Whistleblowing Regulations

NIX Tech Limited Liability Company Whistleblowing Regulations

I. Introduction

Taking into account Hungary’s obligations under international and EU law in line with its anti-corruption efforts, and ensuring the necessary measures to protect whistleblowers as fully as possible, the Parliament, recognizing the importance of whistleblowing in the private sector as well, adopted Act XXV of 2023 on Complaints, Whistleblowing in the Public Interest and Rules Related to Whistleblowing (hereinafter referred to as the “Complaints Act”), thereby obliging NIX Tech Limited Liability Company (hereinafter referred to as the “Company”) to establish an internal whistleblowing system (hereinafter referred to as the “Whistleblowing System”).

It has always been of paramount importance for the Company, as an employer, to receive first-hand information from its colleagues and partners about problems, abuses, breaches of interests and rights that occur at the Company. Complaints and whistleblowing can be good indicators for improving and developing processes within the Company and for eliminating and preventing situations that could lead to abuse. By setting up a Whistleblowing System and whistleblower protection measures, our internal and external employees can obtain prompt and effective redress and have their complaints properly investigated, so that they can be effectively dealt with and contribute to maintaining a balanced, partnership-based family work culture.

II. Definitions

  1. 1. Complaint: a complaint is a request for the redress of an individual’s rights or interests which is not subject to any other procedure, in particular judicial or administrative. A complaint may also contain a proposal;
  2. 2. Public interest report: a public interest report draws attention to a circumstance the remedying or removal of which is in the interest of the community or society as a whole. A public interest report may also include a proposal;
  3. 3. Report: an oral or written communication containing a Complaint or a Public interest report that is made by the person making the report to the recipient in the Whistleblowing system;
  4. 4. Whistleblower: the person who makes a report in the Whistleblowing system;
  5. 5. Person concerned by the report: a natural person or legal entity concerned by the Report;
  6. 6. Employment relationship: any legal relationship in which an employed person performs an activity for and under the direction of an employer for remuneration or for self-employment.
  7. 7. Employer: a person who employs a natural person under an employment relationship.
  8. 8. Employee: a natural person who performs an activity for and under the direction of the Employer within the framework of an employment relationship for remuneration or who performs an activity for his/her own account.

III. Whistleblowing system

Information about an unlawful or suspected unlawful act or omission or other misuse may be reported through the Company’s Whistleblowing system. The Whistleblowing system is operated by Dr. Kata Kertész, a whistleblower protection lawyer, on behalf of the Company in accordance with Section 50 of the Complaints Act. Contact details of the whistleblower protection lawyer:

Reports in the Company’s Whistleblowing system may be made by the following persons:

a) Employees of the Company;
b) an Employee who has ceased to be employed by the Company;
c) a person who wishes to establish an employment relationship with the Company and for whom the procedure for establishing such a relationship has been initiated;
d) an individual entrepreneur, an individual company, if it has a contractual relationship with the Company;
e) any person who has an ownership interest in the Company and any person who is a member of the management of the Company;
f) a contractor, subcontractor, supplier or person under the supervision and control of an agent who has initiated a procedure for establishing a contractual relationship with the Company, or who is or has been in a contractual relationship with the Company;
g) trainees and volunteers working for the Company;
h) a person who wishes to establish a legal or contractual relationship with the Company pursuant to points d), e) or g) and in respect of whom the procedure for the establishment of such legal or contractual relationship has been initiated, and
i) a person whose legal or contractual relationship with the Company as referred to in points d), e) or g) has ceased.

IV. Means of reporting

  1. 1. Reports can be made orally or electronically, in writing by e-mail. An oral Report may be made by telephone or in person. Personal filings can be made by appointment at the headquarters of the whistleblower protection lawyer (H-1115 Budapest, Etele út 42/A, 9th floor, No. 57) on working days.
  2. 2. The whistleblower protection lawyer shall record in writing the oral Report received by telephone and shall provide the whistleblower with a copy of the Report, with the possibility to verify, correct and sign it.
  3. 3. If the Whistleblower makes the Report in person, the whistleblower protection lawyer will, after having been informed of the oral Report in accordance with the provisions on the protection of personal data (Annex 1) a) record it in a durable and retrievable form; or b) put it in writing and, subject to the possibility of verification, correction and acceptance by signature, will deliver it in a duplicate to the Whistleblower.
  4. 4. The whistleblower protection lawyer must make a full and accurate record of the oral report when it is put in writing.
  5. 5. In the case of an oral Report, the whistleblower protection lawyer shall draw the Whistleblower’s attention to the consequences of making a report in bad faith, the procedural rules governing the investigation of the Report (Annex 2) and the fact that the identity of the Whistleblower, if he/she provides the information necessary to establish it, will be kept confidential at all stages of the investigation of the report.
  6. 6. In the case of a written Report, the whistleblower protection lawyer will send an electronic confirmation of the Report to the Whistleblower by e-mail within 7 (seven) days of receipt of the written Report. The confirmation shall include general information to the Whistleblower on the procedural and data management rules (Annexes 1 and 2)

