REGULATION ON REPORTING VIOLATIONS OF LAW, PROCEDURES, AND ETHICAL STANDARDS AT VORTEX ENERGY POLSKA LIMITED LIABILITY COMPANY WITH ITS REGISTERED OFFICE IN SZCZECIN
§ 1
This regulation on reporting violations of law, procedures, and ethical standards (hereinafter: the Regulation) serves to ensure adherence to the highest moral standards and principles of integrity at Vortex Energy Polska Limited Liability Company with its registered office in Szczecin, entered in the register of entrepreneurs of the National Court Register maintained by the District Court in Szczecin, Center Division, under KRS number 0000456208, NIP: 3020001493, REGON: 321357713, with a share capital of 1,000,000.00 PLN (hereinafter: the Company). It is applicable to individuals who are currently or have previously been in an employment relationship or any other legal relationship with the Company involving the provision of work, services, work products, or holding positions (hereinafter: Employee or collectively: Employees). This Regulation also ensures internal control in the event of identifying or suspecting a violation (hereinafter: Incident) of the law, ethical standards, as well as internal regulations, policies, rules, and other internal regulations applicable within the Company (hereinafter: Internal Regulations).
§ 2
- The Company ensures the Employee reporting an Incident (hereinafter: the Whistleblower):
a) the right to maintain the anonymity of their identity,
b) protection against retaliatory, repressive, discriminatory, or any other unfair treatment due to reporting an Incident or participating in an explanatory procedure or proceedings conducted under this Regulation (hereinafter: Retaliation),
c) the ability to contact the Supervisory Board of the Company directly in cases referred to in § 3, section 1, letter b) of this Regulation.
- The Company may waive the principle indicated in section 1, letter a) above only if the report of the Incident was made in bad faith, i.e., false information was knowingly reported solely to hold the whistleblower accountable for this. Waiving the principle indicated in section 1, letter a) occurs by a resolution of the Management Board made after conducting an explanatory procedure regarding the circumstances indicated in the preceding sentence.
§ 3
- The Whistleblower reports the Incident to:
a) Marta Oryl or Marta Baliga or Joanna Sobczyk (hereinafter each: Designated Person);
b) the Supervisory Board of the Company—if the person against whom the allegation of the Incident has been made in the report (hereinafter: the Person concerned) is a Member of the Company’s Management Board.
- If, after receiving the report, the Designated Person determines that they are not appropriate for handling it, they must promptly forward the report to the Supervisory Board of the Company and refrain from taking any actions related to verifying the report, keeping the information about the report confidential. If, after receiving the report, the Designated Person determines that they are the Person concerned, the Designated Person is required to immediately withdraw from the actions referred to in this Regulation and inform the other Designated Persons of the conflict of interest.
- Incidents can be reported through:
a) email to the following addresses:
i. sygnalisci@vortex-energy.pl – in the case referred to in section 1, letter a) above,
ii. whistleblowing@vortex-energy.pl – in the case referred to in section 1, letter b) above,
b) postal mail sent to the Company’s registered office with the notation:
i. “Incident Report – Designated Person” – in the case referred to in section 1, letter a) above,
ii. “Incident Report – Supervisory Board” – in the case referred to in section 1, letter b) above,
c) a written message dropped into a mailbox for anonymous reporting of violations of law, procedures, and ethical standards, placed in the workplace (hereinafter: Mailbox), with the following notation:
i. “Incident Report – Designated Person” – in the case referred to in section 1, letter a) above,
ii. “Incident Report – Supervisory Board” – in the case referred to in section 1, letter b) above,
d) an anonymous Google Docs form,
e) at the request of the Whistleblower—verbally—to the Designated Person in the case referred to in section 1, letter a) above, or to a representative designated by the Supervisory Board in the case referred to in section 1, letter b) above.
- An orally reported Incident is documented in the form of a conversation record that reproduces its exact course, prepared by the Designated Person or a representative designated by the Supervisory Board.
- In the case referred to in section 4 above, the Whistleblower may verify, correct, and approve the conversation record by signing it.
- At the request of the Whistleblower, the Incident report may be made orally during a direct meeting organized within 14 days from the date of receipt of such a request. The report is documented with the Whistleblower’s consent in the form of a recording of the conversation, allowing it to be searched, or a meeting protocol that reproduces its exact course, prepared by the Designated Person. In such a case, the Whistleblower may verify, correct, and approve the meeting protocol by signing it.
- The Company ensures that access to email boxes and the ability to open postal deliveries, as well as review messages dropped into the Mailbox referred to in section 3 above, are available only to the respective Designated Person or the Supervisory Board or the representative of the Supervisory Board referred to in § 4, section 8 below or § 5, section 10 below.
- The Designated Person or the Supervisory Board, if possible, are obliged to confirm receipt of the Incident report to the Whistleblower and inform them about the rights and obligations arising from this Regulation and the provisions of law, including further possible steps in handling the report, unless the Whistleblower did not provide contact information. This information particularly includes provisions regarding the assurance of the Whistleblower’s anonymity and protection against Retaliation.
