Whistleblower Protection

A whistleblower is a person who reports breaches of EU law in an organization.
Anyone can be a whistleblower: an employee, associate, contractor, member of the management board, supplier, subcontractor, client, apprentice.
A whistleblower is a person reporting an action or practice that constitutes a breach of the law. Whistleblowers can generate reports from a wide variety of areas, such as:
public procurement, financial fraud, legal inconsistencies, product safety, transport safety, environmental protection, consumer protection, GDPR, including but not limited to:

• bribery,
• paid protection,
• abuse of powers by an officer in order to gain financial or personal benefits,
• money laundering,
• participation in organized crime,
• disruption of the public tender,
• forgery of invoices with a significant amount of receivables,
• credit fraud,

According to the EU Directive on the protection of persons who report breaches of EU law, in order for a whistleblower to be protected he must have a reasonable belief that he is reporting truthful information and make the report lawfully. The whistleblower protection procedure is to take into account:

• reporting method, communication and accountability channels,
• a detailed method of whistleblower protection,
• how to protect whistleblowers’ personal data,
• course of activities after receiving the notification and deadlines for the implementation of activities

It is our responsibility to protect whistleblowers against repression, discrimination and unfair treatment.

The procedures are to ensure full confidentiality and prevent (directly or indirectly) identification of the whistleblower.
Whistleblowers must be able to report violations anonymously, in writing or orally. In the case of written submissions, regardless of the choice of the form of communication (i.e. mailbox, dedicated e-mail address, IT system), it must meet the criteria of anonymity and confidentiality.

Employers are obliged to take actions following from whistleblowers’ reports. The follow-up is intended to assess the allegations and to develop remedial actions. These activities include internal investigations, investigations and improvement actions.
The procedure is to include:

1. Description of reporting channels designed, established and handled in a manner ensuring confidentiality and protection of the whistleblower’s identity.
2. Description of the appointment of impartial people / roles to act on reports and to communicate with the whistleblower.
3. Indication of the deadlines for providing feedback (not longer, however, than three months from the confirmation of receipt of the notification),
4. Information on procedures for external reporting to competent authorities.

The directive emphasizes the prevention of retaliation against the whistleblower.

The whistleblower shall not be liable in connection with obtaining the information that is the subject of the notification, if such obtaining does not constitute a separate prohibited act.

We must ensure adequate protection of the personal data of the Whistleblower and the persons concerned by the report.

We are obliged to ensure the confidentiality of the Whistleblower’s data, if he so wishes, or provided a confidential report.

Reversed burden of proof will apply before the court or other body examining the case of the damage suffered by the whistleblower in connection with the follow-up activities conducted against him.

The protection of personal data is to be carried out in accordance with Regulation (EU) 2016/679 and Directive (EU) 2016/680, taking into account the rules regarding the processing of personal data specified in art. 5 of Regulation (EU) 2016/679, art. 4 of Directive (EU) 2016/680 and Art. 4 of Regulation (EU) 2018/1725.