Home / Whistleblowing Procedure

Whistleblowing Procedure

Procedure for reporting violations

The guiding principle of the Warsaw University of Life Sciences is to act in accordance with the law and ethical standards. We attach great importance to ensuring that our activities are perceived as transparent and honest. Therefore, it is essential to us that any action committed in violation is promptly presented and its effects neutralised.

We realise that mistakes and irregularities may occur in our business. We want to know about them because only then can we effectively prevent them.

At the Warsaw University of Life Sciences, we have implemented a procedure for reporting violations. It is regulated by Ordinance No. 85 of the Rector of the Warsaw University of Life Sciences of 18 September 2024 on the introduction of the Regulations for internal reporting of legal violations and follow-up actions at the Warsaw University of Life Sciences: Regulations for internal reporting of legal violations and follow-up actions at the Warsaw University of Life Sciences. Thanks to this procedure, you can report any potential violations committed by our employees to us.

We promise that the information provided will be kept strictly confidential, except when the information and data of the persons providing it are required by applicable law to be shared.

The provisions of the Act of 14 June 2024 on the protection of whistleblowers apply to this procedure.

What is a violation?

A violation that may be reported is an action or omission that is unlawful or intended to circumvent the law.

The violation may concern:

  • corruption
  • public procurement
  • financial services, products and markets
  • anti-money laundering and counter-terrorist financing
  • product safety and compliance
  • transport safety
  • environmental protection
  • radiological protection and nuclear safety
  • food and feed safety
  • animal health and welfare
  • public health
  • consumer protection
  • privacy and personal data protection
  • security of networks and information systems
  • financial interests of the State Treasury of the Republic of Poland and the European Union
  • the internal market of the European Union, including competition law

and state aid, and taxation of legal persons

  • constitutional freedoms and human and civil rights – occurring in relations between individuals

and public authorities, and not related to the areas indicated in the points above

  • internal regulations at the Warsaw University of Life Sciences.

How to report a violation?

  • electronically via email to: pnp@sggw.edu.pl
  • electronically via the EZD (Electronic Document Management) system to the email address of the Rector’s Representative for Legal Violations
  • traditionally by post to the address of the SGGW headquarters: ul. Nowoursynowska 166, 02 – 787 Warsaw,  with a note on the envelope: ‘Rector’s Representative for Legal Violations, to be delivered in person’
  • at the request of the Whistleblower verbally during a direct meeting with the Rector’s Representative for Legal Violations

Anonymous incident reports will not be considered.

To enable objective and efficient proceedings, we recommend that whistleblowers include the following information in their reports:

  • name and surname of the person reporting the violation
  • date and place of the report
  • name of the SGGW organisational unit or name and surname of the person concerned by the report
  • description of the violation
  • approximate period of the violation
  • other information related to the observed violation
  • any evidence confirming the existence of the violation
  • contact address to which confirmation of receipt of the report and feedback should be sent

Will SGGW remain in contact with the Whistleblower after the incident has been reported?

  • We will confirm receipt of the incident report within 7 days of receiving it.
  • We will provide the Whistleblower with feedback within 3 months of confirming receipt of the report or, if no confirmation is provided to the person making the report, within 3 months of the expiry of 7 days from the date of the report.

What are the basic rules for reporting?

  • All reports are thoroughly analysed and considered with due diligence, impartiality and confidentiality, including the confidentiality of personal data.
  • Reports should be made in good faith to avoid deliberately harming someone else.
  • We do not take retaliatory action against Whistleblowers who report suspected violations in good faith, even if the information is not confirmed during the investigation.
  • The results of the investigation, together with the documentation, constitute confidential (protected) information and are archived and stored by SGGW for a period of 3 years from the date of completion of the investigation.

Information clause for whistleblowers

  • The data controller for whistleblowers’ personal data is the Warsaw University of Life Sciences

at ul. Nowoursynowska 166, 02-787 Warsaw.