V. Investigation of the Report

  1. 1. The whistleblower protection lawyer shall investigate the allegations contained in the Report received by him/her as soon as possible, but not later than thirty (30) days from the date of receipt of the Report. This time limit may be extended in particularly justified cases, subject to the simultaneous notification of the Whistleblower. In this case, the Whistleblower shall be informed of the expected date of the investigation and the reasons for the extension of the investigation by a short e-mail. The time limit for investigating the Report and informing the Whistleblower shall not exceed 3 (three) months even in the case of an extension.
  2. 2. During the investigation of the Report, the whistleblower protection lawyer will keep in contact with the Whistleblower, and may invite the Whistleblower to supplement or clarify the Report, to clarify the facts and to provide further information.
  3. 3. An investigation of a Report may be waived if a) the Report was made by an unidentified Whistleblower (an unidentified Whistleblower is one for whom, despite reasonable efforts to do so, the whistleblower protection lawyer does not have sufficient information to identify the Whistleblower); b) the Report was not made in accordance with the provisions of Clause III of these Regulations. c) the Report is a repeat report by the same Whistleblower with the same contents as the previous notification, or d) the breach to the public interest or overriding private interest would not be proportionate to the restriction of the rights of the person concerned by the Report resulting from the investigation of the Report.
  4. 4. If the investigation of the Report may be waived pursuant to Clause V.3 of these Rules, the whistleblower protection lawyer shall, pending the determination of that fact, perform the tasks related to the receipt and recording of the Report and the provision of information related to the Report.
  5. 5. The investigation of a Report shall include an assessment of the relevance of the circumstances set out in the Report and the taking of appropriate measures to remedy the acts or omissions or other abuses that are or are suspected to be unlawful.
  6. 6. If the contents of the Report justify the initiation of criminal proceedings, a criminal report should be made.
  7. 7. The whistleblower protection lawyer shall inform the Whistleblower in writing of the investigation or non-investigation of the Report and the reasons for the non-investigation, the outcome of the investigation of the Report, and the action taken or planned. Written information may be waived only if the whistleblowing protection lawyer has informed the Whistleblower orally and the latter has expressly taken note of the information, which may be verified subsequently.
  8. 8. The whistleblower protection lawyer provides clear and easily accessible information on the operation of the Whistleblowing system, the Whistleblowing process, and the Whistleblowing systems and procedures (Annex 2).

Rules on data processing in relation to the Report

  1. 1) Within the framework of the Whistleblowing system
    a) the Whistleblower,
    b) the person whose conduct or omission gave rise to the Report; and
    c) personal data of a person who may have information relevant to the subject matter of the Report which are indispensable for the investigation of the Report may be processed solely for the purpose of investigating the Report and remedying or stopping the conduct that is the subject of the Report.
  2. 2) Personal data not covered by Clause VI.1 shall be deleted without delay from the data processed within the framework of the Whistleblowing system.
  3. 3) The personal data of the Whistleblower – with the exception of the data of the Notifier who has provided obviously malicious or false information – may be disclosed only to the public body or authority competent to conduct the proceedings initiated on the basis of the Report, if such public body or authority is entitled to process the data by law or if the Whistleblower has consented to the disclosure of his/her data. The personal data of the Whistleblower shall not be disclosed without his/her explicit consent.
  4. 4) If it has become apparent that the Whistleblower has, in bad faith, provided false data or information and
    a) in this context, if there are indications that a criminal offence or irregularity has been committed, the personal data of the Whistleblower must be disclosed to the public body, authority or person entitled to conduct the proceedings,
    b) there are reasonable grounds to believe that he or she has caused unlawful damage or other legal harm to another person, his or her personal data must be disclosed at the request of the public authority, agency or person entitled to initiate or conduct the proceedings.
  5. 5) If the Report concerns a natural person, in the exercise of that natural person’s right to information and access under the provisions on the protection of personal data, the personal data of the Whistleblower shall not be disclosed to the person requesting the information.
  6. 6) The transfer of data processed under the Whistleblowing system to a third country or an international organisation may only take place if the recipient of the transfer has given a legal undertaking to comply with the rules on reporting set out in the Complaints Act and subject to the provisions on the protection of personal data.
  7. 7) The identity of the Whistleblower disclosing his/her identity, the person concerned by the Report or the person who may have substantial information about the facts contained in the Report, shall not be disclosed to any person other than the authorized persons. Pending the conclusion of the investigation or the initiation of formal charges, as a result of the investigation, the persons investigating the Report may share information about the content of the Report and the person concerned by the Report with other departments or employees of the Company to the extent strictly necessary for the conduct of the investigation, in addition to informing the person concerned by the Report.
  8. 8) The person concerned by the Report and any person who may have material information about the facts contained in the Report shall be informed in detail about the Report, his or her rights regarding the protection of his or her personal data and the rules on the processing of his or her data when the investigation is opened. In accordance with the requirement of a fair hearing, it should be ensured that the person concerned by a Report or in possession of material information about the facts contained in a Report can express his views on the Report through his legal representative and that he/she can provide evidence in support of his/her views. Exceptionally, and in duly justified cases, the person concerned by the Report or the person who has factual knowledge of the facts of the Report may be informed at a later stage if immediate information would impede the investigation of the Report.

