ITLT Submission Procedure

ITLT Submission Procedure LT Submission Procedure LTI notification procedure LTO Submission Procedure LTP Submission Procedure

INTERNAL REPORTING PROCEDURE AND FOLLOW-UP ACTIONS
applicable at IT LeasingTeam sp. z o.o.

§ 1

The operational strategy of IT LeasingTeam sp. z o.o. in Warsaw (hereinafter referred to as “ITLT”) is based on responsibility, prevention of corruption, and prevention of other irregularities both within the organization and among cooperating entities, taking into account a range of aspects, particularly social interests, environmental protection, and relations with various groups of collaborators.
This Procedure is part of the internal control system. Its primary objective is to prevent irregularities within ITLT.
ITLT conducts its activities based on absolute respect for the law, best practices, and the highest ethical standards.
The main aim of the Procedure is to establish a system for reporting irregularities within ITLT by creating secure reporting channels that prevent any retaliatory actions against whistleblowers.
The Procedure defines the rules and mode of reporting information about legal violations, including justified suspicions regarding actual or potential violations of the law that have occurred or are likely to occur at ITLT, or information about attempts to conceal such violations.

§ 2

Wherever the Procedure refers to:

Legal entity – this refers to ITLT;
Impartial Organizational Unit (hereinafter referred to as “IOU”) – this refers to a body authorized by ITLT, an impartial commission within the organizational structure of the legal entity, empowered to receive reports, undertake follow-up actions, and process personal data obtained in connection with the internal report, including verification of the report and communication with the Whistleblower. The IOU is the Violations Commission;
Procedure – this refers to the Procedure for receiving internal reports and undertaking follow-up actions;
Act – the Act of June 14, 2024 on the protection of whistleblowers (Journal of Laws, item 928).
Whistleblower – a natural person who reports a legal violation not due to personal legal interest, regardless of position, type of employment or cooperation, both prior to entering and after terminating the legal relationship with ITLT (including: employees, former employees, job applicants, individuals performing work under civil law contracts, entrepreneurs, shareholders or partners, members of the governing bodies of legal persons, individuals working under the supervision and direction of contractors, subcontractors, or suppliers, including under civil law contracts, interns, and volunteers);
Report – information about a legal violation made through designated communication channels;
Reported person – the individual identified in the report as the one who committed the violation;
Follow-up action – action taken in connection with a submitted report;
Reporting Channel – technical and organizational solutions allowing submission of reports;
Retaliatory action – direct or indirect act or omission in the employment context motivated by the report that violates or may violate the Whistleblower’s rights or causes or may cause unjustified harm to the Whistleblower, including baseless proceedings against them.

§ 3

The Procedure and its provisions apply to the following groups of individuals entitled to make a report:
1. employees and collaborators, as well as former employees and collaborators of ITLT,
2. persons acting on behalf of and for the benefit of ITLT,
3. any other individuals connected in any way with ITLT, in particular:
  persons assisting in reporting irregularities, interns, trainees, or job candidates if they obtained information about irregularities during the recruitment process or other processes preceding the establishment of an employment relationship.
Reports of irregularities may concern, in particular:
1. entities affiliated with ITLT,
2. natural persons authorized to represent ITLT,
3. employees and collaborators of ITLT in relation to work performed for ITLT,
4. subcontractors or other business entities being natural persons, if their unlawful act was related to the execution of an agreement with ITLT,
5. an employee, collaborator, or person authorized to act on behalf of a business entity not being a natural person, if their act was related to the execution of a contract concluded by that entity with ITLT.
Irregularities should be understood as information particularly indicative of:
1. suspected preparation, attempt, or commission of an unlawful act by the entities referred to in para. 2,
2. failure to fulfill duties or abuse of powers by entities referred to in para. 2,
3. failure to exercise due diligence required under the given circumstances by entities listed in para. 2,
4. organizational deficiencies at ITLT that could lead to an unlawful act or damage,
5. violations of generally applicable laws under which ITLT operates,
6. violations of internal procedures and ethical standards adopted by ITLT.
A legal violation is any act or omission that is unlawful or aimed at circumventing the law, relating to:
1) corruption;
2) public procurement;
3) financial services, products and markets;
4) anti-money laundering and counter-terrorist financing;
5) product safety and compliance;
6) transport safety;
7) environmental protection;
8) radiological protection and nuclear safety;
9) food and feed safety;
10) animal health and welfare;
11) public health;
12) consumer protection;
13) privacy and personal data protection;
14) security of network and information systems;
15) financial interests of the State Treasury of the Republic of Poland, local government units and the European Union;
16) the internal market of the European Union, including public-law principles of competition and state aid, as well as corporate taxation;
17) constitutional freedoms and human and civil rights – occurring in relations between individuals and public authorities and unrelated to the areas listed in points 1–16.

