Internal Investigations Guide

Generally no. The obligation arises only when the company knows about the criminal activity of a member.

Generally, no.
Exceptions may apply for some (grave) criminal activity where a notification duty to local criminal authorities applies.

Generally no.

Currently no. But according to the draft law on the liability of collective entities for acts prohibited under penalty (which is now pending negotiations in the Polish parliament) (“Draft Collective Liability Law“), the companies will be obligated to flag any irregularities detected and have a special designated body supervising compliance with the rules and regulations governing the activities of the company.

Generally, no. (see 1.1. below). Our advice excludes general reporting obligations for crimes against life.

Generally no.

Generally no, except for crimes of corruption and certain other grave crimes with a maximum penalty of at least 10 years’ imprisonment.

Generally no.

Generally no.

Generally no. The obligation arises only when the company knows about the criminal activity of a member.

Generally no.

Companies are not generally obliged to conduct an internal investigation if they suspect a member is or has been involved in criminal activity. Due to the increasing importance of compliance and the protection of their reputation, more and more companies are applying measures which aim at investigating such conduct (codes of conduct, internal policies, whistleblowing hotlines, compliance officers). Internal documents may prescribe the legal obligation to report certain suspicious activities and perform investigations.
It is a general principle in Hungary that whoever suspects that a crime has been committed has the right to turn to the authorities. Nevertheless, there are certain crimes where turning to the authorities is mandatory (e.g. money laundering) and where failure to do so is itself a crime.

Stricter rules generally apply to companies bearing increased risk in their activities or active in regulated sectors, including, e.g. financial institutions.

Currently no. But under the Draft Collective Liability Law the company (through its specially appointed authority/body) must investigate any irregularities reported by its employees.

Moreover, the Draft Collective Liability Law provides for the liability of the companies for crimes committed by its governing bodies (members), if the company may be accused of negligence in supervision and control over its members.

No.

Generally no.

Generally no.

Generally no.

Generally yes. A company may generally perform interviews and/or surveillance measures considering certain requirements.

Generally yes. A company may generally conduct interviews and/or surveillance measures considering certain requirements.

Generally, yes.
A company may generally perform interviews and/or surveillance measures (subject to meeting certain requirements).

Yes. Interviews and surveillance measures might be applied as long as they do not interfere with the private life of the employee, especially if the rules of such investigation measures are set out in internal policies/documents.

Yes. A company may generally conduct interviews and/or carry out surveillance measures considering certain requirements. According to the Draft Collective Liability Law, there should be a special authority appointed within the company structure to perform the supervising activity.

Yes. A company may use both kinds of investigation instruments as well as disciplinary investigations instruments when observing certain legal requirements.

Companies are generally allowed to conduct internal investigations, although the applicable laws and regulations do not provide for the specifics. Surveillance measures and interviews are generally permitted, if certain conditions are fulfilled.

Generally yes. A company may conduct interviews and/or surveillance measures as tools of internal investigations. However, the company must comply with relevant requirements under respective legislation, such as employment law or privacy law.

Generally yes. A company may perform interviews considering certain requirements, which are even stricter in respect of surveillance measures (also see our answer under 3.1.).

Generally no.

Generally no, unless a crime has been found within the internal investigation. The reporting obligation rests with the managing bodies / the persons who conducted the internal investigation.

Generally, no.
Exceptions may apply for some (grave) criminal activity where a notification duty to local criminal authorities applies.

Generally no, unless the results of an investigation substantiate the commission of a crime which must be reported to the authorities. Please see our answer to question 2.

No.

Generally no.

No.

Generally no.

Generally no.

Yes.

Yes.

Yes.*
*For details on the various types of leniency programmes, please refer to the answer to question 6.3.

Leniency measures are known in the Hungarian legislation, but cooperation with the authorities in itself is not enough. Usually, the damage should be avoided or at least minimised, if possible. Hungarian law also provides for the possibility to conclude a “settlement”, thereby avoiding prosecution. The terms thereof are negotiated on a case-by-case basis, but usually include (at least) a partial confession.

Yes.

Yes.

Yes.

Yes, to some extent and not necessarily dependent on cooperation, but rather on restoration of damage caused (see 6.3. for details).

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

Generally no. However, if a company considers it seriously possible that a member will commit certain crimes imminently or already started committing such crimes, this could lead to reporting obligations under certain conditions. Please also see our answer to question 7.2. concerning ad hoc obligations.

The reporting obligations are not limited to certain persons. Therefore, generally both the company and its managers need to comply with these obligations.

Noncompliance may result in imprisonment of up to two years or – for companies – fines of up to EUR 700,000.

Bulgarian law sets out a general obligation for all citizens to report immediately (as a matter of duty to society) to the police or the prosecutor’s office, or other state authority, if they are aware of a committed crime. The reporting obligation rests with the person who has become aware of the crime.

In addition, the law provides that if the person that has become aware of the crime is a legal representative of a company or in any other way responsible for the management of company assets or property, he must take the necessary measures to collect and save the facts/information related to the crime so that they can be used in the further investigation procedures.

However, the reporting obligation is structured as a moral duty rather than as a strict legal obligation and the law does not provide for (i) particular sanctions or negative consequences for failure to comply with such obligations, or for (ii) any legal benefits for reporting to the authorities.

Generally, no.
Exceptions may apply for some (grave) criminal activity where a notification duty to local criminal authorities applies. A notification duty to local criminal authorities applies to companies and their managers as both corporations and natural persons may be criminally liable for the criminal offence of breach of notification obligation under the Czech Criminal Code and the Czech Act on Corporate Criminal Liability. In case of a breach of the notification obligation, natural persons may be punished by imprisonment of up to three years and corporations may be punished by penalty of liquidation, forfeiture of property, monetary penalty, prohibition of the activity or publication of the convicting judgment. Please also see our answer to question 7.2 concerning ad hoc obligations.

There are circumstances / criminal activities where failure to report suspicions of criminal activity to the local authorities is a crime in itself (e.g. money laundering or acts concerning corruption). In theory, only the person with a position (job title) with a reporting obligation may commit this and may generally be punished by up to two to three years of imprisonment. However, there is no general obligation to report unless internal documents (such as codes of conduct, internal policies) prescribe otherwise.

On a side note, companies may also be punished if the criminal activity was committed intentionally, and the crime pursued or actually led to an unlawful advantage for the respective company, or the crime was committed by using the respective company. Additionally, companies may only be punished if (i) the respective crime was committed by a manager within its capacity or if (ii) a manager’s due diligence could have prevented the crime or if (iii) the managers knew about the perpetration of the crime. It follows that the punishment of a company usually arises following the prosecution of a natural person (e.g. the manager).

No. Under the Criminal Code, individuals are required to report the most aggravated crimes (such as murder, rape) to the appropriate authorities under pain of criminal liability. This does not apply to business-related crimes (white-collar crimes).

Generally, no. However, there are several cases where certain categories of persons are under a legal duty to report:

1. Persons with control attributions are bound to inform the criminal investigation authorities about any information leading to the conclusion that a corruption offence has been committed; intentional failure to perform such duty constitutes an offence and is punishable by imprisonment of six months to five years, if the act does not amount to a more serious offence. If the failure to report was committed by negligence, the offence is punishable by imprisonment of three months to two years or by a fine;
2. Public officers, regardless of rank, who, in the course of their duties, become aware of the commission of an offence, regardless of its nature, must immediately notify the criminal investigation authorities; intentional failure to report constitutes an offence and is punishable by imprisonment of three months to three years or by a fine. If the act is committed by negligence, the penalty consists of three months to one year of imprisonment or a fine;
3. Persons with managing positions within an authority of the public administration or other public legal entities, as well as any person with control attributions, who, in the course of their duties, become aware of the commission of a criminal offence subject to ex officio investigation (i.e. not investigated upon a preliminary complaint), are bound to immediately report to the criminal investigation authorities;
4. Any person who performs a public-interest service for which they have been mandated by public authorities or who is subject to control or supervision by said authorities as to the performance of the public-interest service, who, in the course of their duties, becomes aware of the commission of a criminal offence subject to ex officio investigation, is bound to immediately inform the criminal investigation authorities.

For the categories of persons in 3. and 4., the aforementioned sanctions 1. – 2. apply accordingly, depending on the nature of the offence and the specific circumstances of the case.

Companies may have a reporting obligation in case of criminal offences subject to imprisonment of more than five years.

The “responsible person” within a company formally has the obligation to report criminal wrongdoing. Under Serbian laws and practice, the responsible person may be the directors / authorised representatives of the company or any other persons in charge of certain affairs within a company (e.g. a CFO) who knowingly omits to report a crime about which he/she learned in the performance of his/her obligations, if that crime is subject to punishment by imprisonment of five years or more. There are no reliable publicly available decisions on how the criminal courts in Serbia treat the reporting by legal entities of (suspected) crimes performed by members in the performance of business activities in terms of the actual consequences for these legal entities.

Generally no, except for all crimes of corruption (irrespective of the sentencing tariff) and certain other grave crimes with a maximum penalty of at least 10 years’ imprisonment.

The reporting obligation lies with the managers (or generally with any natural person) who have credibly learned that a crime for which a reporting obligation applies was committed, is being committed or is being planned. A legal entity does not have a reporting obligation.

Noncompliance is a punishable offence, with a maximum penalty of up to three years’ imprisonment.

Certain exceptions apply; for example, if the reporting obligation could not have been met without endangering one’s own life or the life of a close person.

Yes. While under the Criminal Procedure Act there is no general obligation to report a criminal offence, according to the Criminal Code it is a criminal offence not to report (i) that certain (serious) criminal offences are being planned, or (ii) that such (serious) criminal offences have occurred (where the seriousness is measured against the years of imprisonment that may be imposed). Additional sector-specific reporting obligations apply (e.g. for physicians). The failure to report such offences may be punishable by imprisonment of up to three years.

The Criminal Code does not specify whether the obligation to report rests with the company or its management, instead using the broad term “anyone”. It therefore can be argued that this obligation lies with both. In terms of sanctions, the company may face fines, withdrawal of assets, dissolution and prohibition of disposing with securities.

Generally no, although such an obligation may arise out of board members’ general duty to act in the company’s best interest.

Generally no.

Generally, no.
Nevertheless, members of statutory/control corporate bodies must duly discharge their due managerial care in the best interests of the company. This may include a need to consider/initiate an internal investigation and/or perform other steps in relation to the suspicion of a criminal activity (e.g. notification duty [see answer to question 1.1]).

Generally no, although such an obligation for the members could arise out of their general duty to act in the best interests of the company. Such an obligation also may arise if the company has a whistleblowing system. If it does and suspects that a crime has been committed, it is also obliged to report it to the authorities.

Currently no. Please see question 2 above. Under the Draft Collective Liability Law, the company (through its specially appointed authority/body) must investigate any irregularities reported by its employees.

Generally, no. However, the company’s management might take such a step to act in the best interests of the company (compliance reasons).

Generally, no, although such an obligation for the members of the board could arise out of their general duty to act in the best interests of the company.

Generally no; however, such an obligation may arise under the statutory bodies’ general fiduciary duty of care or the company’s internal policies or compliance programmes.

Generally no. However, the management / supervisory board members may be obliged to conduct an internal investigation under their general duty of care towards the company.

This generally depends on the legal form of the company. A limited liability company (GmbH) may be obliged by a binding shareholder resolution (of the parent company), while a joint stock company (AG) may be obliged by initiating a  respective resolution of the company’s management board / supervisory board. However, the management of an AG is rather independent of its parent company, which limits the scope of the parent company’s (legal) influence.

This depends on the legal form of the company. If it is a limited liability company (OOD), it can be obliged by a binding shareholder resolution (of the parent company). If it is a stock company (AD), it can be obliged by initiating a respective resolution of the board of directors / management board of the company.

In principle, an obligation of a local subsidiary to perform an internal investigation imposed by a parent company upon a binding instruction is only available (i) within an integrated corporate group (koncern) where the controlling entity gives a binding instruction to the controlled entity, or (ii) upon direct request for a binding instruction submitted by the members of the statutory body of the local subsidiary to the parent company.
Generally, access to information by a parent company is significantly easier in a private limited liability company (s.r.o.) than a joint stock company (a.s.).

Generally, the parent company may instruct its subsidiary to carry out an internal investigation by means of a binding shareholder resolution. Alternatively, the parent company may introduce directives or policies (e.g. group code of conduct or group compliance policy) in which it describes circumstances under which an internal investigation must be carried out by the subsidiary or the parent company itself.

There are no such means. Both in the case of a limited liability company and a stock company, neither the supervisory board nor the shareholders/stockholders may issue binding instructions for the management board. But the articles of association may expand the powers of the supervisory board and, for example, grant the supervisory board the right to suspend the management board member from its duties.