VI. Protection of Whistleblowers

  1. 1. Any action that is detrimental to the Whistleblower,
    a) which is the result of the lawful making of the Report; and
    b) which is carried out in the context of a legal relationship or connection as defined in Chapter III, is unlawful even if it was otherwise lawful.
  2. 2. An adverse action is an act or omission that is detrimental to the Whistleblower, in particular
    a) suspension, collective redundancies, dismissal or equivalent measures;
    b) transfer of duties, change of place of work, reduction of wages, change of working hours;
    c) refusal to provide training;
    d) a negative performance appraisal or job reference;
    e) the application of any adverse legal consequence under the law applicable to his/her employment, in particular disciplinary measures, reprimands or financial penalties;
    f) coercion, intimidation, harassment or ostracism;
    g) discrimination, unfavourable or unfair treatment;
    h) failure to convert a fixed-term employment into an employment of indefinite duration, if the Employee had a legitimate expectation that his/her employment would be converted into an employment relationship of indefinite duration;
    i) failure to renew or early termination of a fixed-term employment contract;
    j) damage, which includes damage to the person’s reputation or financial loss, including loss of business opportunity and loss of income;
    k) a measure as a result of which it is reasonable to conclude that the person concerned will not
    be able to take up future employment in the sector in which he or she is employed;
    l) the requirement to undergo a medical fitness test;
    m) early termination or cancellation of a contract for goods or services; and
    n) the withdrawal of the authorization.
  3. 3. In the course of official or judicial proceedings relating to an adverse action under Clause VI.2, if the Whistleblower proves that the Report is lawful, the following information is available.
    a) the adverse action must be presumed to have been taken as a result of the lawful making of the Report; and
    b) the person who took the adverse action shall bear the burden of proving that the adverse action was taken for a legitimate reason and not because the report was lawfully made.
  4. 4. Where a Report is lawfully made, the Whistleblower shall not be deemed to have breached any restriction on disclosure of a legally protected secret or any other legal restriction on disclosure of information and shall not be liable in respect of such Report if the Whistleblower had reasonable grounds to believe that the Report was necessary to disclose the circumstances to which the Report relates.
  5. 5. Where a Report is lawfully made, the Whistleblower shall not be liable for obtaining or accessing the information contained in the Report, unless the Whistleblower has committed a criminal offence by obtaining or accessing the information. A Whistleblower shall not be held liable for lawfully making a report if the Whistleblower had reasonable grounds to believe that the report was necessary to disclose the circumstances to which it relates. The Whistleblower may invoke the provisions of Clauses VI.4 to VI.5 in all official or judicial proceedings, in addition to proving that the Report was lawful.
  6. 6. It is lawful to make a Report if.
    a) the Whistleblower made the Report in the Whistleblowing system, in accordance with the rules set out in these Regulations or the Complaints Act;
    b) the Whistleblower obtained the reported information concerning the circumstances to which the Report relates in the context of his or her employment-related activities; and
    c) the Whistleblower had reasonable grounds to believe that the information reported concerning the circumstances to which the Report relates was true at the time of the Report.
  7. 7. The protection applicable to a Whistleblower shall apply to a person who
    a) assists the lawful Whistleblower in making the Report,
    b) a person related to the lawful Whistleblower making the Report, in particular an associate or family member of the Whistleblower, who may be subject to adverse action under Clause VI.2.
  8. 8. Miscellaneous provisions
    1. If the whistleblower protection lawyer receives a quality complaint concerning products or services produced or distributed by the Company by mistake, the whistleblower protection lawyer shall immediately forward it to the competent department of the Company.
    2. In matters not regulated in detail in these Regulations, the provisions of the Complaints Act shall prevail.
    3. The provisions of these Regulations shall apply from 01 December 2023.

