INTERNAL PROCEDURE FOR REPORTING BREACHES OF LAW AND TAKING FOLLOW-UP ACTION

applicable at “Properco sp. z o.o. sp. k.”

Pursuant to Articles 24 and 25 of the Act of 14 June 2024 on the Protection of Whistleblowers (Journal of Laws 2024, item 928), “Properco sp. z o.o. sp. k.” has adopted the following Internal Reporting Procedure, setting out the internal procedure for reporting breaches of law and taking follow-up actions.

Each person performing paid work for “Properco sp. z o.o. sp. k.” is obliged to ознакомиться themselves with the content of the Procedure.
The legal entity is obliged to familiarize each person performing work for it with the content of the Procedure before allowing them to perform paid work, as proof of which each person performing work for the Legal Entity signs an appropriate statement. The statement also includes the undertaking of each person performing work for the Legal Entity to comply with the provisions of this Procedure.

§ 1. Definitions

Whenever this Procedure refers to:

Legal Entity – shall mean “Properco sp. z o.o. sp. k.”

Follow-up Action Team – shall mean the team responsible for taking follow-up actions, composed of a Management Board Member and/or the Office Manager.

Procedure – shall mean this Internal Reporting Procedure, defining the internal procedure for reporting breaches of law and taking follow-up actions.

Whistleblower – shall mean a natural person who reports or publicly discloses information about a breach of law obtained in a work-related context, including:
a) an employee;
b) a temporary employee;
c) a person providing work on a basis other than an employment relationship, including under a civil-law contract;
d) an entrepreneur;
e) a commercial proxy (prokurent);
f) a shareholder or partner;
g) a member of a body of a legal person or an organisational unit without legal personality to which the law grants legal capacity;
h) a person providing work under the supervision and direction of a contractor, subcontractor, or supplier;
i) an intern;
j) a volunteer;
k) a trainee;
l) an officer within the meaning of Article 1(1) of the Act of 18 February 1994 on retirement provision for officers of the Police, the Internal Security Agency, the Intelligence Agency, the Military Counterintelligence Service, the Military Intelligence Service, the Central Anti-Corruption Bureau, the Border Guard, the Marshal Guard, the State Protection Service, the State Fire Service, the Customs and Fiscal Service, and the Prison Service and their families (Journal of Laws 2023, items 1280, 1429 and 1834);
m) a soldier within the meaning of Article 2(39) of the Act of 11 March 2022 on the Defence of the Homeland (Journal of Laws 2024, items 248 and 834).

Public disclosure – shall mean making information about a breach of law publicly known.

Report – shall mean an oral or written internal report or external report submitted in accordance with the requirements set out in the Act.

Internal report – shall mean an oral or written submission of information about a breach of law to the Legal Entity.

External report – shall mean an oral or written submission of information about a breach of law to the Commissioner for Human Rights (Ombudsman) or a public authority.

Public authority – shall mean supreme and central government administration bodies, local government administration bodies, bodies of local government units, other state bodies, and other entities performing tasks in the field of public administration by virtue of law, competent to undertake follow-up actions in the areas indicated in Article 3(1) of the Act.

Person concerned by the report – shall mean a natural person, legal person or an organisational unit without legal personality to which the Act grants legal capacity, indicated in the report or public disclosure as a person who committed a breach of law, or as a person connected with the person who committed the breach of law.

Person assisting in making a report – shall mean a natural person who helps the Whistleblower in making a report or public disclosure in a work-related context and whose assistance should not be disclosed.

Person connected with the Whistleblower – shall mean a natural person who may experience retaliatory actions, including a co-worker or a close person of the whistleblower within the meaning of Article 115 § 11 of the Act of 6 June 1997 – the Penal Code (Journal of Laws 2024, item 17).

Follow-up actions – shall mean proceedings conducted in connection with a submitted Internal report.

Act – shall mean the Act of 14 June 2024 on the Protection of Whistleblowers (Journal of Laws 2024, item 928).

Reporting channel – reports are made via email to: sygnalisci@properco.pl
, or orally by informing a Management Board Member and/or the Office Manager at the seat of the Legal Entity.