§ 4

The individual exercising overall supervision over the receipt and examination of reports by the IOU, and maintaining the register of violations, is the Plenipotentiary for Legal Violations. The Plenipotentiary for Legal Violations is appointed by ITLT Management Board.
The IOU responsible for receiving and reviewing reports and authorized to undertake follow-up actions and communicate with the Whistleblower is the Violations Commission, consisting of the Plenipotentiary for Legal Violations and 2 members designated by the ITLT Management Board, with their consent, selected from among individuals who are: not related by family or marriage, not living in the same household, and not maintaining close private relationships with the Management Board. The Commission analyzes the violation in a single-member composition, as proposed by the Plenipotentiary. The Plenipotentiary does not examine reports unless necessary due to lack of Commission members available for analysis.
Persons mentioned in a report as potentially negatively involved in the irregularity cannot participate in the report analysis.
If a report concerns the Plenipotentiary for Legal Violations or such a number of Commission members that the minimum one-person composition cannot be maintained, the ITLT Management Board designates other individuals responsible for handling the report.
The Plenipotentiary for Legal Violations and the Commission for Violations are obligated to maintain confidentiality regarding information and personal data obtained during the receipt and verification of the report and in the course of follow-up actions, even after termination of the employment or legal relationship under which these activities were carried out.

§ 5

The Whistleblower may submit reports via email sent to the address ITLT@itlt.pl.
A submitted report should contain a clear and complete explanation of the subject matter and include at least the following information: the date and place of the legal violation or the date and place the information about the violation was obtained, a description of the specific situation or circumstances creating the possibility of a violation, identification of the entity concerned, identification of potential witnesses, all evidence and information the Whistleblower possesses that may be helpful in assessing the report.
The entity will not consider anonymous reports.
In line with the principle of good faith, any individual entitled to submit a report should do so when there are reasonable grounds to believe the information is true.
Knowingly submitting false reports is prohibited.
If it is determined that the report contains knowingly false information or that the truth was deliberately withheld, the person submitting it may be held accountable under disciplinary procedures outlined in the Labor Code and other applicable regulations, including internal disciplinary rules within the Entity. Such behavior may also be classified as a gross breach of fundamental employee duties or, in the case of persons working under contracts other than employment, grounds for termination without notice.
The decision to grant Whistleblower status is made by the Violations Commission.
Whistleblower status may be granted to any reporting person unless the initial analysis gives grounds to believe that they acted in evident bad faith (presumption of good faith applies).
For each report, the IOU assigns one person responsible for communication with the Whistleblower. This person confirms receipt of the report within 7 days of receipt by sending a message to the email address from which the report was sent.
If, during the clarification proceedings, it turns out that a person previously granted Whistleblower status acted in bad faith, that person loses the protections granted to Whistleblowers.

§ 6

Access to reporting channels is restricted to the Plenipotentiary for Legal Violations, other members of the Violations Commission, and possibly other persons responsible for handling the report.
Upon receiving a report, within no more than 7 days, the Violations Commission conducts an initial verification of the report, i.e., evaluating the likelihood of a genuine violation (“Initial Verification”). A positive Initial Verification results in confirmation of receipt and the granting of Whistleblower status by the Commission. Confirmation is sent to the email address from which the report originated.
Following Initial Verification as described above, the Commission may decide not to initiate clarification proceedings if the report is clearly untrue or if it is impossible to obtain additional information needed for verification from the Whistleblower.
The Commission examines the report and takes follow-up actions without undue delay.
In justified cases (per points 2 and 3 above), the Commission initiates clarification proceedings (“Clarification Proceedings”) and within no more than 30 days makes a decision on the validity of the report, provided that it is possible to gather the necessary documents and evidence within that time.
In particularly complex cases, a report may be reviewed within no more than 90 days from the start of Clarification Proceedings.
Subject to point 2, if the report allows for follow-up action – including expedited Clarification Proceedings – such actions will commence immediately upon receipt.
Depending on the factual situation described in the report, specialists or independent consultants may be involved in the Clarification Proceedings, e.g., for issuing expert opinions, including legal analysis.
Information on planned or taken follow-up actions and the reasons behind them is provided to the Whistleblower no later than 3 months after confirmation of receipt (or 3 months after the lapse of 7 days from the report, if no confirmation was issued). Feedback is sent to the email from which the report was submitted.
The Commission may issue recommendations for corrective or disciplinary actions against the individual responsible for the violation and for systemic improvements to prevent similar violations in the future.
Based on findings from the Clarification Proceedings, the Commission drafts a report and submits it to the Plenipotentiary, unless the Plenipotentiary conducted the proceedings and authored the report.
The report from the Clarification Proceedings includes a description of the established facts, identified irregularities, their causes, scope, consequences, and responsible persons.
The report includes proposals for further action. Depending on the findings, these may involve actions against perpetrators, preventive measures, and enhancements to the internal control system. Such measures may include in particular:
1. closing the case without further action (if the report is unsubstantiated);
2. conducting a conversation or issuing a verbal warning;
3. employee reprimand or withdrawal of bonus;
4. changes or rotations in positions;
5. modifications to internal procedures;
6. civil actions (e.g. regarding contracts, damages, compensation);
7. disciplinary proceedings initiation;
8. notifying authorities if there is reasonable suspicion of a crime (with supporting evidence);
9. informing appropriate services if circumstantial evidence is gathered.
The ITLT Management Board determines further actions and assigns responsible individuals. The Plenipotentiary monitors implementation and assists those responsible.
The Commission informs the Whistleblower of its findings and approved actions without delay after the ITLT Management Board approves the recommendations, but no later than 30 days after the conclusion of Clarification Proceedings.
Findings, approved actions, and their execution are recorded in the Register of Reports.
The Register of Irregularities includes in particular:
1. Whistleblower’s contact details,
2. all detailed information on the report,
3. the course of analysis and review of the report,
4. individuals and bodies involved in the report handling process,
5. all decisions and escalations (if applicable).
The Register is maintained confidentially. Personal data and other information are stored for 3 years after the end of the calendar year in which follow-up actions concluded, or proceedings initiated as a result of those actions were closed.

