Internal Whistleblowing rules

The purpose of these Rules is:

– to create a comprehensive irregularity reporting and whistleblowers protection procedure,

– to protect whistleblowers and

– to protect the Organisation by way of early detection and correction of reported irregularities.

The Rules:

– make it possible to openly submit reports,

– guarantee fair, objective, and timely examination of reports,

– ensure protection of those submitting reports as well as whistleblower associates.

§ 1

Glossary

  1. breach – an act or omission that is contrary to the law, the standards of conduct and internal regulations adopted by the Organisation, which seeks to circumvent the law or the accepted standards of conduct and internal regulations applicable in the Organisation;
  2. breach information – shall mean information, including reasonable suspicion, on an actual or potential breach that has occurred or is likely to occur in the Organisation where the whistleblower works, has worked, has participated in recruitment or other pre-contractual negotiations, or about which the whistleblower is or has been in contact in a work-related context, or concerning an attempt to conceal such a breach;
  3. whistleblower – an individual employed by one of the companies of the Contrain Group who reports breach information obtained in a work-related context;
  4. report – the provision of breach information to the Organisation;
  5. work-related context – the entirety of the circumstances of an employment relationship or other legal relationship underlying the provision of work, in which breach information was obtained;
  6. whistleblower helper – an individual who assists a whistleblower with a report in a work-related context and whose assistance should not be disclosed;
  7. affected person –a natural or legal person who is identified in the report as having committed the breach or who is involved in the breach;
  8. whistleblower associate – a natural person who may experience retaliation, including a co-worker or family member of the whistleblower;
  9. Organisation – the Contrain Group comprised of: Contrain Group sp. z o. o, Contrain sp. z o. o., Contrain Poland sp. z o.o., Contrain Global sp. z o.o.
  10. retaliation – a direct or indirect act or omission, in a work-related context, that is caused by a report, relating to a whistleblower, that has the purpose or effect of disadvantaging the whistleblower, a whistleblower helper, or a whistleblower associate that could cause unwarranted damage to the whistleblower, including the unwarranted instigation of proceedings against the whistleblower;
  11. follow-up – steps taken by the Organisation to assess the accuracy of the information contained in the report and, where appropriate, to address the breach reported, including through actions such as internal enquiry, investigation, filing of charges, actions taken to recover funds or closing the procedure for receiving and examining reports.

§ 2

The subject of the report may be, in particular:

  1. breaches of human rights creating or likely to create risks to life, health, or personal freedom;
  2. breaches relating to privacy protection, security of personal data, networks and ICT systems;
  3. breaches of employment rights, including mobbing and discrimination, and any form of abuse of the subordination relationship in employment or professional relationships;
  4. breaches relating to the ethical standards and internal regulations adopted by the Organisation, including in particular those based on the vision and mission of the Contrain Group,
  5. breaches presenting or likely to present a risk to public safety or the environment;
  6. breach relating to transport safety, product safety and compliance, food and feed safety, and animal health and welfare,
  7. breaches relating to consumer rights,
  8. breaches relating to radiological protection and nuclear safety,
  9. acts of a corrupt nature, including active or passive bribery, fraud, forgery, extortion or misrepresentation, etc.,
  10. breaches of public law obligations, including tax obligations;
  11. breaches aimed at limiting or undermining the protection of the European Union’s internal market, including the rules on competition and state aid, corporate taxation and the financial interests of the EU;
  12. actions to conceal any of the breaches listed in points 1 to 11.

§ 3

  1. Contrain Group Sp. z. o.o. with its registered office in Łódź shall be responsible for ensuring the implementation of the procedure, which shall include the provision of resources necessary to carry out the tasks resulting from this procedure.
  2. The Management Board of Contrain Group Sp. z o.o., which shall be actively involved in the implementation of this procedure, shall be responsible for carrying out the tasks arising from the procedure, in particular by:
    1. personal commitment to the development of a irregularity prevention system;
    2. promoting an organisational culture based around the prevention of any irregularities,
    3. ensuring that financial, organisational, and human resources are available for the development of the irregularity prevention system,
    4. appointing the Breach Management Team and distributing competencies among the Organisation’s employees in such a way so as to ensure the effectiveness of the irregularity prevention system;
    5. monitoring adherence to the established rules of conduct by subordinate personnel,
    6. promoting an organisational culture based around the prevention of any irregularities,
    7. reporting breaches to the competent authorities.