Retaliatory action – shall mean a direct or indirect act or omission caused by an Internal report which violates or may violate the rights of the reporting person or causes or may cause harm to the reporting person.

§ 2. Objectives of the Procedure

Receiving reports of breaches of law is part of proper and safe management in the Legal Entity and serves to increase the effectiveness of detecting irregularities and taking measures to eliminate them and reduce risk at all organisational levels of the Legal Entity.

This Procedure sets out the rules for reporting breaches of law by Whistleblowers, i.e., acts or omissions that are unlawful or aimed at circumventing the law, concerning:

corruption;

public procurement;

financial services, products and markets;

prevention of money laundering and terrorist financing;

product safety and compliance;

transport safety;

environmental protection;

radiological protection and nuclear safety;

food and feed safety;

animal health and welfare;

public health;

consumer protection;

protection of privacy and personal data;

security of ICT networks and systems;

financial interests of the State Treasury of the Republic of Poland, a local government unit, and the European Union;

the internal market of the European Union, including public-law rules of competition and state aid as well as corporate taxation;

constitutional freedoms and rights of humans and citizens – occurring in relations between individuals and public authorities and unrelated to the fields indicated in items 1–16.

This Procedure also specifies methods of submitting internal reports by Whistleblowers and taking follow-up actions, i.e., actions taken within the Legal Entity to assess the truthfulness of allegations contained in a report and, where appropriate, to prevent the breach of law that is the subject of the report, including through an internal investigation, explanatory proceedings, and bringing charges.

Methods of submitting internal reports by Whistleblowers include the possibility of making reports orally or in writing:
a) orally, by informing the Legal Entity at its registered office, during a duty hour on a specified day of the week and at specified times, i.e. every Tuesday from 10:00 to 11:00;
b) in writing, via email to: sygnalisci@properco.pl

The Legal Entity does not accept information on breaches of law reported anonymously.

§ 3. Making internal reports

Internal reports are received by a Management Board Member, and in their absence by the Office Manager.

The Management Board Member is responsible in particular for:
a) receiving internal reports;
b) verifying and registering internal reports;
c) confirming to the Whistleblower receipt of an internal report within 7 days of receipt, unless the Whistleblower did not provide a contact address to which the confirmation should be sent;
d) undertaking follow-up actions with due diligence;
e) providing the Whistleblower with feedback, provided the Whistleblower gave a contact address to which feedback should be sent, within a period not exceeding 3 months from the date of confirming receipt of the internal report, or—if no confirmation referred to in item c was sent—within 3 months from the expiry of 7 days from the date the internal report was made;
f) supervising follow-up activities and ensuring appropriate protection for the reporting person within the functioning of, or cooperation with, the Legal Entity.

The acting Management Board Member is obliged to:
a) maintain the register of internal reports;
b) maintain and store case files relating to internal reports.

The details of the Management Board Member are made publicly available at the registered office of the Legal Entity.

A Management Board Member who receives internal reports is responsible for them, in particular for:
a) verifying and explaining internal reports;
b) informing the Whistleblower about follow-up actions taken as a result of receiving information about breaches of law.

Internal reports are examined by the Management Board Member and/or the Office Manager.

A Management Board Member who, based on the content of an internal report, may be involved in any way in the act or omission constituting the subject of the report may not analyse such a report.

When making internal reports, the Whistleblower must act in good faith and not with the intention of harming any person or organisation. The knowing submission of false reports is prohibited. A person making a report, knowing that no breach of law occurred, is subject to a fine, restriction of liberty, or imprisonment for up to 2 years.

The Whistleblower is protected provided that, at the time of making the report, they had reasonable grounds to believe that the information that is the subject of the report was true and constituted information about a breach of law.

If, as a result of analysis of an internal report or in the course of explanatory proceedings, it is determined that the internal report knowingly contained false information or concealed the truth, the Whistleblower may be held civilly liable. With respect to each person performing paid work for a service provider or supplier of goods under a civil-law contract, making a false report may result in termination of the contract and ending cooperation.

