DevHubOne is firmly committed to creating and maintaining a safe, inclusive and inspiring environment in which every child and young person (up to 18 years) is protected from harm, abuse, exploitation or neglect. Child protection is a collective responsibility embedded in all our activities, partnerships and organizational culture.

Purpose

• To outline principles, standards, procedures and codes of conduct that actively prevent harm and ensure a rapid response in case of concerns or reports.
• To ensure compliance with Bulgarian, European and international legal requirements.

Scope

Applies to all employees, volunteers, contractors, interns and partners of DevHubOne, as well as to all physical, hybrid and digital spaces managed or moderated by us.

Legal and Regulatory Framework

Definitions

• Child: Any person under 18 years of age.
• Child protection: Preventive and reactive measures against any form of harm.
• Abuse: Physical, sexual, emotional abuse, neglect or exploitation.
• Online harm: Grooming, cyber-bullying, inappropriate content, profiling, etc.

Principles

• Best interests of the child
• Zero tolerance of all forms of abuse
• Non-discrimination and equal access
• Participation and support of children
• Privacy and data minimization
• Accountability and continuous improvement

Roles and Responsibilities

Code of Conduct

Safe Recruitment

• Criminal record check plus two references
• Structured interview including child-protection questions
• Appointment only after successful screening and induction training

Training and Awareness

• Induction: Within one week of joining
• Annual Refresh: Yearly refresher training
• Advanced for CPO: Every two years
• Special Modules:
  • VR/AR risks
  • Content moderation

Risk Assessment

A written risk assessment is produced for each activity (workshop, TreasureUP event, etc.), detailing child-specific hazards and mitigation measures; high-risk activities require CPO approval.

Online Safety and Digital Protection

• Design: Age-appropriate design and 'enhanced privacy' settings
• Moderation:
  • Automated moderation bots
  • Trained human moderators on Discord/forum
• Chat Logs: Analysis for risk signals; stored and managed in compliance with GDPR
• Report Buttons: Report buttons and short tutorials for children and parents

Communication and Media

• Parental Consent: Written parental consent before filming or streaming
• No Full Names: Do not publish full names alongside photographs
• Publication Approval: CPO approval for any publications featuring children

Reporting and Response

• Immediate Danger: Call 112 and notify the CPO immediately
• Non-Urgent: Submit the form (Annex A) at vasil.devhubone.com within 24 hours
• Procedure: CPO logs → assessment → possible notification of Social Services/MVR → Board notification

Data Archiving and Protection

• Storage: Encrypted incident files with restricted access
• Retention: Seven years after the child’s 18th birthday
• Processing: In accordance with GDPR and our Privacy Policy

Partnerships and Third Parties

All contracts involving work with children must include compliance clauses; DevHubOne reserves the right to terminate any partnership upon breach.

Monitoring, Review and Learning

• Quarterly Report: CPO provides a quarterly report to the Board
• Annual Review: Policy reviewed annually
• External Audit: Independent audit every three years

Approval and Review

• Version: 1.0
• Approved By: Board of Directors
• Approval Date: 2025-04-25
• Next Review: 2026-04 or upon regulatory change