- The Incident report should, if possible, contain:
a) the date of occurrence or the expected duration of the Incident;
b) the identification of the Person concerned (or Persons concerned);
c) a detailed description of the Incident;
d) the identification of all individuals who may have information regarding the described Incident;
e) all evidence justifying the suspicion of the occurrence of the Incident.
- There is a possibility of supplementing the information contained in the Incident report, particularly at the request of the Designated Person or the Supervisory Board of the Company.
- The Designated Person may perform their tasks through substitutes appointed to assist by the Designated Person from among the Members of the Management Board or outside their group.
- The Whistleblower may make an anonymous report using the form attached as Annex No. 3 to the Regulation, dropped into the Mailbox.
- The Whistleblower may also report directly to the Ombudsman or a public authority or, where appropriate, to institutions, bodies, or organizational units of the EU (external reporting), bypassing the internal reporting procedure provided in the Regulation.
- The Designated Person or the Supervisory Board of the Company are responsible for providing and updating information regarding the relevant bodies designated to receive Incident reports through external channels, the procedures for making Incident reports, the mode of processing Incident reports, and associated follow-up actions and legal assistance offered by the relevant authorities. The information referred to above will be made available in the manner adopted by the Company.
§ 4
- Upon receiving a report of an identified Incident, the Designated Person shall initiate an explanatory procedure within no more than 7 days.
- The Designated Person assigns one or more of the other Designated Persons (hereinafter collectively referred to as the Designated Team) to conduct the explanatory procedure under the supervision and according to the instructions of the Designated Person, for the purpose of the preliminary verification of the potential validity of the received Incident report (hereinafter: Explanatory Procedure), including any grounds for taking further actions within the appropriate proceedings (hereinafter: Proper Proceedings).
- The Explanatory Procedure should not last longer than 14 days. The Explanatory Procedure may be extended by the Designated Person for a period not exceeding 30 days.
- The Designated Person may, as required by the Explanatory Procedure and provided it does not conflict with the subject of the reported Incident, consult with the Management Board of the Company or the Supervisory Board.
- After conducting the Explanatory Procedure, the Designated Team prepares a summary of the Incident report containing a description of the Incident and the results of the actions taken during the Explanatory Procedure, as well as:
a) a motion for dismissal – if the Explanatory Procedure did not demonstrate the validity of taking further actions;
b) a motion to initiate Proper Proceedings – if the Explanatory Procedure demonstrated the validity of taking further actions.
- The Designated Person is required to request the inclusion of the matter concerning the results of the Explanatory Procedure in the agenda of the next Management Board meeting and to adopt an appropriate resolution in this regard (either for dismissal or for the initiation of Proper Proceedings), while simultaneously providing all Management Board Members with a summary of the Incident report.
- In particularly justified cases, especially due to the highly harmful nature of the Incident, or if the submitted Incident report indicates a high probability of the Incident occurring, the Designated Person may refrain from initiating the Explanatory Procedure and request all Management Board Members to adopt a resolution to initiate Proper Proceedings.
- In cases where the Incident report has been forwarded to the Supervisory Board, it shall conduct the Explanatory Procedure. The provisions of this paragraph shall apply accordingly, with the initiation of the Explanatory Procedure occurring no later than at the next Supervisory Board meeting. The Supervisory Board, in order to fulfill its obligations arising from the received Incident report, may appoint a representative of the Supervisory Board (a natural person appointed by the resolution of the Supervisory Board) to exercise the powers granted to the Designated Person.
§ 5
- In the event of initiating Proper Proceedings, the Designated Team, acting under the supervision and according to the instructions of the Designated Person, conducts Proper Proceedings involving a full and detailed verification of the violation of legal provisions, ethical standards, or Internal Regulations by the person to whom the report pertains.
- Within the framework of Proper Proceedings, the Designated Team takes all necessary actions to fully clarify the factual circumstances of the case and to verify the validity of attributing the Incident to the person to whom the report pertains.
- Proper Proceedings may not last longer than 30 days from the date of the resolution to initiate them. Proper Proceedings may be extended by the Designated Person, but for no longer than an additional 30 days.
- After conducting Proper Proceedings, the Designated Team prepares a detailed report on the actions taken under the supervision of the Designated Person. This report contains information regarding the course of the actions mentioned in point 2 above and the resulting findings.
- The Designated Person is required to request the inclusion of the matter concerning the consideration of the report from the Proper Proceedings in the agenda of the next Management Board meeting, while simultaneously providing the Management Board with the relevant report.
- The Management Board, based on the analysis of the received report from the Proper Proceedings, decides on the dismissal of the case or on taking actions to hold the person to whom the report pertains, or the persons to whom the report pertains, accountable for disciplinary, criminal, administrative, or civil liability, including the submission of a notification regarding the reported Incident to the relevant authorities.
