Internal Whistleblowing
and Follow-Up Policy
in force at MAN Shared Services Center Sp. z o.o. with its registered office in Poznań

 

 

§ 1
Purpose of the procedure

1. The Internal Whistleblowing Policy sets out the rules for whistleblowing and the handling of reports, in particular:
a) what irregularities can be reported;
b) who can report irregularities and how whistleblowers are protected;
c) how irregularities are reported;
d) who deals with reports – how they are clarified and followed up.
2. Receiving reports on breaches of the law is an element of the correct and safe management of MAN Shared Services Center Sp. z o.o. (hereinafter MAN SSC) and serves to increase the efficiency of detecting irregularities and taking action to eliminate them and reduce risks at all organisational levels in MAN SSC.
3. The whistleblowing system in place allows irregularities to be reported through specific, easily accessible channels, in a way that ensures that the report is considered in a fair and independent manner, and in a way that protects against retaliatory, repressive, discriminatory action or other types of unfair treatment in relation to the report made.
4. This Policy has been established after consultation with the Staff Council.
5. The Policy applies to all Employees and persons under any other legal relationship forming the basis for the provision of work or services, or the performance of functions in or for a legal entity, or the performance of service in a legal entity, as part of which information of a breach of the law is obtained and there is the possibility of experiencing MAN SSC retaliation. Each Employee and individual specified above is required to read this Policy, and a new Employee and individual specified above is required to read this Policy before being allowed to work or provide services.
6. The Employer is obliged to provide an Applicant for a position – under an employment relationship or any other legal relationship forming the basis for the provision of work or services, or the performance of functions, or the performance of service – with information on the internal whistleblowing procedure at the start of the recruitment or pre-contractual negotiation.
7. This Policy constitutes the Employer’s implementation of the provisions of the Act of 14 June 2024 on the protection of whistleblowers (Journal of Laws 2024, item 928).

 

§ 2
Definitions

1. Whenever the Policy refers to:
a) Legal entity – MAN Shared Services Center Sp. z o.o. / private entity / hereinafter also referred to as the Employer
b) Employees – all individuals employed by the Employer under an employment contract or a civil law contract, providing work or services for the Employer, including:
a‘) employees;
b‘) temporary employees;
c‘) persons providing work on a basis other than employment, including under a civil law contract;
d‘) economic operators;
e‘) holders of a commercial power of attorney;
f‘) shareholders or partners;
g‘) members of a body of a legal person or an organisational entity without legal personality;
h‘) persons who perform work under the supervision and direction of a contractor, subcontractor or supplier;
i‘) interns, volunteers and trainees;
c) Whistleblower [a person that submits a report] – an individual who reports or publicly discloses information about a violation of the law obtained in a work-related context;
d) Work-related context – it should be understood as past, present or future activities related to the performance of work under the employment relationship or any other legal relationship forming the basis for the provision of work or services, or the performance of functions in or for a legal entity, or the performance of service in a legal entity, as part of which information of a breach of the law is obtained and there is the possibility of experiencing retaliation;
e) Reported person – means an individual, a legal person or an organisational unit without legal personality, having statutory legal capacity, identified in the report or public disclosure as the person who committed the infringement, or as a person with whom the person who committed the infringement is associated;
f) Whistleblower’s Helper – means an individual who assists a whistleblower with a report or public disclosure in a work-related context and whose assistance should not be disclosed;
g) Whistleblower’s Affiliate – means an individual who may experience retaliatory action, including a co-worker or the whistleblower’s immediate family member within the meaning of Article 115 § 11 of the Act of 6 June 1997 – Penal Code (Journal of Laws of 2024, item 17);
h) Follow-Up – means an action taken by a legal entity or public authority to assess the veracity of the information contained in a report and to address the reported infringement, in particular through an investigation, initiation of inspections or administrative proceedings, prosecution, action taken to recover funds, or conclusion of a procedure under the internal whistleblowing and follow-up procedure or the external whistleblowing and follow-up procedure;
i) Information about the Breach of Law – means information, including reasonable suspicion, about an actual or potential breach of law that has occurred or is likely to occur at a legal entity at which the whistleblower has participated in the recruitment process or other pre-contractual negotiations, works or has worked, or at another legal entity with which the whistleblower has or has had contact in a work-related context, or information concerning an attempt to conceal such a breach of law;
j) Retaliation – means a direct or indirect act or omission in a work-related context that results from a report or public disclosure and that violates or is likely to violate the whistleblower’s rights or causes or is likely to cause unwarranted harm to the whistleblower, including unwarranted initiation of proceedings against the whistleblower;
k) Feedback – is to be understood as information provided to the whistleblower on the follow-up actions planned or taken and the reasons for such actions;
l) Public Disclosure – is to be understood as the making of information about a breach of law available to the public;
m) Report – means a written internal report or an external report submitted in line with this Policy and the requirements set out in the Act;
n) Internal Report – means the written communication of a breach of law to a legal entity;
o) External Report – means the written communication of a breach of law to the Ombudsman or a public authority;
p) The Speak up! Portal – an electronic information system made available to staff and third parties to ensure confidentiality and security in the submission of reports;
q) Investigation Office – a team of professionals within the Traton Group, acting on behalf of the Employer, to receive and process reports of potential employee misconduct;
r) Public Authority – should be understood as the chief and central government administration bodies, field government administration bodies, bodies of local government units, other state bodies and other entities performing public administration tasks by virtue of the law, competent to undertake follow-up actions in the areas indicated in Article 3(1) of the Act of 14 June 2024 on the protection of whistleblowers (Dz.U.2024.928 of 2024.06.2).

