Whistleblowing and Follow-up Procedure
§1. Introduction
1. Next Technology at "FlexDev spółka z ograniczoną odpowiedzialnością" spółka komandytowa with its registered office in Poznań (hereinafter: Next Technology) places the utmost importance on the establishment of internal procedures that allow for the secure and confidential reporting of breaches of the law.
2. This procedure for reporting breaches of the law and the manner of taking follow-up action (hereinafter referred to as the "Whistleblowing Procedure" or the "Procedure") is intended to regulate the internal procedure at Next Technology at "FlexDev spółka z ograniczoną odpowiedzialnością" spółka komandytowa with its registered office in Poznań.
3. The Procedure has been created based on the requirements of the applicable legislation, i.e. in particular:
a. the Act of 14 June 2024 on the Protection of Whistleblowers (Journal of Laws 2024.928); and
b. directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the Protection of Whistleblowers (O.J. (L 305), 26.11.2019, p. 17, and O.J. (L 347), 20.10.2020, p. 1).
§2. Definitions
1.The following terms and abbreviations are used in the Procedure and should be understood as follows:
a. Follow-up action - means an action taken by Next Technology to assess the veracity of the allegations contained in a Whistleblowing Report and, where appropriate, to address the reported breach, including through an internal investigation, explanatory investigation, prosecution, action taken to recover funds, or closure of proceedings carried out under the Whistleblowing and Follow-up Procedure;
b. Retaliatory action - means a direct or indirect act or omission which is caused by a Whistleblowing Report or public disclosure and which infringes or is likely to infringe the rights of the Whistleblower or causes or is likely to cause harm to the Whistleblower or to a person assisting in Whistleblowing, or to a person associated with the Whistleblower;
c. Whistleblowing Reports Acceptance Coordinator - means the person appointed by Next Technology to receive Whistleblowing Reports under this Procedure;
d. Next Technology - Next Technology at "FlexDev spółka z ograniczoną odpowiedzialnością" spółka komandytowa with its registered office in Poznań, ul. Baraniaka 88D, 61-131 Poznań, entered in the Register of Businesses of the National Court Register kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Business Department of the National Court Register under the KRS number: 0000759865, NIP: 7792500117, REGON: 381903149;
e. Public authority - it should be understood as chief and central government administration bodies, territorial government administration bodies, bodies of local authorities, other state bodies and other entities performing public administration tasks under the law, competent to take follow-up actions in areas within the scope of their activities, as well as - where appropriate - institutions, bodies or organizational units of the European Union;
f. Person Concerned - shall mean the natural person, legal person or organizational unit without legal personality, to whom or which the law confers legal capacity, indicated in the Whistleblowing Report as the person who committed the breach or with whom the person is associated;
g. Whistleblower’s Assistant - means an individual who assists the Whistleblower in reporting a breach in a work-related context. The term "work-related" shall mean past, present or future activities associated with the establishment of an employment or other legal relationship that is the basis for the provision of work or services or the performance of functions at or for Next Technology;
h. Whistleblower’s Related Person - shall mean an individual who may experience retaliation, including a co-worker or next of kin of the Whistleblower;
i. Act - means the Act of 14 June 2024 on the protection of Whistleblowers (Journal of Laws 2024.928);
j. Follow-up Team - means a team of persons appointed to undertake Follow-up Actions;
k. Whistleblower - means an individual who reports or publicly discloses information about a violation of the law in accordance with this Procedure.
§3. Scope
1. The scope of this Procedure covers all Whistleblowing Report at Next Technology, in a context related to work or the provision of services, i.e. in particular reports made by:
a. employees;
b. former employees;
c. temporary workers;
d. job applicants;
e. persons providing work for Next Technology on a basis other than employment, including under a civil law contract;
f. colleagues;
g. contractors;
h. entrepreneurs;
i. partners/shareholders;
j. persons working under the supervision and direction of a contractor, subcontractor or supplier;
k. members of the management or supervisory body;
l. volunteers;
m. trainees;
n. apprentices.
2. The individuals referred to in section 1 are entitled to report a breach or publicly disclose sn information on a breach of the law obtained in a work-related context. The term "work-related" shall mean past, present or future activities associated with the establishment of an employment or other legal relationship constituting the basis for the provision of work or services or the performance of functions at or for Next Technology.
