company, the company’s internal and external legal counsel, and others involved in investigating a complaint or report under this policy. access to reports and records may be granted to other parties at the discretion of the compliance officer.
iv. investigation and record keeping
employees should not independently conduct their own investigation but instead should make their complaint or report to their supervisor or manager, or by following the procedures in this policy.; the compliance officer will coordinate the prompt investigation and resolution of all reports and ensure that corrective action, as necessary and appropriate, is taken. all records of the report of a suspected violation will be reviewed, investigated and evalsuated by the compliance officer (or his or her designee) as he or she deems reasonably necessary.
iv. investigation and record keeping
employees should not independently conduct their own investigation but instead should make their complaint or report to their supervisor or manager, or by following the procedures in this policy. the compliance officer will coordinate the prompt investigation and resolution of all reports and ensure that corrective action, as necessary and appropriate, is taken. all records of the report of a suspected violation will be reviewed, investigated and evalsuated by the compliance officer (or his or her designee) as he or she deems reasonably necessary.
v. retention of records
the compliance officer will maintain a log of all complaints and reports, tracking their receipt, investigation and resolution. the company will preserve records of complaints and reports made under this policy and associated log(s) for a period of time to be determined by the compliance officer in consultation with the company’s audit committee. after the established retention period, the records and associated log(s) may be disposed of in accordance with company policy.
vi. reporting to the audit committee
with respect to all reports of suspected violations, the compliance officer shall make a presentation to the audit committee. at each such meeting, management will report on the nature of all applicable reports received since the prior audit committee meeting. if the compliance officer, or his or her designee, determines that reporting prior to the next scheduled audit committee meeting is necessary or appropriate, the compliance officer or his or her designee shall contact the audit committee chair, or such other person designated by the audit committee, to decide whether an earlier evalsuation is warranted.
the audit committee will take whatever steps it deems necessary to respond to any violation report received by the company.
vii. policy administration
the audit committee is responsible for reviewing this policy and confirming that the procedures contained in this policy are in place. the audit committee may request reports from company executives about the implementation of this policy and take any other steps in connection with that implementation as they deem necessary. the board of directors of the company may amend this policy and procedures associated with this policy.