logo

The LOTOS Group considers it vital to constantly improve the security of its business processes through comprehensive management of misconduct risk under a misconduct prevention system.

In 2012, in keeping with the adopted standards of corporate social responsibility and business ethics, the LOTOS Group unveiled its Misconduct Prevention Policy, which contains a declaration that the Group will not tolerate any unethical behaviour, including corruption, in any form. The LOTOS Group has adopted a systematic approach to increasing the Company’s immunity to the risk of misconduct by its employees and external stakeholders (suppliers, customers, etc.).

Misconduct Prevention Policy

Any actual or suspected ethical violations can be reported by LOTOS Group stakeholders to persons responsible for preventing misconduct within the organisation. For this purpose, dedicated channels of communication with the LOTOS Group Internal Control Office have been established.

Any suspected violations can be reported anonymously using one of the below options:

I.    Personal data controller
The controller of personal data, within the meaning of Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR”), provided for the purpose of reporting or investigating any instance of misconduct or a similar event is the LOTOS Group company to which the report pertains. The controller’s contact details are available on www.lotos.pl. Where a report pertains to Grupa LOTOS S.A., the controller can be contacted by email: lotos@grupalotos.pl or by a letter sent to: ul. Elbląska 135, 80-718 Gdańsk, Poland.
II.   Data Protection Officer
If the personal data controller has designated a Data Protection Officer, the latter may be contacted by email or by post on any matters related to personal data processing and exercise of the rights related to personal data processing. Relevant addresses are posted by the LOTOS Group companies on www.lotos.pl or in internal communications. Grupa LOTOS S.A. has appointed a Data Protection Officer, who can be contacted by email: iod@grupalotos.plor by a letter addressed to: Grupa LOTOS S.A., ul. Elbląska 135, 80-718 Gdańsk, Poland, marked: “Inspektor ochrony danych” (Data Protection Officer).
III.  Purposes of personal data processing
Personal data will be processed for the purposes of receiving and investigating a report of misconduct or alleged misconduct, and, where justified, for the purpose of reporting a suspected offence to law enforcement authorities.
IV. Legal basis for personal data processing
The legal basis for the processing of your personal data:
a)   the legitimate interests pursued by the controller, provided for in Article 6(1)(f) of GDPR, which are to prevent misconduct and protect the LOTOS Group’s reputation,
b)   compliance with a legal obligation to which the controller is subject, provided for in Article 6(1)(c), which is the obligation to notify law enforcement authorities of a suspected offence pursuant to Art. 304.1 of the Code of Criminal Procedure.
V.  Disclosure of personal data
Where justified, personal data may be transferred to authorised persons by operation of law. Personal data may also be transferred to entities processing personal data on instructions from the controller, including to Grupa LOTOS S.A., operators of IT systems used for the purposes referred to above, archiving and maintenance service providers, legal advisors and auditors, provided that such entities process such data under relevant agreements with the controller and solely in accordance with the controller’s instructions.
VI. Data storage period
Personal data will be stored for three years from the end of the investigation or until the legal obligation to store the data has expired. Where an offence or a tax offence is found to have been committed, personal data will be stored for 25 years, as these offences have a 25-year statute of limitations.
VII.   Rights of data subjects
Data subjects have the right to:
a)   access their data and receive a copy thereof,
b)   rectify (correct) their data,
c)   erase and restrict the processing of their data,
d)   object to the processing of personal data on grounds relating to their particular situation, where their data is processed on the basis of the controller’s legitimate interests. Such an objection may be raised at any time by email or by a letter sent to the addresses given above,
e)   lodge a complaint with the President of the Personal Data Protection Office (sent to the address of the Personal Data Protection Office: ul. Stawki 2, 00-193 Warsaw, Poland) if they believe their personal data is processed in contravention of the applicable personal data protection regulations.
In order to exercise your rights, please contact the data controller or the Data Protection Officer. Relevant contact details are available on www.lotos.pl. The contact details of Grupa LOTOS S.A.’s Data Protection Officer are provided above.
VIII.   Freedom to provide data
Providing personal data is voluntary. Not providing personal data will not be the determining factor in deciding whether a report is considered or not.
IX. Personal data profiling
Personal data will not be profiled or used for automated decision making.