Annex 1 to the Whistleblowing Regulations of NIX Tech Limited Liability Company

INFORMING THE WHISTBLOWER ABOUT THE PROTECTION OF PERSONAL DATA

DATA PROCESSING INFORMATION

IN RELATION TO THE PROCESSING OF PERSONAL DATA STRICTLY NECESSARY IN THE CONTEXT OF THE INTERNAL WHISTLEBLOWING SYSTEM

  1. 1. Data Controller
    • Data Controller: NIX Tech Korlátolt Felelősségű Társaság
    • Registered office: H-1138 Budapest, Föveny utca 4-6. 5. emelet
    • Represented by Dr Benjámin Lajos Málik, Managing Director
    • E-mail: [email protected]
    • Website: https://nixstech.com/

    (hereinafter referred to as the “Data Controller”)

  2. 2. Personal data necessary for the purposes of the internal whistleblowing system (hereinafter: Whistleblowing system)
    Information about illegal or suspected illegal acts or omissions or other misconduct can be reported to the Whistleblowing system. The Whistleblower, i.e. you, can make the report in writing or orally. The internal Whistleblowing system will process the personal data of the Whistleblower and the personal data of the person whose conduct or omission gave rise to the Report and who has relevant information in relation to the Report. All other personal data not covered by the foregoing shall be deleted from the Whistleblowing system without delay.
    Legal basis for data processing: to fulfil a legal obligation. [Article 6(1) c) GDPR] We are obliged to investigate and process the Report under Act XXV of 2023 on Complaints, Whistleblowing in the Public Interest and Rules Related to Whistleblowing.
    Purpose of processing: only to investigate the Report and to remedy or stop the conduct that is the subject of the Report.
    Duration of processing: we will keep the data until the purpose specified above has been achieved.
    Recipients: the personal data of the Whistleblower may be disclosed only to the public body or authority competent to conduct the procedure initiated on the basis of the Report, if that public body or authority is entitled to process the data by law or if the Whistleblower has consented to the disclosure of the data. Personal data of the Whistleblowershall not be disclosed without his/her consent. Where it has become apparent that the Whistleblower has communicated false data or information in bad faith, his or her personal data shall be disclosed, upon request, to the body or person entitled to initiate or conduct the relevant proceedings.
    Forwarding to third countries or international organizations: only in the case of a legal obligation and subject to the rules on the protection of personal data.
  3. 3. Rights of the Whistleblower
    In relation to the processing of your data, you have the rights detailed in Clauses 3.1.-3.4 below. If you wish to exercise any of these rights, please write to us using one of the contact details below:

    • Address: H-1138 Budapest, Föveny utca 4-6. 5. emelet
    • E-mail address: [email protected]

    Identification
    In all cases, we will need to identify you before we can fulfil your request. If we cannot identify you, we will unfortunately not be able to fulfil your request.
    Reply to the request
    Once identified, we will provide you with information about your request in writing, electronically or orally at your request. Please note that if you have submitted your request electronically, we will respond electronically. You will of course have the option to request another method in this case.
    Deadline for taking action
    At the latest within one (1) month of receiving your request, we will inform you of the action we have taken in response to your request. If necessary, and taking into account the complexity of the request and the number of requests, this period may be extended by further two (2) months, and you will be informed within the one (1) month time limit.
    We are also obliged to inform you of any failure to take action within the one-month time limit. You can lodge a complaint with the NAIH (Hungarian National Authority for Data Protection and Freedom of Information) (Clause 4.1) and exercise your right to a judicial remedy (Clause 4.2).
    Administration fee
    The information and action requested is free of charge. An exception is made if the request is clearly unfounded or excessive, in particular because of its repetitive nature. In this case, we may charge a fee or refuse to comply with the request.

