PROCEDURE FOR ANONYMOUS REPORTING OF BREACHES OF LAW, PROCEDURES AND ETHICAL STANDARDS IN FORCE AT LIVECHAT SOFTWARE SA

Article 1.

INTRODUCTION AND SCOPE

  1. This procedure sets forth the rules of conduct in case of identified breaches of law, in particular breaches of:
  2. the provisions of the Act of 29 July 2005 on Public Offering, Conditions Governing the Introduction of Financial Instruments to Organised Trading, and Public Companies (i.e. of 22 February 2009; “Dziennik Ustaw” [Journal of Laws] of 2019, item 623, as amended) – hereinafter referred to as the “Public Offering Act”,
  3. the provisions of Regulation (EU) of the European Parliament and of the Council of 14 June 2017 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market, and repealing Directive 2003/71/EC (OJ L 168/12),

and in case of breaches of procedures and ethical standards in force at LIVECHAT Software SA.

  1. This procedure has been developed and implemented in performance of the obligation of LIVECHAT Software SA arising from Section 97d of the Public Offering Act.

Article 2

DEFINITIONS

As used in this document, the following terms and expressions shall have the following meaning:

a. LIVECHAT Software SA; Company – LIVECHAT Software SA with its registered office in Wrocław; ul. Zwycięska 47, 53-033 Wrocław;

b. Informant, Whistleblower – An Employee who reports a breach of provisions of law, procedures, and ethical standards in accordance with this Procedure;

c. Retaliation – any adverse steps taken against the Informant as a result of his or her reporting of a Breach;

d. Member of the Management Board – the President of the Management Board or a Member of the Management Board of the Company;

e. Member of the Supervisory Board – the Chairperson and each Member of the Supervisory Board of the Company;

f. Chairperson of the Supervisory Board – Chairperson of the Supervisory Board of the Company;

g. Procedure Inspector – a person or persons designated by the President of the Management Board to perform functions and activities set forth in the provisions of this Procedure;

h. Employee – each person employed at LIVECHAT Software SA under a contract of employment, contract of mandate, contract of cooperation or other contract of a similar nature;

i. Procedure – this procedure for anonymous reporting of breaches of provisions of law, procedures and ethical standards in force at LIVECHAT Software SA;

j. Breach – conduct identified by the Informant which is contrary to provisions of the applicable law, provisions of procedures or ethical standards in force at LIVECHAT Software SA;

k. Authorised Person – a Member of the Management Board, a Member of the Supervisory Board, the Procedure Inspector who is not a party to a reported Breach;

l. Whistleblowing Website – website delivered and managed by a supplier unrelated to LIVECHAT Software SA which guarantees that anonymity of Informants is protected and that the Authorised Persons are immediately notified of reported Breaches.

Article 3

RIGHTS OF WHISTLEBLOWERS

  1. An Informant has the right to:

● freely access a Member of the Management Board or the Chairperson of the Supervisory Board,

● his or her identity being kept confidential.

  1. Informants shall report identified Breaches through the Wistleblowing Website. Information about each report goes to a Member of the Management Board or, if the matter at hand relates to a Member of the Management Board, to the Chairperson of the Supervisory Board. Whenever a reference is made to a Member of the Management Board, it shall be understood as a reference to the Chairperson of the Supervisory Board if the Breach report relates to a Member of the Management Board.
  2. Reports shall be submitted through the Whistleblowing Website delivered by a supplier unrelated to LIVECHAT Software SA which guarantees anonimisation and confidentiality of the Informant’s personal data. A report may also be submitted by post or courier service to the Company’s address: ul. Zwycięska 47; 53-033 Wrocław, with the following note: “Whistleblowing – to be served personally on the President of the Management Board”. If the Breach report relates to a Member of the Management Board, the note shall be worded as follows: Whistleblowing – to be served personally on the Chairperson of the Supervisory Board”.
  3. Only Members of the Management Board, the Chairperson of the Supervisory Board and the Procedure Inspector shall have direct access to the Whistleblowing Website and shall be immediately notified of reports by e-mail.
  4. Informants are encouraged to reveal their identity as they report Breaches, but in each case they can remain anonymous.
  5. If identity of an Informant is revealed, it shall be known only to a Member of the Management Board, the Chairperson of the Supervisory Board and the Procedure Operator, save for the following cases:

● if it is necessary for proper examination of the case and taking of steps in the reported area that one or more of the Authorised Persons know about it,

● if the Company is legally obliged to disclose the Informant’s identity, e.g. if disclosure of such information by the Company is required upon request of relevant state administration authorities or relevant criminal investigation/prosecution authorities.

