Get in Touch

Code of conduct

Wersja polska

1. Preamble and scope of application

This Code of Conduct sets out the ethical, legal and environmental standards that guide PTT Consulting spółka z ograniczoną odpowiedzialnością with its registered seat in Warsaw (address: Plac Bankowy 2, 00-095 Warsaw, KRS number: 0000559476, NIP: 7010485882, REGON: 361587729) in the conduct of its business activities (hereinafter: the “Company“).

1.1. PERSONAL SCOPE

The Code applies to:
  1. The Management Board and all employees of the Company employed under employment contracts (UoP),
  2. Consultants and experts cooperating with the Company under B2B agreements,
  3. Subcontractors, suppliers and business partners to the extent of their cooperation with the Company,
  4. Any entities acting on behalf of or for the benefit of the Company.

1.2. LEGAL BASIS

The Code is consistent with the following legal acts and regulations:
  1. Act of 26 June 1974 – Labour Code (Journal of Laws of 2023, item 1465, as amended),
  2. Act of 23 May 2024 on the protection of whistleblowers (Journal of Laws of 2024, item 928) – implementing Directive 2019/1937/EU,
  3. Regulation (EU) 2016/679 (GDPR) and the Act of 10 May 2018 on the protection of personal data,
  4. Act of 6 March 2018 – Entrepreneurs’ Law,
  5. Act of 28 November 2014 on accounting and IAS/IFRS standards,
  6. Directive 2022/2464/EU on corporate sustainability reporting (CSRD),
  7. Directive 2024/1760/EU on corporate sustainability due diligence (CSDDD),
  8. UN Guiding Principles on Business and Human Rights (UNGPs),
  9. UN Global Compact Principles (10 principles),
  10. International Labour Organization (ILO) Conventions Nos. 29, 87, 98, 100, 105, 111, 138, 182.

2. Values and ethical principles

The Company conducts its business on the basis of five fundamental values:

2.1. HONESTY AND INTEGRITY

We act with full transparency towards clients, consultants, employees and business partners. We do not tolerate any form of lying, manipulation or misleading – regardless of the purpose or context. Every business decision should be one that can be publicly defended.

2.2. RESPECT FOR PEOPLE

Every person – employee, consultant, client, candidate – is treated with dignity and respect. Diversity of experience, cultures and perspectives is a source of value for us, not a reason for discrimination.

2.3. ACCOUNTABILITY

We take responsibility for our actions and decisions. We honour our commitments. We acknowledge mistakes and strive to correct them. Accountability also means actively caring for the natural environment and the communities in which we operate.

2.4. PROFESSIONALISM

High substantive standards, timeliness, confidentiality and professional diligence are our norm, not the exception. We continuously invest in developing our own competencies and those of the people we work with.

2.5. COMPLIANCE WITH THE LAW

We comply with Polish, European and international law. Where there is any doubt as to the legality of an action, the principle is to refrain from it until legal advice has been obtained.

3. Human rights

The Company recognises and respects the UN Universal Declaration of Human Rights, the UN Guiding Principles on Business and Human Rights (UNGPs) and ILO conventions. We commit to conducting human rights due diligence in accordance with the requirements of the CSDDD Directive.

3.1. PROHIBITION OF CHILD LABOUR

The Company categorically prohibits all forms of child labour, i.e. involving persons under the age of 15, and in relation to light work – under the age of 13, in accordance with ILO Convention No. 138. Work considered particularly harmful or hazardous is prohibited for persons under the age of 18 in accordance with ILO Convention No. 182. Within the scope of our operations and supply chain:
  1. We verify the age of all persons with whom we establish cooperation,
  2. We do not cooperate with suppliers or partners where cases of child labour have been identified,
  3. We immediately terminate cooperation in the event a violation is confirmed, with simultaneous notification to the relevant authorities.

3.2. PROHIBITION OF FORCED LABOUR AND HUMAN TRAFFICKING

All work performed under coercion, debt bondage, as a result of human trafficking or in conditions of modern slavery is prohibited (ILO Conventions Nos. 29 and 105). This includes:
  1. Retention of identity documents,
  2. Imposition of financial penalties restricting the freedom to leave,
  3. Making remuneration conditional on repayment of recruitment debt,
  4. Use of threats or physical or psychological coercion.
Important: All consultants and employees are free to terminate their cooperation in accordance with the terms of their contract. No contractual obligation may restrict that freedom in a manner contrary to mandatory provisions of law.