- The Management Board is obliged to implement actions or measures aimed at preventing similar Incidents in the future. These measures may include conducting training, updating or verifying the existing Internal Regulations of the Company, or other appropriate actions.
- The maximum deadline for providing feedback to the Whistleblower is 3 months from the confirmation of receipt of the report in accordance with § 3, section 8 above, or if no confirmation was provided as mentioned in § 3, section 8 above, 3 months from the expiration of 7 days from the date of making the report, unless the Whistleblower did not provide a contact address to which feedback should be sent.
- In matters not regulated in this paragraph, the provisions concerning the Explanatory Procedure shall apply accordingly to Proper Proceedings.
- The provisions of this paragraph shall apply accordingly to the Supervisory Board in cases where the Incident report has been forwarded to the Supervisory Board. The Supervisory Board, in order to fulfill its obligations arising from the received Incident report, may appoint a representative of the Supervisory Board (a natural person appointed by the resolution of the Supervisory Board) to exercise the powers granted to the Designated Person.
§ 6
- The Company protects the Whistleblower from Retaliation by:
a) introducing an absolute ban on Retaliation, which is prohibited even in cases where the Incident was reported in good faith and the conducted Explanatory Procedure or Proper Proceedings found it to be unfounded,
b) informing Employees about the existing ban on Retaliation and the possible consequences of violating this ban,
c) ensuring, to the fullest extent possible, the confidentiality of the identities of all individuals participating in the explanatory or proper proceedings, including by providing information about them only in situations where it is necessary to ensure the correctness of the conducted proceedings or when required by law.
- Any Whistleblower who has become a victim of Retaliation or suspects they may become a victim of Retaliation must report this fact or suspicion to the Designated Person.
§ 7
- The Company makes available to Employees, via the Microsoft Teams platform and by posting in a directory on a dedicated server, the content of the Regulations and information regarding the anonymous receipt of Incident reports, including in particular:
a) possible methods for submitting/receiving reports,
b) the address for postal correspondence and email address, as well as the designated platform for submitting reports,
c) the elements of the Incident report as described in the Regulations,
d) actions that may be taken by the Company after receiving an Incident report,
e) information regarding the protection of the Whistleblower, including the preservation of the Whistleblower’s and the individual to whom the report pertains anonymity within the procedures outlined in the Regulations and protection against Retaliation.
§ 8
- The Company maintains a register of all actions, summaries, reports, and other information prepared based on received Incident reports. In particular, the register records all received Incident reports, including information about: report number, subject of the violation, personal data and contact address of the Whistleblower, date of the report, subsequent actions taken, and date of case closure. Access to these documents is granted only to the Designated Team (as well as the Management Board or Supervisory Board) and to the person maintaining this register. If the Incident report concerns a person who has access to the register, the Designated Person or the Supervisory Board may refrain from entering the Incident report into the register, at least until the conclusion of the proceedings.
- All documents received from Employees in the course of reporting an Incident must be classified and treated as confidential, in accordance with the Company’s information security policy and security standards.
- The Company archives the documents referred to in paragraph 1 above for a period of at least 3 years after the end of the calendar year in which subsequent actions were completed or after the conclusion of the proceedings initiated by those actions.
§ 9
- The Company processes personal data resulting from the implementation of activities specified in the Regulations in accordance with the provisions of the Regulation of the European Parliament and Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as well as the documentation adopted by the Company regarding the processing of personal data.
- The organization of receiving and verifying Incident reports, taking subsequent actions, and the related processing of data prevents unauthorized persons from accessing information covered by the Incident report and ensures the confidentiality of the identity of the Whistleblower and the Person to whom the Incident report pertains. The protection of confidentiality applies to information that can directly or indirectly identify the identities of such persons.
- Only individuals with written authorization from the Company may be permitted to receive and verify Incident reports, take subsequent actions, and process personal data. Authorized individuals are obligated to maintain confidentiality regarding the information and personal data obtained in the course of exercising their authorization at all times, including after the termination of their employment or other legal relationship with the Company.
§ 10
- The Regulations were established after prior consultation with a representative of the employees, elected in a manner adopted by the Company.
- The Regulations come into effect 7 days after the content is communicated to the Employees and individuals performing work for remuneration on a basis other than an employment relationship, by making it available through electronic channels to all Employees (email, Microsoft Teams platform).
- In matters not regulated by these Regulations, the provisions of the Act of June 14, 2024, on the protection of whistleblowers apply.
- The attachments included with these Regulations constitute an integral part of them.
- The Company reviews the Regulations no less than once every 3 years.
Data Controller: Vortex Energy Polska sp. z o.o., al. Wojska Polskiego 68, 70-479 Szczecin, phone: 91 431 53 80, fax: 91 484 31 11, email: biuro@vortex-energy.pl. Our Data Protection Officer (DPO) is Sebastian Kopacki – iod@vortex-energy.pl.