    1. 3.1. You may request information (access)
      You can request information on whether your personal data are being processed and if so:

      • What is the purpose?
      • What exactly is the processing of data?
      • To whom do we transfer the data?
      • How long do we keep the data?
      • What rights and remedies do you have in this regard?
      • Who gave us your details?
      • Do we make automated decisions about you using your personal data? In such cases, you may also request information about the logic (method) we use and the significance and likely consequences of such processing.
      • If you have found that your data have been transferred to an international organisation or a third country (non-EU country), you can ask us to show you how we guarantee the fair processing of your personal data.
      • You may request a copy of your personal data processed. (Additional copies may be charged based on administrative costs.)
    2. 3.2. You can request a correction
      You may ask us to correct or complete personal data that is inaccurate or incomplete.
    3. 3.3. You may request the deletion (“blocking”) of your personal data
      You can ask us to delete your personal data if:

      • The personal data are no longer necessary for the purposes for which they were processed;
      • For processing based solely on your consent;
      • If your protest is successful;
      • If we are found to be unlawfully processing your personal data;
      • EU or national law requires.
      We may not delete personal data if they are needed:
      • to exercise the right to freedom of expression and information;
      • to comply with an obligation under Union or Member State law that requires the controller to process personal data or in the public interest;
      • on grounds of public interest in the field of public health
      • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where deletion would be likely to render impossible or seriously impair such processing;
      • to bring, enforce or defend legal claims.
    4. 3.4. You may request that we restrict the processing
      You may request that we restrict processing if one of the following conditions is met:

      • You contest the accuracy of the personal data; in which case the restriction applies for the period of time that allows us to verify the accuracy of the personal data;
      • The processing is unlawful, but you oppose the erasure of the data and instead request the restriction of their use;
      • We no longer need your personal data for the purposes of processing, but you need it to establish, exercise or defend legal claims;
      • You have objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the Controller prevail over your legitimate grounds.

      In the case of restriction, personal data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State. You will be informed in advance of any lifting of the restriction.

  4. 4. Remedies
    1. 4.1. You can complain to the NAIH
      If you believe that the processing of personal data about you is in breach of the provisions of the Data Protection Regulation, you have the right to lodge a complaint with the Hungarian National Authority for Data Protection and the Freedom of Information (NAIH).
      NAIH
      • President: Dr Attila Péterfalvi
      • Address for correspondence: 1363 Budapest, Pf. 9.
      • Address: 1055 Budapest, Falk Miksa utca 9-11.
      • Phone: +36 (1) 391-1400
      • Fax: +36 (1) 391-1410
      • Web: http://naih.hu
      • E-mail: [email protected]
    2. 4.2. You can contact the court
      If you believe that the processing of your personal data is in breach of the provisions of the Data Protection Regulation and that your rights under the Data Protection Regulation have been infringed, you have the right to take legal action.
      The court has jurisdiction to hear the case. The action may also be brought, at the option of the person concerned, before the court of the place of residence or domicile of the person concerned. A person who does not otherwise have legal capacity may be a party to the proceedings. The Authority may intervene in the proceedings in order to ensure that the person concerned is successful.
      In addition to the provisions of the Data Protection Regulation, the court proceedings shall be governed by the provisions of Act V of 2013 on the Civil Code, Book II, Part Three, Title XII (§ 2:51 – § 2:54) and other legal provisions applicable to court proceedings.
    3. 4.3. Compensation and damages
      If the Data Controller causes damage or infringes the personal rights of the data subject by unlawful processing of the data subject, the Data Controller may be liable to pay compensation. The Controller shall be exempted from liability for the damage caused and from the obligation to pay damages if he/she proves that the damage or the infringement of the data subject’s personality rights was caused by an unforeseeable cause outside the scope of the processing.
  5. 5. Data security
    We will make every effort to implement appropriate technical and organisational measures to ensure a level of data security appropriate to the level of risk, taking into account the state of the art, the cost of implementation, the nature of the processing and the risk to the rights and freedom of natural persons.
    Personal data will always be treated confidentially, with limited access, encryption and to the maximum extent possible resilience, ensuring recoverability in the event of a problem. Our systems are regularly tested to ensure security. In determining the appropriate level of security, we take into account the risks arising from the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
    We will do our utmost to ensure that persons acting under our control who have access to personal data are only allowed to process that data in accordance with our instructions, unless they are required to do otherwise by EU or Member State law.
    Physical security measures include access control and camera systems, logical security measures include firewalls, anti-virus and security software (workstation protection, file server protection, web monitoring, device monitoring, application monitoring, patch management, WSUS, NAC), software updates, backups, access control, automatic locking of devices, encryption of portable devices, secure remote access via VPN connection. For the website: SSL encryption, CDN, WAF (Web Application Firewall).
  6. 6. Other
    The Data Controller is entitled to amend the provisions of this Privacy Notice at any time. Any changes will take effect at the same time as they are posted on the website, and will be announced in a pop-up window on the website.