§ 3
Personal and material scope

1. The report may refer to information about a breach of law involving an unlawful act or omission or intended to circumvent the law, concerning:
a) corruption;
b) public procurement;
c) financial services, products and markets;
d) anti-money laundering and counter-terrorist financing;
e) product safety and compliance;
f) transport security;
g) environmental protection;
h) public health;
i) consumer protection;
j) privacy and data protection;
k) security of ICT networks and systems;
l) the financial interests of the State Treasury of the Republic of Poland, a local government unit and the European Union;
m) the internal market of the European Union, including public law competition and state aid rules, and corporate taxation;
n) constitutional freedoms and rights of the human being and the citizen – occurring in the relations of the individual with public authorities and not related to the fields indicated in subsections 1.a. – 1.p.
2. The persons who may submit reports in a work-related context are:
a) the Employee;
b) persons whose employment relationship has ended;
c) persons who have carried out work under an employment relationship or any other legal relationship forming the basis for the provision of work or services, or the performance of functions in or for a legal entity.
3. The provisions of this Policy apply mutatis mutandis to a person who assists the whistleblower in making the report, i.e.; an individual who assists the whistleblower with the report or public disclosure in a work-related context and whose assistance should not be disclosed, and a person associated with the whistleblower, i.e.: an individual who may experience retaliatory action, including a co-worker or the whistleblower’s immediate family member within the meaning of Article 115 § 11 of the Act of 6 June 1997 – Penal Code (Journal of Laws of 2024, item 17);

