PROCEDURE FOR ANONYMOUS REPORTING OF INFRINGEMENTS OF
§ 1 This procedure, („Procedure”), defines the rules of operation in the VRG SA company with its registered office in Cracow („Company”, former Vistula Group S.A.) of the mechanism of anonymous reporting to the President of the Management Board of the Company and the Member of the Management Board ("Responsible Person") infringements of legal provisions regarding counteracting money laundering and terrorism financing within the meaning of ustawa z dnia 1 marca 2018 r. o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu (the Act of March 1, 2018 on counteracting money laundering and terrorism financing 2018 item 723, 1075) ("Act"). § 2 1. Any person, in particular an employee of the Company (or other person performing activities for the benefit of the Company) who has encountered or obtained information about infringements of law arising from the Company's procedures or the Act, including potential infringements ("Infringement"), has the possibility to anonymously provide the Responsible Person with information on such infringements. The notification is made using a dedicated electronic link created on the Company's website: https://www.vrg.pl/en located at: https://www.vrg.pl/en/about-us/reporting-irregularities
§ 3 1. The Responsible Person after receiving and verifying the Report may decide on further actions. The follow-up measures are in particular: b) issuing orders to employees; c) taking disciplinary measures against the employee; d) submitting a notice of the possibility of committing a crime to competent law enforcement authorities; e) other activities in accordance with the law.
§ 4 The Company's employees are required to familiarize themselves with the Procedure.
REGULATIONS RELATING TO MONEY LAUNDERING
AND TERRORIST FINANCING
in VRG S.A.
This Procedure is available on the website: vrg.pl and is available in the Office of the Management Board.
2. Reported infringements ("Report") are registered in the register kept by the Company.
a) convening a meeting of the Management Board;
2. Personal data contained in the Reports are removed immediately after completion of the above-described follow-up. The company ensures that the identity of the person making the Report is kept confidential, in the case when the person disclosed his identity or his identity is possible to determine.
3. The person being charged with making the Infringements shall be notified immediately about the fact of making the Report and about the verification of the validity of the Report, subject to confidentiality and to the extent to which it complies with the law.
4. The Company shall ensure that the person making the notification and the person being accused of making the Infringements, protect personal data in accordance with the law.
5. The Company provides employees who report Infringements with protection in particular against acts of repressive nature or against discrimination or other inappropriate behavior.