Annex 2 to the Whistleblowing Regulations of NIX Tech Limited Liability Company

INFORMING THE WHISTLEBLOWER OF THE PROCEDURAL RULES

INFORMATION ON THE OPERATION OF THE INTERNAL WHISTLEBLOWING SYSTEM, THE WHISTLEBLOWING PROCESS, AND THE WHISTLEBLOWING SYSTEMS AND PROCEDURES UNDER THE COMPLAINTS ACT

Dear Reporting Party,

Pursuant to Act XXV of 2023 on Complaints, Whistleblowing in the Public Interest and Rules Related to Whistleblowing (hereinafter: the Complaints Act) and the NIX Tech Limited Liability Company’s Whistleblowing Regulations (hereinafter: the Regulations), I hereby provide you with the following information.

1. Information on the internal whistleblowing systems and procedures under the Complaints
Act.
Under the Complaints Act, you can report through several channels. The first is to lodge your complaint or public interest report with public bodies or local authorities. You can file a public interest report in your own name or without identification through the secure electronic system for public interest reports (https://www.ajbh.hu/kozerdeku-bejelentes-benyujtasa). The Commissioner for Fundamental Rights is responsible for the operation of the electronic system for submitting and registering reports of public interest.
It is also a “first-round” option if you make the Report to your employer. Under the Complaints Act, a wide range of persons in a legal relationship with the employer are entitled to make a complaint. For information on how to file a complaint with your employer, please refer to Clause II of this Information.
Section 32(1) of the Complaints Act specifies the public bodies that shall establish a separate whistleblowing system. Anyone may also report to these separate whistleblowing systems.
The Complaints Act pays particular attention to the protection of whistleblowers. Any measure which is detrimental to the whistleblower, which is taken because the whistleblowing is lawful and which is taken in the context of a specific legal relationship or relationship with the employer, is unlawful even if it would otherwise be lawful.
A whistleblowing report is lawful if the whistleblower made the report through one of the whistleblowing schemes in accordance with the rules set out in the Complaints Act, the whistleblower obtained the reported information about the circumstances covered by the report in the context of his or her work-related activities, and the whistleblower had reasonable grounds to believe that the reported information about the circumstances covered by the report was true at the time of the report.

2. Informing the oral applicant of the procedural rules
NIX Tech Ltd. operates its own internal whistleblowing system with the assistance of a whistleblower protection lawyer on behalf of the company in accordance with Section 50 of the Complaints Act.
The whistleblower protection lawyer shall investigate the facts contained in the Report as soon as possible, but not later than thirty (30) days from the date of receipt of the Report. This time limit may be extended in particularly justified cases, after informing the applicant. The Whistleblower shall in that case be informed of the expected date of the investigation and the reasons for the extension. The time limit for investigating the Report and informing the Whistleblower shall not exceed three months in the case of an extension.
In the course of the investigation of the Report, the whistleblower protection lawyer will keep in contact with the Whistleblower, and may invite the Whistleblower to complete or clarify the Report, to clarify the facts and to provide further information. The whistleblower protection lawyer is not required to investigate the complaint on the grounds set out in the Complaints Act and the Regulations. Such grounds are if the Report was filed by an unidentified whistleblower, if it was filed by a person who is not entitled to file a Report in relation to NIX Tech Ltd., if the same person files the same Report as previously filed, if it is filed again, or if the harm to the public interest or to an overriding private interest would be disproportionate to the restriction of the rights of the natural person or legal entity concerned by the Report resulting from the investigation of the Report.
The investigation of the Report shall include an assessment of the relevance of the circumstances set out in the Report and the taking of appropriate measures to remedy the acts or omissions or other abuses which are unlawful or suspected of being unlawful.
If the Report justifies the initiation of criminal proceedings, arrangements must be made for criminal charges to be brought.
The whistleblower protection lawyer shall inform the Whistleblower in writing of the examination or non-examination of the Report and the reasons for the non-examination, the outcome of the examination of the Report, and the action taken or planned. Written information may be dispensed with if the whistleblower protection lawyer has informed the applicant orally and the applicant has expressly taken note of the information in a manner which can be verified subsequently.