REGULATIONS ON REPORTING BREACHES AND PROTECTING WHISTLEBLOWERS

in Job Impulse Polska sp. z o.o. (hereinafter the “Company” and the Group companies (Job Abroad Sp. z o.o.; Job Outsourcing Sp. z o.o.),

TABLE OF CHANGES

No.Issue/DateDescription of the change
1.1/2021-12 -02
2.2/2024-09-25Update of the Regulations in connection with the Act on the Protection of Whistleblowers of 14 June 2024

INTRODUCTION

In order to ensure the proper operation of the Company and the Group companies, it is necessary to enable the reporting of any actions observed that are inconsistent with applicable laws, internal regulations of the Company and the Group companies, and/or unethical actions, through an effective system of reporting Breaches.

The culture of openness, honesty, diversity associated with the implementation of the Regulations entails disapproval of behaviour that is not in accordance with the law or ethical standards adopted by Job Impulse Polska and the Group companies.

The Regulations specify how to report possible Breaches, who verifies them and how. The purpose of the Regulations is to ensure that notifications of Breaches are accepted, reviewed, and the person reporting them is protected against retaliation. Once a breach is reported, the information contained in the notification shall be disclosed only to those involved in the investigation.

The Regulations on reporting Breaches and protection of whistleblowers have been developed in fulfilment of the obligations and recommendations under the Act on the Protection of Whistleblowers, which are related to the Directive of the European Parliament and of the Council (EU) 2019/1937 of 23 October 2019 on the protection of persons who report breaches of Union law (Official Journal EU.L 305 of 26.11.2019, p.17 and Official Journal EU.L 347 of 20.10.2020, p.1).

The procedure contained in the Regulations shall not apply if the breach of the law harms only the rights of the reporting person or the notification of the breach of the law is made only in the individual interest of the reporting person. In such situations, these Regulations do not preclude the reporting of Breaches in the normal course of official duties directly to superiors or persons in charge of a given area.

DEFINITIONS:

1. Personal data – any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

2. Retaliation – a direct or indirect act or omission in the work-related context that is caused by a notification or public disclosure and that violates or may violate the rights of the whistleblower or causes or may cause unjustified harm to the whistleblower, including ungrounded initiation of proceedings against the whistleblower.

3. Committee – a team authorized to take follow-up actions and communicate with the Whistleblower.

4. Breach – an act or omission that is inconsistent with the law, or aiming at circumventing the law, and regarding:

  • Corruption
  • Public procurement,
  • Financial services, products and markets,
  • Counteracting money laundering and terrorism financing,
  • Product safety and compliance with requirements,
  • Transport safety,
  • Environmental protection,
  • Radiological protection and nuclear safety,
  • Food and feed safety,
  • Animal health and welfare,
  • Public health,
  • Consumer protection,
  • Privacy and personal data protection,
  • Security of networks and IT systems,
  • Financial interests of the State Treasury of the Republic of Poland, local government units and the European Union,
  • Internal market of the European Union, including public law principles of competition and state aid and taxation of legal persons,
  • Constitutional freedoms and rights of man and citizen – occurring in the relations of an entity with public authorities and not related to the areas indicated in the items above.

5. Notification Register – means a register containing information on all Notifications and Breaches at Job Impulse Polska and the Group companies.

6. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

7. Whistleblower – a natural person reporting a breach of the law in the work-related context, irrespective of the position held, form of employment or co-operation.

8. Notification – information about a breach of the law made through the channels earmarked for that purpose.

9. Person Concerned – a natural person, a legal person or an organizational unit without legal personality to which the law grants legal capacity, identified in the notification or public disclosure as the person who committed the breach of the law or as a person to whom the person who breached the law is related.

10. Follow-up – action taken in connection with the notification made.

I. PURPOSE AND SCOPE OF THE REGULATIONS

1. The Regulations define the principles and procedure for reporting information by Whistleblowers about breaches of the law (including information about a justified suspicion regarding an existing or potential breach of the law that has occurred or is likely to occur in Job Impulse Polska Sp. z o.o. or a Group company or information regarding an attempt to conceal such a breach of the law).

2. The Regulations define the principles and procedure for reporting breaches regarding the internal regulations and/or ethical standards applicable in Job Impulse Polska Sp. z o.o. and the Group companies, which have been established on the basis of generally applicable provisions of law and are consistent with them.

3. The Regulations are intended to ensure that Notifications are received, reviewed, identified for occurrence of Breaches, assessed from a risk perspective, and properly managed, and that the Whistleblower is protected against Retaliation.

II. CHANNELS FOR REPORTING BREACHES

1. Job Impulse Polska and the Group companies shall provide channels for reporting that ensure the confidentiality of the identity of the reporting person and the persons named in the Notification, and allow access to such information only to persons involved in the investigation.

2. The application, should include at least:

a. a brief statement of facts,
b. indication of possible evidence, e.g., documents, names of witnesses,
c. date and location of the Breach.

3. The Notification can be made with personal information, allowing the identification and contact with the Whistleblower, but also can be made anonymously.

4.The breach notification form is attached as Appendix hereto. It can be used, regardless of the method selected for making the Notification.

5. The Notification can be made by:

  • e-mail to: naruszenia@jobimpulse.pl
  • wysłanie wiadomości w formie papierowej na adres: Job Impulse Polska Sp. z o.o. (lub nazwa spółki z Grupy) ul. Ptasia 10, 60-319 Poznań, z dopiskiem: „naruszenie”.

The employee receiving an envelope with a note “breach” is obliged not to open the envelope and immediately forward it to the person designated in the Regulations as the person receiving the notification.

6. The manager of the legal department is responsible for receiving notifications.

7. The reporting person shall receive an acknowledgement of receipt of the Notification within 7 days of its receipt by the person responsible for receiving Notifications, unless the reporting person has not provided an address to which the acknowledgement should be forwarded.

III. COMMITTEE

1. The Committee authorized to take follow-up action and communicate with the Whistleblower consists of 4 to 6 members.

2. The permanent composition of the Committee includes:

  • President of the Management Board,
  • HR Director,
  • Legal Department Manager,
  • Employee responsible for actions related to CSR

3 The composition of the Committee may – depending on the circumstances, subject matter and nature of a given Notification – be supplemented by the appointment of additional persons to the Committee.

4. The composition of the Committee referred to in section 3 above shall be completed by oral or email arrangements of permanent members.

5. The President of the Management Board shall have the right to include other Management Board Members in the work and composition of the Committee.

6. The Legal Department Manager is responsible for the administrative support of the Committee, including the preparation and maintenance of all Committee documentation.

7. If circumstances require so, the Committee shall have the right to designate persons from among the Employees to assist with the content.

8. The Committee is a consultative body with the main task is to initiate an investigation to determine all the circumstances contained in the Notification.

9. In conducting the investigation, the Committee:

  • examines all the circumstances in order to comprehensively investigate the case,
  • is guided by the principle of objectivity and independence in evaluating the information collected,
  • seeks to complete the investigation of the case as soon as possible.

10. The Committee is authorized to contact and obtain from business units and all Employees, explanations or documentation that may contribute to the clarification of Notifications.

11. Members of the Committee act on the basis of written authorization from the Company and the Group companies and are obliged to maintain confidentiality in the scope of information and personal data obtained when receiving and verifying the notification and taking follow-up actions, even after the termination of the employment relationship or other legal relationship under which they performed these activities.

IV. PROCESSING OF NOTIFICATIONS

1. The Committee shall consider each Notification without undue delay and in an objective and impartial manner.

2. The maximum time limit for providing feedback to the reporting person is 3 months from the acknowledgement of the notification or, if no acknowledgement is provided to the reporting person, 3 months from the lapse of a 7-day period from making the notification.

3. If a member of the Committee is in a relationship with the person to whom the Notification relates, which could raise issues of impartiality, or if the Notification under consideration relates directly or indirectly to a member of the Committee, that member shall be excluded from the proceedings in question.

4. The Committee, based on a preliminary analysis of the Notification, determines a plan of action to clarify the issues contained in the Notification.

6. After investigation, the Notification may be considered:

a. grounded, whereupon corrective action is taken,
b.groundless (non-supported) whereupon the Notification is dismissed.

6. The feedback referred to in section 2 shall include, in particular, information on whether or not a breach of the law has been identified and what measures, if any, have been or will be applied in response to the identified Breaches of the law.

7. Adequate measures shall be taken against violators, in particular:

a.disciplinary actions shall be taken on the basis of the Labour Code,
b. discretionary bonuses are reduced or an employee is deprived thereof,
c. the employment relationship with the employee is terminated, including termination without notice, due to the fault of the employee,
d. the contract of cooperation with persons under the relationship other than employment agreement.

8. If, within the framework of the measures taken, circumstances indicate that a crime has been committed, the Committee is obliged to immediately notify the relevant law enforcement authorities.

9 .The Committee, within the scope of its authority, has the right to make recommendations to the Companies relating to, in particular:

a. implementing changes and actions to reduce the number of Breaches,
b. strengthening the organizational culture, to increase loyalty to the respective Group Company.

10. Each Notification made to the Committee must be documented and assigned an internal number. Upon completion of the investigation, a report is prepared by the Committee.

V. REGISTER OF NOTIFICATIONS AND BREACHES

1. The Legal Department Manager shall develop and systematically maintain a Notification Register containing information on all Notifications and Breaches.

2. The Legal Department Manager submits information on the number of Notifications and the number of Breaches to the Management Board once a year (in December).

3. The Notification Register contains at least: the notification number, the subject of the breach of law, the personal data of the Whistleblower and the person concerned by the notification necessary to identify these persons, the Whistleblower’s contact address, the date of the notification, information on the follow-up actions taken, the date of completion of the case.

4. The Notification Register is kept in accordance with the principles of confidentiality, and personal data and other information in the Notification Register are stored for a period of 3 years after the end of the calendar year in which the follow-up actions were completed or after the completion of the proceedings initiated by these actions.

VI. CONFIDENTIALITY, ANONYMITY AND PROHIBITION OF RETALIATION

1. The Committee is obliged to ensure that the reporting person’s identity is protected. The exception is when the Committee’s disclosure of the reporting person’s identity is an obligation under generally applicable law.

2. All data contained in the Notification and actions taken under the Regulations shall be treated as confidential and shall not be disclosed to others, except to the extent necessary to conduct an investigation in accordance with the Regulations.

3. The proceedings are confidential, which means that the members of the Committee and other persons participating in the Committee’s investigation are required to keep the information confidential.

4. The reporting person shall be protected by the Company against possible retaliation, as well as against harassment, discrimination and other forms of exclusion or bullying by other employees.

5. When handling notifications, all participants in the proceedings are required to exercise due diligence to avoid making decisions on the basis of misguided and groundless accusations that are not supported by the facts and evidence collected, and with respect for the dignity and good name of the employees and persons affected.

VII. PERSONAL DATA PROTECTION

1. Maintaining confidentiality is intended to guarantee the Whistleblower’s sense of security and to minimize the risk of retaliatory or repressive actions. A Whistleblower who has made a notification and whose personal data have been disclosed without authorization should immediately notify the situation to the Commission which is obliged to take action to protect the Whistleblower.

2. The Whistleblower’s identity, and all information enabling their identification, shall not be disclosed to persons concerned, third parties or other employees and associates of the entity. The Whistleblower’s identity, as well as other information enabling the Whistleblower’s identification, may be disclosed only if such disclosure is a necessary and proportionate obligation resulting from generally applicable legal provisions in the context of proceedings conducted by national authorities. The identity of entities concerned by the report is subject to confidentiality requirements to the same extent as the Whistleblower’s identity.

3. The entity processes personal data to the extent necessary to accept the report and take follow-up actions. Personal data that are not relevant to the examination of the notification are not collected, and if collected, are deleted. The deletion of these personal data takes place within 14 days from the moment they are determined as irrelevant to the case.

VIII. EXTERNAL NOTIFICATION

1. In any case, a Notification may also be made to the Ombudsperson or a public body without following the procedure provided for herein, in particular when: the Entity does not provide feedback to the Whistleblower within the deadline for providing feedback set out herein, or the Whistleblower has reasonable grounds to believe that the breach of the law may constitute a direct or obvious threat to the public interest, in particular there is a risk of irreversible damage, or making an internal report will expose the Whistleblower to retaliatory actions, or in the case of making an internal report, there is little probability of effective counteracting of the breach of the law by the Entity due to the specific circumstances of the case, such as the possibility of concealing or destroying evidence or the possibility of collusion between the Entity and the perpetrator of the breach of the law or the participation of the Entity in the breach of the law.

2. The Notification made to the Ombudsperson or a public body without a prior internal notification does not result in depriving the Whistleblower of protection guaranteed by the provisions of the Act on the Protection of Whistleblowers.

3. Pursuant to the Act on the Protection of Whistleblowers of 14 June 2024, external notifications made be made starting from 25 December 2024 as the effective date.

IX. FINAL PROVISIONS

1. The regulations are available in the Document Repository and on the www.jobimpulse.pl Website . Each Employee is obliged to acknowledge the Regulations and abide by them. The statement attached as Appendix 2 is kept in the personal records.

2. The Regulations come into force as at 25.09.2024.

Appendices to the Regulations:

  1. Notification Form.
  2. Statement of acknowledgment of the Regulations.
  3. GDPR Information Clause.