  • SGGW has appointed a Data Protection Officer who can be contacted at the above address or electronically by sending an e-mail to: iod@sggw.edu.pl.
  • Personal data will be processed in connection with follow-up activities, including proceedings initiated by a report of a violation or potential violation of the law, for:
    • fulfilment of the legal obligation incumbent on SGGW (Article 6(1)(c) of the GDPR in conjunction with Article 8(4) and (8) of the Act of 14 June 2024 on the protection of whistleblowers),
    • communication with the Whistleblower and responses to reports, as well as any communication with witnesses or the perpetrator of the violation (Article 6(1)(f) of the GDPR).
    • pursuing any claims to which SGGW is entitled or against SGGW, and defending against such claims (Article 6(1)(f) or Article 9(2)(f) of the GDPR).
  • Personal data will not be subject to automated decision-making, including profiling.
  • The provision of data by the Whistleblower is voluntary, but necessary for the purposes indicated above.
  • The SGGW will process the Whistleblower’s personal data, as a rule, in the scope of: name and surname, contact details and other data contained in the submitted report. In such cases, the data will be provided directly by the Whistleblower. However, as a result of its activities, SGGW may also collect personal data independently, e.g., from witnesses or the perpetrator of the incident in connection with their explanations, or from documents analysed by SGGW. The personal data of the person accused of the violation (the person to whom the report relates) will be processed by SGGW to the extent specified in the report submitted to SGGW by the Whistleblower, as well as data that SGGW has collected independently from witnesses to the incident, other entities or institutions, or has determined based on its own actions.
  • Personal data that is not relevant to the processing of the report will be deleted by SGGW or anonymised within 14 days of SGGW determining that it is redundant. SGGW will process the personal data of the Whistleblower for a period of 3 years after the end of the calendar year in which the external report was submitted to the public authority competent to take follow-up action or the follow-up action was completed, or after the completion of the proceedings initiated by such action. In a situation where it is necessary to process personal data at a further stage of the proceedings based on the legitimate objectives of SGGW, including investigation or defence against claims, SGGW will process this data for the duration of these objectives, but no longer than until the expiry of the limitation period for claims under generally applicable law. The personal data of a person accused of a violation or a witness to an incident will be processed by SGGW for the period necessary to achieve the above purposes, i.e. for a period of 3 years after the end of the calendar year in which the external report was submitted to the public authority competent to take follow-up action or the follow-up action was completed, or after the completion of proceedings initiated by these actions, and in the event of claims arising, until the expiry of the limitation period for claims under generally applicable legal provisions..
  • SGGW ensures the confidentiality of personal data in connection with the proceedings or the report received. Therefore, the data will only be made available to entities if:
    • There is a legal obligation to transfer them,
    • it is in the legitimate interest of SGGW or a third party,
    • the data subject gives their consent.

In particular, recipients of personal data may include entities authorised under the law, entities providing services to SGGW based on relevant personal data processing agreements or supporting SGGW’s activities, in particular law firms, tax firms, consulting firms, auditors, auditors, companies supporting SGGW in the archiving and destruction of data carriers, providing IT solutions or IT services, as well as debt collection companies..

  • Every person has the right to complain to the supervisory authority, which is the President of the Personal Data Protection Office. Under the conditions provided for in the GDPR, the data subject has the right to access their data and the right to rectify, delete, restrict processing, and object to the processing of data (in which case SGGW will cease to process the data for these purposes, unless it can demonstrate that there are valid legal grounds for SGGW to do so which override the interests, rights and freedoms of the data subject, or that the data is necessary for SGGW to establish, pursue or defend claims).

Requests to exercise this right will be considered without undue delay, within 30 days of receipt by the Warsaw University of Life Sciences. In complex cases or due to the number of requests submitted, this period may be extended to 90 days.

These rights may be exercised by email at: iod@sggw.edu.pl, or by post at the address of the Warsaw University of Life Sciences indicated above.

ZAŁĄCZNIKI: