INFORMATION FOR WHISTLEBLOWERS

INFORMATION FOR WHISTLEBLOWERS

INFORMATION FOR WHISTLEBLOWERS

in relation to the Company

Doležal & Partners s.r.o., advokátní kancelář

Id number: 024 53 436

With its registered seat Brno, Koliště 1912/13, Zip code 602 00

Registered with the Commercial Register of the Regional court in Brno, file C 81289

(Hereinafter referred to as „Company“)

1. WHAT IS THE SUBJECT OF THIS INFORMATION?

The Company hereby informs that, in accordance with Act No. 253/2008 Coll., on selected measures against legitimization of proceeds of crime and financing of terrorism, as amended (hereinafter referred to as “AMLZ“) and Act No. 171/2023 Coll., on the protection of whistleblowers, as amended (hereinafter referred to as “Whistleblower Protection Act“), it operates an internal whistleblowing system and ensures the protection of whistleblowers who make a notification through this whistleblowing system.

This information for whistleblowers („Information“) provides basic information on:

  • the ways in which persons can make a notification,
  • the person responsible, including contact details,
  • the rights and obligations of the notifying person and of the Company to the notifying person; and
  • the rules for keeping records and information about the notification.

2. WHO CAN MAKE THE NOTIFICATION?

A person who may make a notification (hereinafter referred to as the “notifier/whistleblower“):

  • a former, current or prospective employee of the Company,
  • a volunteer who is volunteering for the Company,
  • a paid or unpaid intern of the Company,
  • a self-employed person working with the Company,
  • a person exercising rights associated with participation in the Company,
  • a person serving as a member of a Company body,
  • a person performing tasks within the scope of the Company’s activities, in the Company’s interest, on its behalf or on its account,
  • any person working for a contractor, supplier, subcontractor or similar contractor of the Company.

3. WHAT IS THE NOTIFCATION?

Notification means a communication containing information about a possible violation within the meaning of Article 4 of this Information, which has been committed / is about to be committed by the Company, any employee of the Company, or a person representing the Company or acting as a controlling body of the Company, and of which the notifier has become aware in connection with work or other similar activity in the Company or for the Company.

The notification must contain information about the possible infringement. In addition, for the purposes of a proper assessment and investigation of the notification, it is appropriate to include at least the following information in the notification:

  • Identification of the persons suspected of the infringement and any other persons involved,
  • a detailed description of the infringement,
  • specific evidence of the infringement, or any specific knowledge that supports the suspected infringement,
  • the contact details (address, e-mail address, etc.) to which the acknowledgement of receipt of the notification and the notification of the results of the assessment of the notification received may be sent; if the notifier does not wish to be sent the receipt of the notification and/or the notification of the results of the assessment of the notification, he/she shall explicitly state this when submitting the notification.

The notification should also contain the name, surname and date of birth of the notifier or other information from which the identity of the notifier can be inferred. If this information is not known to the relevant person of the Company, no acknowledgement of receipt of the notification, or other action against the notifier in accordance with this Information, the AMLZ and the Whistleblower Protection Act, or protection from retaliation by the Company can be given until the identity of the notifier is known.

4. WHAT CAN BE THE SUBJECT OF NOTIFICATION?

The subject of the notification may be an unlawful act, which:

  • has the characteristics of a criminal offence,
  • has the characteristics of an offence for which a fine of at least CZK 100 000 may be imposed,
  • violates the whistleblower protection rules,
  • violates another legal regulation of the Czech Republic or a regulation of the European Union in the areas listed below in this Article 4 of this Information.

A notification of a violation by the Company may relate in particular to the following areas:

  • corporate income tax,
  • prevention of the laundering of the proceeds of crime and the financing of terrorism,
  • consumer protection and safety, and compliance with product requirements under legislation,
  • transport, traffic and road safety,
  • environmental protection, food safety,
  • public procurement and competition,
  • protection of internal order and security, life and health,
  • protection of personal data, privacy and security of electronic communications networks and information systems.

5. TO WHOM AND HOW CAN THE NOTIFICATION BE MADE?

Notification can be made to the following person (the “Competent Person“):

JUDr. Ondřej Doležal, managing director
e-mail: dolezal@dolezalpartners.com
telephone: + 420 608 911 355
address: Brno, Koliště 1912/13, zip code 602 00

The notification can be made through the Company’s internal notification system as an internal notification or through the notification system of the Ministry of Justice as an external notification (see Article 8 of this Information).