As a matter of principle, the parent company has limited legal instruments to order a subsidiary to perform an internal investigation, such as requiring the subsidiary to include the obligation to perform internal investigations in its statutory documents or internal policies. Generally, the cooperation of local management is crucial for the success of the internal investigation.

Depending on the internal acts of the local subsidiary (i.e. articles of association), the parent company as a shareholder could through its voting rights influence the shareholders’ meeting of the Serbian subsidiary to enact a decision reflecting the demands of the parent company for an internal investigation.

Generally, the parent company can instruct the directors of the local subsidiary to conduct the investigation by means of a shareholder resolution. However, shareholder resolutions are not binding upon the directors.

This generally depends on the company’s legal form. In a limited liability company (d.o.o.), a shareholder (i.e. the parent company) can pass resolutions that are binding on the management (limitations apply). In a joint stock company (d.d.), the shareholders in principle cannot pass such binding resolutions; the management of a d.d. is generally independent. However, there are ways in which the management of a d.d. can be obliged to conduct an internal investigation, such as a domination agreement, under which the subsidiary’s management is obliged to act as instructed by the parent’s management.

(i) The authorities are generally not prohibited from using this information against the company itself.
(ii) The authorities can generally also use this information against others (including members).
However, some restrictions could follow out of the method of the internal investigation (e.g. testimony of a member extracted by threats).

In Bulgaria only natural persons can bear criminal liability and therefore criminal proceedings cannot be initiated against a company. Generally, the authorities can use information gathered during an internal investigation against a member or other third person. To use such information as evidence in criminal proceedings, the information must be acquired through the proper means, which are specified in the Bulgarian Criminal Procedure Code. For example, if during an interview a member discloses information that implicates another member in a crime, the interview transcripts may indicate that a criminal offence was committed, but the authorities would probably require a witness interrogation as a proper way of obtaining the information against the member.

Depending on the type of evidence and the method of information collection, there may be limitations on the use of information gathered by an internal investigation.

Generally, the authorities are not prohibited from using such information against the company itself. The authorities can also use such information against others (including members).
Restrictions apply to how internal investigations will be organised not to disqualify its outcomes for the purposes of criminal proceedings (i.e. a testimony of a member extracted by threats).

There is no limit as to what sort of information the authorities may or may not use or against whom. In other words, it is at the authorities’ discretion to decide how to carry out an investigation.

The public authorities (public prosecutor or police) would examine the information in the internal investigation report and (i) pursue the investigation or (ii) reject the criminal charges in cases against the company and/or others. However, the report on the findings of the internal investigation would represent a source of information on a potential criminal activity for the public authorities, rather than evidence of criminal activity.

The authorities are generally not prohibited from using this information against the company and/or others. However, should any information be obtained unlawfully, restrictions on its use will apply.

The use of information gathered by an Internal Investigation is generally permitted, both against (i) the company and (ii) others. Limitations apply; for example, the use of such information may be limited if the internal investigation was conducted illegally / in circumvention of the suspects’ procedural rights (e.g. in case of unlawful wiretapping or video recordings).

Yes. Actually, it is recommendable to perform internal investigations in parallel to criminal investigations to be up-to-date regarding the development of the case. The most important issues are (i) to use proven and reliable procedures within the internal investigation, (ii) to have a clear internal and external communication policy, and (iii) to handle the timing of the investigation process.

Generally yes. Bulgarian law does not regulate internal investigations. However, the internal investigation should not impede or in any other way interfere with the criminal investigation.

Generally, yes.

If during the internal investigation the management learns about facts relevant to the criminal investigation, and the criminal authorities ask for these facts during the criminal investigation, the members of the management are obliged to answer truthfully, otherwise they could be prosecuted for giving untrue testimony. This may be an issue especially when the company does not want to make the whole story public.

Generally yes. If an internal investigation is conducted it should not obstruct the criminal investigation.

As a rule, there is no legal prohibition, but this might be seen as risky, since once the criminal proceedings are ongoing, any investigations conducted on your own may be seen by the authorities as obstruction of justice.

Generally, yes. However, the internal investigation must be conducted carefully so as not to tamper with the criminal (official) investigation. The internal investigation team must not undertake the prerogatives of criminal investigation authorities and attempt to entail criminal liability. This is permitted only within criminal proceedings, where procedural safeguards are expressly guaranteed. One important issue for the team of internal investigators is to make sure during the proceedings that the persons subject to investigation cannot steal, destroy, withhold, conceal or alter material evidence or documents which might prevent the criminal investigation authorities from finding out the truth in a judicial proceeding. Such acts may amount to a criminal offence, punishable by imprisonment of six months to five years. This applies mutatis mutandis also to the team of internal investigators.

Generally, yes. If a company discovers that a reportable crime (which had not already been reported) may have been committed, it and/or the responsible persons within the company may have reporting obligations. For the information on (i) which crimes are reportable and (ii) which persons may be considered “responsible persons” within a company, please see the answer to question 1.1. above.

Another important aspect to consider is that the company cannot dismiss or suspend an employee only because internal investigation proceedings have been initiated against him/her. Please see section 8 for more details.

Generally yes. An internal investigation should not obstruct the criminal investigation. The directors or employees are not protected by a duty of confidentiality and may be required to give testimony about facts that they have learned or identified during the investigation.

Generally yes. There are no general limitations. However, the internal investigation should be planned carefully so that the criminal investigation is not obstructed.

Basically, lawyers, notaries and economic trustees (Wirtschaftstreuhänder) are covered by legal privilege. These persons have the right to refuse to give evidence on matters about which they have learned in the scope of their profession. Authorities must not circumvent this right, e.g. by interrogating employees of the privileged person or by seizing documents containing privileged information.
Anyone has the right to refuse to give self-incriminating evidence.

Basically only lawyers are covered by legal privilege.
Under both the Civil Procedure Code and Criminal Procedure Code, the lawyers of the parties to a court case have the right to refuse to testify (i.e. the right applies to both civil and criminal proceedings). The lawyers of the parties in competition proceedings enjoy the same level of protection. This means that in civil, administrative and penal proceedings, the legal privilege fully applies to lawyers and they may refuse to testify or to otherwise be interrogated in relation to their activities as lawyers. Legal protection applies to (i) lawyers registered with the Bulgarian Bar Association; (ii) EU or EEA lawyers registered with the Single Register of Foreign Attorneys-at-Law of the Supreme Bar Council and in the register of foreign attorneys-at-law kept by the relevant Bar; and (iii) lawyers’ assistants registered in a special register at the respective Bar Council. Apart from lawyers and lawyers’ assistants under (i) to (iii) above, lawyers who are citizens of other countries might enjoy the protection of legal professional privilege pursuant to the provisions of an international treaty between the Republic of Bulgaria and the country of nationality of the lawyer in question or on the basis of reciprocity between the two countries.
Certain violations of this duty of professional secrecy committed by lawyers are criminalised by the Bulgarian Criminal Code.
Notary publics are also obliged to keep confidential circumstances that were entrusted to them in their capacity as a notary. The same rules apply to all notary assistants. However, the protection that applies to notaries is not absolute and a document kept with the Notary Register may be delivered by the notary in the case of a written order (ruling, order) issued by a judge or prosecutor.

Basically, attorneys-at-law and public notaries are covered by legal privilege. These persons have the right to refuse to give evidence on matters about which they learned in the scope of their profession. Authorities must not circumvent this right inter alia by interrogating employees of the privileged person or by seizing documents containing privileged information.
Moreover, anyone has the right to refuse to give self-incriminating evidence.

In general, attorneys, notaries and auditors are covered by legal privilege.

Defence attorneys, advocates or legal counsels contacting the arrestees are covered by legal privilege, which may not be lifted or circumvented. Legal privilege applies to facts learned while giving legal advice or working on a case. It also covers defence documents as referred to in point 2.3.
Clergymen are covered by legal privilege with regard to facts learned during confession.
Mediators are generally covered by legal privilege with regard to facts learned from the accused or the aggrieved party while conducting mediation proceedings.
Persons obliged to not disclose information classified as “confidential” or “strictly confidential” may testify as to information to which the above obligation applies only after they are released from the duty of confidentiality by an entitled superior authority.
Persons subject to notary, advocate, legal advisor, tax advisor, physician, reporter, statistical or counsels of State Treasury Solicitor Office privilege may be questioned with regard to the facts covered by this privilege only when this is indispensable for the interests of the administration of justice and such facts cannot be established on the basis of any other evidence.
The next of kin of the accused may refuse to testify. Witnesses accused of being an accomplice in the crime in a separate trial in progress also have the right to refuse to testify.
A witness may refuse to answer a question if the answer might incriminate him or his next of kin for an offence or a fiscal offence.

Lawyers and notaries public are covered by legal privilege.

Legal privilege only applies to attorney-client communication, including everything revealed by the client to the attorney, and all the information that the attorney acquired in any other way while representing the client, irrespective of whether the client informed the attorney of the confidentiality of the information or if this could be inferred from the case itself. The attorney is also obliged to keep confidential data, submissions, information, records, objects, minutes and deposits of parties that he or she has chosen not to represent and which were provided to the attorney for the purpose of representation. The aforementioned also applies to parties who decided not to engage the attorney.

Legal privilege in Serbia is regulated by the Serbian Attorney Act. Legal Privilege (i) covers attorneys (and trainee attorneys, associates and employees, given that they act in accordance with the attorney’s instructions) and (ii) only applies to the objects and documents placed in the attorney’s office or that were temporarily transferred elsewhere under the instructions and supervision of the attorney. Notaries and their offices are not covered by legal privilege under Serbian law.

Legal privilege covers attorneys, including their employees and associates. Attorneys cannot therefore be subject to interrogation with respect to the provision of legal services, and their communication with a client cannot be used in criminal proceedings as evidence. A similar regulation applies to notaries.

Anyone has the right to refuse to be interrogated if interrogation would expose them or their close persons to risk of prosecution.

In a nutshell, legal privilege – in the sense of the right to refuse to give evidence against the suspect – extends to spouses, close relatives / family by marriage, adoptive parents / children, (religious) confessors, attorneys, physicians, social workers and other persons who obtain information in the course of their profession and are bound by a duty of confidentiality. Furthermore, privilege against self-incrimination applies to all natural persons. In all these cases, the people have a right to decide whether they will give evidence.
In addition, attorneys are prohibited from testifying about information obtained from suspects in their role as their attorney, unless they are released by the suspect. Such evidence is in principle always inadmissible.

In particular documents drafted by a lawyer for the purposes of advising and defending an accused person (“defence documents“).

All documents, records (in electronic, audio or picture form), files, minutes and deposits located at the attorney’s office are covered by legal privilege.

Legal professional privilege covers all data, documents and correspondence (documents on hard and soft copy, computer equipment, files and other information carriers), which are in the possession of lawyers and which relate to their clients. Client-attorney correspondence is also explicitly protected by legal privilege. Conversations between client and attorney cannot be intercepted and recorded. Any recordings, where available, cannot be used as evidence and are subject to immediate destruction. These rules apply in all kinds of proceedings (civil, criminal or administration).

All documents associated with the relevant client-attorney relationship found at the attorney’s office. This may include writings, audio, computer, video or similar records as well as client’s deposits.

Notaries may not share documents with public authorities, unless the public authority seeks the individually specified document in writing.

Any attorney-client communication, including documents drafted by an attorney-at-law for the purposes of advisory and defence of an accused (“defence documents”), is covered by legal privilege. Such defence documents are excluded from scrutiny by any public authority (see our answers to questions 2.3 and 2.4 below for limitations).

Documents, statements and notes drafted by the attorney for advice and defence of the accused.

Any documents that the lawyer, notary or defence attorney keep in respect of the client.

Documents drafted for the purpose of advising and defence of a client (i.e. data, submissions, information, records, objects, minutes and deposits of parties he or she has chosen not to represent and which were provided to the attorney for the purpose of representation, also for the parties who decided not to engage the attorney). Legal privilege also covers documents concerning representation with which the attorney was acquainted, which were shown or handed over to the attorney during the representation.

Correspondence or other documents surrendered or found in the course of the search containing information pertaining to the performance of function of the defence counsel as well as documents containing confidential information or information constituting professional or other legally protected secrets or that is of a private nature.

Documents drafted by lawyers for advisory purposes and the defence of an accused (“defence documents“).

Documents drafted for the purpose of advising and defence of a client (i.e. data, submissions, information, records, objects, minutes and deposits of parties that the attorney has chosen not to represent and which were provided to him/her for the purpose of representation as well as for the parties who decided not to engage the attorney). Legal privilege also covers documents concerning representation with which the attorney was acquainted that were shown or handed over to the attorney during the representation.

Mainly legal documentation prepared in connection with the provision of advisory services and for the defence of an accused person. It also includes all information communicated to an attorney by a client.