3.3. PROHIBITION OF DISCRIMINATION

The Company ensures equal treatment in all aspects of cooperation and employment. Discrimination is prohibited on the grounds of:
  1. Sex, gender identity and gender expression,
  2. Age,
  3. Disability,
  4. Race, skin colour, nationality, ethnic origin,
  5. Religion, denomination or non-denominational status,
  6. Sexual orientation,
  7. Marital or family status, pregnancy and maternity/paternity,
  8. Political views,
  9. Trade union membership,
  10. Form of engagement (employment contract vs B2B).
The principle of equal treatment covers: recruitment and selection, remuneration conditions, access to training and promotion, assignment of duties and termination of cooperation.

3.4. PROHIBITION OF HARASSMENT AND MOBBING

The Company does not tolerate any form of harassment, mobbing or workplace violence, including:
  1. Sexual harassment (unwanted conduct of a sexual nature, jokes, comments, gestures),
  2. Mobbing (systematic intimidation, bullying, exclusion),
  3. Verbal, physical or psychological violence,
  4. Cyberbullying (via communication tools used at work).
Anyone who has experienced or witnessed such behaviour should report it in accordance with the procedure described in Chapter 7 (Whistleblowing). Every report is taken seriously and addressed without delay.

3.5. FREEDOM OF ASSOCIATION AND COLLECTIVE BARGAINING

The Company respects the right of employees to form and join trade unions and to engage in collective bargaining, in accordance with ILO Conventions Nos. 87 and 98. Membership or non-membership of trade union organisations does not affect the treatment of an employee.

3.6. HUMAN RIGHTS DUE DILIGENCE

In accordance with the requirements of the CSDDD Directive, the Company commits to:
  1. Identifying and assessing human rights risks in the value chain (suppliers, subcontractors),
  2. Taking remedial action where violations are identified,
  3. Monitoring the effectiveness of implemented measures,
  4. Communicating results to stakeholders.

4. Environment, society and corporate governance (ESG)

4.1. ENVIRONMENT (ENVIRONMENTAL)

As an IT company, the Company is aware of its environmental footprint arising from energy consumption, business travel and electronic waste management. We commit to:
4.1.1. Energy efficiency and emissions
  1. Striving to reduce energy consumption in offices and data centres (owned or leased),
  2. Preferring cloud service providers holding environmental certifications (ISO 50001, Green Cloud),
  3. Reducing CO₂ emissions by promoting remote and hybrid working.
4.1.2. Waste management and IT equipment
  1. Implementing circular economy principles in IT equipment management,
  2. Transferring decommissioned equipment to certified electronics recycling points,
  3. Minimising printing and pursuing digital document workflows,
  4. Extending the lifecycle of devices through repair and upgrades.
4.1.3. Supply chain
  1. Preferring suppliers with an environmental policy and certifications (ISO 14001),
  2. Including environmental criteria in procurement processes.
4.1.4. Remote work, paperless operations and reduction of business travel
We treat remote work not as a privilege but as a standard operating model. Reducing physical commuting and domestic and international business travel is a deliberate business and environmental decision that forms part of our CO₂ reduction strategy. Remote work as the default:
  1. The default working mode for Company employees and consultants is remote (remote-first). On-site presence is organised only when justified by the nature of the task or an explicit client requirement.
  2. Internal and external meetings are held by default via video conference. Physical meetings are organised only in justified cases and only when the same outcome cannot be achieved remotely.
  3. The Company’s remote working model contributes to reducing daily commuting-related emissions (so-called scope 3 commuting emissions) across the entire ecosystem of employees and consultants.
Reduction of business travel:
  1. Business travel – domestic and international – is kept to a minimum. Every trip requires a business justification and a preliminary assessment of whether the meeting objective can be achieved remotely.
  2. Where travel is necessary, rail transport is preferred over air travel.
Paperless policy – digital document workflow:
  1. The Company operates a fully digital document workflow. Contracts, invoices, proposals, HR documents and business correspondence are created, transmitted, signed and archived exclusively in electronic form.
  2. Electronic signatures (qualified electronic signature or trusted signature via ePUAP) are the standard for documents requiring a signature. Printing documents requires justification and is treated as an exception to the rule.
  3. Document archiving takes place in cloud systems in compliance with GDPR requirements. Physical paper archives are being progressively digitised and eliminated.
  4. Suppliers and clients are encouraged to use electronic forms of document exchange, electronic invoicing (e-invoice) and electronic signature tools.