Notification through the internal notification system may be made:

  • in person by appointment at the office of the Competent Person,
  • in writing as a document by mail sent to the correspondence address of the Competent Person, always to the attention of the Competent Person, with the envelope marked ‘Notification – do not open – only to the attention of the Competent Person’,
  • by e-mail message sent to the e-mail address of the Competent Person,
  • by a telephone call to the telephone number of the Competent Person.

6. HOW IS ENSURED THE PROTECTION OF THE NOTIFIER?

Only the Competent Person, who is bound by the obligation of confidentiality, has access to the notifications made and, where applicable, to the identification and contact details of the whistleblower/notifier.

A whistleblower who has made a notification in good faith that the information contained in the notification is true is protected from retaliation by the Company in relation to the notification or the facts contained in the notification.

A whistleblower who knowingly provides false information in a notification or who makes a notification without reasonable grounds to believe that it is based on truthful information is not protected. Assuming that the information provided by the notifier in the notification or access to it was obtained through a criminal offence or misdemeanor, the liability of the notifier for such conduct shall remain unaffected. Against a whistleblower who knowingly makes a false report to the detriment of the Company, its employees, or persons representing the Company or acting as a controlling body of the Company, the Company shall be entitled to pursue any claims arising under applicable law.

7. SECURITY OF PERSONAL DATA

The Company is obliged to adequately protect the personal data of the notifier as well as the personal data of any third parties mentioned in the notification. To this end, the Company has put in place the following technical and organizational measures to safeguard personal data against unauthorized processing, destruction or loss:

  • only the Competent Person will have access to the personal data of the whistleblower, as well as to the personal data of any third parties mentioned in the notification, except in situations where disclosure of personal data is required by applicable law in connection with investigations and proceedings based on the whistleblower’s notification,
  • personal data in electronic form will be stored in an electronic system secured by access passwords and anti-virus and other protection tools against unauthorized access by third parties,
  • personal data in physical form will be stored in designated locations in lockable storage facilities out of the normal reach of persons other than the Competent Person,
  • personal data will not be further stored or processed in any other way after the expiry of the necessary processing period.

Further information on the processing of personal data is contained in the Annex to this Information.

8. EXTERNAL NOTIFICATIONS

A whistleblower who, for any reason, does not wish to make a notification through the Company’s internal notification system under the above rules is entitled to make a notification through the external notification channel established by the Department of Justice via the following link: https://oznamovatel.justice.cz/chci-podat-oznameni/. However, notification through this notification channel cannot be made if it relates to a breach of obligations under the AMLZ.

Annex to the Information for the notifiers/whistleblowers

IINFORMATION ON THE PROCESSING OF PERSONAL DATANFORMACE O ZPRACOVÁNÍ OSOBNÍCH ÚDAJŮ


1. INTRODUCTORY INFORMATION

Doležal & Partners s.r.o., advokátní kancelář, Id. No.: 024 53 436, with its registered office at Koliště 1912/13, zip code 602 00, Brno, registered in the Commercial Register maintained by the Regional Court in Brno, File No. C 81289 (hereinafter referred to as the “Company”), as the controller of personal data, hereby informs you of the basic principles of processing personal data in accordance with Regulation No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation“) and Act No. 110/2019 Coll, on the processing of personal data, as amended, on the basis of which the Company handles your personal data in connection with the notification of a violation (hereinafter referred to as the “data subject“).

2. PURPOSE OF THE PERSONAL DATA PROCESSING

The Company processes the personal data of the data subject for the purpose of examining the notification of a possible infringement made by the data subject and carrying out related investigations and proceedings following such notification, as well as for the purpose of fulfilling the Company’s obligations under the relevant legislation and for the purpose of protecting the Company’s legitimate interests.

3. LEGAL BASIS FOR THE PERSONAL DATA PROCESSING

The legal basis for the processing of the data subject’s personal data is (are):

  1. the performance of the legal obligations to which the Company is subject in connection with whistleblower protection legislation, within the meaning of Article 6(1)(c) of the General Data Protection Regulation; and
  2. the legitimate interests of the Company within the meaning of Article 6(1)(f) of the General Data Protection Regulation in the form of action taken following a notification of a possible infringement.

4. SCOPE OF THE PROCESSED PERSONAL DATA

The personal data of the subject are processed within the scope of the personal data provided by the data subject in the notification of a possible infringement, or within the scope of the identification and contact data of the data subject.

