Procedure for reporting violations by whistleblowers in Doctor One Polska

1. Definitions

Capitalized expressions should be understood as follows:
  1. Address to contact — the address referred to in point 4.4 below
  2. Retaliatory action — a direct or indirect action or omission in a Work Related Context that is caused by the Report and that violates or may violate the rights of the Whistleblower, the Whistleblower's Related Person or the Whistleblower's Assistant, or causes or may cause undue harm to the Whistleblower, Whistleblower or Whistleblower's Assistant, including unfounded initiation of proceedings against the Whistleblower, the Person associated with the Whistleblower or the Whistleblower's Assistant, omission from promotion, reduction of salary, termination of employment or other contracts, transfer to another position, mobbing, discrimination. Retaliatory action is also an attempt or threat to use such an action. — Doctor One Polska sp. z o.o. with its registered office in Bieniewice (05-870) at ul. Poziomkowa 11, entered in the register of entrepreneurs of the National Court Register maintained by the District Court for the City of Warsaw in Warsaw, XIV Commercial Division of the National Court Register under KRS number: 0000988 9484, with NIP number: 1182246930 and share capital in the amount of PLN 5,000. Doctor One is a medical entity entered in the Register of Entities Performing Medicinal Activity maintained by the Mazowieckie Voivode — registry number: 000000254837;
  3. Corrective actions — actions to remove the reported Violation and prevent the occurrence of similar Violations in the future.
  4. Follow-up — each of the actions referred to in point 6.1. below.
  5. Feedback - information on the planned or undertaken Follow-up Actions, together with their justification.
  6. Doctor One Poland - Doctor One Polska sp. z o.o. with its registered office in Bieniewice (05-870) at ul. Poziomkowa 11, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the City of Warsaw, XIV Commercial Division of the National Court Register, under KRS number 0000989484, NIP 1182246930, share capital PLN 5,000.00.
  7. Committee — the committee referred to in point 8.1 below.
  8. Context related to work — past, present or future activities related to the performance of work on the basis of an employment relationship or other legal relationship constituting the basis for the provision of work or services or performance of functions in Doctor One Polska or on behalf of Doctor One Polska, within the framework of which information about the Violation was obtained and there is a possibility of experiencing Retaliatory Actions.
  9. breach — taking place in Doctor One Polska in the context of work, act or omission that is unlawful or aimed at circumventing the law, which concerns the following areas of law (closed catalog):
    1. corruption;
    2. public procurement;
    3. services, products and financial markets;
    4. combating money laundering and terrorist financing;
    5. the safety of products and their compliance with the requirements;
    6. transport safety;
    7. environmental protection, radiation protection and nuclear safety;
    8. food and feed safety;
    9. animal health and welfare;
    10. public health;
    11. consumer protection;
    12. protection of privacy and personal data;
    13. security of networks and ICT systems;
    14. financial interests of the State Treasury of the Republic of Poland, local self-government units and the European Union;
    15. the internal market of the European Union, including public competition and state aid rules and corporate taxation;
    16. constitutional freedoms and human and citizen rights arising in the relations of the individual with public authorities and not related to the areas mentioned in point 1.1.9 (a) to (p) above.
  10. Violator — a natural person, an organizational unit without legal personality, to whom the law grants legal capacity or a legal person designated by the Whistleblower in the Notification as a person who has committed the Violation or is related to the Violator.
  11. Person associated with the Whistleblower — a natural person who may experience Retaliatory Actions, including a collaborator or person closest to the Whistleblower, i.e. spouse, foster, descendant, sibling, related in the same line or degree, the person in the adoptive relationship and his/her spouse, as well as the person cohabiting with the Whistleblower.
  12. Personnel — employees, associates, by whom persons performing work on a basis other than the employment relationship, including on the basis of a civil law contract, interns or apprentices of Doctor One Polska.
  13. Whistleblower Helper — a natural person who assists the Whistleblower in making the Report.
  14. Investigative proceedings - the procedure referred to in point 8 below.
  15. Procedure — this document.
  16. Recipient of the Application — the person referred to in point 4.4. below.
  17. Report — the document referred to in point 8.4. below.
  18. Whistleblower — a natural person who has become aware of a Workrelated Violation and reports the Infringement under the Procedure. The whistleblower can in particular be a staff member, a job candidate, a board member or a partner.
  19. Whistleblowers Act — Act of 14 June 2024 on the protection of whistleblowers.
  20. Preliminary verification of the application — the actions referred to in point 7 below.
  21. Submission — information about the Violation, provided to Doctor One Polska by the Whistleblower in accordance with the Procedure.