4.2. SOCIETY (SOCIAL)

4.2.1. Working conditions and well-being
  1. Ensuring safe and ergonomic working conditions,
  2. Supporting work-life balance,
  3. Offering flexible forms of work (remote, hybrid),
  4. Regularly measuring employee satisfaction and engagement.
4.2.2. Diversity, equity and inclusion (DEI)
  1. Actively pursuing diversity at all levels of the organisation,
  2. Monitoring and eliminating the gender pay gap,
  3. Ensuring the accessibility of the working environment for persons with disabilities,
  4. Supporting initiatives promoting women in the IT sector.
4.2.3. Privacy and data security
  1. Complying with the GDPR and national personal data protection legislation,
  2. Applying the principles of privacy by design and privacy by default,
  3. Training employees in cybersecurity,
  4. Promptly reporting personal data breaches to the supervisory authority (UODO).

4.3. CORPORATE GOVERNANCE (GOVERNANCE)

4.3.1. Anti-corruption and bribery
The Company applies a zero-tolerance policy towards corruption, bribery and financial fraud, in accordance with the OECD Anti-Bribery Convention and national criminal law. The following are prohibited:
  1. Offering, giving or receiving financial or personal benefits in exchange for business decisions,
  2. Using intermediaries to conceal bribes,
  3. Falsification of documents and accounting records,
  4. Political financing without the explicit consent of the Management Board and in accordance with applicable law.
Cash gifts are unconditionally prohibited. Any gift with a value exceeding PLN 100 must be reported to a line manager.
4.3.2. Conflicts of interest
Every person covered by the Code is obliged to disclose to their line manager or the Management Board any situation in which their personal interest may conflict with the interest of the Company. This includes in particular:
  1. Holding shares in companies that are clients, suppliers or competitors of the Company,
  2. Being employed by or providing services to competing companies,
  3. Participation in recruitment or procurement processes involving close relatives,
  4. Accepting loans or gifts from clients or suppliers.
4.3.3. Protection of assets and confidential information
  1. Company property (equipment, software, data) is used solely for business purposes,
  2. Confidential information (client data, contract terms, technological know-how) is protected both during and after the termination of cooperation.
4.3.4. Fair competition
The Company conducts its business in compliance with fair competition principles and does not engage in anti-competitive practices: price-fixing, market allocation, bid-rigging or abuse of a dominant position.
4.3.5. Tax transparency
The Company applies fair tax practices: it pays taxes in accordance with Polish and EU law and does not engage in aggressive tax planning or use tax havens to avoid taxation.
4.3.6. ESG reporting
The Company commits to the gradual implementation of non-financial reporting. The target is for ESG reports to be prepared in accordance with ESRS (European Sustainability Reporting Standards) within the timelines required by the CSRD Directive.

5. Data security and privacy

As a company operating in the IT sector, we process personal data of our employees and consultants, job candidates and data provided by clients. We commit to:
  1. Processing personal data solely on the basis of a valid legal ground (Article 6 GDPR),
  2. Applying the principle of data minimisation – we collect only the data necessary for the specified purpose,
  3. Ensuring the rights of data subjects: access, rectification, erasure, portability and objection,
  4. Applying appropriate technical and organisational security measures (encryption, access control, MFA),
  5. Maintaining a Record of Processing Activities (RoPA) in accordance with Article 30 GDPR,
  6. Notifying the supervisory authority (UODO) of personal data breaches without undue delay and within 72 hours,
  7. Conducting Data Protection Impact Assessments (DPIAs) for high-risk processing activities,
  8. Verifying data security at cloud providers and subcontractors.