Legal privilege, in principle, extends to the attorney’s activities conducted “in the course of their profession”. Hence all documents associated with the client-attorney relationship are generally covered.

Legal privilege is not applicable if already existing evidence has been handed over to a privileged person to hide it from potential seizure. It also no longer applies if the defence documents have been handed over to a third party and are therefore no longer within the sphere of the accused or the privileged person.

In the Federation of Bosnia and Herzegovina there are four exceptions where the attorney is relieved from the confidentiality obligation: (i) the client explicitly or tacitly allows it; (ii) it is necessary to prevent the commission of a criminal offence; (iii) it is necessary for the attorney’s or his/her associate’s defence; and (iv) an attorney initiates litigation for the settlement of costs and expenses owed by the client. In Republika Srpska, the attorney is relieved from his/her confidentiality obligation if (i) the client undoubtedly allows it, (ii) it is necessary for the defence of the client, and (iii) it is necessary for the justification of the attorney’s decision to refuse the defence of a client.

The legal privilege protection begins as soon as the attorney is instructed by the client. There are no explicit limitations provided under the law. The exception of the legal privilege protection would be for documents handed over to the attorney in relation to the attorney’s obligation to identify his/her clients under the Measures against Money Laundering Act. Documents/information collected under this act are stored by the attorneys and, if requested by the State Agency for National Security, delivered to it.

An attorney is relieved from the confidentiality obligation if: (i) a client undoubtedly allows it; (ii) it is necessary for the attorney’s defence; or (iii) it is necessary to justify the attorney’s decision to leave the defence.

Legal privilege is also not applicable in various abuse cases (e.g. planning of criminal activity, handing over documents for the sole purpose of hiding/protecting them from potential seizure).

Legal privilege is not applicable if defence documents have been handed over to a privileged person for the sole purpose of hiding/protecting them from potential seizure. Legal privilege also no longer applies if the defence documents have been handed over to a third party and are thus no longer within the sphere of the accused or the privileged person.

Under the general confidentiality obligation of attorneys, attorneys have the right to refuse to give evidence on matters covered by legal privilege while that document is in the possession of the attorney and unless the client consents to the release. In criminal cases, the attorney acting for the defence cannot be heard even if the client gave his prior consent.

Legal privilege by an attorney can only be revealed (i) when the client authorises the disposal, (ii) if it is necessary for the defence, or (iii) if authorised by the Bar Association.

There are three exceptions where the attorney is relieved from the confidentiality obligation: (i) if the client undoubtedly allows it; (ii) if it is necessary to prevent the commission of a criminal offence; and (iii) if it is necessary for the attorney’s or his/her associate’s defence.

Point 2.1. contains limitations related to the lifting of legal privilege based on the decision of a competent authority. The legal privilege as specified in point 2.2. does not apply to correspondence or other documents containing information classified as “privileged” or “confidential”, or information constituting a professional or other legally protected secret, if their holder is suspected of having committed an offence. It also does not apply to letters or other documents of a personal nature, if the person suspected of having committed an offence is their holder, author or addressee.

In practice it means that if documents containing privileged information (produced by an attorney, e.g. legal opinion) are in the possession of a manager accused of a crime, the document may be seized by the authority and admitted as evidence

Under the RCCP, the professional relationship between a lawyer and their client may be subject to electronic surveillance only when there is information that the lawyer is committing or is preparing to commit certain very serious offences (e.g. money laundering, tax evasion, corruption offences, offences against the financial interests of the EU, etc.). It seems that no similar provisions have been enacted in the case of notaries.
If the documents are found outside the sphere of the privileged person, they might no longer benefit from immunity.

There are four exceptions where the attorney is relieved from the confidentiality obligation: (i) if the client undoubtedly allows it; (ii) if it is necessary to prevent the commission of a criminal offence; (iii) if it is necessary for the attorney’s or his/her associate’s defence; or (iv) if it is necessary for the defence of rights and interests of the attorney or his/her close relatives and associates, if these rights and interests are objectively more important than the confidentiality of the information.

Attorney legal privilege does not apply where the attorney has a reporting obligation with respect to a crime that is being committed or is being planned, even if this information comes from the client (the legal privilege applies only to crimes that the client has already committed).

Legal privilege is generally limited to the provision of legally permitted services by the attorney to the client. It is therefore inapplicable in various cases of abuse (e.g. active attempts to hide evidence) or even criminal activities planned/conducted by the attorney and the client together. Legal privilege does not apply if information has not been obtained from the client (but from another source) or has been handed over to a third party (despite being originally obtained from the client).

Authorities may under certain conditions seize documents containing legally privileged information, but it is prohibited if doing so would circumvent legal privilege (see our answer to question 2.1.). Therefore, the admissibility of such a seizure depends on (i) the location of the documents (e.g. in the attorney’s office or company’s office) and (ii) the kind of documents (e.g. defence documents or documents drafted by the company itself, such as a summary report of an internal investigation). There is a high risk that authorities will access actual privileged documents if these are kept in the company’s offices and not with the accused or a privileged person.

Legal privilege cannot be violated “to the detriment of the attorney or the client”, including during a court-ordered search. If a court-ordered search of a law firm concerns the information gathered during an internal investigation, than the public authorities potentially could have access to it. However, the cases, documents and files (except those seized based on a court decision), as well as findings discovered during the search of the law firm cannot be used to conduct proceedings against the clients of the attorneys from that firm.

Yes. See our answer under 2.3. above.

Authorities may under certain conditions access/confiscate legally privileged information gathered during an internal investigation (e.g. during the search of an attorney’s office). However, the use of accessed/confiscated documents (except those based on a court decision) will be inadmissible. Also, any evidence gathered from such documents will be inadmissible (“fruit of the poisonous tree doctrine”), unless public interest prevails over the defence rights of the accused. In any case, there is a high risk that the authorities could access privileged documents if these are kept within the premises of the company and not with a privileged person.

Generally, public authorities may (under certain conditions) seize documents containing legally privileged information if and to the extent such seizure does not circumvent legal privilege (see our answer to question 2.1). The admissibility of such a seizure depends on the nature of the documents (i.e. defence documents prepared by an attorney-at-law vs. documents drafted by the company itself, such as a summary report of an internal investigation). The location of the documents is generally irrelevant. In each case, there is a substantial risk that public authorities will access actual privileged documents if these are kept in the company’s offices.

Under certain circumstances, the authorities may access legally privileged information, although a court order is required. In case of a search warrant, apart from the court order, the presence of the prosecutor is also required.

Attorney-client communication cannot be subject to review, copying, examination or confiscation, and cannot be used as evidence in court proceedings.

Generally, there are no documents covered by legal privilege. However, documents (related to internal investigation) containing state, trade and banking secrets may be seized on the basis of a court decision.

If a court orders a search of a company, then the information gathered during the internal investigation could potentially be seized by public authorities.

If a court orders a search of a law firm, then pursuant to the Attorneys Act, none of the documents provided by the client to the attorney (including information gathered during the internal investigation) can be used in the proceedings against that company or against any other clients of that firm.

During criminal proceedings, however, the following cannot be seized: (i) written documents (spisi) and documents issued and held by competent state authorities if publication thereof would violate the duty of confidentiality; (ii) letters of the suspect to his/her attorney (this does not apply if the attorney was an accomplice, if he helped the suspect after committing a crime, and concealed the crime); (iii) any documents (thus also including defence documents), minutes or excerpts made by professionals who are under a confidentiality obligation (i.e. attorneys), and which were made or acquired while performing their work.

Nevertheless, the court may order seizure of any and all documents prepared or held by the attorney if there is a justified suspicion that the attorney collaborated and/or participated in any way, jointly with the suspect, in the performance of the criminal act.

Therefore, the possibility of a seizure depends on (i) the location of the documents (i.e. at the attorney’s office or the company’s office), (ii) the kind of documents (i.e. defence documents or documents drafted by the company itself, such as a summary report of an internal investigation); and (iii) special circumstances (such as the attorney’s collaboration). In any case, there is a high risk that the authorities will access actual privileged documents if these are kept in the company’s offices and not with the suspect or a privileged person.

If a document found or surrendered contains confidential information or information constituting professional or other legally protected secrets or is of a private nature, the agency conducting the search shall hand the document over immediately without reading it to the public prosecutor or to the court in a sealed envelope.
If the defence counsel or other person summoned to surrender an object or whose premises were searched declares that correspondence or other documents surrendered or found in the course of the search contain information pertaining to the performance of function of the defence counsel, the agency conducting the search shall leave the documents to the said person without examining their contents or appearance. However, if such a statement made by a person who is not a defence counsel raises doubts, the agency conducting the procedure shall hand these documents over to the court. The court, having acquainted itself with the documents, shall return them in their entirety or in part to the person from whom they were taken or shall issue a decision that the documents be seized for the purposes of the proceedings.

Generally, the following should be exempted from access and confiscation: documents containing communications between the lawyer and the client as well as documents containing notes made by the lawyer in defence of his client.
Apparently, there are no similar provisions in the case of notaries.
In practice, however, such documents may be accessed and removed if they are found at the company’s premises, especially if the company is subject to investigation.

If a court order to search a law firm concerns the information gathered during the internal investigation, then the public authorities potentially could have access to it. The procedure for searching a law firm is regulated by the Attorneys’ Act. The legal framework and relevant practice do not provide clear guidance on the scope of documents that could be subject to search and seizure in the law firm. Nevertheless, the cases, documents and files (except those seized based on a court decision), as well as findings discovered during the search of the law firm, cannot be used to conduct proceedings against the clients of the attorneys from that firm.

Yes, for instance if documents containing legally privileged information are not stored with the attorney.

There are two aspects to legal privilege. Firstly, it is a procedural right of persons mentioned above (see 2.1. above), allowing them to refuse testimony (and, by extension, limiting certain ways of obtaining evidence, such as wiretapping, which could be used as circumvention of legal privilege). Secondly, it is a procedural caveat, which prohibits the use of certain methods/information in a criminal investigation (e.g. unwarranted searches of private premises). It follows that obtaining information gathered during an internal investigation in the course of a criminal investigation is, in principle, possible and permissible, e.g. on the basis of a search warrant for the company’s premises or testimony by a person who is not covered by legal privilege.

However, measures used for obtaining information during a criminal investigation should not be used to circumvent other procedural caveats. For example, an attorney is prohibited from testifying against their client (see 2.1. above). By extension, use of attorney’s notes (including information about a client) that are found during a search of an attorney’s office is not permissible, even if the search itself was (procedurally speaking) lawful.

As explained under point 2.1 above, it is possible, following a legal privilege claim made by a lawyer, to seize and seal in an envelope information gathered from an internal investigation, which is present at the lawyer’s office during a search held by public authorities. In order for such a sealed document to become accessible by public authorities, the judge of a “peace court of criminal jurisdiction” at the investigation phase, or a judge/court at the prosecution phase shall give the necessary decision in relation to the access of public authorities to such documents seized and sealed during a public investigation.

Documents drafted by (i) and (ii) can be protected by legal privilege. Documents drafted by (iii) and (iv) are generally not protected by legal privilege.

In Republika Srpska only documents drafted by a foreign or national attorney are protected by legal privilege. On the other hand, in the Federation of Bosnia and Herzegovina, only documents drafted by a national attorney are protected by legal privilege.

Yes. In-house counsels are not covered by legal privilege (unless the correspondence is between external attorney – client and an attorney). Other professionals (i.e. tax advisors) are also not covered by legal privilege.
For foreign attorneys the legal privilege applies if they are (i) EU lawyers who are citizens of another EU Member State, of a state party to the EEA Agreement or of Switzerland who are qualified to practice law in at least one of the said countries; and (ii) are registered with the Single Register of Foreign Attorneys-at-Law of the Supreme Bar Council and in the register of foreign attorneys-at-law kept by the relevant Bar. In addition, lawyers who are citizens of other countries might enjoy the protection of legal professional privilege pursuant to the provisions of an international treaty between the Republic of Bulgaria and the country of nationality of the lawyer in question or on the basis of reciprocity between the two countries.

Generally no, as the legal privilege extends to (i) information that the attorneys (and other privileged persons) obtained “in the course of their profession” and (ii) documents located in the attorney’s office (see 2.1. and 2.2. above). It is generally irrelevant who drafted the interview notes and/or reports summarising the internal investigation.

Generally, documents drafted by (i) and (ii) can be protected by legal privilege (some restriction on foreign attorneys may apply). Documents drafted by (iii) and (iv) are generally not protected by legal privilege (for the sake of completeness, documents drafted by tax advisors may under certain conditions be protected by legal privilege).

Generally yes. The protection is granted if a certain document was drafted by an attorney or in-house counsels belonging to the Hungarian Bar (irrespective whether the lawyer is Hungarian or a foreigner). The same applies to junior attorneys (associates) belonging to the Hungarian Bar. Tax advisors are generally not granted legal privilege.