  1. An Informant who reports a Breach and is involved in the Breach himself or herself shall not enjoy automatic immunity excluding him or her from investigation or disciplinary, administrative, civil or criminal liability arising from the Breach. In the case of disciplinary liability arising from the provisions of employment law, the Company as the employer shall take the reporting of the Breach into account as an attenuating circumstance.

Article 4

OBLIGATIONS OF WHISTLEBLOWERS

  1. An Informant shall:

● report a Breach in good faith,

● include any important information about the Breach,

● provide a Member of the Management Board or the Procedure Inspector with necessary explanations in the course of initiated and conducted investigation.

  1. Informants are required to provide information about any known detail of a Breach, including in particular:

● the date of the Breach,

● the nature of the Breach,

● persons involved in the Breach,

● witnesses to the Breach,

● evidence for the Breach.

  1. Informants and persons involved in investigation (e.g. as witnesses) are forbidden to publically talk about the reported Breaches and about the course of investigation, unless the Informant or person involved in investigation is obliged to do so by provisions of law or authorised to do so by a Member of the Management Board.

Article 5

OBLIGATIONS OF LIVECHAT SOFTWARE SA

  1. The Company shall:

● protect an Informant from Retaliation,

● ensure that confidentiality of the Informant’s identity and information about a Breach is respected and protected.

  1. Each Informant who has become the target of Retaliation or suspects that he or she might have become the target of Retaliation should report this fact to a Member of the Management Board or the Procedure Inspector.
  2. The Company shall immediately initiate disciplinary proceedings against each Employee who tries to Retaliate against an Informant or against anybody who provides information about a Breach, contributes to provision of information or otherwise assists in investigation. If the person who Retaliates or threatens Retaliation is not an Employee, the Company shall immediately notify relevant investigation/prosecution authorities in order to provide the Informant with appropriate protection from Retaliation. The authorities shall also be notified if Retaliation or threat of Retaliation may meet the requirements to be classified as a criminal offence or petty offence.
  3. The Authorised Persons shall protect identity of Informants and other details relating to Breaches as well as details relating to initiated investigation by sharing information about Breaches only with other Authorised Persons and only within an exact scope relating to the matter at hand.
  4. An exception to the confidentiality rule shall be a situation where unconditionally applicable provisions of law require the Company to disclose information about a Breach.

Article 6

CONSEQUENCES OF A BREACH

  1. Each person who has been charged with a breach of provisions of law, procedures or ethical standards in force at LIVECHAT Software SA, including Members of the Management Board and Members of the Supervisory Board, may be subject to disciplinary, administrative, civil or criminal liability.
  2. Informants who did not act in good faith while reporting an alleged breach of provisions of the applicable law, procedures or ethical standards in force at the Company and Informants who did not keep confidential the fact or contents of a Breach report may also be subject to disciplinary, administrative, civil or criminal liability.

Article 7

INVESTIGATION – GENERAL RULES

  1. A Member of the Management Board or the Procedure Inspector, if possible, shall confirm receipt of a Breach report to the Informant.
  2. A Member of the Management Board or the Procedure Inspector, if possible, shall notify the Informant about the rights and obligations arising from this Procedure and about further stages of the proceedings. Such information shall contain, in particular, information about protection of the Informant from Retaliation, the obligation and scope of confidentiality and anonymity of the received report.
  3. A Member of the Management Board shall notify the Procedure Inspector about receipt of a Breach report, if the report was sent to the Company by post or courier service. A Member of the Management Board may decide not to disclose the Informant’s identity to the Procedure Inspector. The Procedure Inspector shall not be informed about a Breach report, if the matter at hand may relate to him or her directly.
  4. A Member of the Management Board may entrust the Procedure Inspector with the conduct of preliminary investigation or investigation proper regarding the reported Breach, and may entrust the Procedure Inspector with performing strictly defined steps as part of conducted investigation.
  5. An Informant may request information about the state and progress of investigation from a Member of the Management Board or the Procedure Inspector. A Member of the Management Board may decide to cease provision of information or to provide only certain details regarding investigation if it might hinder investigation or result in disclosure of confidential information.