5. PERIOD OF PERSONAL DATA PROCESSING

The personal data will be processed for a period of 5 years from the date of receipt of the notification, in accordance with the obligation to keep the notification and related documents and to keep a record of the notifications received as provided for by the Whistleblower Protection Act.

Personal data processed on the basis of the legitimate interests of the Company will be processed for a maximum period of 10 years from the date of termination of any claims arising from follow-up measures taken on the basis of a notification of a possible infringement. In the event that judicial, administrative or other proceedings are commenced and are ongoing concerning the rights and/or obligations of the Company in relation to the relevant measure taken following a notification of a possible infringement, the period of processing of personal data shall not expire before the end of such proceedings.

6. CONTACT INFORMATION OF THE COMPANY

The Company may be contacted at:

  1. the address of its seat,
  2. via e-mail at: office@dolezalpartners.com,
  3. via data box ID: zz28de4,
  4. via telephone at + 420 543 217 520.

7. INFORMATION ON THE POTENTIAL RECIPIENTS OF THE PERSONAL DATA AND THE INTENTION TO HAND OVER THE PERSONAL DATA TO THIRD PERSONS

The personal data of the data subject and the personal data contained in the notification of a possible violation may be transferred to the competent courts, administrative authorities, police authorities or other competent public authorities, as well as to the Company’s professional advisors (e.g. lawyers, etc.) under the conditions set out in the relevant legislation.

The Company does not intend to transfer personal data to a third country or international organization, except where the notification relates to an infringement of European Union law and where the competent authorities require the data subject to be identified.

8. FURTHER INFORMATION ON THE PERSONAL DATA PROCESSING

Personal data is processed manually in physical or electronic form.

Personal data will not be processed by any data processors. Personal data will only be processed by persons expressly authorized to do so.

9. RIGHTS OF THE DATA SUBJECTS

The company is obliged to provide the data subject, upon his/her request, with information concerning the processing of his/her personal data (in particular, the purpose of the processing, the categories of personal data, the duration of the processing and the source of the personal data). The data subject is also entitled to request a copy of the personal data processed. However, the Company shall be entitled to charge the data subject a reasonable fee for the repeated provision of the data corresponding to the administrative costs incurred in providing it.

If the Company processes inaccurate or incomplete personal data, the data subject is entitled to request their correction and completion.

The data subject shall be entitled to request that the Company erase the personal data concerning the data subject if one of the following reasons is given:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; or
  2. the processing of the personal data is unlawful; or
  3. the data subject objects to the processing of the personal data and there are no overriding legitimate grounds for processing the personal data; or
  4. the personal data must be erased in order to comply with a legal obligation under European Union or Member State law; or
  5. consent to the processing of personal data, if any, is withdrawn.

Conversely, the right to erasure of personal data does not apply to the data subject if the processing of personal data is necessary for compliance with a legal obligation of the Company or for the establishment, exercise or defense of legal claims of the Company or for archiving purposes.

The data subject shall be entitled to object at any time to processing of personal data which is carried out on the basis of a legitimate interest of the Company. In raising such an objection, the Company shall assess whether the interest in protecting the personal data of the data subject outweighs the legitimate interest of the Company for which the personal data are processed by the Company. If the Company concludes that the interest in protecting the data subject’s personal data is overridden, it shall cease processing the employee’s personal data for that purpose.

The right to restrict the processing of personal data of the data subject shall only apply if:

  1. where the data subject has objected to the processing of personal data which is carried out on the basis of a legitimate interest of the Company; or
  2. disputing the accuracy of the personal data processed; or
  3. unlawful processing of personal data by the Company and simultaneous refusal by the data subject to erase it; or
  4. where the Company does not need the personal data for the purpose of the processing but the data subject nevertheless requires the personal data for the establishment, exercise or defense of his or her legal claims.

If any of the above conditions are met, the Company will temporarily make the data subject’s personal data unavailable and will not process it for a certain period of time.

The data subject shall have the right to obtain the personal data concerning him or her that he or she has provided to the Company in a structured, commonly used and machine-readable format and to transmit such data to another data controller without hindrance from the Company, or the data subject shall be entitled to request that the personal data be transmitted directly by the Company to another data controller, if technically feasible. This right shall only be granted to the data subject in the case of processing of personal data on the basis of the consent to the processing of personal data, if any.

The data subject is entitled at any time to address a complaint or complaint regarding the processing of his/her personal data to the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Prague, Pplk. Sochora 27, zip code 170 00, website www.uoou.cz.