The relevant legislation does not provide for an explicit answer, but it can be assumed that only documents drafted by a foreign or national attorney are protected by legal privilege.

Please see 2.2. above.

Only documents drafted by (i) Serbian or Montenegrin attorneys, or (ii) foreign attorneys who comply with national requirements and whose licences are recognised by the Montenegrin Bar Chamber, are protected by legal privilege.

It does not matter who the author of the documents is. The important thing is whether the documents are covered by professional secrecy or any other legally protected secrecy.

In practice it is rather unclear and there may be doubts about how to deal with documents authored by foreign attorneys not officially registered in Poland.

Yes. If the mentioned documents have been drafted by lawyers (e.g. national lawyers/in-house counsels) it can be argued that they are covered by legal privilege (even though there is no certainty about this aspect). Documents drafted by other professionals (e.g. tax advisors) are not protected by legal privilege.

Only documents drafted by a foreign or national attorney are protected by legal privilege.

Strictly from the reading of the Slovak law, only documents drafted by national attorneys and attorneys registered in Slovakia as European attorneys are protected by legal privilege. Foreign attorneys should be covered by legal privilege by referring to their confidentiality obligation under laws applicable to their business conduct. Other documents are generally not protected by legal privilege, although exceptions may apply.

Generally no. Legal privilege extends to information that the attorneys (and other privileged persons) obtain “in the course of their profession” (see 2.1. above). It is generally irrelevant who drafted (i.e. technically put together) the interview notes or similar documents containing privileged information.

Documents drafted by national attorneys are covered by legal privilege, while documents drafted by foreign attorneys, other professionals and in-house lawyers are generally not protected by legal privilege. However, foreign lawyers that are not qualified in Turkey but carry out business in Turkey pursuant to the Attorneys Act can be considered within the protection of legal privilege, as long as they are not in-house lawyers. In-house lawyers are not considered to be independent from their clients, where being independent from a client is considered of the main conditions of being in the scope of legal privilege.

Documents drafted by (i) and (ii) can be protected by legal privilege. Documents drafted by (iii) and (iv) are generally not protected by legal privilege.

In Republika Srpska only documents drafted by a foreign or national attorney are protected by legal privilege. On the other hand, in the Federation of Bosnia and Herzegovina, only documents drafted by a national attorney are protected by legal privilege.

Yes. In-house counsels are not covered by legal privilege (unless the correspondence is between external attorney – client and an attorney). Other professionals (i.e. tax advisors) are also not covered by legal privilege.
For foreign attorneys the legal privilege applies if they are (i) EU lawyers who are citizens of another EU Member State, of a state party to the EEA Agreement or of Switzerland who are qualified to practice law in at least one of the said countries; and (ii) are registered with the Single Register of Foreign Attorneys-at-Law of the Supreme Bar Council and in the register of foreign attorneys-at-law kept by the relevant Bar. In addition, lawyers who are citizens of other countries might enjoy the protection of legal professional privilege pursuant to the provisions of an international treaty between the Republic of Bulgaria and the country of nationality of the lawyer in question or on the basis of reciprocity between the two countries.

Generally no, as the legal privilege extends to (i) information that the attorneys (and other privileged persons) obtained “in the course of their profession” and (ii) documents located in the attorney’s office (see 2.1. and 2.2. above). It is generally irrelevant who drafted the interview notes and/or reports summarising the internal investigation.

Generally, documents drafted by (i) and (ii) can be protected by legal privilege (some restriction on foreign attorneys may apply). Documents drafted by (iii) and (iv) are generally not protected by legal privilege (for the sake of completeness, documents drafted by tax advisors may under certain conditions be protected by legal privilege).

Generally yes. The protection is granted if a certain document was drafted by an attorney or in-house counsels belonging to the Hungarian Bar (irrespective whether the lawyer is Hungarian or a foreigner). The same applies to junior attorneys (associates) belonging to the Hungarian Bar. Tax advisors are generally not granted legal privilege.

The relevant legislation does not provide for an explicit answer, but it can be assumed that only documents drafted by a foreign or national attorney are protected by legal privilege.

Please see 2.2. above.

Only documents drafted by (i) Serbian or Montenegrin attorneys, or (ii) foreign attorneys who comply with national requirements and whose licences are recognised by the Montenegrin Bar Chamber, are protected by legal privilege.

It does not matter who the author of the documents is. The important thing is whether the documents are covered by professional secrecy or any other legally protected secrecy.

In practice it is rather unclear and there may be doubts about how to deal with documents authored by foreign attorneys not officially registered in Poland.

Yes. If the mentioned documents have been drafted by lawyers (e.g. national lawyers/in-house counsels) it can be argued that they are covered by legal privilege (even though there is no certainty about this aspect). Documents drafted by other professionals (e.g. tax advisors) are not protected by legal privilege.

Only documents drafted by a foreign or national attorney are protected by legal privilege.

Strictly from the reading of the Slovak law, only documents drafted by national attorneys and attorneys registered in Slovakia as European attorneys are protected by legal privilege. Foreign attorneys should be covered by legal privilege by referring to their confidentiality obligation under laws applicable to their business conduct. Other documents are generally not protected by legal privilege, although exceptions may apply.

Generally no. Legal privilege extends to information that the attorneys (and other privileged persons) obtain “in the course of their profession” (see 2.1. above). It is generally irrelevant who drafted (i.e. technically put together) the interview notes or similar documents containing privileged information.

Documents drafted by national attorneys are covered by legal privilege, while documents drafted by foreign attorneys, other professionals and in-house lawyers are generally not protected by legal privilege. However, foreign lawyers that are not qualified in Turkey but carry out business in Turkey pursuant to the Attorneys Act can be considered within the protection of legal privilege, as long as they are not in-house lawyers. In-house lawyers are not considered to be independent from their clients, where being independent from a client is considered of the main conditions of being in the scope of legal privilege.

Companies have an interest in detecting and preventing the criminal activity of their members and may also search their email accounts for this purpose. However, the fact that these email accounts presumably do not contain any private data (e.g. because the company has prohibited its members from using their email accounts for private purposes) does not mean these email accounts may be searched without limitation. In other words, the searching of email accounts that are (or should be) used for business purposes only may infringe the members’ privacy rights. Therefore, to lawfully conduct the search as outlined above, certain requirements and limits must be met. First and foremost, there must be a concrete suspicion (konkreter Verdacht) against the individual member to justify the search. Moreover, a balance must be struck between the interest in maintaining the member’s confidentiality (Geheimhaltungsinteresse) and the company’s interest in control and access (Kontroll- und Zugriffsinteresse). Factors to be considered for the balancing test could include the severity of the alleged crime and whether the company itself is already being investigated for the alleged crime. This balancing of interests must be considered separately in each individual case. Furthermore, Members should be generally informed of a potential search of email accounts within internal investigations (e.g. within the employee privacy policy).

As in Austria.

Yes, but only under certain circumstances.

The Czech Constitution (Bill of Rights) protects privacy and message secrecy, which also applies to all emails sent to or from work, email addresses containing the employee’s name (e.g. klara.kiehl@schoenherr.at). Employees may not waive this protection in advance. This makes reading employee emails problematic, even with the employee’s prior consent.

However, if the employee grants consent subsequently (after the suspicion arises), his/her emails may be reviewed, particularly if the employee is given a chance to set the private email aside (not to be searched).

In addition, Czech employment law prohibits any monitoring of employees unless (a) the employer is monitoring compliance with prohibited private use, or (b) the scope of the employer’s activity, such as public security or largescale financial transactions, constitute a significant reason for such monitoring. Even in these cases, the monitoring must be adequate and proportionate. If one of these reasons is present, a number of messages and their addressees (senders) may be monitored, but according to the guidelines of the Czech Office for Personal Data Protection (the “Office”) the emails may not be opened.

Despite this legal uncertainty, opening work-related emails as part of internal investigations is common in the Czech Republic. Even the Office, during unofficial consultation, approved this practice as long as robust precautions are taken: (i) employees should not be allowed to use the employer’s communication equipment for private purposes; (ii) the privacy policy duly communicated to all employees should urge them to immediately delete any private emails received at their work email address; (iii) the privacy policy should inform the employees about the possibility of internal investigation and related disciplinary action; (iv) the suspicion directed against a specific employee should be well-founded and the search should be limited only to the relevant time period; (v) only suspicious emails based on a keyword search may be opened (in contrast, obviously private emails may never be opened); and (vi) as few investigators as possible, all of them bound by a confidentiality obligation, should be involved. To be on the safe side, however, a written guideline of the Office approving such an investigation practice would have to be issued (there is none).

Generally yes, given that i) the employee’s private life cannot be violated and ii) the employee should be notified beforehand about the technical means used for the surveillance.

Generally yes.
General conditions:
(a) the obligations in connection with the company related data are notified to the employee;
(b) consent is granted (eg at the conclusion of the employment agreement) by the employee in connection with the processing of the e-mail information.
The processing of e-mail data without the employee’s consent is to be assessed in each individual case.

Yes, the company is permitted to proceed as outlined in Example Case I. Suspected criminal activity of members constitutes a justified reason to search email accounts of potential suspects, as it potentially leads to enforcement of claims arising out of the company’s business. In such a case, obtaining consent from the affected member is not mandatory.
The affected members should be informed that such a search may take place before using the email account altogether. It may also result from the company’s internal bylaws. If it is not the case, the affected member should be provided with the applicable information before the search begins.
All emails may be subjected to the search if use of the company email address has been restricted to professional purposes only.

If the case refers to the company’s employees there are specific regulations resulting from Polish Labour Law that must be observed.

Firstly, the company as an employer may conduct such a search (email monitoring) if it is necessary to ensure the organisation of work enabling full use of working time and proper use of work tools made available to the employee.

Such email monitoring may not, however, violate the confidentiality of correspondence and other personal rights of an employee.

The goals, scope and method of monitoring are laid down in the collective agreement or in the work regulations or notice, if the employer is not covered by a collective agreement or is not obliged to set work regulations.

The employer must inform the employees about the monitoring no later than two weeks before it begins.

There is a risk under Romanian law that this may be seen as a breach of the member’s right to private life, and as a criminal offence, if the consent of the relevant employees is not obtained or if the company cannot invoke a specific right to carry out such an investigation.

From a data protection perspective, e-discovery procedures such as the one described in Example I may be qualified as monitoring of an employee’s activity by electronic means of communication, which are typically carried out relying on the legitimate interest of the employer (as there is no other legal ground under Romanian law to carry out such an investigation). Such processing is subject to specific requirements under Romanian law, including:

• the thorough justification of the employer’s legitimate interests through a data protection impact assessment (DPIA);
• prior information to employees on the conduct of such an investigation;
• prior consultation with the trade union/employees` representatives;
• evidence that less intrusive ways for reaching the same legitimate interest were not effective; and
• the limitation of storage of the data obtained during the investigation to 30 days.

It is advisable that companies prepare the performance of such investigations by ensuring that the above requirements are met. If prior preparation is not completed, one-time investigations should be structured to ensure that they are not qualified as monitoring subject to the above requirements. In any case, prior information to the member in relation to the conduct of the investigation is essential.

Furthermore, this kind of monitoring must be approved by the senior management or relevant corporate body and should be performed for a limited period of time. Generally, investigations may be performed only further to a balancing test of the legitimate interest and the proportionate processing of personal data or to conducting a prior DPIA. Simple balancing tests may be used in the case of one-time investigations, while it is highly recommended to conduct DPIA for general investigation practices. Although the legitimate interest in investigating business email accounts could be justified in the balancing test, the particular conditions of the member and his activity should be considered. Companies can also consider obtaining the member’s consent (at the risk of subsequent challenge to the validity of such consent by the member). In addition, internal company policies, including employee privacy notices, and employment documents should be checked to understand the company’s privacy-related rights and obligations/commitments towards its employees.

Particular attention must be given to circumstances where the investigation is made by, or at the initiative of, the shareholders of a company or other companies within the group. Disclosure of correspondence and other data to such third parties triggers their qualification as a data controller and the need that these third parties observe the general applicable privacy legislation requirements.

Generally yes. However, under data protection laws and regulations, the definition of personal data is quite broad and includes any data based on which the identity of a person is determined or could be determined directly or indirectly (i.e. could also potentially include the business email address itself if based on the identity of a person could be determined based on it). Thus, if email itself would be considered personal data, and if any personal data would be reviewed by conducting the search of company-related data, the following should be complied with: (i) the affected members should be informed  before the search of the company-related data is conducted and should consent to it in writing; (ii) the intention to perform an internal investigation should in principle be notified to the Serbian Data Protection Authority (“SDPA“); (iii) notification on the created data records concerning the internal investigation would then need to be filed to the SDPA within 15 days of the creation of such data records; and (iv) limitations to data transfer abroad under 5.2 below should be observed. In addition, the collected company-related data should be adequately protected from abuse, destruction, loss, alteration or unauthorised access. For the time being, the listed requirements are mandatory, i.e. the Company should observe them to fully comply with the applicable data protection laws and regulations. Our response to this question will be up-to-date until the implementation of the new Serbian Data Protection Act (which has been modelled after and largely complies with the GDPR) on 21 August 2019.

Generally yes; however, companies must consider the individual rights of employees and further restrictions under employment law. As to the individual rights of employees, the most important restriction is that private letters (i.e. also emails) cannot be monitored. It is subject to discussion whether an employer is entitled to monitor the content of work emails or to monitor only basic information about the email, such as the sender, receiver and subject. Each case should therefore be assessed individually, taking into account its specific circumstances.
Under Slovak employment law, an employer is entitled to check the emails of an employee in the work email account only when it has a serious reason for monitoring related to the special nature of the employer’s business activities and must notify the employee in advance of such monitoring. Implementation of a comprehensive checking mechanism in this respect requires prior consultation with employee representatives.

Generally no. Activities in Example Case I (searching the employees’ emails for specific keywords and in particular the use of Surveillance Measures) may be seen as an (unlawful) review of the content of the employees’ emails, and, in turn, an (unlawful) interference with the right to privacy and the privacy of communication, safeguarded by the Constitution and the Criminal Code. According to case law, the said right extends to work correspondence as well as private emails.
Slovenian law does not clearly spell out the conditions for the lawful review of employees’ emails. According to (non-binding) guidelines of the Information Commissioner, the content of emails may only be lawfully retrieved:
(i) based on a court order;
(ii) in very rare, exceptional cases, where there is risk of immense damage being inflicted to the employer which cannot be prevented through any other (less-intrusive) measure, provided that the employee was acquainted in advance with the rare instances in which such actions may be taken by way of internal acts adopted by the employer;
(iii) in exceptional circumstances, based on an explicit voluntary consent (however, the voluntary nature of any consent given by employees to the employer is generally questioned by the data protection authority).

Q: Could a concrete suspicion against a Member concerning serious company related offences qualify as (ii) and thus lead to the admissibility of the search of Company Related Data without the prior written consent of this Member?

A: Generally, no – the concrete suspicion alone would not suffice; there would also have to be a serious risk of damage and the employee would have to be acquainted with the possibility of the review taking place (cf. (ii)). According to the opinions and guidelines of the Information Commissioner (NB: case law here is non-existent / extremely scarce), the review of employees’ emails is (almost) entirely limited to instances where it is conducted based on a court order. The existence of (exceptional) circumstances and fulfilment of other conditions for the lawful review of the employees’ emails should be carefully examined on a case-by-case basis. The suspicion of criminal activity alone does not automatically justify the review of the employees’ emails – the employer is generally deemed able to protect its interests by notifying its suspicions to competent authorities (who may adopt adequate measures – obtain a court order to examine email correspondence). Accordingly, there is a risk that Example Case I would constitute a breach of the constitutional right to privacy and privacy of communication.

Q: We understand that a suspicion of criminal activity alone does not justify the review of the employees’ company emails by the employer. The employer has rather to appeal to the authorities to review the employees’ mails with the involvement of the authorities. Could you please confirm/clarify our understanding? (Basically we would like to know, under what circumstances a company is permitted to review its Company Related Data.)

A: Correct – please also see above. The circumstances under which Example Case I would be permitted (according to the guidelines) are extremely limited. The unlawful interference with the employees’ emails may in some instances even trigger the criminal liability of the employer.

In addition to the above, various restrictions and requirements apply for the performance of video surveillance.

In line with the decisions given by the Supreme Courts of Turkey, an employer always has the right to inspect, with the aim as stated under Example Case I¹, an employee’s e-mails, electronic devices, mobile phones and computers directly given for the conduct of the related business. However, such documents, information and devices that do not relate to the business of the employer and only relate to the private life of the employee, cannot be searched by the employer (or by its auditor, etc) in any way, or else the employer could become liable for the violation of the “right of privacy” of the employee in the scope of Turkish Criminal Law, and the information obtained from such a search will be considered illegal evidence if used in a criminal proceeding.

No.

No.

No.

No.

Yes, the probable cause (Ro. banuiala rezonabila) is defined as suspicion arising from the existence of certain facts and/or information that would convince an objective observer that an offence was committed or will be committed, and that no facts and/or information exists that would remove the criminal character of the fact.

No.

No.

No.

No.

No.

No.

Yes. Felonies are intentionally committed criminal offences carrying a potential prison sentence of three years or more. All other criminal offences are misdemeanours. Although there is no direct impact on our answer under 3.1., the balancing of interests also depends on the gravity of the potential criminal offence. Generally, the company’s interest in conducting an internal investigation will increase with the severity of the criminal offence.

Yes. A felony is an act dangerous to society (action or inaction), which has been committed intentionally and which has been declared punishable by law.
A misdemeanour formally contains the elements of a felony, but is not sanctioned, as it is not dangerous to society due to its insignificance.
Regardless of whether a suspected act may qualify as a felony or misdemeanour, the company would not be allowed to perform email searches, unless permitted by the employee.

Yes.
Misdemeanours are (i) all negligently committed criminal offences or (ii) intentionally committed offences with a maximum potential prison sentence of five years. All other criminal offences are felonies. Generally, there is no impact on our answer to question 3.1. when balancing misdemeanours and felonies.

Yes. Felonies are intentionally committed criminal offences with a potential prison sentence of two years or higher. All other criminal offences are misdemeanours. It has no direct effect on how emails may or may not be investigated; however, the more severe the offence, the higher the company’s interest in discovering the circumstances.

The Moldovan legislation distinguishes between crimes (Ro. infractiuni) and administrative offences (Ro. contraventii). Crimes are also classified into: (a) minor crimes (Ro. infractiuni usoare); (b) crimes of average gravity (Ro. infractiuni mai putin grave); (c) felonies (grave crimes) (Ro. infractiuni grave); (d) very grave crimes (Ro. infractiuni deosebit de grave); and (e) extremely grave crimes (Ro. infractiuni exceptional de grave).

Yes. Felonies are intentionally committed criminal offences with a potential prison sentence of three years or higher. All other criminal offences are misdemeanours. There is no direct impact on our answer under 3.1.

The RCCP in force does not distinguish between general categories of offences, such as “misdemeanour” and “felony”. The only areas where such a distinction is made, depending on the seriousness of the offence, and where there is a specific definition of felonies, are the laws on organised crime and the protection of witnesses.

Yes. The Criminal Act defines a felony as an act set forth by the law as a criminal offence, which is unlawful and committed with a guilty mind. The Misdemeanours Act defines a misdemeanour as an unlawful culpably committed act provided for as a misdemeanour by law or another act of a competent body.

Yes, a misdemeanour is a criminal offence committed through negligence or intentionally with a potential prison sentence of up to five years. All other criminal offences are felonies. There are no possible implications to our answer under 3.1.

Yes. Felonies are criminal offences set out in the Criminal Code, and may be sanctioned with imprisonment. Misdemeanours are violations of law, set out in statutes other than the Criminal Code, which may only attract the imposition of fines or administrative measures (e.g. cessation of activity), but may not be sanctioned with imprisonment. Generally, there is no direct impact on the answer under 3.1.

Pursuant to Article 2 of the Turkish Misdemeanour Law, a misdemeanour means a civil wrong in which the related law foresees the application of an administrative fine or an administrative sanction to the detriment of the misdemeanant. Misdemeanours (like felonies) can be committed both intentionally and by negligence. Felonies, which have been regulated under the Turkish Criminal Law, have more serious sanctions when compared to misdemeanours, and both administrative sanctions and prison sentences can be applied in the event of a violation of law. Prison sentences applied to felonies can be as short as less than 30 days and can go up to a life sentence. The differentiation between a misdemeanour or a felony does not have a direct impact on our answer under 3.1. However, as explained under question 3.1 above, if an employer violates its privilege of searching the documents and devices of an employee and violates the relevant employee’s private life, the sanction that shall apply cannot be evaluated as a misdemeanour and the employer shall be liable for committing a felony.

The likelihood of an infringement of personality rights is much higher when searching company email accounts that contain private data. As outlined in our answer to question 3.1., the admissibility of such a measure requires (i) a concrete suspicion of criminal activity, and (ii) prevailing interests of the company within the balancing test (e.g. if the alleged crime could severely impact the company’s viability). In any case, the procedure in Example II requires a greater degree of diligence. The creation of a list of predefined keywords that are not related to private correspondence could be an appropriate measure to ensure that private emails are kept outside the scope of the search. The lawfulness of searching email accounts that contain private data must be assessed in each individual case. Again, members should be generally informed of a potential search of email accounts within internal investigations (e.g. within the employee privacy policy).

As in Austria.

See our answer to question 3.1., particularly the above-mentioned precautions.

The employee’s private life cannot be violated. Therefore, such emails cannot be subject to the investigation, i.e. cannot be read. If the company obtains private data without adequately informing the employee or obtaining the employee’s prior consent for its activities, such evidence may be deemed unlawfully obtained. When such evidence is presented before the court, it cannot be considered and should be excluded. On the other hand, if there is no other way of proving the relevant conduct, in exceptional cases the courts may decide to accept the evidence collected unlawfully if the general public interest in the case overrides an individual’s right to privacy.

Generally yes.
The conditions indicated in 3.1 above are generally applicable.Also, the company’s vs. the employee’s interests are to be taken into consideration (ie there must be justification for the company to access the employee’s e-mails containing both company related data and private data).
The processing of the e-mail data without the employee’s consent is to be assessed in each individual case.

In this particular case, the chances to breach the right to private life are higher, considering the possibility of the member to use the email accounts for private purposes. Internal company policies, including the employee privacy notices, and employment documents should be checked to understand the company’s privacy-related rights and obligations/commitments towards its employees. Also, the increased likelihood of the presence of private correspondence in the examined emails should be accounted for in the balancing test of the legitimate interest or in the relevant DPIA. Considering the risk of breaching the right to private life, the keywords used for the investigation should be chosen carefully so the search is as little intrusive as possible. However, the member may claim the breach of its right to private life and prove that such a breach was more important than the result of the investigation. To diminish the possibility of such a claim, the consent of the relevant members should be obtained prior to the investigation (at the risk of subsequent challenge to the validity of such consent by the member).

Generally, yes, if the requirements under point 3.1. are complied with. Due to its restrictive practice, the SDPA could take a stricter stance as regards the appropriateness of searching members’ private data. Thus, companies should observe the requirements under point 3.1. to fully comply with the applicable data protection laws and regulations, given that they cannot rule out with certainty that personal data will be processed during the internal investigation.

Please see our answer under 3.1. above. An employer is not entitled to access the private data of an employee.

Generally no. See answer under 3.1. above.

In the scope of a recent decision of the Constitutional Court dated 10 May 2016, the Court decided that it is possible to review the private data present in the work e-mails of employees, if the relevant employee has signed the internal regulations of the company, which are considered to be a part of employment agreements. Such application means that the relevant employee has been sufficiently informed of the general principles of the related business. Therefore, if such an internal investigation conducted by the employer has (i) a legitimate aim and if the review is (ii) proportional with the aim of the investigation, then the personal information reviewed in the corporate e-mails during an internal investigation is considered to be legal. Thus, if the presence of personal correspondence and personal data has been openly prohibited via the above-mentioned internal regulations of the company, such personal data obtained as a result of the internal investigation will not be considered a breach of the right of privacy.

The surveillance of private emails is generally prohibited. However, if clarifying the suspicion is deemed highly relevant for the viability of the company and the keywords actually focus on this concrete suspicion (and are thus not too “broad”), the company can be permitted to process such data. In any case, such an assessment highly depends on the actual circumstances of the case.

As in Austria.

As outlined above, the surveillance of private emails is generally prohibited. If a keyword search confirms that certain private email contains business-related criminal evidence, to be on the safe side the Czech police should be contacted to follow-up on the investigation.

The surveillance of emails related to private life is prohibited. However, there might be a case where the surveillance is deemed crucial for the company’s interests. If such evidence is used before the authorities, the authorities may exclude it if they find that it has been illegitimately collected.

Processing of employee’s private data (personal data) without the employee’s consent is generally prohibited. (eg company’s legal obligation, company’s interests vs. employee’s fundamental interests, rights and liberties, etc).

Private data may not be searched or processed under Polish law. However, if private emails, private correspondence and the like also contain company related data, the searching and processing of such data may be permitted according to the prerequisites under point 3.1.

Searching and processing of private data may be permitted according to the prerequisites under point 3.1.

Data obtained as a result of monitoring employees may be processed for a maximum of three months from the date of their acquisition, unless they constitute or may constitute evidence in proceedings conducted under the law.

Only persons authorised to process private data will have access to materials from the emails. The above-mentioned persons will be obliged to keep these data and materials confidential.

The surveillance of private emails is generally prohibited. If the legitimate interest balancing test or relevant DPIA is successful as to justify the legitimate interest, the company may proceed with the search based on specific and objective keywords that should avoid results leading to potential breaches of private life. Considering the possibility of the member to use the email account for private correspondence, the opportunity of such a case should be decided on a case-by-case basis. In practice, companies usually ask their employees to exclude private emails from the scope of the search to diminish the risk of accessing private correspondence.

The general conditions outlined under point 3.4. above apply here as well. In particular, the employees should be informed before the private data search is conducted and should consent to the search in writing. Furthermore, to mitigate concerns under data protection laws, the private data should (as far as possible) be excluded from review by applying a keyword list targeted to the suspicion of criminal activity. However, as there is a risk that an email address could also be considered personal data, the mere review of such an email address is an act of data processing and requires prior notification and consent of the members / data subjects (as well as compliance with other requirements under point 3.1.). To further mitigate the risk of accessing private data, the relevant employees should also be offered to disclose private email domains to be excluded from the private data search. Our response to this question will be up-to-date until the implementation of the new Serbian Data Protection Act (which has been modelled after and largely complies with the GDPR) on 21 August 2019.

Monitoring of private emails is generally prohibited. We believe this also covers private data of members. Please see our answer to 3.1. above.

See answer under 3.1.

Please see our answer to question 3.4 above.

A company may request prior general approval within the employment contract or specific case-related consent. The more severe the intrusion into the privacy of the member during an internal investigation, the less likely “general consent” within the employment contract can be regarded as consent for the measure in question. If sensitive personal data will be processed during an internal investigation, the member should explicitly approve such measures.

Be advised that employee consent under labour law (e.g. within working rules) may not meet the requirements of valid consent under the data protection laws.

As in Austria.

See our answer to question 3.1. A company may request such a prior approval within the employment contract or working rules and this is recommended. However, employees may challenge investigations carried out solely based on such consent, especially if the other precautions are not taken.

Upon prior notification of the employees (or the acceptance of a relevant internal policy), a company may look into the employees’ emails at any time but may not access ones related to the employees’ private life. The employees’ privacy in any case cannot be violated.

Employees’ emails may only be searched if the employees were notified of this in advance. These provisions are usually stipulated in the employment contract, but the employer may notify the employees by means of the working rules (internal policies) provided that they were appropriately published in a customary and commonly known way.

Generally, consent granted by the employee upon employment (eg inserted as a clause in the employment agreement or as a separate document) with regard to the processing of the employee’s personal data (including e-mail content) is sufficient for the processing of the e-mail’s content during an internal investigation.
However, the sufficiency of such preliminary consent is to be assessed at any time as regards the Company’s vs. the employee’s interests.

The company may do so. Such general consent would not extend to private data.

An employee may waive the right to confidential private correspondence. For this purpose, he or she should submit an express declaration of consent to the employer in writing. The employer will then be entitled to monitor the employee’s private email.

A company may request the prior consent of its members to perform this kind of search by way of the employment agreement. However, as mentioned above, the validity of such consent is questionable, as it can be argued that it was not freely given, considering the subordination and the authority of the company, and not specific enough.
Even if such consent is given upon signing the employment agreement, considering the intrusive character of the investigation, specific consent should be obtained. Again, there is a risk of invalidity of such consent for the same reasons.

Due to loopholes in the data protection legislation and practice as well as the SDPA’s tendency to interpret the applicable rules restrictively, it is recommended that members consent in writing to a specific internal investigation, i.e. an internal investigation caused by a specific suspicion of criminal activity. Although the “general” consent (e.g. given in an employment contract or an internal act of the company, such as the working rules, for the purpose of any past or future internal investigation) is not prohibited by the applicable laws and regulations, there is a risk that the SDPA may interpret the purpose of the general consent given for the purpose of any internal investigation as not being sufficiently specific. Our response to this question will be up-to-date until the implementation of the new Serbian Data Protection Act (which has been modelled after and largely complies with the GDPR) on 21 August 2019.

Yes; however, an employee must be informed of each case of monitoring separately, unless the monitoring will be carried out on a permanent basis, when it is recommended to adopt internal guidelines in this respect and to inform employees of these guidelines (see our answer under 3.1.).

Yes, please see our answer to question 3.4 above. The presence of such consent obtained via the internal regulations as part of employment agreements or obtained before an internal investigation is highly recommended in order to prevent any kind of breach of law (especially breaches of the right of privacy).

Generally no. The works council may attend the interview only if the employee consults the works council and demands to participate in the interview.

Generally, no approval of employee representative bodies is required by law for the interview. For the sake of completeness, the collective bargaining agreement (or other arrangement) may establish information/consultation/approval requirements.
Upon request of the employee, the respective member(s) of the employee representative body may be present at the interview.

Generally no. However, a separate agreement with the works council may provide for such approval.

Generally no.

 There is no such obligation resulting from the regulations binding in Poland. It might result from the company’s internal bylaws.

Generally, no. The internal regulations or collective bargaining agreement (if any) should be checked for specific rules. Member(s) may also seek the assistance of the trade union representative in such an interview.

See, however, in paragraph 3.1. above the need to consult with the employees’ representatives in relation to the conduct of investigations that qualify as monitoring activities conducted via electronic means of communication.

Generally no.

Generally no. However, adoption of general acts of the employer referring to the interview (e.g. outlining the purpose, procedure) may in some instances trigger the requirement to obtain a prior opinion of the trade unions.

Generally no. However, a board of directors resolution could be adopted just to be on the safe side and to prevent future objections.

The admissibility of an interview – specifically whether the interviewed person is obliged to answer the questions – again depends on the balancing of interests between the affected person and the company. On the one hand, the person has an interest in avoiding self-incrimination, which has to be regarded by the company as well. On the other hand the company wants to clarify the suspicion which can be crucial for the viability of the company. Therefore, the company may in fact be required to inform the interviewee about the interview and the suspicion to assess whether the interviewed person’s interests prevail over those of the company to conduct the interview. Such an information obligation could also arise out of the employer’s general duty of care.

As in Austria. In addition, if the interview is recorded in any way, the interviewed member must be informed beforehand. Also, no discriminatory actions can be undertaken against the member.

In principle there is no statutory obligation that the employer should provide specific information before commencing the interview under labour or criminal laws. However, we believe that from a moral and ethical standpoint it would be desirable to inform employees of the potential criminal law implications.
Generally, the admissibility of an interview – specifically whether the interviewed person must answer the inquiries – depends on the balancing of interests between the affected person and the company. On the one hand, the person is interested in avoiding self-incrimination (which the company must respect); on the other hand, the company wants to clarify a suspicion which can be crucial for its viability. Therefore, the company may also be required to inform the interviewed person about the topic of the interview and the suspicion to assess whether the interviewed person’s interests prevail over the interests of the company in conducting the interview.

Hungarian law in general respects the concepts of both presumption of innocence and the prohibition of self-incrimination. Therefore, the company acts properly if it respects the said concepts and informs the interviewed person that their testimony might be used before the authorities. The authorities might exclude evidence if they find that it has been illegitimately collected.

The Moldovan Labour Code is not specific in this respect, ie it does not provide for the Company’s (employer’s) obligation to provide to the employee any preliminary information. It is, however, indicated that the employee has to be granted the possibility to provide any proofs and justifications. In other words, we cannot exclude an interpretation, pursuant to which such employee’s right to provide any proofs and justifications is violated if no information was provided to him/her in connection with the internal investigation.

There are no particular obligations in this respect resulting from the regulations binding in Poland.

Generally, no (if the investigation is not structured as a disciplinary investigation under labour law). The company must observe all rights of the member. In this respect, the company should inform him about the subject of the interview and the possible consequences of the investigation.

Under the applicable data protection laws and regulations, a member must be informed by the interviewer about: (i) his/her identity, or name and address or company, or the identity of the other person who is responsible for data processing in accordance with the law; (ii) the purpose of collecting and further processing the data; (iii) the use of the data; (iv) the identity of persons or categories of persons using the data; (v) the legal basis or willingness to provide information and processing; (vi) the right to revoke consent to the processing, as well as the legal consequences thereof; (vii) the rights of the person in case of unauthorised processing; and (viii) other circumstances the withholding of which from a data subject or third party would be contrary to conscientious treatment. Our response to this question will be up-to-date until the implementation of the new Serbian Data Protection Act (which has been modelled after and largely complies with the GDPR) on 21 August 2019.

Generally no, but it is advisable to inform the employee about the purpose of the interview as well as their rights and the potential consequences.

An information obligation may arise to the interviewee from the employer’s general duty of care towards the employee (and, as a precaution, from the general prohibition of mobbing/harassment at the workplace). In particular, the employee should be made aware of the purpose of the interview and that the interview notes may be used in subsequent criminal proceedings.

The company does not have to provide the interviewed person with any specific information, if (as explained under point 3.4 above) the interviewed person has been informed, via internal regulations as a part of employment agreements, (i) about the general scope and (ii) the possibility of the interview notes being used in criminal proceedings. If such information has not been provided in internal regulations, it is advisable to inform and obtain the written consent of the interviewed person prior to the interview, in order to use such interview notes as criminal evidence.

Generally no. However, it may be recommendable to assess data protection implications before the interview to ensure that the collected information can be subsequently processed in line with applicable laws.

Generally no.

Generally, no. It is recommended, however, that any discussions with the employee that may impact the employer be carried out in the presence of at least two of the employer’s representatives who will subsequently draw up and sign minutes of the meeting.

Generally no. Practically, however, drawing up minutes of the interview is desirable.

Generally no (except those indicated in 4.1. above).

Generally, no, save if the interview is conducted in the context of a disciplinary investigation, where some labour law specific requirements must be observed, such as observing the member’s right to be assisted by a lawyer.

Generally no.

Generally no; however, it is recommended that any discussions with the employee that may impact the employer be carried out in the presence of at least two of the employer’s representatives, who will subsequently draw up and sign minutes of the meeting.

Generally no.

Generally no.

Based on its legitimate interest, a company may share information within its national network as long as there are no prevailing interests of the data subjects. If information sharing is prohibited, it must be strictly limited to the extent necessary for the pursued purpose and must comply with the data protection principles (such as data minimisation and purpose limitation). This means that access to such data must be restricted on a need-to-know basis. Depending on the sensitivity of the shared data, e.g. if the gathered information reveals the identity of the data subject who was allegedly involved in the criminal activity, the requirements will be more or less strict. In any case, if and to what extent such information may be shared must be assessed in each individual case.

As in Austria.

There is a strict limitation if the information relates directly to the employee. In such a case, the employer may only provide information relating to evaluation of the employee’s work, the employee’s qualifications and abilities, and matters relating to work performance. Other information may be provided only with the employee’s consent.

Generally, a company is free to share the information within its national network, as long as no prevailing interests of the affected persons contradict such sharing (e.g. violation of personality rights).

General conditions:
(i) consent is granted (eg upon the conclusion of the employment agreement) by the employee in connection with the processing of the e-mail information;
(ii) protection of the employee’s collected personal data is ensured.

It is possible that the company shares the information within its national network. The information should be shared based on the written agreement setting the scope of information transferred and the purpose of its processing. The recipient of the information must observe technical and organisational requirements as specified in the applicable regulations.

The company may generally share the information gathered in an internal investigation within its national network (employees at the national level who need the information strictly for the purpose of such an investigation), with the rights of the members observed at all times during such transfer of data (the fundamental rights of the affected person, as well as the rights provided by the data protection authority).

If data is shared to other companies within the network, and if such companies act as data controllers in relation to the received personal data, they must observe the general requirements of the applicable privacy legislation in terms of data processing (including, without limitation, the obligation to inform members in relation to the processing of data that they conduct following receipt of the information).

A company may generally share the information within its national network as long as the member concerned (i) is informed that the company’s national network will use the data and (ii) gave his/her consent to such sharing. Furthermore, the collected company-related data should be adequately protected from abuse, destruction, loss, alteration or unauthorised access.

Companies must comply with data protection rules in this respect, mainly to obtain the prior consent of the data subject to such a transfer, should it not qualify as personal data processing based on protection or rights and obligations of the employer. Certain personal data (such as birth registration number) cannot be transferred at all.

Generally, a company may share the information within its national company network. Insofar as such information includes personal data, the company should either fully anonymise all personal data or verify that an adequate legal basis for the transmission of such data under data protection laws is established (e.g. the company holds legitimate interests for the transmission, which override the interests/rights of the data subjects in question).

A company may generally share information gathered by an internal investigation within its national company network; however, if the gathered information includes private data of employees, then such information relating to private life cannot be shared within the national company network, unless such sharing has been explicitly permitted by the relevant employee. Notwithstanding, personal data may be processed without obtaining the explicit consent of the data subject if: (i) it is expressly permitted by any law; (ii) it is necessary in order to protect the life or physical integrity of the data subject or another person where the data subject is physically or legally incapable of giving consent; (iii) it is necessary to process the personal data of parties of a contract, provided that the processing is directly related to the execution or performance of the contract; (iv) it is necessary for compliance with a legal obligation which the controller is subject to; (v) the relevant information is revealed to the public by the data subject himself/herself; (vi) it is necessary for the institution, usage or protection of a right; (vii) it is necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed. Furthermore, personal data not relating to the health and sexual life of the data subject may be processed without the explicit consent of the data subject if processing is permitted by any law. Personal data relating to health and sexual life may only be processed without obtaining the explicit consent of the data subject for purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment, and care services, planning and management of health services and financing by persons under the obligation of secrecy or authorised institutions and organisations.

See our answer to 5.1. The company should generally consider the local laws to assess the possible consequences of such a transfer and if the transfer to a foreign entity would be lawful. If the foreign entity is outside the EU, the company must ensure compliance with the principles for transfers of personal data to third countries as set out in the GDPR.

As in Austria.

See our answer to question 5.1.

Generally, the same applies as in the case of question 5.1.

General conditions:
(i) consent is granted (eg upon the conclusion of the employment agreement) by the employee in connection with the processing of the e-mail information;
(ii) protection of the employee’s collected personal data is ensured;
(iii) transborder transfer of personal data was authorised by the Personal Data Authority.

Please see our answer to 5.1.

Data controllers who are part of a company’s network should consider cooperation in the field of administering personal data. The specificity of such a relationship lies primarily in the fact that the administrators jointly set goals and methods of processing, and jointly implement the obligations arising from the regulations and undertake the processing procedure. Therefore, there is no sharing of data between these entities, because they process the data jointly, within the set goals.

Joint controllers shall, by means of joint arrangements, clearly define their respective responsibilities regarding the performance of their obligations under the GDPR.

The essential content of the arrangements is made available to the employees.

The employee, however, may exercise his or her rights resulting from the GDPR to each of the administrators, irrespective of the arrangements between them.

The information gathered in an investigation procedure generally may be shared with foreign entities within an international network, basically according to the same conditions as in point 5.1. above. If the receiving companies act as data controllers in relation to the received personal data, they must observe the general requirements of the applicable privacy legislation in terms of data processing (including, without limitation, the obligation to inform members in relation to the data processing that they conduct following receipt of the information).

Transfers made outside the EEA are subject to formalities under the applicable privacy legislation, including, without limitation, transfer to jurisdictions for which the European Commission has issued an adequacy decision, or transfers based on standard contractual clauses or binding corporate rules.

Data may be transferred from the Republic of Serbia to a state signatory to the Council of Europe’s Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data.
Data may be transferred from the Republic of Serbia to a state that is not a party to the Convention if a level of data protection in that state is in accordance with the Convention. The SDPA’s approval of the data transfer to a state that is not a party to the Convention is required.

Our response to this question will be up-to-date until the implementation of the new Serbian Data Protection Act (which has been modelled after and largely complies with the GDPR) on 21 August 2019.

Please see our answer to 5.1. In the case of cross-border transfer of personal data, the employer must comply with the rules for such transfers depending on the country to which the data will be transferred.

See our answer to 5.1. Additional requirements apply if information gathered is transferred outside the EU/EEA.

A company may generally share information gathered by an internal investigation within its national company network; however, if the gathered information includes private data of employees, within the meaning of Article 9 of the Law on the Protection of Personal Data, personal data shall not be transferred abroad without the explicit consent of the data subject. For exemptions of this regulation, please see point 5.1. above.

Yes.

No. Only natural persons can bear criminal liability. Companies can only bear administrative liability (i.e. sanction or remedy measures).

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

Yes, for selected offences enumerated in the Slovak Act on Criminal Liability of Legal Entities (Act No. 91/2015 Coll., as amended).

Yes.

No, however; security measures, such as seizure of property and cancellation of operating permit, can be taken against legal entities.

Yes.

Yes. Leniency can apply in competition or for certain crimes in criminal proceedings.

Yes.*

*For the purpose of this questionnaire, we distinguish between the Leniency Programme of the Czech Competition Authority and other types of leniency programmes. For details, please refer to the answer to question 6.3 below.

In case of companies, no; in case of natural persons, yes.

Yes.

Yes.

Yes.

Yes.

Yes, but not necessarily dependent on cooperation but rather on restoration of damage caused (see 6.3. for details). In general, the cooperation with authorities may also serve as a tool to moderate sanctions to be imposed on a company (see 6.3. below).

Yes.

Yes, but mostly for competition-related disputes.

The Austrian leniency programme basically requires a voluntarily significant contribution to clarify the facts of a case by a perpetrator in due time. The application of the leniency programme further depends on the perpetrator’s level of participation with respect to the crime and whether the offered information is new for the authorities. In any case the application highly depends on the circumstances of the individual case.

The Bulgarian leniency programme basically applies to competition cases and to a limited number of crimes. For competition cases, the company’s voluntary cooperation may give it an advantage. In criminal proceedings, however, since companies do not bear criminal liability, the company’s cooperation basically favours only its employees.
Regarding competition cases, the principle is that one company is given the opportunity to be granted immunity from sanction for its participation in a secret cartel and this is the first undertaking which confesses to the competition authority involvement in a secret cartel and provides the required information and evidence. So far no company in Bulgaria has applied for leniency for participation in a cartel.
Leniency is also provided in the Criminal Code, where for some crimes full release of liability is provided. For instance, a person who has bribed another person/company will be released from liability if the briber has immediately and at their own initiative informed the authorities about the bribe. Also, a person involved in an organised criminal group who voluntarily gives himself up and discloses everything he knows about the group before a crime is committed by this person or group is released from liability.
In other criminal proceedings, cooperation with the authority would be considered a mitigating factor.

Generally, the leniency programme of the Czech Competition Authority requires a voluntary significant contribution by the breaching company to the clarification of the facts of the case. Depending on the extent and timing of the information provided, the leniency programme allows the Czech Competition Authority to grant the voluntarily cooperating company either (i) full immunity from the imposition of an administrative fine, or (ii) the possibility to reduce the administrative fine. Based on a successful leniency programme application, Czech Act No. 40/2009 Coll., Criminal Code, allows for exculpation from a criminal offence consisting in the conclusion of a prohibited price-fixing agreement, division of a market or another agreement distorting competition. Such exculpation is, however, only available to natural persons.
The Criminal Code and Act No. 141/1961 Coll., Code of Criminal Procedure, both recognise the concept of a cooperating accused person (in Czech: spolupracující obviněný). Generally, in criminal proceedings the public prosecutor may designate the accused person as a cooperating person if the accused person contributes significantly to clarifying the facts of the case, confesses to having committed a crime and agrees to be designated as a cooperating accused person. Such cooperation may be deemed an extenuating cause and result in lower penalties being imposed. In each case, this concept applies only to the investigation of crimes committed by members of an organised group, in conjunction with an organised group or in favour of an organised criminal group.* The public prosecutor may only designate natural persons as cooperating persons.
In addition, Act No. 418/2011 Coll., on Criminal Liability of Legal Entities, recognises the concept of “effective regret” (in Czech: účinná lítost). This means that the criminal liability of a legal entity ceases to exist if the legal entity voluntarily refrains from further infringement, and (i) eliminates the danger, prevents the harmful effects of the offence or remedies the harmful consequences of the offence; or (ii) notified the prosecutor or police authority about the offence at a time when the danger could have been eliminated or the harmful consequences of the offence could have been prevented.
Finally, the Act on Criminal Liability of Legal Entities provides for the possibility of a legal entity to exculpate itself from criminal liability if it proves that it has made every effort that may be reasonably expected to prevent the commission of a criminal offence by a person associated with the legal entity. It is not yet clear what “every effort that may be reasonably expected” means. Currently, it is fair to conclude that the legal entity must implement a compliance programme and actively ensure that its employees and management adhere to it.

*An organised criminal group means an association of no less than three criminally liable persons with an internal organisation structure comprising division of functions and tasks focused on systematic intentional criminal activity.

Leniency may only apply to natural persons in certain circumstances. It basically requires a voluntarily significant contribution to clarify the facts of a case in due time (most probably right before it has been committed) and requires that the perpetrator applying for leniency takes every possible step to avoid or at least minimise the damage.

Under Hungarian law, the decision to offer a reduced punishment or even immunity in exchange for certain cooperation is at the sole discretion of public prosecutors. In other words, although the prosecutors’ aim is to detect criminal acts to the extent possible (which could be favourably influenced by voluntary cooperation), there is no procedural basis under which immunity may be expected.

The application of leniency depends on the specific circumstances of the case.
Generally, the cooperation of the perpetrator with the investigating authorities is to be regarded as a mitigating circumstance (ie may lead to a lesser sentence).
Under certain conditions (eg self-incrimination (Ro. autodenunt), first time offence, active cooperation, offence qualified as minor crime or as a crime of average gravity, repaired damage), such cooperation may incur exemption of liability.

The Draft Collective Liability Law provides for a leniency programme for companies.

According to the new provisions, a collective entity is not liable if it has notified the body appointed to prosecute the crime (punishable by imprisonment for up to five years), revealing the relevant circumstances of the act, in particular persons or other collective entities involved in its commissioning (plea-bargaining).

In other cases, the prosecutor may apply for plea-bargaining, unless the circumstances of the act do not raise doubts and the collective entity cooperates with the prosecutor (discloses information, circumstances, provides data and information) and has agreed to compensate for the loss resulting from the crime.

The Fiscal Criminal Code also provides for a leniency programme in case of some fiscal crimes which encompasses voluntary disclosure in relation to tax crimes and plea-bargaining.

The leniency functions within the “crown witness” scheme and applies to individuals only. If it were to have an extenuating effect it would need to be pursued by the perpetrators. There are two crown witness schemes: the “little” one and the “regular” one.
In general, in the framework of the “little” crown witness scheme the court is obliged to apply an extraordinary mitigation of the penalty, or may even grant a suspended sentence, with respect to an offender who acted in concert with others in committing an offence, then reveals information to the prosecutors about other offenders involved in committing the offence, or the essential circumstances thereof.
Perpetrators of criminal or fiscal offences committed in the framework of an organised crime group or selected other crimes (e.g. corruption) may be granted the status of a “regular” crown witness by the court based on a motion filed by the prosecutor. In this context the crown witness is obliged to testify in exchange for discharge of punishment. The decision to grant the status of crown witness is at the discretion of the court and is not obligatory.

In a series of special laws (e.g. organised crime, corruption crimes, etc.), the perpetrator is either completely exempted from criminal liability (e.g. offering a bribe, peddling in influence, establishment of an organised crime group), if they report having committed the offence before its discovery by the investigation authorities or benefit from a decrease by half of the limits of the applied penalty (e.g. corruption and assimilated offences), if they report the offence during the criminal investigation and facilitate prosecution of the person(s) involved in committing the crime.

Under the Corporate Criminal Liability Act, cooperation with public authorities is (i) a mitigating factor that a judge can take into account when determining the fine, (ii) a condition for relief from criminal liability, and (iii) a condition for dismissing criminal charges against the company. The Act provides that the court may exonerate a legal entity from punishment if it (i) detects and reports a criminal act to the authorities before it has learned about the instigation of criminal proceedings, and (ii) eliminates the detrimental consequences and returns unlawfully gained proceeds voluntarily and without delay. Also, in cases of reporting crimes punishable by imprisonment of three years, any criminal charges against the company might be dismissed, based on one or more of the following circumstances: (i) the company reports a crime before it found out that the prosecution bodies (police, prosecutor) have discovered a crime; (ii) the company prevents any damage / compensates damages / removes any detrimental consequences of a crime; (iii) the company voluntarily returns any benefits gained by the crime; and (iv) the company has no property / is subject to ongoing bankruptcy proceedings.
In addition, the court would perceive the detecting and reporting of a criminal offence and measures taken against the responsible person in the legal entity as mitigating factors when calculating the fine.

The Slovak Act on Criminal Liability of Legal Entities (Act No. 91/2015 Coll., as amended) recognises the concept of so-called “effective regret” (účinná ľútosť). This provides that the legal entity ceases to be criminally liable

• if the natural person that committed (carried out) the crime ceases to be criminally liable pursuant to the relevant provisions of the Slovak Criminal Code (Act No. 300/2005 Coll., as amended) on effective regret of natural persons; or
• the legal entity has voluntarily refrained from further actions leading to a completion of the crime and it prevented or restored the harmful impacts of the crime; or
• the legal entity has voluntarily refrained from further actions leading to a completion of the crime and it notified the competent authorities at a time where the harmful impact of the crime could have been prevented or the danger threatened from the crime could have been removed.

