Whistleblowing

Information clause for a person reporting a violation and providing his/her identity

1. The controller of your personal data contained in the Report is Lubelski Węgiel “BOGDANKA” Spółka Akcyjna with its registered office in Bogdanka, 21-013 Puchaczów, Tax Reg. No. (NIP) 713-000-57-84, Industry Id. No. (REGON) 430309210 (the Controller).
2. Contact details of the Controller’s Data Protection Officer: ***@lw.com.pl.
3. Your personal data will be processed in order for the Controller to take action related to the violation report submitted with provision of identity in accordance with the Whistleblowing Procedure in Lubelski Węgiel “Bogdanka” S.A.
4. The personal data are processed by the Controller for the following purposes:
   1. in order to perform the legal obligations resting on the Controller in connection with the reports of violation of law arising under Article 97d of the Act of 29 July 2005 on Public Offerings and the Terms and Conditions for Introducing Financial Instruments to an Organized Trading System and on Public Companies – on the basis of Article 6(1)(c) GDPR;
   2. in order to make, accept and review Reports in accordance with the Whistleblowing Procedure in Lubelski Węgiel “Bogdanka” S.A. within the framework of the legitimate interests pursued by the Controller – on the basis of Article 6(1)(f) GDPR;
   3. in order to determine, pursue or defend against claims between the Controller and the Whistleblower as well as between the data subject who is not a Whistleblower and the Controller, as part of the legitimate interests pursued by the Controller – on the basis of Article 6(1)(f) GDPR.
5. The provision of personal data is voluntary.
6. The processing of personal data may be entrusted by the Controller to providers of services or products acting on its behalf, in particular to the entities providing legal, IT, security and maintenance services to the Controller. Your personal data can also be made available to other entities, including those providing legal, messenger and postal services.
7. Your personal data will not be transferred to a third country within the meaning of the GDPR (outside the territory of the European Economic Area).
8. Your personal data will be retained for the period necessary to process the Report, prepare the report and notify the person of the outcome of the Report validity verification procedure, after which the data will be retained for the period relevant to the statute of limitations for claims and criminal acts or for the period required by law. The Controller may retain your personal data for a period longer than indicated above only if there is another basis for processing your personal data as specified in Article 6(1) GDPR.
9. You have the right to request: a) access to the content of your data – within the limits of Article 15 GDPR; b) rectification – within the limits of Article 16 GDPR, c) erasure – within the limits of Article 17 GDPR, d) restriction of processing – within the limits of Article 18 GDPR, e) data portability – within the limits of Article 20 GDPR, f) the right to object to the processing of your personal data – within the limits of Article 21 GDPR.
10. The rights referred to above may be exercised by indicating your requests and sending them to the Data Protection Officer’s e-mail address: ***@lw.com.pl
11. You also have right to lodge a complaint to the President of the Personal Data Protection Authority if you conclude that the processing of your personal data breaches the provisions of the GDPR.
12. The processing of your personal data for the purpose as described above and on the grounds specified above is independent of the processing of your data by the Controller for other purposes and on other grounds, and this clause does not override other information clauses provided to you or placed on the Controller’s premises.