2. Purpose and scope of the procedure

  1. Purpose. In Doctor One Poland there is no tolerance for breaking the law. Taking care of the values adopted in Doctor One Polska, as well as compliance with the law, Doctor One Polska has adopted the Procedure for Reporting Violations by Whistleblowers. The purpose of the Procedure is to:
    1. Facilitating the Whistleblower to report a Violation;
    2. providing the Whistleblower with protection against retaliatory actions;
    3. Enabling Doctor One Polska to take appropriate Follow-up Actions.
  2. Scope of Submission. The whistleblower may report a Violation or suspicion of an existing or potential Infringement that he or she became aware of in a work-related context (e.g. may report the storage of medical records contrary to the provisions of the GDPR). This means that the Procedure is not used to report a violation of the law that the Whistleblower learned about accidentally, outside the Work Context (e.g. reporting the fact that a colleague took garbage into the forest).
  3. Persons authorized to make Submissions and the scope of their activities. The Violation may be reported by a Whistleblower who has learned about the Violation in a work-related context, i.e. in the context of performing work or services for Doctor One Polska (e.g. doctor Doctor One Polska who has learned that medical records of patients are stored in a manner inconsistent with the provisions of the GDPR). This means that under the Procedure, violations of the law cannot be reported that a person has learned about outside the Work Context (e.g. a Doctor One clinic patient).

3. Obligation to report violations in good faith

  1. Reporting in good faith. The whistleblower is obliged to act in good faith. Acting in good faith means that the Whistleblower had reasonable grounds to believe that at the time the Infringement was reported, the information in question was true.
  2. Presumption of good faith. Doctor One Poland accepts that the Whistleblower reports the Violation in good faith, unless the Initial Verification of the Report or the Investigation Procedure shows that the Whistleblower has obviously acted in bad faith.
  3. Reporting in bad faith. Acting in bad faith means that the Whistleblower, at the time of reporting the Violation, knows or had reasonable grounds to believe that at the time of reporting the Violation, the information being the subject of the Violation is false.
  4. Consequences of Reporting in Bad Faith. If you report a Bad Faith Violation:
    1. The whistleblower is not protected against retaliatory actions;
    2. The whistleblower may incur civil liability (obligation to pay compensation or compensation for the harm suffered) to the person who suffered damage due to the reporting of the Violation in bad faith;
    3. A whistleblower may be criminally liable under Article 57 of the Whistleblowers Act, according to which “Whoever makes a report or public disclosure, knowing that there has been no violation of the law, shall be liable to a fine, restriction of liberty or imprisonment of up to 2 years”;
    4. The data of the Whistleblower may be provided without his consent to the persons indicated by the Whistleblower in the Notification, if the provision of these data is justified by the circumstances of the case and is necessary for its clarification.

4. Report a violation

  1. Procedure for submitting the Application. The Whistleblower may report the Violation anonymously or with his/her identity by sending an email to one of the indicated addresses:
    1. sygnalista@doctor.one - applies to all Submissions, except for the Submissions indicated in points 4.1.2., 4.1.3 below;
    2. tomasz@doctor.one - applies to Submissions when the Violator is Maciej Malenda;
    3. maciek@doctor.one - applies to Submissions when the Violator is Tomasz Rudolf.
  2. Anonymously Reporting Violations. In order to report a Violation anonymously, the Whistleblower should create an email address that does not contain any given name.
  3. Equal treatment of applications. An Anonymous Report will be treated in the same way as a Non-Anonymous Report, taking into account the limitations of not being able to know the identity of the Whistleblower (e.g. related to the difficulty of verifying the Report or conducting Follow-up).
  4. Accepting Application. The Recipient of the Application is a person who has received the appropriate authorization from Doctor One Polska and who has been obliged by Doctor One Polska to keep confidential all information covered by the Application. The recipient of the Application in Doctor One Polska is:
    1. Thomas Rudolf - when the Application has been sent to sygnalista@doctor.one or tomasz@doctor.one 
    2. Maciej Malenda - when the Application has been sent to maciek@doctor.one 
  5. Content of the Submission. In the Notification, the Whistleblower should describe exactly the circumstances of the Violation and indicate the address to contact. If the Whistleblower does not indicate an address for the contact, the e-mail address from which the Whistleblower sent the Report shall be deemed to be such address.
  6. Submission of evidence in the Submission. If the Whistleblower has evidence of a Violation, he should attach it to the Report. When reporting a Violation, the Whistleblower should remember the rules of secure communication, i.e. in case of sending a document of a confidential nature (e.g. containing a PESEL number or so-called sensitive data), he should protect this document with a password and send it in a separate e-mail message.