Suspected misconduct report form

1. Person alleged to have committed the misconduct:

2. Type of misconduct:*

3. Source of knowledge of the misconduct incident:

4. Description of the incident:

5. Evidence of misconduct:

You can add up to 5 files with a total size not exceeding 20 Mb

6. Has the incident already been reported to anyone else?:*

7. Other persons involved in or having knowledge of the incident:

Person involved in the incident:

Person with knowledge of the incident:

8. Person reporting the incident:*

Privacy notice



I. Personal data controller
The controller of your personal data, within the meaning of Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR”), provided for the purpose of reporting or investigating any instance of misconduct or a similar event is the LOTOS Group company to which the report pertains. The controller’s contact details are available on www.lotos.pl. Where a report pertains to Grupa LOTOS S.A., the controller can be contacted by email to lotos@grupalotos.pl or by a letter addressed to: ul. Elbląska 135, 80-718 Gdańsk, Poland.

II. Data Protection Officer
If the personal data controller has designated a Data Protection Officer, the latter may be contacted by email or by post on any matters related to personal data processing and exercise of the rights related to personal data processing. Relevant addresses are posted by the LOTOS Group company on www.lotos.pl. Grupa LOTOS S.A. has appointed a Data Protection Officer who can be contacted by email: iod@grupalotos.pl or by a letter addressed to: Grupa LOTOS S.A., ul. Elbląska 135, 80-718 Gdańsk, Poland, marked ‘Inspektor ochrony danych (Data Protection Officer)’.

III. Purposes of personal data processing
Your data will be processed for the purposes of receiving and investigating a report of misconduct or alleged misconduct, and, where justified, for the purpose of reporting a suspected offence to law enforcement authorities.

IV. Legal basis for personal data processing
The legal basis for the processing of your personal data:
c) the legitimate interests pursued by the controller, provided for in Article 6(1)(f) of GDPR, which are to prevent misconduct and protect the LOTOS Group’s reputation,
d) compliance with a legal obligation to which the controller is subject, provided for in Article 6(1)(c), which is the obligation to notify law enforcement authorities of a suspected offence pursuant to Art. 304.1 of the Code of Criminal Procedure.

V. Disclosure of personal data
Where justified, your data may be transferred to authorised persons by operation of law. Your data may also be transferred to entities processing personal data on instructions from the controller, including to Grupa LOTOS S.A., operators of IT systems used for the purposes referred to above, archiving and maintenance service providers, legal advisors and auditors, provided that such entities process such data under relevant agreements with the controller and solely in accordance with the controller’s instructions.

VI. Data storage period
Your personal data will be stored for three years from the end of the investigation or until the legal obligation to store the data has expired. Where an offence or a tax offence is found to have been committed, your personal data will be stored for 25 years, as these offences have a 25-year statute of limitations.

VII. Rights of data subjects
You have the right to:
f) access your data and receive a copy thereof,
g) rectify (correct) your data,
h) erase and restrict the processing of your data,
i) object to the processing of personal data on grounds relating to your particular situation, where your data is processed on the basis of the controller’s legitimate interests. Such an objection may be raised at any time by email or by a letter sent to the addresses given above,
j) lodge a complaint with the President of the Personal Data Protection Office (sent to the address of the Personal Data Protection Office: ul. Stawki 2, 00-193 Warsaw, Poland) if you believe your personal data is processed in contravention of the applicable personal data protection regulations.
In order to exercise your rights, please contact the data controller or the Data Protection Officer. Relevant contact details are available on www.lotos.pl. The contact details of Grupa LOTOS S.A.’s Data Protection Officer are provided above.

VIII. Freedom to provide data
Providing personal data is voluntary. Not providing personal data will not be the determining factor in deciding whether your report is considered or not.

IX. Personal data profiling
Your personal data will not be profiled or used for automated decision making.

9. Grupa LOTOS may contact persons reporting misconduct?:*

Grupa LOTOS reserves the right to contact the notifying person in order to verify the report and obtain additional information and, if it proves necessary to notify appropriate state authorities, in order to provide such authorities with the personal data of the notifying person.
* Required field