Protection of whistleblowers
Reporting information under the Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches
INFORMATION FOR THE CONDITIONS AND PROVISIONS FOR REPORTING INFORMATION IN INTERSERVICE UZUNOVI AV under the Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (APPRIPDIB)
Here is information for the conditions and provisions for reporting information under the APPRIPDIB in “Interservice Uzunovi AV” LTD
Persons who are granted the protection under the APPRIPDIB
You may report information for a breach through the internal reporting information channel in “Interservice Uzunovi AV” LTD if you are a whistleblower within the meaning of article 5, paragraph 2 of the APPRIPDIB, and namely a natural person who files a report about a breach, which has become known to her/him in the capacity of:
- Worker, employee or other person, who works in Interservice Uzunovi AV LTD, regardless of the nature of the work, the method of payment and the source of financing;
- Person with self-employed status who works in Interservice Uzunovi AV LTD without employment legal relationship;
- A volunteer or an intern in Interservice Uzunovi AV LTD;
- A person who works for a natural or legal person, contractors, subcontractors or suppliers of Interservice Uzunovi AV LTD;
- A person whose employment or service relationship in and with Interservice Uzunovi AV LTD is about to begin in cases where the information about a breach and/or violation was received during the selection process or during other pre-contractual relations;
- Interservice Uzunovi AV LTD worker or employee, when the information was obtained within the framework of an employment or service relationship, which was terminated at the time of filing the report or the public disclosure;
- Any other whistleblower, filing a report about a breach, which has become known to her/him in work-related context. Within the meaning of the APPRIPDIB “work-related context” are present or past work activities in Interservice Uzunovi AV LTD, through which, regardless of the nature thereof, the persons obtain information for breaches and violations and within the framework of which the persons may be subjected to repressive retaliation actions, if file such reports.
Please take into account that protection under the Act is also granted to the persons who assist the whistleblower in the reporting process, the persons, who are related to the whistleblower and who may be subjected to retaliation due to the reporting, as well as legal entities, in which the whistleblower has an equity interest, for whom he works, or is otherwise associated with in a work-related context.
Important: If you are not among the listed above persons, you may also file a report about a violation and breach, which will be considered under the provisions of the Administrative Procedure Code. .
Scope of the reports for breaches under the APPRIPDIB
The reports for breaches, filed under the provisions of the APPRIPDIB, shall be connected to one or more spheres of breaches, related to Interservice Uzunovi AV LTD business:
- Public procurement;
- Transport safety;
- Environmental protection;
- Food safety;
- Protection of privacy of personal life and personal data;
- The security of networks and information systems;
- Breaches that affect the financial interests of the European Union;
- Payment of due public state and municipal liabilities;
- Labor legislation.
A list of the acts of the European Union applicable to the reports for breaches under the APPRIPDIB, is provided in an annex to the APPRIPDIB. If you believe that in the business activity of Interservice Uzunovi AV LTD breaches of any of these acts are allowed and your are a whistleblower under the Act, you are entitled to file a report through the internal reporting channel.
How to file a report through the internal reporting channel in Interservice Uzunovi AV LTD (provisions for filing reports for breaches)
In the structural units and training and recreational bases of Interservice Uzunovi AV LTD you may file reports under the APPRIPDIB in writing, including email, or verbally.
For filing a written report you may use the Form for registering a report for filing information for breaches under the APPRIPDIB, completing only Part I – V including, sign the form and sent via post the completed form to the address of Interservice Uzunovi AV LTD: the city of Varna, 186 Vladislav Varnenchik Blvd., floor 4, Office Interservice Uzunovi AV LTD, Internal Reporting Channel. Within 7 days after the receipt of the report an employee, responsible for handling the report, will confirm the receipt and provide to you information for registration of the report and its unique reference number and date. Each subsequent information or communication in relation to the report will be enclosed to this unique identification number.
For filing an electronic report you may use the Form for registering a report for filing information for breaches under the APPRIPDIB, completing only Part I – V including, sign with electronic signature the form and sent it to e-mail: signal@isu.bg. Within 7 days after the receipt of the report an employee, responsible for handling the report, will confirm the receipt and provide to you information for registration of the report and its unique reference number and date. Each subsequent information or communication in relation to the report will be enclosed to this unique identification number.