6. Responsible supply chain

The Company expects its suppliers, subcontractors and partners to comply with standards consistent with this Code. In particular:
  1. All key suppliers are asked to confirm that they have read and acknowledged the requirements of the Code,
  2. Social and environmental criteria are taken into account in tendering and procurement processes,
  3. The Company reserves the right to audit or request self-certification from suppliers,
  4. A breach of the principles of this Code by a supplier may constitute grounds for termination of cooperation.
Legal note: The supply chain requirements arise from the CSDDD Directive (2024/1760/EU), the transposition of which into Polish law is anticipated by 2026. The Company is proactively implementing these standards.

7. Whistleblowing Policy

This procedure complies with the Act of 23 May 2024 on the protection of whistleblowers (Journal of Laws of 2024, item 928), implementing Directive 2019/1937/EU on the protection of persons reporting breaches of Union law.

7.1. PURPOSE OF THE PROCEDURE

The purpose of the procedure is to provide safe, confidential and effective channels for reporting breaches of law, ethical principles and the provisions of this Code, while ensuring full protection for whistleblowers against any form of retaliation.

7.2. WHO MAY REPORT (WHISTLEBLOWERS)

A whistleblower may be any person who obtains information about a breach in a work-related context, including:
  1. Employees employed under employment contracts,
  2. Consultants and experts cooperating under B2B agreements,
  3. Job candidates (in respect of breaches occurring during the recruitment process),
  4. Former employees and collaborators,
  5. Subcontractors, suppliers and their employees,
  6. Shareholders and partners,
  7. Members of the Company’s statutory bodies,
  8. Interns and volunteers.

7.3. WHAT MAY BE REPORTED

The procedure covers reports concerning:
  1. Breaches of Polish or EU law (in the areas indicated in Directive 2019/1937/EU),
  2. Breaches of the provisions of this Code of Conduct,
  3. Corrupt acts, fraud and falsification of documentation,
  4. Violations of human rights, mobbing, discrimination and harassment,
  5. Breaches of personal data protection law (GDPR),
  6. Violations of occupational health and safety rules,
  7. Illegal waste management or environmental pollution,
  8. Breaches of labour, tax or customs law,
  9. Other actions contrary to the public interest or causing harm to the Company.

7.4. REPORTING CHANNELS

7.4.1. Internal channel
Online reporting platform: https://ptt-consulting.com/whistleblower/ – enables anonymous reports and two-way communication.
7.4.2. External channel
A whistleblower may at any time direct a report to external authorities, in particular:
  1. Commissioner for Human Rights (central body for whistleblowers in Poland),
  2. Prosecutor’s Office, Police, Internal Security Agency (ABW) – in the case of breaches of criminal law,
  3. Personal Data Protection Office (UODO) – in the case of GDPR breaches,
  4. National Labour Inspectorate – in respect of labour law,
  5. European Anti-Fraud Office (OLAF) – in respect of EU funds.
Public disclosure: A whistleblower may make a public disclosure where the external authority has failed to take appropriate action within 3 months of the report being made, or where there is an imminent threat to life, health or the environment.

7.5. PROCEDURE FOR HANDLING REPORTS

7.5.1. Responsible Person for Whistleblowers
The Company’s Management Board designates a Responsible Person for Whistleblowers (hereinafter: RPW). The RPW is obliged to maintain full confidentiality.
7.5.2. Procedure timeline
  1. Day 0: The report is received by the RPW via the chosen channel.
  2. Within 7 days of the report: The RPW sends an acknowledgement of receipt to the whistleblower (if the report is not anonymous or the channel allows communication).
  3. Within 14 days of the report: The RPW carries out a preliminary assessment of the validity of the report and decides whether to open an investigation or refer the matter to the relevant external authority.
  4. Investigation: Conducted with confidentiality, impartiality and thoroughness. Duration: up to 3 months from the date of acknowledgement of receipt (extendable to 6 months in justified cases).
  5. After the conclusion of the investigation: The RPW informs the whistleblower of the actions taken (to the extent permitted by the communication channel and applicable law).
  6. Archiving: Documentation relating to reports is retained for 5 years from the date of the report.