§ 4
Submitting a report

1. The whistleblowing system allows irregularities to be reported through easily accessible channels, in a way that ensures that the report is considered in a fair and independent manner, and at the same time protects against retaliatory, repressive, discriminatory action against the whistleblower or other types of unfair treatment in relation to the report made.
2. Internal report can be submitted:
a) via the Speak up! portal available at: https://www.bkms-system.net/bkwebanon/report/clientInfo?cin=22vwtb2&c=-1&language=pol;
b) via email address: investigation-office@traton.com
The whistleblower may request, through the above-mentioned channels, a personal meeting with the relevant representative of the Employer.
3. Internal reports via the Portal can be made anonymously. Once a report has been submitted, a mailbox will be created for communication between the whistleblower and a representative of the Investigation Office.
4. The unit responsible for processing all reports is the Investigation Office, which monitors and coordinates the investigation of the report. The Investigation Office makes a legal assessment of the established facts related to the report and provides feedback to the Whistleblower. The Investigation Office may request support from external service providers.
5. As part of the preparation, the Investigation Office checks that the received reports are supported by facts and evidence. A preliminary investigation is then carried out into the possible breach of regulations reported to determine whether there are sufficient indications of a possible breach of regulations. The Investigation Office may engage representatives of the Employer or other departments with expertise in the preliminary investigation.
6. The Whistleblower will receive an acknowledgement of the report submission in the Portal or at the indicated email address within 7 days of receipt, unless the Whistleblower has not provided a contact address.
7. Reports are processed without undue delay. The Investigation Office will determine the status or planned follow-up or further action within 3 months from the date of acknowledgement of the report receipt. If an acknowledgement of the report receipt is not provided due to the Whistleblower’s failure to provide a contact address. The Investigation Office will determine the status or planned follow-up or further action within 3 months and 7 days. The Investigation Office will inform the Whistleblower of the status of the report, the planned follow-up or further planned activities, unless the Whistleblower has not provided a contact address for feedback.
8. The Investigation Office receives, records and documents reports in an electronic whistleblowing register. This register will include:
a) report number;
b) the subject of a breach of law or an internal guideline of the employer;
c) the date of report submission;
d) the personal data of the whistleblower, including the contact address, if provided;
e) the details of the accused person;
f) the details of the persons against whom the breach has been committed;
g) information on follow-up actions taken;
h) the date of completion of the case.
9. The report submitted should contain a clear and complete clarification of its subject, and should include at least the following information:
a) the date and place of the breach or of the circumstances that may lead to the breach of law;
b) a description of the specific situation or circumstances that may give rise to the breach of law;
c) identification of the party that the report refers to;
d) identification of possible witnesses to the breach;
e) all evidence and information in the Whistleblower’s possession that may assist in the investigation of the report;
f) indication of the preferred method of feedback.
10. The personal data and other information in the internal whistleblowing register will be retained for a period of 3 years after the end of the calendar year in which the follow-up actions are completed, or the proceedings initiated by those actions are terminated.

§ 5
Verification of the report

1. The verification of the legitimacy of the report is carried out within the framework of an investigation, in accordance with the employer’s regulations and the information obtained from the organisational units, taking into account the type and nature of the report, respecting the principles of impartiality, diligence and confidentiality of identity.
2. If, as a result of the analysis of the report or during the investigation, it is established that the Whistleblower has knowingly given untruths or concealed the truth, the Whistleblower may be subject to disciplinary action in accordance with the provisions of the Labour Code. Such behaviour can also be qualified as a material breach of fundamental employment duties and as such result in termination of the employment contract without notice. In relation to a provider of work, services or goods under a civil law contract, making a false report may result in termination of the contract and cooperation.
3. At the request of the Employer or the Investigation Office, each employee will provide the necessary information or make available the required documents necessary to establish all the circumstances of the report under consideration.
4. Each employee is obliged to cooperate to the extent necessary for the investigation, in particular by providing the necessary information and by appearing at the specified time to give evidence.
5. Persons taking part in the investigation, irrespective of the nature of their participation, are obliged to maintain the confidentiality of any information they obtain during the procedure. This obligation also applies after the procedure has been concluded.
6. Minutes will be drawn up of the hearing of employees summoned to give evidence.
7. The verification of the legitimacy of the report and the assessment of the truthfulness of the information about a breach of law indicated in its content is concluded with the preparation of final information, which may or may not confirm the truthfulness of the information about a breach of law.
8. The final summary of the report will include a description of the breach of law, the results of the investigation, the assessment of the legitimacy of the report and, if considered legitimate, recommendations for appropriate action against the reported person. The summary also includes recommendations to prevent similar breaches in the future.
9. After reviewing the final summary of the report, the Employer, or a person authorised by the Employer, decides on taking steps to eliminate the breaches of law discovered and to prevent their recurrence. These steps may include measures under labour law, organisational changes, inspections or notification of the relevant authorities.
10. The data in the whistleblowing register will be retained for a period of 3 years after the end of the calendar year in which the follow-up actions are completed, or the proceedings initiated by those actions are terminated.