§ 4

  1. The breach management team shall be appointed by the Management Board and shall consist of between 3 and 5 members.
  2. Each of the persons appointed may be excluded from the team without providing a reason, in particular if there are reasonable doubts as to their impartiality.
  3. The breach management team is established to handle the whistleblowing procedure on an ongoing basis and shall perform tasks ensuring the smooth functioning of the irregularity prevention system, in particular by:
    1. receiving reports/whistleblowing;
    2. maintaining a register of reports/whistleblowing;
    3. follow-up action, including verification of the report/whistleblowing and further communication with the whistleblower, which may involve requesting additional information and providing feedback, as well as setting up teams to investigate the matter at hand in a comprehensive manner;
    4. fulfilment of the disclosure obligation towards the whistleblower, in particular by providing a response;
    5. ensuring confidentiality for the whistleblower;
    6. ensuring impartiality of investigations,
    7. running awareness campaigns among the Organisation’s employees aimed at upholding positive perception of report/ whistleblowing activities,

4. The Management Board shall directly supervise the appointed Breach Management Team. In this scope, the Management Board shall in particular:

  1. grant and revoke authorisations in writing to the Breach Management Team Members;
    1. require Members of the Breach Management Team to respect the confidentiality of all information obtained in connection with the performance of their tasks as part of the team;
    2. monitor the compliance with the rules of conduct by the appointed Breach Management Team;
    3. clarify the circumstances of the events described in the report/ whistleblowing.

5. The composition of the Breach Management Team shall be non-confidential and shall be communicated in accordance with the rules applicable in the Organisation.

  • Every change of the members of the Team shall be immediately communicated to the employees in accordance with the rules applicable in the Organisation.

§ 5

The Organisation’s employees shall:

  1. observe ethical values and legal provisions in their assigned tasks;
  2. analyse risks and inform their line manager of potential risks within the tasks;
  3. report any irregularities noticed;
  4. make available such information as is necessary to clarify the irregularity,
  5. present, in their internal relationships and in their contact with external clients, an attitude conducive to the prevention of any irregularities.

§ 6

  1. Reports shall be made through a dedicated confidential reporting channel established in the Organisation, using the platform: sygnanet.pl/contrain.
  2. Only non-anonymous reports, i.e. those containing the whistleblower’s personal data, shall be considered;
  3. A report may be:
  4. transparent, where the whistleblower agrees to disclose their identity to those involved in investigating the report;
  5. confidential, where the whistleblower does not consent to the disclosure of their details and the details are therefore confidential.

§ 7

  1. A report shall include, in particular:
  2. details of the whistleblower, i.e. full name, position, workplace;
  3. details of the persons who committed the breach, i.e. full name, position, workplace;
  4. a description of the irregularities and the dates on which they occurred;
  5. documentary evidence, e.g. documents, memos, scans, messages,
  6. reference of witness evidence and a list of witnesses
  7. The reports shall be recorded in special registers broken down by the companies of the Contrain Group.
  8. Within 7 days of a report, the Breach Management Team shall send an acknowledgement of its receipt, unless the whistleblower has not provided a contact address to which the acknowledgement could be sent.
  9. The breach management team shall review the report and then decide on further follow-up.
  10. Follow-up shall be carried out without undue delay.
  11. Feedback shall be provided to the whistleblower within a period not exceeding 3 months from the acknowledgement of the receipt of the internal report or, if no acknowledgement of the report is provided, 3 months from the expiry of a period of 7 days from the date of the internal report.

§ 8

  1. The reports shall be treated with due care and seriousness, in a confidential manner, and the principle of impartiality and objectivity shall be observed in their examination.
  2. During examination of reports, all participants in the procedure shall exercise due diligence to avoid decisions being taken on the basis of false and unfounded accusations not supported by the facts or evidence gathered, and with respect for the dignity and good name of the employees and the affected persons.

§ 9

As a result of the follow-up, a report may be considered:

  1. legitimate, and then corrective action shall be taken or law enforcement authorities shall be notified.
  2. unfounded (without grounds) and in such case, the report shall be dismissed.

§ 10

  1. Protection shall apply to whisteblowers, whistleblower helpers, and whistleblower associates if they have acted in good faith, i.e. on the basis of a reasonable suspicion based on information in their possession which made it objectively probable that the reported irregularities did occurred.
  2. The persons referred to in paragraph 1 shall be protected only with regard to the respective reports