Article 8

PRELIMINARY INVESTIGATION

  1. After having received information about a Breach, a Member of the Management Board shall decide to initiate preliminary investigation and conduct that investigation on his or her own or entrust it to the Procedure Inspector.
  2. The purpose of preliminary investigation is to:

● verify the received Breach report by checking information indicated in the report and determining the circumstances of committal of the reported Breach,

● determine grounds for further steps to be taken by the Company, i.e. either initiating investigation proper or refusing to conduct investigation any further.

  1. Receipt of information about a Breach should result, if possible, in information about initiation of preliminary investigation being provided to the Informant.
  2. Preliminary investigation shall be initiated and conducted within seven business days from receipt of information about a Breach.
  3. A Member of the Management Board should, unless it conflicts with the reported Breach, consult other Members of the Management Board, the Chairperson of the Supervisory Board or Members of the Supervisory Board as part of preliminary investigation.
  4. If in preliminary investigation it was not found that further steps are justified, in particular that it is necessary to initiate investigation proper, and allegations contained in the Breach report were dismissed, a Member of the Management Board shall immediately notify the person charged with committal of the Breach about the Breach report and about completed preliminary investigation, with the Informant’s identity being kept confidential.
  5. If the results of preliminary investigation confirm or substantiate that the Breach report is justified, a Member of the Management Board shall present to the Management Board of the Company information about the results of preliminary investigation and request for initiation of investigation proper. The information shall contain personal data of the person who committed the Breach.
  6. Within three business days from the date of receipt of information from a Member of the Management Board, the Management Board of the Company shall decide to initiate investigation proper or to refuse to initiate investigation proper. If preliminary investigation related to a Breach committed by a Member of the Management Board, the decisions referred to in the preceding sentence shall be made by the Supervisory Board.
  7. Within seven days from the decision of the Management Board of the Company referred to in Article 8(8) hereinabove, a Member of the Management Board shall:
  8. inform the person charged with committal of the Breach about the decision of the Management Board of the Company to initiate investigation proper or to refuse to initiate investigation proper, with the Informant’s identity being kept confidential,
  9. inform the Information, if possible, about the decision of the Management Board of the Company to initiate investigation proper or to refuse to initiate investigation proper.

Article 9

INVESTIGATION PROPER

  1. Investigation proper shall be conducted by a Member of the Management Board, unless it was entrusted to the Procedure Inspector.
  2. The purpose of investigation proper is to finally confirm the fact that provisions, procedures or ethical standards applicable to the Company have been breached or to dismiss charges raised against a person in a Breach report.
  3. Investigation proper shall not last longer than one month.
  4. A Member of the Management Board shall inform the Management Board of the Company about results of completed investigation proper. If investigation proper related to a Member of the Management Board and was conducted by the Chairperson of the Supervisory Board, its results shall be presented to the Supervisory Board.
  5. On the basis of the results of investigation proper, the Management Board of the Company shall:
  6. close investigation and refuse to impose consequences on the person charged with the Breach, unless the results of investigation proper confirmed the alleged Breach;
  7. close investigation and decide to impose disciplinary sanctions on the person whom committal of the Breach was proved and/or decide to bring a civil action against that person and/or decide to notify relevant prosecution service or state administration authorities that that person might have committed a criminal offence or petty offence or tort carrying an administrative-law sanction.
  8. If the allegation made in the Breach report relates to a criminal offence or petty offence or tort carrying an administrative-law sanction and investigation proper did not result in proving the committal of the Breach but confirmed that committal of the Breach is likely to have occurred, the Management Board, upon closure of investigation proper, shall notify the prosecution service or the relevant state administration authority that a criminal offence or petty offence or tort carrying an administrative-law sanction might have been committed. The decision to impose disciplinary sanctions shall only be made after proceedings conducted by the prosecution service or the state administration authority have been closed.
  9. If in investigation proper it was not found that further steps by the Company, as referred to in Article 9(5) or Article 9(6) hereinabove, are justified, and allegations contained in the Breach report were dismissed, a Member of the Management Board shall immediately notify the person charged with committal of the Breach about the results of completed investigation proper, with the Informant’s identity being kept confidential.