For filing a verbal report: this is done on the spot in the administration at address: the city of Varna, 186 Vladislav Varnenchik Blvd., floor 4, Office Interservice Uzunovi AV LTD.
Please keep in mind that:
- At registering anonymous reports or reports, concerning breaches, committed more than two years ago, no proceedings will be initiated.
- No registered reports, which do not fall in the scope of the APPRIPDIB and the contents of which provide no grounds for them to be accepted as true, shall be handled.
- Registered reports, containing obviously false or misleading allegations for facts, shall be returned with instructions to the whistleblower for correcting the allegations and for the responsibility born for false accusation under article 286 of the Criminal Code.
How we process your personal data in relation to filed reports about breaches under the APPRIPDIB (special privacy declaration)
Personal Data Controller
Interservice Uzunovi AD, address: the city of Sofia, 6 April 20th Street, BULSTAT Unique ID No. 130278451.
Purposes of the personal data processing in the reports for breaches
The personal data is processed for the purposes of ensuring protection of the persons, who file reports or publicly disclose information for breaches of the Bulgarian legislation or the acts of the European Union, which have become known thereto at or in relation to performance of their work duties or in other work-related context within the meaning of the APPRIPDIB, and for performance of the respective legal obligations as well.
Legal grounds for processing of the personal data
Your personal data will be processed pursuant to article 6, paragraph 1, letter “c” of Regulation (EU) 2016/679 (General Data Protection Regulation) in relation to the obligations, arising out of the Act on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches.
Personal data recipients
The employees, responsible for handling the reports, assigned with an order of the Executive Director of Interservice Uzunovi AV LTD, shall have access to the personal data, contained in the reports for beaches. Disclosure of the identity of the whistleblowers and of the information, related to the filed reports for breaches, shall be allowed only under the provisions of article 31 of the APPRIPDIB, and namely:
- only with the express written consent of the whistleblower. The express written consent shall be made in writing or in electronic form before an employee, responsible for handling the report; or
- when this is a necessary or proportionate obligation imposed by Bulgarian legislation or by European Union law in the context of investigations by national authorities or by judicial proceedings, including with a view of guaranteeing the right of protection of the person concerned. In such case the whistleblower will be notified of the need for disclosure with a written notification by the employee, responsible for handling the report, which shall be motivated. The whistleblower shall not be notified when the investigation or legal proceedings are jeopardized.
The personal data shall not be transferred to a third country or to international organization.
If a legal obligation for the transfer of the data arises, the respective structural unit with right to access to the personal data at the controller shall notify the whistleblowers before the transfer and provide the applicable in the particular case measures, which guarantee the adequacy of the protection of the personal data.
Period for storing the personal data
The personal data shall be stored for a period, determined at taking into account the following criteria: 1. The time for conducting the investigation related to the report, 2. The time needed for further investigations and 3. The time for storing the report according to article 18, paragraph 2, item 9 of the APPRIPDIB.
Significance of the provided personal data
The provision of your personal data for the purposes of filing reports for a breach is a mandatory requirement, and the non-provision of information or filing anonymous reports shall be an obstruction for initiating proceedings in relation to the report, in accordance with article 9, item 1 of the APPRIPDIB.
Rights of the data subjects
At processing of your personal data you have the rights under Regulation (EU) 2016/679, which you may exercise under the provisions, stated in our general information on personal data protection. In addition to the provided in Regulation (EU) 2016/679 rights you also have the following rights:
- to decide whether to sign the documented verbal report (article 15, paragraph 3 of the APPRIPDIB);
- to be notified for the receipt of the report within 7 days after the receipt (article 16, paragraph 1 of the APPRIPDIB);
- to receive information for the procedures for external reporting to the competent central authority, and when appropriate – to the institutions, bodies, services and agencies of the European Union (article 16, paragraph 5 of the APPRIPDIB);
- to be notified for forwarding your report to the external reporting authority (Personal Data Protection Commission) if the latter needs to take action (article 16, item 11, letter “d” of the APPRIPDIB);
- to receive feedback for the action taken, the final result of the investigation on the report, together with the reasons (article 16, item 4 in relation to article 17, paragraph 1, item 4 of the APPRIPDIB).