§4. Breach of law
1. A breach of law is an act or omission that is unlawful or intended to circumvent the law concerning:
a. corruption;
b. public procurement;
c. financial services, products and markets;
d. prevention of money laundering and terrorist financing;
e. product safety and compliance;
f. transport security;
g. environmental protection;
h. radiological protection and nuclear safety;
i. food and fodder safety;
j. animal health and welfare;
k. public health;
l. consumer protection;
m. privacy and data protection;
n. security of ICT networks and systems;
o. financial interests of the State Treasury of the Republic of Poland, of a local authority unit and of the European Union;
p. the internal market of the European Union, including the principles of competition and state aid and corporate taxation;
q. constitutional freedoms and rights of Man and of the citizen - occurring in relations of the individual with public authorities and not related to the areas indicated in points a-p.
2. This Procedure shall not apply if the breach only prejudices the rights of the Whistleblower or if the notification of the breach is solely in the individual interest of the Whistleblower.
§5. Acceptance of Whistleblowing Reports
1. Next Technology only accepts written Whistleblowing Reports made in electronic form by sending an email to the dedicated address: signal@flexdevgroup.com
2. Whistleblowing reports are accepted by a Whistleblowing Reports Acceptance Coordinator appointed by the Management Board or a person authorized by the Next Technology Management Board.
3. In the absence of the Whistleblowing Reports Acceptance Coordinator, a Deputy Whistleblowing Reports Acceptance Coordinator shall be appointed by the Management Board or a person authorized by the Management Board for the duration of his/her absence. The Deputy Whistleblowing Reports Acceptance Coordinator has the same powers as the Whistleblowing Reports Acceptance Coordinator.
4. A Whistleblowing Report should include, in particular:
a. the details of the Whistleblower, including contact details;
b. the date and place of the breach;
c. a detailed description of the breach being reported;
d. the details of the person or persons to whom the Whistleblowing Report relates;
e. if applicable, details of other persons with knowledge of the breach (witnesses, victims, etc.), including their contact details;
f. if applicable, the data of persons related to the Whistleblower;
g. identification of the evidence confirming a breach of regulations or internal procedures (any document in any format) or additional information that makes it likely that a breach has occurred or is suspected, or that may facilitate clarification of the Whistleblowing Report.
5.Within 7 days of the receipt of
the Whistleblowing Report,
the Whistleblowing Reports Acceptance Coordinator shall send an acknowledgement of receipt of
the Whistleblowing Report to
the Whistleblower, unless
the Whistleblower has not provided
an address to which
the acknowledgement should
be forwarded. A template of
the Confirmation of Acceptance of
an Internal Whistleblowing Report is attached as Appendix No. 1 to this Procedure.
6. An information clause for the Whistleblower is attached to the acknowledgement of the Whistleblowing Report. A template of an Information Clause for Whistleblowers is attached as Appendix No. 2 to this Procedure.
7. Next Technology does not accept anonymous Whistleblowing Reports.
§6. Follow-up action
1. The Whistleblowing Reports Acceptance Coordinator shall forward the Whistleblowing Report to the Follow-up Team immediately upon receipt.
2. The Follow-up Team consists of 3 permanent members, including 1 Team Chair, and 1 rotating member.
3. The permanent members of the Follow-up Team are appointed for a 2-year term by the Management Board or a person authorized by the Next Technology Management Board.
4. A rotating member of the Follow-up Team is appointed to handle a given Whistleblowing Report by the Management Board or a person authorized by the Next Technology Management Board, depending on the scope of the report.
5. To the extent necessary, matters will be consulted with a lawyer or the Data Protection Officer.
6. Where a Whistleblowing Report involves a member of the permanent Follow-up Team or in the event of a prolonged absence of a member of the Follow-up Team, the Management Board or a person authorized by the Management Board of Next Technology shall appoint an alternate permanent member to handle the respective Whistleblowing Report.
7. Membership of the Follow-up Team is open to both employees and individuals/entities working with Next Technology under a civil law contract.
8. In the event that the Follow-up Team cannot reach a majority decision on the resolution of a reported breach of law, the Chair of the Follow-up Team shall have the casting vote.
9. The Follow-up Team acts with due diligence to clarify the reported breach.
10. Examples of Follow-up Actions shall include:
a. referring to other Next Technology's reporting channels or procedures in the case of reports involving only the individual rights of the Whistleblower;
b. launching an internal investigation;
c. conducting an explanatory investigation;
d. measures taken to remedy the breach;
e. filing a notice of suspected offence;
f. taking action to recover assets;
g. referring the case to the competent authority for further investigation;
h. terminating the procedure due to insufficient evidence or other reasons.
11. The Follow-up Team shall document the follow-up actions on an ongoing basis and draw up a protocol at the end of the investigation.
12. The Follow-up Team shall provide feedback within 3 months of the acceptance of the Whistleblowing Report or, if no acceptance has been provided to the Whistleblower, within 3 months of the expiry of 7 days after submission of the Whistleblowing Report, including in particular:
a. information on whether or not a breach has been identified;
b. information on the measures taken or to be taken in response to the identified breach.
13. In the event that the email address from which the Whistleblowing Report was sent is inactive at the time of the conclusion of the proceedings and the Whistleblower has not provided another contact address, Next Technology will not send feedback.
§7. Prohibition of Retaliation
1. The Whistleblower shall be subject to the protection specified in this Chapter from the time of the Whistleblowing Report or public disclosure, provided that the Whistleblower had reasonable grounds to believe that the information about the breach that is the subject of the Whistleblowing Report or public disclosure was true at the time of the Whistleblowing Report or public disclosure and that such information constitutes information about a breach of law.
2. No Retaliatory Action or attempted or threatened Retaliatory Action may be taken against the Whistleblower. No retaliatory action may be taken against the Whistleblower’s Assistant or the Whistleblower’s Related Person if they also are employed or otherwise provide work, services to Next Technology.
3. If the work is, or is to be, provided on the basis of an employment relationship, the Whistleblower shall not be disadvantaged by virtue of having made a Whistleblowing Report or public disclosure. The same applies to persons who provide work or services on the basis of a legal relationship other than an employment relationship.
4. The Whistleblower should act in good faith. Making a Whistleblowing Report in bad faith may give rise to liability, including disciplinary liability or liability for damages for infringement of the rights of others or of obligations laid down by the law, in particular in the field of defamation, infringement of personal rights, copyright, personal data protection laws and the obligation to maintain secrecy, including business secrecy.
5. Making Whistleblowing Reports in bad faith is also punishable by a fine, restriction of liberty or imprisonment for up to two years.
6. A person who has suffered damage due to the deliberate reporting of false information by a Whistleblower is entitled to damages or compensation from the Whistleblower acting in bad faith.
§8. Register of Whistleblowing Reports
1. Next Technology shall maintain a Register of Whistleblowing Reports in an electronic form.
2. Next Technology may authorize an elected member of the Follow-up Team to maintain the Internal Register of Whistleblowing Reports.
3. An entry in the Internal Register of Whistleblowing Reports shall be made on the basis of an accepted Whistleblowing Report.
4. The following data shall be collected in the Register of Whistleblowing Reports:
a. Whistleblowing Report number;
b. subject of Whistleblowing Report;
c. personal data of the Whistleblower and the Person Concerned necessary for their identification;
d. Whistleblower's contact address;
e. date of the Whistleblowing Report;
f. information on Follow-up Actions taken;
g. date of finalization of the case.
5. A template Register of Whistleblowing Reports is attached as Appendix No. 3 to this Procedure.
6. Next Technology is the processor of the personal data collected in the Register of Whistleblowing Reports.
7. Personal data and other information in the Register of Whistleblowing Reports shall be retained for a period of 3 years from the end of the calendar year in which the Follow-up Actions were completed or the proceedings initiated by those actions were terminated.
§9. Confidentiality and protection of personal data
1. The Whistleblower's personal data and other identifiable data shall not be disclosed, except with the Whistleblower's express consent.
2. Next Technology shall prevent unauthorized persons from gaining access to the information covered by the Whistleblowing Reports and protects confidentiality of the identity of the Whistleblower and the Person Concerned. The protection of confidentiality applies to information based on which the identity of such persons can be directly or indirectly determined.
3. Only persons with written authorization granted by Next Technology may receive and verify Whistleblowing Reports, take Follow up Actions and process the personal data of the persons referred to in section 2.
4. Authorized persons are obliged to keep all information and personal data they have obtained in the course of receiving and verifying Whistleblowing Reports and taking Follow-up Action secret, even after the termination of their employment or other legal relationship under which they have performed work for Next Technology. A Template of Authorization to process personal data in connection with Whistleblowing Reports is attached as Appendix No. 4 to this Procedure.
5. Next Technology shall apply technical and organizational solutions to ensure secrecy of the Whistleblower's data and the information contained in the Whistleblowing Report in accordance with the principles set out in the Data Protection Procedure for Internal Whistleblowing Reports, which constitutes Appendix No. 5 to this Procedure.
§10. External Whistleblowing Reports
1. A Whistleblower may send an External Whistleblowing Report without first sending an Internal Whistleblowing Report.
2. External Whistleblowing Reports shall be accepted either by the Ombudsman or by the relevant public authority.
§11. Final provisions
1. This Procedure shall enter into force 7 days after it is made known to those performing work, in the manner adopted by Next Technology
2. Next Technology shall familiarize employees with the contents of this Procedure before they are allowed to work.
3. To a person applying for a job based on an employment relationship or any other legal relationship that forms the basis for the provision of work or services, Next Technology shall provide information on the Whistleblowing Procedure upon the commencement of recruitment or negotiations preceding the conclusion of an employment contract.
4. A template of the Declaration of having read the Whistleblowing and Follow-up Procedure is attached as Appendix No. 6 to this Procedure.
§12. List of appendices
Identifier | Document title | Document type |
Appendix No. 1 | Template of Confirmation of Acceptance of an Internal Whistleblowing Report | Internal |
Appendix No. 2 | Template of an Information Clause for Whistleblowers | Internal |
Appendix No. 3 | Template of the Register of Whistleblowing Reports | Internal |
Appendix No. 4 | Template of Authorization to process personal data in connection with Whistleblowing Reports | Internal |
Appendix No. 5 | Data protection procedure for Internal Whistleblowing Reports | Internal |
Appendix No. 6 | Template of Declaration of having read the Whistleblowing and Follow-up Procedure | Internal |
§13. Document version history
Version | Date | Description of changes |
1 |
First version |
§14. Appendices
Appendix No. 1 Template of Confirmation of Acceptance of an Internal Whistleblowing Report
Confirmation of Acceptance of a Whistleblowing Report
Acting on behalf of Next Technology at "FlexDev spółka z ograniczoną odpowiedzialnością" spółka komandytowa with its registered office in Poznań, we confirm the acceptance of the Whistleblowing Report, sent in electronic form, which we received on ______________
At the same time, we would like to inform you that your personal data and other data enabling establishing your identity will not be disclosed unless you give your consent. The information provided in the Whistleblowing Report is subject to confidentiality with regard to the identity of the Whistleblower, the Person Concerned and other third parties mentioned in the Whistleblowing Report.
Furthermore, please be advised that feedback on the planned or undertaken Follow-up Action to the Whistleblowing Report, together with the reasons for such Follow-up Action, will be provided within 3 months of the acknowledgement of the Whistleblowing Report, i.e. by _____________ to the address provided in the Whistleblowing Report.
……………date and signature
Appendix No. 2 Template of an information clause for Whistleblowers
Information clause in relation to the processing of personal data of the Whistleblower
As required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (EU Official Journal L. of 2016. No. 119, p. 1, as amended), hereinafter referred to as the GDPR, we inform you that:
1. The Controller of your personal data is Next Technology at "FlexDev spółka z ograniczoną odpowiedzialnością" spółka komandytowa with its registered office in Poznań, ul. Baraniaka 88D, 61-131 Poznań, entered in the Register of Businesses of the National Court Register kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Business Department of the National Court Register under the KRS number:0000759865, NIP:7792500117, REGON:
2. You may contact the Controller on matters relating to the processing of your personal data and the exercise of your rights under the GDPR using the above address details, or the Controller’s designated Data Protection Officer at the email address: iod@flexdevgroup.com or by calling +48 570 996 993.
3. The Controller, in connection with its tasks related to the handling of Whistleblowing Reports, will process personal data for the following purposes:
a. fulfilment of the legal obligation relating to the acceptance of Internal Whistleblowing Reports under the provisions of the Act of 14 June 2024 on the protection of Whistleblowers (in line with Article 6(1)(c) of the GDPR). The personal data will be processed for a period of 3 years after the end of the calendar year in which the proceedings initiated by the follow-up action have been terminated.
b. processing of data in connection with follow-up actions based on the legal obligation under the provisions of the Act of 14 June 2024 on the protection of Whistleblowers (in line with Article 6(1)(c) of the GDPR). Personal data shall be retained for a period of 3 years from the end of the calendar year in which the follow-up actions have been completed or the proceedings initiated by those actions have been terminated
c. maintaining documentation, including the Internal Whistleblowing Reports to fulfil the legal obligation relating to the acceptance of Internal Whistleblowing Reports under the provisions of the Act of 14 June 2024 on the protection of Whistleblowers (in line with Article 6(1)(c) of the GDPR). Personal data shall be retained for a period of 3 years from the end of the calendar year in which the follow-up actions have been completed or the proceedings initiated by those actions have been terminated.
d. the assertion and defence of claims arising from accepted Internal Whistleblowing Reports. The legal basis for the processing of personal data is Article 6(1)(f) of the GDPR (legitimate interest of the processor to protect its rights). The personal data will be processed for a period of 3 years from the end of the calendar year in which the proceedings initiated by the Follow-up Action were terminated.