§ 7

A strict prohibition is imposed on taking retaliatory actions against a Whistleblower who has submitted a report (both internal and external), as well as public disclosure – in accordance with the Act.
Any repressive, discriminatory, or otherwise unfair treatment of a Whistleblower shall be treated as a violation of the Procedure and may result in disciplinary liability or termination of the contract binding the person undertaking such retaliation with ITLT.
Prohibited actions against the Whistleblower include, in particular: refusal to establish employment, termination with or without notice, reduction in remuneration, withholding or omission of promotion, exclusion from other employment-related benefits, transfer to a lower position, suspension from work duties, assignment of existing duties to another employee, adverse change in workplace or schedule, negative performance review or evaluation, imposition of disciplinary measures (including financial penalties), exclusion from or omission in training opportunities, unjustified referral for medical examination (including psychiatric evaluation, if such is permitted by applicable laws), or actions intended to hinder future employment opportunities.
Unfavorable treatment due to submitting a report also includes threats or attempts to apply any of the measures described in point 3 above.
Protection does not apply to a Whistleblower who is also the perpetrator / co-perpetrator / accomplice of the irregularity.

§ 8

The purpose of maintaining confidentiality is to ensure the Whistleblower’s sense of security and to minimize the risk of retaliatory or repressive actions. If a Whistleblower’s personal data has been unlawfully disclosed, they should promptly notify the ITLT Management Board or the Violations Commission, which are obligated to take measures to protect the Whistleblower.
The identity of the Whistleblower, as well as any information enabling their identification, shall not be disclosed to the entities concerned by the report, third parties, or other employees and collaborators of the entity. In particular:
1. The Whistleblower’s data are not disclosed in any documents related to the proceedings;
2. Such data are not disclosed at the request of parties or participants in the proceedings;
3. They are not included in document distribution lists related to the proceedings;
4. The Whistleblower is not a witness, participant, or party in any proceedings initiated as a result of the report.
The identity of the Whistleblower and other identifying information may only be disclosed if such disclosure is a necessary and proportionate obligation arising from universally applicable legal provisions in the context of proceedings conducted by national authorities (e.g., courts).
The entity processes personal data only to the extent necessary for receiving the report and taking follow-up actions. Personal data irrelevant to the report’s consideration shall not be collected, and if collected, shall be deleted. The deletion of such data takes place within 14 days from the determination that they are not relevant to the matter.

§ 9

A report may, in any case, also be submitted to the Ombudsman or a public authority, bypassing the Procedure specified herein, particularly when:
1. within the feedback period defined in the Procedure, ITLT fails to provide a response to the Whistleblower; or
2. the Whistleblower has reasonable grounds to believe that the legal violation may pose a direct or obvious threat to the public interest, particularly where there is a risk of irreversible harm; or
3. submitting an internal report would expose the Whistleblower to retaliatory actions; or
4. in the case of an internal report, there is little likelihood of effectively addressing the legal violation by ITLT due to the particular circumstances of the case, such as the risk of evidence being concealed or destroyed, the possibility of collusion between ITLT and the perpetrator, or ITLT’s involvement in the legal violation.
A report submitted to the Ombudsman or a public authority without a prior internal report does not deprive the Whistleblower of the protection guaranteed under the provisions of the Act.

§ 10

The Procedure enters into force on September 25, 2024.