§ 4. Analysis of the report and follow-up actions

Receiving and verifying internal reports within the Reporting Channel, undertaking follow-up actions, and processing personal data shall be performed by the Management Board Member and/or the Office Manager.

After receiving an internal report, the Management Board Member and/or the Office Manager verifies the internal report and continues communication with the Whistleblower, including requesting additional information regarding the internal report and providing feedback regarding the internal report, subject to § 3(2)(e) of the Procedure.

The Whistleblower receives, within 7 days from the date the Legal Entity receives the internal report:
a) confirmation of receipt of the report in the form of a letter sent via the Polish Post, or
b) written confirmation of receipt of an oral report,
unless the Whistleblower did not provide a contact address to which the confirmation should be sent.

The Legal Entity may decide to refrain from follow-up actions where the internal report is obviously untrue or where it is impossible to obtain information necessary to conduct follow-up actions.

If the internal report allows follow-up actions to be conducted, such actions are initiated without delay.

Follow-up actions aim to clarify all circumstances related to the report, primarily to collect necessary documentation, gather and assess evidence in the case, and interview potential witnesses.

The Legal Entity examines the internal report, undertakes follow-up actions, verifies the internal report, requests additional information (if necessary to examine the internal report), and provides the Whistleblower with feedback within a period not exceeding 3 months from the date of confirming receipt of the internal report, or—if no confirmation referred to in section 3 was provided—within 3 months from the expiry of 7 days from the date the internal report was made, unless the Whistleblower did not provide a contact address to which feedback should be sent.

If, after reviewing the content of the received report of irregularities, the Management Board Member and/or the Office Manager finds that, due to the complex nature of the report, there is a need to involve additional persons in the explanatory proceedings, the Legal Entity may appoint experts or specialists in relevant fields. The inclusion of additional persons should occur in a manner ensuring objectivity and competence in the process of clarifying the report, and their participation should be appropriately documented in the case records.

The Follow-up Action Team may, as part of follow-up actions, in particular:
a) secure possible evidence owned by the Legal Entity, e.g. a computer, laptop or phone of the person accused of committing the breach;
b) secure other possible evidence, e.g. contracts, monitoring recordings, photos provided by the Whistleblower;
c) remove the person accused of committing the breach from the possibility of performing paid work;
d) request the Whistleblower to provide additional information or additional evidence confirming the breach of law which is the subject of the internal report;
e) request additional information from other persons who may have knowledge of the breach of law which is the subject of the report;
f) request additional information from persons indicated as persons breaching the law which is the subject of the internal report.

After completing the explanatory proceedings, the Legal Entity makes a decision as to whether the report is substantiated. In the case of a substantiated internal report, the Legal Entity issues short-term recommendations for appropriate remedial or disciplinary actions against the person who committed the breach of law and long-term recommendations aimed at eliminating and preventing identical or similar breaches as described in the internal report in the future.

In the case of a negative verification of the internal report, the Legal Entity promptly provides the Whistleblower with information on the internal report made and the verification carried out.

§ 5. Prohibition of retaliation

No retaliatory actions, nor attempts or threats of such actions, may be taken against the Whistleblower.

If work was, is or is to be provided under an employment relationship, retaliatory actions against the Whistleblower may not be taken, consisting in particular of:

refusal to establish an employment relationship;

termination of the employment relationship or dismissal without notice;

failure to conclude a fixed-term or indefinite-term employment contract after termination of a probationary employment contract, failure to conclude a subsequent fixed-term employment contract, or failure to conclude an indefinite-term employment contract after termination of a fixed-term employment contract—where the Whistleblower had a justified expectation that such a contract would be concluded;

reduction of remuneration;

withholding a promotion or omitting the Whistleblower in promotion decisions;

omitting the Whistleblower in granting work-related benefits other than remuneration or reducing such benefits;

transfer to a lower position;

suspension from performing employee or service duties;

assigning the Whistleblower’s previous duties to another employee;

an unfavourable change in the place of work or working time schedule;

a negative assessment of work performance or a negative opinion about work;

imposing or applying disciplinary measures, including a financial penalty, or measures of a similar nature;

coercion, intimidation or exclusion;

mobbing;

discrimination;

unfavourable or unfair treatment;

withholding participation in, or omitting the Whistleblower when selecting participants for, training aimed at improving professional qualifications;

unjustified referral for medical examinations, including psychiatric examinations, unless separate regulations provide for the possibility of referring an employee for such examinations;

actions aimed at hindering the Whistleblower from finding future employment in a given sector or industry on the basis of an informal or formal sectoral or industry agreement;

causing financial loss, including economic loss, or loss of income;

causing other non-material harm, including violation of personal rights, in particular the Whistleblower’s good name.