As a result of a positive resolution of a Whistleblowing Report, the time limits indicated above for the deletion of personal data may be extended until the final conclusion of proceedings conducted on the basis of the law.
4. The Controller shall ensure confidentiality of your data in connection with the Whistleblowing Report received. Accordingly, the data may only be made available to entities authorized by the law and to entities to which the Controller entrusted data processing (e.g. hosting platforms, IT service providers, consulting service providers).
5. You have the right to request access to your personal data, and to rectify (amend) your personal data. You also have the right to request erasure or restriction of processing, as well as to object to processing, but you only have this right if further processing is not necessary for the Processor to comply with a legal obligation and there are no other overriding legal grounds for the processing
6.You have the right to lodge a complaint against processing by the Processor to the President of the Data Protection Office.
7. The provision of data is voluntary, but necessary for the acceptance and processing of the Whistleblowing Report. Anonymous reports will not be dealt with under the Whistleblowing and Follow-up Procedure
8. Your data will not be shared with a third country or international organization.
9. Your data will not be subject to profiling or automated decision-making.
Appendix No 3 Template of the Register of Whistleblowing Reports
REGISTER OF INTERNAL NOTIFICATIONS
No. | Whistleblowing Report number | Subject of Whistleblowing Report | Personal data of the Whistleblower and the Person Concerned necessary for their identification | Whistleblower’s contact address | Date of the Whistleblowing Report | Information on follow up actions taken | Date of finalization of the case |
1. | |||||||
2. | |||||||
3. | |||||||
4. | |||||||
5. | |||||||
6. | |||||||
7. | |||||||
8. | |||||||
9. |
Appendix No. 4 Template of Authorization to process personal data in connection with Whistleblowing Reports
Poznań, on ________________________
Authorization to process personal data
in connection with Whistleblowing Reports
processed by the Controller - Next Technology at "FlexDev spółka z ograniczoną odpowiedzialnością" spółka komandytowa with its registered office in Poznań
Full name of authorized person
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Date of granting authorization
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Scope of authorization
I hereby authorize you to process personal data to the extent necessary to receive, consider, review, clarify the Whistleblowing Reports received by the processor from Whistleblowers.
The authorization includes the right to process the data of Whistleblowers and persons named in the Whistleblowing Reports submitted by Whistleblowers to the extent necessary to complete the internal procedure for receiving and processing Whistleblowing Reports.
The indicated activities will be carried out using equipment and tools provided by the Processor.
The authorization covers collecting, accessing, copying and transmitting data, pseudonymization and destruction of the data after the data is no longer useful.
The authorization is granted for a period of ... / for the time necessary to ...
Authorized person's declaration
I declare that I have familiarized myself with the data protection policies and procedures, as well as with the internal withleblowing and follow-up procedure in force at the Processor’s and I undertake to comply with the principles contained therein. I undertake to keep any protected information to which I am given access and the methods of securing it confidential, even after the termination of the authorization.
I declare that in the performance of my duties I will ensure due confidentiality of the Whistleblower's data and the data contained in the Whistlebolwing Reports, in particular by using pseudonymization during the processing of the Reports, to ensure due protection of the Whistleblower. I will also apply the principle of confidentiality and pseudonymization to the data of individuals contained in the Whistleblowing Reports, in order to enable effective investigation.
Signature of the person receiving the authorization: ............................................................
Signature of the person granting the authorization: ..................................................................
Appendix No. 5 Data protection procedure for Internal Whistleblowing Reports
Data protection procedure for Internal Whistleblowing Reports
§ 1. Introduction
1. This Procedure sets out the rules for information and personal data security in connection with Internal Whistleblowing Reports at Next Technology at ''FlexDev Spółka z ograniczoną odpowiedzialnością'' Spółka komandytowa, with its registered office in Poznań
2. The procedure has been established to ensure that Whistleblowers, i.e. those who report or publicly disclose information about breaches of the law, and those who assist them in submitting such a report, are duly protected. Information directly related to the Whistleblowing Reports is protected.