§ 6
No retaliation

1. No retaliatory action or attempted or threatened retaliatory action may be taken against the Whistleblower.
2. Taking any repressive, discriminatory or other type of action against the Whistleblower will be treated as a breach of this Policy and may result in disciplinary liability.
3. It is unacceptable to take retaliation actions against Whistleblowers, in particular:
a) refusal to establish an employment relationship;
b) termination of the employment relationship with or without notice;
c) refusal to conclude a fixed-term employment contract or an indefinite-term employment contract after the termination of a probationary employment contract, or refusal to conclude another fixed-term employment contract or an indefinite-term employment contract after the termination of a fixed-term employment contract – if the Whistleblower had a legitimate expectation that such a contract would be concluded with them;
d) reduction of the remuneration for work;
e) withholding promotion or overlooking the Whistleblower for promotion;
f) overlooking the Whistleblower in the award of work-related benefits other than wages, or reduction of such benefits;
g) transfer to a lower position;
h) suspension from employment or work-related duties;
i) transferring the Whistleblower’s existing duties to another employee;
j) an unfavourable change in the place of work or working time schedule;
k) negative performance appraisal or negative work review;
l) imposition or application of a disciplinary measure, including a financial penalty, or a measure of a similar nature;
m) coercion, intimidation or exclusion;
n) bullying or discrimination;
o) unfavourable or unfair treatment;
p) withholding of participation of or overlooking the Whistleblower for professional qualification training;
q) unjustified referral for medical examinations, including psychiatric examinations, unless separate provisions provide for the possibility of referring an employee for such examinations;
r) steps to make it more difficult to find future work in a particular sector or industry on the basis of informal or formal sectoral or industry arrangements;
s) causing financial loss, including economic loss or loss of income;
t) the infliction of other non-material damage, including damage to personality rights, in particular to the Whistleblower’s good name.
4. An attempt or threat to apply any measures defined in paragraphs 3(a-t) are also considered as retaliation for making a report or public disclosure.
5. Where work or services have been, are or are to be provided on the basis of a legal relationship other than the employment relationship forming the basis for the provision of work or services, or the performance of functions, or the performance of service, the provision of paragraph 3 of this section will apply mutatis mutandis, provided that the nature of the work or services provided, or the function performed, or the service performed, does not preclude the application of such action against the whistleblower.
6. Where work or services have been, are or are to be provided on the basis of a legal relationship other than the employment relationship forming the basis for the provision of work or services, or the performance of functions, or the performance of service, the making of a report or public disclosure may not constitute grounds for retaliation or an attempt or threat of retaliation, including, in particular:
(a) termination of a contract to which the whistleblower is a party, in particular concerning the sale or supply of goods or the provision of services, withdrawal from such a contract or termination without notice;
b) imposing an obligation of, or refusing to grant, or limiting or withdrawing an entitlement, in particular a licence, permit or relief.