5. Whistleblower protection

  1. Protection against retaliation. From the time a Violation is reported, a Whistleblower who is a former employee, current employee or job candidate is protected from Retaliatory Actions. In the event that the Notification Recipient or the Commission becomes aware of the application of retaliatory measures against the Whistleblower, the Receiving Submission or the Commission shall take the necessary measures to protect the Whistleblower, including by drawing consequences against the person who takes the retaliatory action. Taking Retaliatory Actions may be the basis for terminating the contract with the person who takes such Retaliatory Actions.
  2. Extension of protection against retaliation. The provisions of paragraph 5.1 above shall apply mutatis mutandis to:
    1. Assistant Signaler,
    2. A person associated with the Whistleblower,
    3. a legal person or other organizational unit assisting or related to the Whistleblower, in particular owned or employed by the Whistleblower;
    4. A whistleblower who provides work or services on a legal basis other than the employment relationship, provided that the nature of the work, services or function performed or service performed does not preclude the application of such action to the Whistleblower.
  3. Limited access to information. The information covered by the Application, referred to in points 5.4.- 5.5 below, may be accessed only by the Receiving Application and the Commission or external advisors of Doctor One Polska obliged to maintain confidentiality or professional secrecy.
  4. Prohibition of disclosure of the identity of the Whistleblower and other persons. Doctor One Polska guarantees the confidentiality of the identity of:
    1. Whistleblowers;
    2. Assistant Whistleblower;
    3. Person associated with the Whistleblower;
    4. Violator;
    5. other person than the one above, indicated in the Application.
  5. Prohibition of disclosure of information covered by the Notification. Doctor One Polska guarantees the confidentiality of the information covered by the Application, including in particular on the basis of which the identity of the persons referred to in point 5.4 above can be directly or indirectly identified, unless the Procedure or mandatory provisions of law require disclosure of such information.
  6. Consequences of revealing the identity of the Whistleblower and others. The disclosure of the identity of the persons referred to in paragraphs 5.4.1.-5.4.3 above may lead to criminal liability for the person disclosing, pursuant to Article 56 of the Whistleblowers Act, according to which: “Anyone who, contrary to the provisions of the Act, discloses the identity of a whistleblower, a person assisting in making a report or a person associated with a whistleblower, is liable to a fine, a penalty of restriction of freedom of restriction or imprisonment for up to a year.”
  7. ACCEPTANCE OF THE APPLICATION AND MAINTENANCE OF THE REGISTER
  8. Responsibilities of the Application Recipient. The Recipient of the Application is responsible for:
    1. entering the Application in the appropriate register, at the latest on the next working day, counting from the date of receipt of the Application;
    2. sending the Signaler to the Contact Address indicated by him, confirmation of acceptance of the Notification within 7 days, counting from the date of its receipt. This provision shall not apply if the Whistleblower has not indicated the Contact Address;
  9. Separate registers. Separate registers shall be kept for the Submissions referred to in points 4.1.1., 4.1.2., 4.1.3 above.

6. Follow-up

  1. Scope of Follow-up. Upon acceptance of the Application, the Recipient of the Application shall undertake Follow-up Actions, which may consist of the following actions:
    1. Preliminary verification of the application;
    2. Investigative proceedings;
    3. Corrective actions.
  2. Call for additional information. At any stage of the Follow-up, the Notification Recipient or the Commission may request the Whistleblower to provide additional information to the Notification.
  3. External advisors of Doctor One Polska. At any stage of the Follow-up, the Notification Recipient or the Commission may involve external advisors of Doctor One Polska obliged to maintain confidentiality or professional secrecy in these activities, if their participation is necessary to clarify the Infringement.
  4. When expert knowledge is required, the Receiving Application or the Commission may involve external advisors of Doctor One Polska obliged to maintain confidentiality or professional secrecy in these activities.
  5. Follow-up rules. The Recipient of the Notification and the Commission are required to follow up with due diligence and impartiality.

7. Preliminary verification of the application

  1. Assessment of the veracity of information. The Recipient of the Application makes a preliminary assessment of the veracity of the information contained in the Application. Depending on the outcome of this assessment, the Applicant:
    1. appoints a Commission responsible for conducting further investigation - if the Recipient of the Notification does not consider the information provided in the Notification to be manifestly false.
    2. withdraws from the appointment of the Commission - if the Recipient of the Notification considers the information provided in the Notification to be manifestly false or if he is unable to verify it in any way - and provides the Whistleblower with the Feedback within 3 months from the date of confirmation of receipt of the Notification or 3 months from the expiration of 7 days from the date of submission of the Notification, if no confirmation has been sent to the Signaler Acceptance of the Application due to the lack of indication of the Contact Address. This provision does not apply if the Whistleblower has not indicated the Contact Address.