3. The mechanisms set out in the Procedure are designed to reduce the personal risk of the Whistleblower, including negative direct or indirect consequences.
4. The Whistleblower's data should remain confidential and may not be disclosed in the course of the proceedings to parties and participants in these proceedings without the express and unequivocal consent of the Whistleblower.
§ 2. Definitions
Whenever this Procedure refers to:
1) Next Technology – Next Technology at "FlexDev spółka z ograniczoną odpowiedzialnością" spółka komandytowa with its registered office in Poznań, ul. Baraniaka 88D, 61-131 Poznań, entered in the Register of Businesses of the National Court Register kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Business Department of the National Court Register under the KRS number: 0000759865, NIP: 7792500117, REGON: 381903149
2) Whistleblower – it shall mean the person reporting a breach of the law in accordance with the Whistleblowing and Follow-up Procedure;
3) Act – it shall mean the Act of 14 June 2024 on the Protection of Whistleblowers (Journal of Laws 2024.928).
§ 3. Access to Whistleblowing Reports
1. The Whistleblower's data may only be accessed by a person who has been authorized to process personal data in this regard and has been obliged to maintain confidentiality.
2. Pseudonymization, i.e. the processing of personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information, shall be applied to the data of the Whistleblower, provided that such additional information is stored separately and is covered by technical and organizational measures preventing its attribution to an identified or identifiable natural person.
3. It is the responsibility of Next Technology's Management Board to ensure that the Whistleblower is protected in accordance with legal requirements.
4. All Employees, collaborators and other persons and entities that act on behalf of Next Technology are required to comply with this Procedure.
5. An information clause for data subjects whose data is processed in connection with the receipt and processing of Whistleblowing Reports, as referred to in §5(6) of the Whistleblowing and Follow-up Procedure, is posted on the Next Technology website and intranet.
6. The information clause shall also be attached to the confirmation of acceptance of the Whistleblowing Report.
7. Those appointed to deal with Whistleblowing Reports are guaranteed to be independent in the performance of their activities - they must not receive instructions to act from any Next Technology person.
§ 4. Principles of a Whistleblower’s data protection
1. Only those authorized to receive Whistleblowing Reports shall have access to whistleblowing channels.
2. In accordance with the Whistleblowing and Follow-up Procedure, a Register of Internal Whistleblowing Reports has been established
3. The data in the Register can only be accessed by a person authorized to process the Whistleblower's data.
4. The person designated to receive Whistleblowing Reports shall, as soon as the Whistleblowing Report is received, anonymize the Whistleblower's details and give him/her a numerical identifier to be used during Follow-up Actions.
5. Pseudonymization shall include any kind of information that makes it possible to directly or indirectly identify the Whistleblower, with particular regard to whether the content of the Whistleblowing Report itself does not indicate the identity of the Whistleblower.
6. The Whistleblower cannot be a participant in or a party to an investigation initiated, as this could expose him/her to direct or indirect retaliation.
7. At all stages of the explanatory investigation, an assigned identifier shall be used instead of the Whistelblower's data.
8. During the investigation, reference should be made to the case number under which the Whistleblowing Report from the Whistleblower was registered, not the case to which the Whistleblowing Report relates.
9. The details of the Whistleblower shall not be disclosed at the request of the parties or participants in the investigation.
10. The Whistleblower shall be informed of the circumstances in which disclosure of his or her identity becomes necessary, e.g. in the event of criminal proceedings being initiated.
11. The Whistleblower's data shall not be included in document distribution lists related to the investigation or in email correspondence.
12. If a Whistleblowing Report is received through a channel other than those approved for receiving such reports, the person who receives it shall be obliged to immediately forward it to the person authorized to handle them, and to delete any copies of it (e.g. from emails).
§ 5. Final provisions
1. An employee shall immediately notify his/her supervisor, IT Support and the Data Protection Officer by sending an email to iod@flexdevgroup.com of any electronic or paper data leakage incident or data breach related to electronic or paper data processing.
2. This Procedure shall enter into force upon the entry into force of the Whistleblowing and Follow-up procedure.
Appendix No. 6 Template of Declaration of having read the Whistleblowing and Follow-up Procedure
Poznań, ……………..……….
Declaration
of having read the Whistleblowing Procedure
I, the undersigned,
………………………………………….…………., I hereby confirm that I have familiarized myself with the Whistleblowing and Follow-up Procedure in force at Next Technology at "FlexDev spółka z ograniczoną odpowiedzialnością" spółka komandytowa with its registered office in Poznań
......................................................
Employee signature