If work or services were, are or are to be provided on the basis of a legal relationship other than employment constituting the basis for performing work or services or holding a position or performing service, making a report or public disclosure may not constitute grounds for retaliatory actions, attempts or threats of retaliatory actions, including in particular:

termination of an agreement to which the Whistleblower is a party, in particular concerning the sale or supply of goods or provision of services, withdrawal from such agreement or termination without notice;

imposing an obligation or refusal to grant, limitation or withdrawal of an entitlement, in particular a concession, permit or relief.
Retaliatory actions due to making a report or public disclosure also include an attempt or threat to apply a measure referred to above.

Retaliatory actions due to making a report or public disclosure also include an attempt or threat to apply a measure referred to in sections 2 and 3 of this paragraph.

§ 6. Personal data

Maintaining the confidentiality of the Whistleblower’s identity is intended to ensure the Whistleblower’s sense of security and minimise the risk of retaliation or reprisals. A Whistleblower whose personal data has been unlawfully disclosed should immediately notify the Legal Entity of the situation. The Legal Entity is obliged to take actions to protect the Whistleblower’s personal data.

The Whistleblower’s identity, as well as all information enabling identification, will not be disclosed to persons concerned by the report, third parties, or other employees and collaborators of the Legal Entity. The Whistleblower’s identity and other information enabling identification may be disclosed only where such disclosure is a necessary and proportionate obligation resulting from generally applicable law in the context of proceedings conducted by national authorities. The identity of persons concerned by the report is subject to confidentiality requirements analogous to those applicable to the Whistleblower’s identity.

The Whistleblower’s personal data enabling determination of their identity is not subject to disclosure to unauthorised persons unless the Whistleblower gives explicit written consent.

§ 7. Register of Internal Reports

A Register of Internal Reports (hereinafter: “RIR”) is established.

The RIR constitutes data protected under the rules applicable to trade secrets.

An entry in the RIR is made on the basis of an internal report.

Each internal report must be registered in the RIR, regardless of whether further follow-up actions are undertaken.

The Management Board Member is responsible for maintaining the RIR.

The RIR contains the following data:

report number;

subject of the breach of law;

personal data of the Whistleblower and the person concerned by the report necessary to identify those persons;

the Whistleblower’s contact address;

date the report was made;

information on follow-up actions taken;

date of closing the case.

The RIR is maintained in accordance with confidentiality principles.

Personal data and other information in the register of internal reports are stored for 3 years after the end of the calendar year in which follow-up actions were completed, or after completion of proceedings initiated by those actions.

§ 8. Information on external reports

The Whistleblower may make an external report without first making an internal report.

An external report is received by the Commissioner for Human Rights (Ombudsman) or a public authority and, where appropriate, by EU institutions, bodies, offices or agencies.

The Commissioner for Human Rights and the public authority are separate controllers with respect to personal data provided in an external report received by those bodies.

§ 9. Final provisions

The Management Board of the Legal Entity is responsible for the adequacy and effectiveness of the Procedure’s functioning.

The adequacy and effectiveness of the Procedure is reviewed every 2 years by the Management Board of the Legal Entity.

The Legal Entity is responsible for familiarising each person performing paid work for it with the provisions of the Procedure.

The content of the Procedure is provided to job candidates at the start of recruitment, and in the case of another legal relationship constituting the basis for providing work or services, at the start of negotiations preceding the conclusion of the agreement.

The Procedure enters into force 7 days after it is communicated to persons performing paid work in the manner adopted in the Legal Entity.

This Procedure was established after consultation with representatives of persons performing paid work for the Legal Entity.