8. Investigative procedure

  1. Appointment of the Commission. Upon completion of the Initial Verification of the Application in accordance with the procedure referred to in point 7.1.1 above, the Recipient of the Application appoints to the Commission persons from the organizational structure of Doctor One Polska, whose participation will be necessary to clarify the Infringement, due to its nature (e.g. CFO, data protection officer, lawyer, data security specialist). Doctor One Polska grants these persons the appropriate authorization and obliges them to keep confidential all information covered by the Application.
  2. Limitations on the composition of the Commission. The Commission shall not include the persons referred to in paragraphs 5.4.1.-5.4.5. above.
  3. Action taken by the Commission. In order to provide a comprehensive and objective explanation of the Notification, the Commission may in particular take the following actions, provided that they do not infringe the provisions of § 5 (Whistleblower Protection):
    1. analyze the documentation related to the Violation;
    2. interview persons who may have information about the Infringement;
    3. conduct an audit of the electronic correspondence of staff members (e-mail messages, instant messengers used by Doctor One Polska and staff telephones) that may be related to the Violation;
    4. order the undertaking of explanatory activities to an external advisor Doctor One Polska;
    5. take any other action necessary to clarify the Notification.
  4. Proceedings Report. From the investigation, the Commission shall prepare a Report containing at least the following information:
    1. a description of the facts and evidence gathered in the proceedings;
    2. a description of the action taken by the Commission;
    3. conclusions arising from the actions taken by the Commission;
    4. recommendations to the management board of Doctor One Polska (in the case of Applications that do not concern members of the management board) or part of the members of the management board of Doctor One Polska, i.e. members of the management board of Doctor One Polska not covered by the Application (in the case of Applications that concern a member of the management board), including possible corrective actions, which may consist of disciplinary or reorganization actions.
  5. Deciding on Corrective Action. Based on the Report, the management board of Doctor One Polska (in the case of Applications that do not concern members of the management board) or part of the members of the management board of Doctor One Polska, i.e. members of the management board of Doctor One Polska not covered by the Application (in the case of Applications that concern a member of the management board):
    1. take decisions on the implementation of Corrective Actions or take other appropriate action;
    2. obliges the Recipient of the Application to provide the Feedback to the Signer within 3 months, counting from the date of confirmation of acceptance of the Application, or 3 months from the expiration of 7 days from the date of submission of the Notification, if the Signer has not been sent confirmation of acceptance of the Notification due to the lack of indication of the Address to be contacted. This provision shall not apply if the Whistleblower has not indicated the Contact Address;
    3. obliges the Notification Recipient or other designated person to coordinate or control the implementation of Corrective Actions or other measures.

9. External notifications

  1. How to make an external report. The Whistleblower may make an external report, without first making a Report under this Procedure, to the Ombudsman or to the public authority competent to follow up on the reported Infringement.
  2. Rules for making external reports. The rules for making external reports to the Ombudsman or a public authority can be found on the websites of these bodies.

10. Final provisions

  1. Reference to the law. To the extent not regulated by the Procedure, the provisions of the Act on Whistleblowers shall apply.
  2. Processing of personal data of the Whistleblower. Doctor One Polska processes the personal data of the Whistleblower in accordance with the rules set out in Annex A.
  3. Processing of personal data of the Violator and other persons. Doctor One Polska processes the personal data of the Violator and other persons indicated in the Notification in accordance with the rules set out in Annex B.
Annex A:

Information clause concerning the submission of a notification

Administrator. The administrator of your personal data is Doctor One Polska.
Who can you contact regarding the processing of your personal data? In matters related to the protection of your personal data, you can contact us by sending an email to iod@doctor.one.
Purposes and legal bases for the processing of your data. We will process your personal data in order to process your Report, keep a register of Reports and take any follow-up actions on the basis of Article 6 (1) (c) GDPR in conjunction with the provisions of the Whistleblower Protection Act or on the basis of Article 9 (2) (g) GDPR in conjunction with the provisions of the Whistleblower Protection Act, if the Notification contains data of a special category (e.g. data concerning health). In addition, we may process your personal data in order to protect and defend against possible claims, on the basis of Art. 6 (1) lit. f GDPR (legitimate interest of the controller).
Who can we disclose your personal data to? We may disclose your personal data to: (1) external advisors of Doctor One Polska, who are obliged to maintain confidentiality or professional secrecy, if their participation is necessary to clarify the Infringement (e.g. law firm); (2) to state authorities, if we are obliged to do so by absolutely applicable law.
Will we transfer your personal data outside the EEA? To a limited extent, where you use ICT tools, we may transfer your personal data outside the European Economic Area, in particular to the USA, on the basis of standard contractual clauses or binding corporate rules. You can obtain from Doctor One Polska a copy of the document that forms the basis for the transfer of your personal data.
How long will we keep your personal data? We will retain your personal data for a period of 3 years after the end of the calendar year in which we completed the Follow-up Actions or after the completion of the proceedings initiated by those actions. We delete your personal data that is not relevant to the processing of the Application within 14 days from the moment we determine that they are not relevant to the case.
What rights do you have in relation to the processing of your personal data? You have the right to: (1) access your personal data; (2) request rectification, deletion or restriction of processing; (3) object to processing; (4) lodge a complaint in connection with the processing of your personal data to a supervisory authority, i.e. the President of the Office for Personal Data Protection in Warsaw; (5) transfer of personal data.
Is the provision of personal data mandatory? Providing data is voluntary and does not affect the acceptance of the Application.
Will we use your personal data to make decisions in an automated manner? We will not use your personal information to make automated decisions or profile you.
Annex B:

Information clause concerning the submission of a notification

Administrator. The administrator of your personal data is Doctor One Polska.
Who can you contact regarding the processing of your personal data? In matters related to the protection of your personal data, you can contact us by sending an email to iod@doctor.one.
Purposes and legal bases for the processing of your data. We will process your personal data in order to process the Notification in which your personal data have been indicated, to keep a register of Reports and to take any follow-up action, on the basis of Article 6 (1) (c) of the GDPR in conjunction with the provisions of the Act on the Protection of Whistleblowers or on the basis of Article 9 (2) (g) of the GDPR in conjunction with the provisions of the Act on the Protection of Whistleblowers, if the Notification contains data of a specific category (e.g. health data). In addition, we may process your personal data in order to protect and defend against possible claims, on the basis of Art. 6 (1) lit. f GDPR (legitimate interest of the controller).
Who can we disclose your personal data to? We may disclose your personal data to: (1) external advisors of Doctor One Polska, who are obliged to maintain confidentiality or professional secrecy, if their participation is necessary to clarify the Infringement (e.g. law firm); (2) to state authorities, if we are obliged to do so by absolutely applicable law.
Will we transfer your personal data outside the EEA? To a limited extent, where you use ICT tools, we may transfer your personal data outside the European Economic Area, in particular to the USA, on the basis of standard contractual clauses or binding corporate rules. You can obtain from Doctor One Polska a copy of the document that forms the basis for the transfer of your personal data.
How long will we keep your personal data? We will retain your personal data for a period of 3 years after the end of the calendar year in which we completed the Follow-up Actions or after the completion of the proceedings initiated by those actions. We delete your personal data that is not relevant to the processing of the Application within 14 days from the moment we determine that they are not relevant to the case.
What rights do you have in relation to the processing of your personal data? You have the right to: (1) access your personal data; (2) request rectification, deletion or restriction of processing; (3) object to processing; (4) lodge a complaint in connection with the processing of your personal data to a supervisory authority, i.e. the President of the Office for Personal Data Protection in Warsaw; (5) transfer of personal data.
Where do we get your data? Due to the protection of the identity of the Whistleblower, we cannot provide you with the source of obtaining your personal data. We are authorized to do so by Article 8 (5) of the Law on Whistleblowers.
Will we use your personal data to make decisions in an automated manner? We will not use your personal information to make automated decisions or profile you.
Logo Doctor.One
Building lasting connections between patients and care teams - so no chronic patient is left alone when the visit ends.
Przycisk "Download on the App Store"Przycisk "Get it on Google Play"

Contact us

Doctor One Sp. z o.o.
The Warsaw Hub
Roundabout Daszyńskiego 2B
00-843 Warsaw
+48 797 088 854
contact@doctor.one

Learn more

About the application
About Doctor.One
For patients
For doctors
For patients

Help

Terms and Coditions for doctors
Terms and Conditions for Patients
Privacy Policy
Data deletion

Stay up to date

Logotipo FacebookLogotipo InstagramLogotipo LinkedIn
Doctor.One Polska is a medical entity registered in the national register with the number 000000254837.
We use cookies to give you the best possible experience. You can change your cookie access settings in your browser. For more information, see Privacy Policy.
PreferencesDenyaccept