§ 7
Confidentiality

1. The purpose of maintaining confidentiality is to guarantee the Whistleblower’s sense of security and to minimise the risk of retaliation. A Whistleblower who has made a report and whose personal data have been unlawfully disclosed should immediately notify the Investigation Office of the situation. The Investigation Office is obliged to take measures to protect the Whistleblower.
2. The identity of the Whistleblower, as well as all identifying information about the Whistleblower, will not be disclosed to the reported parties, to third parties or to other employees and associates of the reported parties. The identity of the Whistleblower as well as other information allowing the identification of the Whistleblower may only be disclosed if such disclosure is a necessary and legal obligation under generally applicable law in the context of ongoing proceedings by national authorities. The identity of the reported parties is covered by confidentiality requirements to the same extent as the identity of the Whistleblower.
3. The legal entity will ensure that the internal whistleblowing procedure and the processing of personal data related to the receipt of notifications prevents unauthorised persons from gaining access to the information covered by the notification and ensures that the confidentiality of the identity of the whistleblower, the person to whom the notification relates and the third party identified in the notification is protected. The protection of confidentiality applies to information from which the identity of such persons can be directly or indirectly derived.
4. Only persons authorised in writing by the legal entity will be allowed to receive and verify internal reports, follow up and process the personal data of the persons referred to in paragraph 1. Authorised persons are obliged to maintain secrecy with regard to the information and personal data they have obtained in the course of receiving and verifying internal reports, and to take follow-up action, even after the termination of the employment or other legal relationship under which they performed this work.

§ 8
External reports

1. A Whistleblower may make an external report without first making an internal report.
2. An external reports are received by either the Ombudsman or a public authority.
3. The Ombudsman and the public authority are separate controllers in respect of the personal data provided in an external report that they have received.
4. An external report to a public authority or the Ombudsman and, where appropriate, to institutions, bodies or organisational units of the European Union, without following the procedure provided for in this Policy, may be made in any event.
5. A report made to a public authority, the Ombudsman or to institutions, bodies or organisational units of the European Union, bypassing a report to the Investigation Office, does not have the effect of depriving the Whistleblower of the protection guaranteed by the provisions of the Whistleblower Protection Act.
6. Contact to the Ombudsman
a) The Ombudsman Office helpline
phone: 800 676 676 – toll-free from landlines and mobile phones
phone: (22) 551 77 91 – calls charged according to operator’s price list
email: biurorzecznika@brpo.gov.pl,
Mailing address: Biuro RPO, al. Solidarności 77, 00-090 Warszawa

b) Additional contact addresses:
Biuro Pełnomocnika Terenowego RPO w Gdańsku
The Office of the Field Representative of the Ombudsman deals with cases from the West Pomeranian, Pomeranian and Warmian-Masurian Voivodeships.
Address: ul. Chmielna 54/57, 80-748 Gdańsk
Direct telephone number for BPT in Gdańsk: (22) 20 98 550
email: gdansk@brpo.gov.pl

Katowice – Biuro Pełnomocnika Terenowego RPO
The Office of the Field Representative of the Ombudsman deals with cases from the Silesian, Lesser Poland and Świętokrzyskie Voivodeships.
Address: ul. Jagiellońska 25, 40-032 Katowice
phone: (32) 72 86 800 until 31 August 2023.
Direct telephone number for BPT in Katowice: (22) 20 98 555
email: katowice@brpo.gov.pl

Wrocław – Biuro Pełnomocnika Terenowego RPO
The Office of the Field Representative of the Ombudsman deals with cases from the Lower Silesian, Lubuskie and Opolskie Voivodeships.
Address: ul. Wierzbowa 5, 50-056 Wrocław
Direct telephone number for BPT in Wrocław: (22) 20 98 560
email: wroclaw@brpo.gov.pl