Article 10

RECORD OF REPORTS AND OTHER OBLIGATIONS OF THE PROCEDURE INSPECTOR

  1. The Whistleblowing Website keeps a record of all reported Breaches and all steps taken by the Company and its bodies as a result of reports submitted on the basis of this Procedure.
  2. The records of reported Breaches shall contain the following information:

● date of receipt of the Breach report;

● manner of receipt of the report;

● personal data of the Informant, if disclosed;

● data of the person conducting investigation regarding the reported Breach;

● personal data of the person charged with committal of the Breach;

● personal data of witnesses,

● information about minutes, memos, reports and other documents prepared in the course of investigations;

● information about the manner of completion of preliminary investigation;

● information about the manner of completion of investigation proper;

● information about steps taken in respect of the person charged with the Breach.

  1. The Procedure Inspector may, if needed, import, analyse and archive any and all data from the Whistleblowing Website. The Procedure Inspector shall gather and archive any and all documents created in consequence of the Breach report and in consequence of steps taken at the Company during investigations.
  2. Any information and documents received from Informants and any information and documents gathered in the course of investigation shall be classified and treated as strictly confidential. Only the Authorised Persons may access the information and documents referred to in the preceding sentence.
  3. The Company shall archive the documents referred to in Article 10(4) hereinabove and retain them for a period of ten years.

Article 11

REPORTING; EFFICIENCY ASSESSMENT

  1. The Procedure Inspector shall provide the Management Board and the Supervisory Board with information about the received Breach reports twice a year, by 15 July for the first half of the year and by 1 February for the second part of the year.
  2. The information referred to in Article 11(1) hereinabove shall contain information about the number of reported Breaches, the result of verification of a Breach report and steps taken by the Company on the basis of reported Breaches. The information shall not contain personal data of the Informant.
  3. At least once a year, the Supervisory Board shall assess adequacy and efficiency of the Procedure.
  4. The Management Board shall decide, on its own or on the basis of conclusions and recommendations of the Supervisory Board relating to efficiency of the Procedure, about amendments to the Company’s internal regulations or changes to the Company’s functional organisation, in particular about changes to the Company’s internal controls which should prevent occurrence of Breaches similar to the reported Breaches as a result of application of the Procedure.

Article 12

PERSONAL DATA PROTECTION

  1. To personal data contained in information about Breach reports, disclosed personal data of an Informant and personal data obtained or used in investigations, the Company shall apply the following provisions of law:
  2. directly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as the “GDPR”); and
  3. accordingly the Act on 14 December 2018 on Protection of Personal Data Processed in Connection with Prevention and Combating of Crime (“Dziennik Ustaw” [Journal of Laws] of 2019, item 125) (hereinafter referred to as the “Personal Data Protection Act”); and
  4. the rules of conduct relating to personal data protection, arising from the provisions of this Procedure.
  5. In order to ensure safety and protection of personal data obtained during application of the Procedure, the Company shall select a supplier of the Whistleblowing Website which guarantees personal data protection in accordance with the provisions of the GDPR and applies, as appropriate, personal data protection safeguards provided for in Section 39 of the Personal Data Protection Act.
  6. The controller of personal data disclosed to the Company on the basis and in performance of this Procedure is LIVECHAT Software SA; ul. Zwycięska 47; 50-033 Wrocław (hereinafter also referred to as the “Controller”).
  7. The Controller may process the following personal data of the person mentioned in the Breach report, the Informant and persons covered by investigations conducted by the Controller on the basis of the Procedure:

a Name and surname;

b Registered address, residence address and/or correspondence address;

c Telephone number;

d NIP number and PESEL number;

e E-mail address.

  1. Personal data shall be processed by the Controller on the basis of Article 6(1)© and Article 6(1)(e) of the GDPR with a view to fulfilling the Controller’s legal obligation arising from Section 97d of the Public Offering Act and with a view to pursuing the Controller’s legitimate interests.
  2. Collected and processed personal data shall be made available only to Authorised Persons within the meaning of this Procedure and only within a scope required for them to perform the obligations set forth in the Procedure.
  3. Collected and processed personal data may be made available to other recipients only for the purpose of performance by such entities of tasks connected with prevention and combating of crime or tasks connected with the necessity to ensure compliance with the applicable provisions of law, i.e. personal data may be provided, in particular, to courts, prosecution service, police, other crime combating authorities and state administration authorities.
  4. Personal data shall be processed during the periods indicated in the provisions of the Procedure, but no longer than for ten years from collection.
  5. Each person whose personal data are collected and processed on the basis of this Procedure shall have the right to request from the Controller access to his or her personal data with a view to rectification, erasure or restriction of processing and the right to object to the processing of his or her personal data.
  6. Each person whose personal data are collected and processed on the basis of this Procedure shall have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.