§ 11

  1. The whistleblower, the whistleblower helper and the whistleblower associate shall be protected by the employer against possible retaliation, as well as against harassment, discrimination, and other forms of exclusion or hostility by other employees.
  2. When affording the protection referred to in paragraph 1, the employer shall, in particular, take steps to ensure that the principle of confidentiality and anonymity of data is observed, as well as the identity of the persons concerned is protected at each stage of the investigation and thereafter.
  3. The employer shall sanction, in accordance with the Workplace Regulations, of employees who are found to have taken any repressive or retaliatory action against the whistleblower and the whistleblower helper.
  4. The employer shall instructs the person in charge of the unit to monitor the HR situation of the whistleblower and the whistleblower helper on a continuous basis (at least during and after the investigation).
  5. Monitoring shall include an analysis of the legitimacy of any conclusions of the whistleblower’s and the whistleblower helper’s line manager regarding a change in their legal and factual situation as part of their employment relationship (e.g. termination of the employment contract, change in the scope of activities, transfer to another organisational unit/position, demotion, salary decrease, up-skilling, additional remuneration granted to employees – benefits, prizes, bonuses, change in the work conditions – remuneration, working time, working hours, granting of holiday leave/training leave/unpaid leave to the employee, etc.).
  6. Where actions aimed at deteriorating the legal or factual situation of the whistleblower and the whistleblower helper are discovered or suspected, the person managing the unit shall inform the person in charge of labour law activities in the Organisation on behalf of the employer so as to stop such actions.
  7. The actions referred to in paragraph 2 shall include in particular:
    1. restricting information access as part of the investigation and the process of ensuring the protection of the whistleblower and whistleblower helper to the authorised persons only,
    2. collecting, from persons authorised to access information, written statements of confidentiality with regard to information obtained in the investigation or the protection procedure with regard to the whistleblower and the whistleblower helper,
    3. sanctioning persons found to have failed to comply with the commitment referred to above in accordance with the Workplace Regulations.

§ 12

The whistleblower shall be each time informed of circumstances in which disclosure of their identity becomes necessary, e.g. in the event of criminal proceedings.

§ 13

  1. In any case, a report may also be made to the Ombudsman or a public authority and, where appropriate, to European Union institutions, bodies, or agencies.
  2. A report to the authorities referred to in paragraph 1 without using the internal whistleblower procedure shall not deprive the whistleblower of the protection provided under the applicable legislation and these Rules. Such reports are possible without submitting an internal report first.
  3. The external report must be made in accordance with the rules and procedures laid down by the above-mentioned bodies and authorities.

§ 14

The provisions of this procedure shall be reviewed at least once every three years.

§ 15

  1. The personal data processed in connection with these Rules was received directly from the data subject or provided by whistleblowers.
  2. The companies belonging to the Contrain Group, in which the report is processed, are the Joint Controllers of the personal data. Below, a list of the companies comprising the Group is provided:
  3. Contrain Sp. z o.o. with its registered office in Łódź at ul. 3-go Maja 14a,
  4. Contrain Poland Sp. z o.o. with its registered office in Łódź at ul. 3-go Maja 14a,
  5. Contrain Group Sp. z o.o. with its registered office in Łódź at ul. 3-go Maja 14a,
  6. Contrain Global Sp. z o.o. with its registered office in Łódź at ul. 3-go Maja 14a,

You can contact us at the mailing address of Contrain Group sp. z o.o: ul. 3 Maja 14a, 93-408 Łódź.

  • The Joint Controllers have appointed a Data Protection Officer, who can be contacted at: iod@contrain.pl 
  • Personal data shall be processed on the basis of Article 6(1)(f) of the GDPR, i.e. the Joint Controllers’ legitimate interest to:
  •  
  • analyse the report received,
  • maintain a register of breaches,
  • archive Reports for evidence purposes to secure information in the event of a legal need to establish facts,
  •  draw up summary reports on the related activities,
  • in connection with the fulfilment of the Controller’s obligations arising from applicable legislation.
  • The Joint Controllers shall process personal data for the period of time necessary for the registration and processing of the report, and thereafter for a period of 3 years after the end of the calendar year in which the follow-up is completed or the proceedings initiated by the follow-up are completed.
  • The data may be disclosed to the extent necessary for the purposes of the processing, to the following recipients: Contrain Group companies in respect of matters affecting them, entities providing IT services, business process services to the Controllers, controlling public authorities, institutions or third parties empowered to request access and receive personal data under applicable legislation.
  • You have the following rights:

– to access your personal data,

– to have the date rectified,

– the right to have the data processing restricted under the terms of Article 18 of the GDPR,

– the right to have the data erased under the terms of Article 17 of the GDPR,

– the right to withdraw your consent, which can be exercised at any time, save that processing carried out prior to the withdrawal shall be considered to be fully legal.

  • You provide your personal data on a voluntary basis. Failure to provide personal data will not result in any consequences for you.
  •  You have the right to lodge a complaint with the Personal Data Protection Office, which exercises control over the lawfulness and correctness of the processing of your personal data.
  • Your data shall not be transferred to countries outside the EU or to international organisations.
  • No automated decisions (decisions without human involvement) shall be made in relation to your personal data, nor will they be subject to any profiling.

§ 16

In matters not governed by this procedure, the relevant provisions of the Directive of the European Parliament and of the Council (EU) on the protection of persons who report breaches of Union law, the Labour Code, the Code of Criminal Procedure, and the Criminal Code shall apply.

The Rules shall enter into force 7 days after their announcement.