And also when on duty in these cities:
Bydgoszcz – Punkt Przyjęć Interesantów RPO
Address of the Ombudsman’s Service Point: Kujawsko-Pomorski Urząd Wojewódzki w Bydgoszczy, ul. Jagiellońska 3, wejście ul. Księdza Stanisława Konarskiego 1/3 (parter)
Service: staff from the Office of the Field Representative of the Ombudsman in Gdańsk
Koszalin – Punkt Przyjęć Interesantów RPO
Address of the Ombudsman’s Service Point: Urząd Miejski w Koszalinie, ul. Rynek Staromiejski 6-7 (sala klubowa A)
Service: staff from the Office of the Field Representative of the Ombudsman in Gdańsk
Kraków – Punkt Przyjęć Interesantów RPO
Address of the Ombudsman’s Service Point: Małopolski Urząd Wojewódzki w Krakowie, ul. Basztowa 22, sala 201 (202)
Service: staff from the Office of the Field Representative of the Ombudsman in Katowice
Lublin – Punkt Przyjęć Interesantów RPO
Address of the Ombudsman’s Service Point: Urząd Miasta w Lublinie, plac Króla Władysława Łokietka 1, sala nr 3
Service: staff from the Ombudsman’s Office in Warsaw
Szczecin – Punkt Przyjęć Interesantów RPO
Address of the Ombudsman’s Service Point: Siedziba Sejmiku Województwa Zachodniopomorskiego ul. Mickiewicza 41
Wałbrzych – Punkt Przyjęć Interesantów RPO
Address of the Ombudsman’s Service Point: Urząd Miejski w Wałbrzychu, Plac Magistracki 1 (II piętro, sala nr 25)
Service: staff from the Office of the Field Representative of the Ombudsman in Wrocław

Information clause on the principles for processing of the personal data of
the person reported by the whistleblower
1. The controller of personal data is MAN Shared Services Center sp. z o.o. with its registered office in Poznań, ul. Kolorowa 6, 60-198 Poznań, hereinafter: the Controller.
2. The Controller provides contact with the Data Protection Officer via the contact form available at: https://www.man.eu/pl/pl/general/data_subject_rights.html;
3. Your personal data will be processed on the basis of Article 6(1)(c)
of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and
and on the free movement of such data, and repealing Directive 95/46/EC
(General Data Protection Regulation) (OJ EU L. of 2016. No. 119, p. 1,
as amended) – hereinafter the GDPR – the controller’s obligation, in connection with the provisions of the Whistleblower Protection Act of
14 June 2024 (Journal of Laws, item 928), in order to carry out the tasks
related to the handling of internal reports.
4. The Controller will process the following personal data indicated in the whistleblower’s
report: ………………..,(to be completed in accordance with the facts)
– as personal data related to the reported person, understood as
the individual identified in the report or public disclosure as a person who
committed the breach of law, or as a person with whom the person who committed the
breach of law is related.
5. Your personal data have been provided by the whistleblower, i.e. …………………..(provide the data of the whistleblower if the whistleblower has consented to disclosure of their identity or if the whistleblower
does not meet the requirements set out in Article 6 of the Whistleblower Protection Act)
6. Personal data will only be shared with parties authorised to
process them under the law. Personal data will be shared
with parties providing services, on the basis of contracts concluded by the controller,
for the activities of the controller (e.g. IT service providers). Personal data may
be shared with third parties that support the controller in the area of
accepting internal reports. Personal data will be shared with separate
controllers, i.e. competent authorities, when taking
follow-up action.
7. Personal data will be kept for a period of 3 years after the end of the
calendar year in which the follow-up actions are completed, or after the completion of the
proceedings initiated by these actions.
8. You have the right of access to the content of your data, with the stipulation that
Article 15(1)(g) GDPR, as regards the provision of information about the source of the
personal data, does not apply unless the whistleblower does not meet the conditions indicated in Article
6 or has expressly consented to their provision.
You have the right to rectification of your personal data and their erasure in cases
provided for by law, and to the restriction of their processing.
9. You have the right to lodge a complaint with the supervisory authority, the President of the
Data Protection Office, if you consider that the processing of your personal data
is in breach of the provisions of the GDPR.
10. The provision of your personal data is voluntary (in the whistleblower report).
11. Personal data will not be subject to profiling and
no decisions will be made by automated means on the basis of these data.
(inform about profiling or automated decision-making based on the profiled data, if applicable)

