- Misconduct Prevention Policy
The LOTOS Group considers it vital to constantly improve the security of its business processes through comprehensive management of misconduct risk under a misconduct prevention system.
In 2012, in keeping with the adopted standards of corporate social responsibility and business ethics, the LOTOS Group unveiled its Misconduct Prevention Policy, which contains a declaration that the Group will not tolerate any unethical behaviour, including corruption, in any form. The LOTOS Group has adopted a systematic approach to increasing the Company’s immunity to the risk of misconduct by its employees and external stakeholders (suppliers, customers, etc.).
Any actual or suspected ethical violations can be reported by LOTOS Group stakeholders to persons responsible for preventing misconduct within the organisation. For this purpose, dedicated channels of communication with the LOTOS Group Internal Control Office have been established.
Any suspected violations can be reported anonymously using one of the below options:
- email to: firstname.lastname@example.org
- a letter addressed to: Szef Biura Kontroli Wewnętrznej (Head of the Internal Control Office), Grupa LOTOS S.A., ul. Elbląska 135, 80-718 Gdańsk, Poland,
- in a telephone call or by voicemail: +48 504 181 048
- by filling in an online report form avaible below.
I. Personal data controller
The controller of personal data, within the meaning of Article 4 (7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR”), provided for the purpose of reporting or investigating any instance of misconduct or a similar event is the LOTOS Group company to which the report pertains. The controller’s contact details are available on www.lotos.pl. Where a report pertains to Grupa LOTOS S.A., the controller can be contacted by email: email@example.com or by a letter sent to: ul. Elbląska 135, 80-718 Gdańsk, Poland.
II. Data Protection Officer
If the personal data controller has designated a Data Protection Officer, the latter may be contacted by email or by post on any matters related to personal data processing and exercise of the rights related to personal data processing. Relevant addresses are posted by the LOTOS Group companies on www.lotos.pl or in internal communications. Grupa LOTOS S.A. has appointed a Data Protection Officer, who can be contacted by email: firstname.lastname@example.org by a letter addressed to: Grupa LOTOS S.A., ul. Elbląska 135, 80-718 Gdańsk, Poland, marked: “Inspektor ochrony danych” (Data Protection Officer).
III. Purposes of personal data processing
Personal data will be processed for the purposes of receiving and investigating a report of misconduct or alleged misconduct, and, where justified, for the purpose of reporting a suspected offence to law enforcement authorities.
IV. Legal basis for personal data processing
The legal basis for the processing of your personal data:
a) the legitimate interests pursued by the controller, provided for in Article 6(1)(f) of GDPR, which are to prevent misconduct and protect the LOTOS Group’s reputation,
b) compliance with a legal obligation to which the controller is subject, provided for in Article 6(1)(c), which is the obligation to notify law enforcement authorities of a suspected offence pursuant to Art. 304.1 of the Code of Criminal Procedure.
V. Disclosure of personal data
Where justified, personal data may be transferred to authorised persons by operation of law. Personal data may also be transferred to entities processing personal data on instructions from the controller, including to Grupa LOTOS S.A., operators of IT systems used for the purposes referred to above, archiving and maintenance service providers, legal advisors and auditors, provided that such entities process such data under relevant agreements with the controller and solely in accordance with the controller’s instructions.
VI. Data storage period
Personal data will be stored for three years from the end of the investigation or until the legal obligation to store the data has expired. Where an offence or a tax offence is found to have been committed, personal data will be stored for 25 years, as these offences have a 25-year statute of limitations.
VII. Rights of data subjects
Data subjects have the right to:
a) access their data and receive a copy thereof,
b) rectify (correct) their data,
c) erase and restrict the processing of their data,
d) object to the processing of personal data on grounds relating to their particular situation, where their data is processed on the basis of the controller’s legitimate interests. Such an objection may be raised at any time by email or by a letter sent to the addresses given above,
e) lodge a complaint with the President of the Personal Data Protection Office (sent to the address of the Personal Data Protection Office: ul. Stawki 2, 00-193 Warsaw, Poland) if they believe their personal data is processed in contravention of the applicable personal data protection regulations.
In order to exercise your rights, please contact the data controller or the Data Protection Officer. Relevant contact details are available on www.lotos.pl. The contact details of Grupa LOTOS S.A.’s Data Protection Officer are provided above.
VIII. Freedom to provide data
Providing personal data is voluntary. Not providing personal data will not be the determining factor in deciding whether a report is considered or not.
IX. Personal data profiling
Personal data will not be profiled or used for automated decision making.