7.6. PROTECTION OF WHISTLEBLOWERS

The Company ensures full legal and organisational protection for whistleblowers in accordance with the Act on the protection of whistleblowers:
7.6.1. Prohibition of retaliation
All retaliatory actions against whistleblowers are prohibited, including:
  1. Termination or dismissal from employment or B2B agreement,
  2. Demotion, reduction in remuneration, change in employment conditions,
  3. Discrimination, being passed over for promotion or task allocation,
  4. Negative performance appraisal,
  5. Intimidation, harassment or isolation,
  6. Reputational damage, including via social media,
  7. Disclosure of the whistleblower’s personal data without their consent,
  8. Referral for psychiatric or psychological examination without medical justification.
A person who engages in retaliatory conduct shall be subject to disciplinary liability and, where applicable, civil or criminal liability.
7.6.2. Confidentiality
The identity of the whistleblower is protected and shall not be disclosed without their explicit consent. Access to data identifying the whistleblower is limited to persons directly involved in handling the report, to the extent necessary for that purpose.
7.6.3. Anonymity
The Company accepts and processes anonymous reports. Anonymity is not a condition for benefiting from the protection afforded to whistleblowers – if the identity is subsequently disclosed, protection continues to apply.
7.6.4. Support for whistleblowers
  1. Free legal consultation via an external legal counsel (at the whistleblower’s request),
  2. The possibility of referring the matter to an employment court or civil court in the event of a violation of the whistleblower’s rights.

7.7. LIABILITY FOR FALSE REPORTS

Legal protection does not extend to persons who knowingly make false reports in bad faith. Such conduct may result in disciplinary and civil liability in accordance with Article 12 of the Act on the protection of whistleblowers.

7.8. DATA RETENTION AND GDPR

The processing of personal data of whistleblowers and persons to whom the report relates is carried out in accordance with the GDPR. The data controller maintains a separate register of reports accessible exclusively to the RPW. Data is retained for 5 years from the conclusion of the proceedings.

8. Implementation and monitoring

8.1. ADOPTION OF THE CODE

The Code of Conduct is publicly available on the Company’s website. All employees and subcontractors are required to comply with its provisions, and we expect all suppliers to adhere to its principles as well.

8.2. MONITORING AND ENFORCEMENT

The Company’s Management Board is responsible for monitoring compliance with the Code, supported by the RPW. Breaches of the Code may result in:
  1. A warning or reprimand (employees),
  2. Termination of an employment contract or B2B agreement,
  3. A claim for damages,
  4. Referral to the relevant law enforcement authorities.

8.3. REVIEW AND UPDATE OF THE CODE

The Code is subject to review at least once every 2 years or in the event of significant changes in Polish or EU law. All amendments require approval by the Management Board and are communicated to all persons covered by the Code with at least 30 days’ notice.

9. Final provisions

9.1. HIERARCHY OF DOCUMENTS

In the event of any conflict between the provisions of this Code and the mandatory provisions of Polish or European law, the provisions of law shall prevail. The Code supplements and develops legal requirements; it does not limit them.

9.2. QUESTIONS AND DOUBTS

Any questions regarding the interpretation and application of the Code should be directed to the Company’s Management Board or the Responsible Person for Whistleblowers. Before taking action in a situation of doubt, we recommend seeking advice – if in doubt, ask.

Table of legal bases

The table below sets out the key regulations on which this Code is based:
Area Legal bases
Whistleblower protection Act of 23.05.2024 on the protection of whistleblowers (Journal of Laws 2024, item 928); Directive 2019/1937/EU
Prohibition of child and forced labour ILO Conventions Nos. 29, 105, 138, 182
Prohibition of discrimination Labour Code Articles 18³a–18³e; Directive 2000/43/EC; 2006/54/EC
Personal data protection GDPR (Regulation 2016/679/EU); Act on the protection of personal data of 10.05.2018
Anti-corruption Penal Code Articles 228–231, 250a, 296a; OECD Convention of 1997
ESG / Reporting CSRD Directive (2022/2464/EU); ESRS Standards
Due diligence CSDDD Directive (2024/1760/EU); UN Guiding Principles (UNGPs)
Health and safety Labour Code, Part X; Directive 89/391/EEC

External authorities – reporting channels:

  1. Commissioner for Human Rights: www.rpo.gov.pl
  2. Personal Data Protection Office (UODO): www.uodo.gov.pl
  3. National Labour Inspectorate: www.pip.gov.pl
  4. National Public Prosecutor’s Office: www.pk.gov.pl