Information clause on the principles for processing of the personal data of the whistleblower
in the event of disclosure (where justified) of their identity
1. The controller of personal data is MAN Shared Services Center sp. z o.o. with its registered office in Poznań, ul. Kolorowa 6, 60-198 Poznań, hereinafter: the Controller.
2. The Controller provides contact with the Data Protection Officer via the contact form available at: https://www.man.eu/pl/pl/general/data_subject_rights.html;
3. Personal data will be processed under Article 6(1)(a)
of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and
and on the free movement of such data, and repealing Directive 95/46/EC
(General Data Protection Regulation) (OJ EU L. of 2016. No. 119, p. 1, as amended),
hereinafter the GDPR (consent to disclosure of identity), in conjunction with the provisions of the Whistleblower Protection Act of
14 June 2024 (Journal of Laws, item 928), in order to carry out the tasks
related to the handling of internal reports, including the disclosure, where justified,
of the whistleblower’s identity.
5. Personal data will only be shared with parties authorised to
process them under the law. Personal data will be shared
with parties providing services, on the basis of contracts concluded by the controller,
for the activities of the controller (e.g. IT service providers). Personal data may
be shared with third parties that support the controller in the area of
accepting internal reports. Personal data will be shared with separate
controllers, i.e. competent authorities, when taking
follow-up actions, personal data allowing the identification of the whistleblower may be
shared with the reported persons or persons indicated in the report.
6. Personal data will be kept for a period of 3 years after the end of the
calendar year in which the follow-up actions are completed, or after the completion of the
proceedings initiated by these actions.
7. You have the right to access your personal data, to their rectification and to their erasure in cases
provided for by law, and to the restriction of their
processing, and to withdraw your consent at any time. Withdrawal of consent will not
affect the lawfulness of processing carried out before its withdrawal.
If you withdraw your consent to the disclosure of your identity, your personal data will not
be shared (from the moment of withdrawal of consent).
8. You have the right to lodge a complaint with the supervisory authority, the President of the
Data Protection Office, if you consider that the processing of your personal data
is in breach of the provisions of the GDPR.
9. The provision of personal data is voluntary.
10. Personal data will not be subject to profiling and
no decisions will be made by automated means on the basis of these data. (inform about profiling or automated decision-making based on
the profiled data, if applicable)

Information clause on the principles for processing of the personal data of the whistleblower
1. The controller of personal data is MAN Shared Services Center sp. z o.o. with its registered office in Poznań, ul. Kolorowa 6, 60-198 Poznań, hereinafter: the Controller.
2. The Controller provides contact with the Data Protection Officer via the contact form available at: https://www.man.eu/pl/pl/general/data_subject_rights.html;
3. Personal data will be processed under:
1) Article 6(1)(c) of Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection Regulation)
(OJ EU L. of 2016. No. 119, p. 1, as amended) – hereinafter the GDPR –
the controller’s obligation, in connection with the provisions of the Whistleblower Protection Act of
14 June 2024 (Journal of Laws, item 928), in order to carry out the tasks
related to the handling of internal reports,
2) Article 9(2)(g) GDPR in connection with the provisions of the Whistleblower Protection Act,
if such personal data are included in the whistleblower’s report.
5. Personal data will only be shared with parties authorised to
process them under the law. Personal data will be shared
with parties providing services, on the basis of contracts concluded by the controller,
for the activities of the controller (e.g. IT service providers). Personal data may
be shared with third parties that support the controller in the area of
accepting internal reports. Personal data will be shared with separate
controllers, i.e. competent authorities, when taking
follow-up action.
6. Personal data will be kept for a period of 3 years after the end of the
calendar year in which the follow-up actions are completed, or after the completion of the
proceedings initiated by these actions.
7. You have the right to access your personal data, to their rectification and to their erasure in cases
provided for by law, and to the restriction of their
processing.
8. You have the right to lodge a complaint with the supervisory authority, the President of the
Data Protection Office, if you consider that the processing of your personal data
is in breach of the provisions of the GDPR.
9. The provision of personal data is voluntary.
10. Personal data will not be subject to profiling and
no decisions will be made by automated means on the basis of these data. (inform about profiling or automated decision-making based on
the profiled data, if applicable)