Effective regret is not available for crimes of corruption or crimes harming the financial interests of the European Union.

As regards no. (i) above, another form of effective regret is if the offender allowed the legal entity to fulfil the conditions for benefiting from a lenience programme under laws protecting competition (applies to certain crimes only).

When determining a sentence, the court shall also consider the legal person’s actions after committing the criminal offence, especially its efforts to eliminate the harmful consequences of the offence or to voluntarily compensate the damage caused.

If the offender is a natural person, the authorities may decide to apply leniency to a cooperating offender in the form of conditional stay of criminal proceedings (with a probationary period of up to 10 years), in the form of a settlement with the victim or an agreement on sentence made between the offender and the prosecutor. In addition, certain acts by an offender (such as acceptance of guilt and providing evidence) can moderate sanctions for a natural person.

Finally, a legal entity can generally avoid criminally liability if it proves that the crime was not committed because it neglected its supervision or control powers or that the relevance of such neglect was minimal. This can be achieved by having good compliance programmes in place, by regularly training employees and by being able to prove that other measures were implemented to prevent crimes. It is important to note, however, that this exception is not available if the crime was committed by the director or a person exercising supervising authority / powers in the company.

The Slovenian leniency programme basically requires the reporting of the identity of the suspected offender to the authorities. Depending on the circumstances of the case, cooperation with the authorities or removal of harmful consequences of the criminal offence may result in a reduction, or cancellation, of the sanction.

Under Turkish Criminal Law, pursuant to the concept of “effective remorse”, real person perpetrators who inform the authorities of a crime at a defined period (defined separately for certain types of crime) and under certain conditions can benefit from leniency. Leniency is also applied in competition-related disputes within the scope of the Law on Protection of Competition. In any case the application highly depends on the circumstances of the individual case.

Generally no. However, the information leading to an internal investigation itself (e.g. reliable testimony of a member) could already qualify as insider information within the meaning of Regulation (EU) No. 596/2014 (“market abuse regulation“), which could lead to disclosure obligations, unless postponement of disclosure is permitted in accordance with the market abuse regulation.

As in Austria.

Generally, no.
However, the information leading to and/or arising from an internal investigation itself could qualify as insider information within the meaning of Regulation (EU) No 596/2014 (“market abuse regulation”), which could lead to disclosure obligations (unless postponement of disclosure is permitted in accordance with the market abuse regulation).

Generally no.

However, there are exceptional activities which may entail procedures provided for under Regulation 596/2014 and the Hungarian Act on Investment Firms stemming from Directive 2014/65/EU.

Generally no. However, reporting obligations may arise, eg as result of external audits or in case of capital market abuse (in accordance with the capital market legislation).

No. An internal investigation as such does not constitute ad hoc, periodical or insider information as specified in Regulation (EU) No. 596/2014.

No, unless the internal investigation is qualified, in the opinion of the company subject to it, insider information Regulation (EU) No 596/2014 (“market abuse regulation”) or other price sensitive information which could lead to disclosure obligations, unless postponement of disclosure is permitted in accordance with the market abuse regulation. An internal investigation could indirectly trigger the occurrence of insider information. For example, following an internal investigation, the listed company may decide to revoke its CEO because of the findings. In this case, the dismissal of the CEO is an important aspect constituting insider information that would need to be notified to the competent supervisory authorities and to the stock exchange. Basically, the internal investigation itself does not constitute insider information, but its result or certain actions taken based on its result might be considered as such.

Generally, no, although this might depend on the outcome of the investigation. This issue has not yet been regulated in Serbia, while EU Regulation No 596/2014 has not yet been implemented into the national legislation.

Generally no, unless internal investigations lead to a potential breach of the market abuse regulation, which could trigger disclosure obligations.

Generally no. However, the information leading to an internal investigation itself (i.e. the reliable testimony of a member) could already qualify as insider information within the meaning of Regulation (EU) No 596/2014 (“market abuse regulation“), which could lead to disclosure obligations, unless postponement of disclosure is permitted in accordance with the market abuse regulation.

Generally no.

Generally no. However, information gathered by an internal investigation could qualify as insider information within the meaning of the market abuse regulation, which could lead to disclosure obligations, unless postponement of disclosure is permitted in accordance with the market abuse regulation.

As in Austria.

Generally, no.
However, the information leading to and/or arising from an internal investigation could qualify as insider information within the meaning of the market abuse regulation which could lead to disclosure obligations (unless postponement of disclosure is permitted in accordance with the market abuse regulation).
Furthermore, the information on the internal investigation and/or its (potential) implications may need to be reflected – to a certain extent – in the regular reports executed by an investment instrument issuer domiciled in the Czech Republic or opting for the Czech Republic as its reference country.

Generally no.

Generally no.

No, unless the internal investigation is qualified, in the opinion of the company subject to it, insider information Regulation (EU) No 596/2014 (“market abuse regulation”) or other price sensitive information which could lead to disclosure obligations, unless postponement of disclosure is permitted in accordance with the market abuse regulation. An internal investigation could indirectly trigger the occurrence of insider information. For example, following an internal investigation, the listed company may decide to revoke its CEO because of the findings. In this case, the dismissal of the CEO is an important aspect constituting insider information that would need to be disclosed via an ad hoc report on the stock exchange. Basically, the internal investigation itself does not constitute insider information, but its result or certain actions taken based on its result might be considered as such.

Generally no. However, information gathered by an internal investigation may qualify as insider information within the meaning of the Capital Markets Act, which could lead to disclosure obligations.

Generally no, unless internal investigations lead to a potential breach of the market abuse regulation, which could trigger disclosure obligations.

Generally no. However, information gathered by an internal investigation could qualify as insider information within the meaning of the market abuse regulation, which could lead to disclosure obligations, unless postponement of disclosure is permitted in accordance with the market abuse regulation.

Generally no.

Generally no, unless an internal document signed between the parent company and the subsidiary so provides.

Generally, no.
Such a reporting obligation of the subsidiary towards its parent company may be established under general corporate rules and principles (general limitations apply; further limitations may apply for a joint stock company).

Generally no; however, such a duty usually stems from the company’s constitutional instrument.

There are no particular obligations in that respect resulting from the regulations binding in Poland.

There is no legal requirement for the management of the subsidiary to report about the internal investigation to its parent company.

This issue is not explicitly regulated, although the obligation could exist under the rule of the duties of a director under the Companies Act.

Generally no.

Such reporting obligations could arise from the general fiduciary duties of the management towards the shareholders. The specifics depend on the corporate form: generally speaking, limited shareholders in a limited liability company (d.o.o.) have relatively broad information rights, while the information rights of stock company (d.d.) shareholders are, by comparison, rather limited.

If the suspicion is reasonable (and due to a possible subsequent legal dispute also provable), generally yes. Immediate termination without notice always presupposes that the employer cannot objectively be expected to continue the employment, even for the notice period. The most important reasons for immediate termination of white-collar employees without notice include:
– if the employee is disloyal to the employer or is unable to perform the promised or appropriate (reasonable) service;
– any breach of the prohibition on competition;
– if the employee disobeys orders or attempts to induce others to disobey.

No, the suspicion of criminal activity alone is not a ground for termination.
However, if the suspicion is reasonable, the company can find other legal reasons to dismiss the employee without notice due to their objective inability to perform their duties. Among the reasons for immediate termination without notice are “abuse of the employer’s confidence” (grounds for disciplinary dismissal) or “systematic breaches of work discipline” (grounds for disciplinary dismissal).
In any case, the dismissal has to be carefully considered and made depending on the particular case.

Yes, under certain circumstances. The termination of employment without notice is an exceptional measure and may be executed (without a final decision of the court in criminal proceedings finding the employee guilty) only if the employee breached the duties relating to the performed work in an especially gross manner. The employer must be able to prove such a breach and its gravity. The gravity of a breach is considered with respect to several criteria as set by the case law (among others, the personality of the employee, the employee’s position, the time and situation, intention, etc). Generally, immediate termination is justified if the breach is of such intensity that the employer cannot objectively be expected to continue the employment. Such a situation usually occurs in case of the employee’s intentional interference with the employer’s property (e.g. theft). Even if the statutory conditions for immediate termination are met, in some cases the employer may not serve immediate termination (e.g. pregnant employee).

Generally yes, if the conduct is linked to the employment relationship.
The grounds for termination stem from two cases: the employee a) commits a grave violation of any substantive obligations arising from the employment relationship wilfully or by gross negligence, or b) otherwise engages in conduct that would render the employment relationship impossible. If there are reasonable grounds to believe that an employee has committed a crime that also qualifies either of the reasons listed under a) or b), then the employee’s employment can be terminated with immediate effect.

No, the mere suspicion of criminal activity is not enough to terminate the employment agreement with the employee.

No. An employer may terminate an employment agreement without notice in case an offence is committed that excludes the relevant employee from continuing to occupy the post. However, the employer’s reasonable suspicion that the employee committed the offence is not sufficient. The fact of committing an offence must be unmistakable or must result from a valid court judgment.

No, the employer does not have the right to immediately terminate the individual employment agreement in such a case.

A dismissal decision may be issued following completion of a disciplinary investigation procedure, provided that the employee has committed repeated or gross misconducts. In such a case, the employee is not entitled to any notice period; however, the disciplinary investigation is a timely procedure itself that implies inter alia the summoning of the employee reasonably in advance so that they can prepare a defence.

Under Romanian labour law, no disciplinary sanction (including disciplinary dismissal, but excluding written warning) may be applied prior to conducting a disciplinary investigation procedure. In the absence of such a prior disciplinary procedure, the employer could face the risk of annulment of the dismissal decision in court.

No. Under the Labour Act, an employer can terminate an employment agreement only if the employee is convicted of a work-related criminal offence by a final and binding court judgment. Termination of the agreement under the suspicion of criminal activity was removed from the Labour Act after the Constitutional Court declared the provision unconstitutional.

Generally no. Immediate termination without notice is possible only if an employee (i) has been lawfully convicted of an intentional crime, or (ii) has seriously violated work discipline. Slovak law is restrictive on this issue and the mere suspicion of criminal activity would generally not qualify as a serious violation of work discipline. To immediately terminate employment due to a serious violation of work discipline, the employer must be able to prove such a violation and its gravity. The gravity of a violation is considered with respect to several criteria as set by the case law (among others, the personality of the employee, the employee’s position, the time and situation, intention, etc). Generally, immediate termination is justified if the violation is of such intensity that the employer cannot objectively be expected to continue the employment. Such a situation usually occurs in case of the employee’s intentional interference with the employer’s property (e.g. theft). Even if the statutory conditions for immediate termination are met, in some cases the employer may not serve the immediate termination (e.g. pregnant employee).

If the suspicion is reasonable (and provable in a potential court dispute), generally yes. A violation that (i) has all the elements of a criminal act and which (ii) renders further cooperation with the respective employee immediately impossible (i.e. even within the applicable termination period) constitutes a reason for an extraordinary termination of employment (i.e. termination without a notice period).

Within the meaning of Article 15 of the Labour Law, the employer may terminate an employment contract, executed for a definite or indefinite period, before its expiry and without having to comply with the prescribed notice periods under the law, if the employee commits a dishonest act against the employer, such as a breach of trust, theft or disclosure of the employer’s trade secrets. In order to make such a termination, the presence of “suspicion of criminal activity” alone is generally not adequate to terminate an employment agreement and the employee may file a reemployment lawsuit against the employer. However in the scope of the leading cases of the Turkish Supreme Courts, the employer may terminate the agreement stating that its “suspicion of criminal activity” broke the trust relationship between the employee and the employer that is required for the continuity of the agreement, and therefore the employment agreement had to be terminated.

The termination can be made in written form or orally, but must be delivered to the employee. The termination must be declared without undue delay after the employer became aware of the reason for the termination. The employer is not obliged to disclose the reason for immediate termination in the termination letter.

In Republika Srpska, the employer can terminate an employment agreement without notice in the following cases: (i) if the employee is convicted of a work-related criminal offence; (ii) if the employee fails to return to work within five days of the day of expiry of his/her approved leave from work; (iii) intentional violation of work-related duties; and (iv) violation of work discipline. In the Federation of Bosnia and Herzegovina, the employer can terminate an employment agreement without notice in case of a grave transgression and grave violation of work duties when it cannot be reasonably expected that the employment relationship will be continued.

The employer must send a written order for termination to the employee containing the grounds for termination without notice. The employment relationship is considered terminated upon receipt of the order by the employee. If the employee refuses to accept the order, the company may confirm the delivery by inviting two witnesses.
In case of disciplinary dismissal (see 8.1 above), the written explanations of the respective employee have to be collected beforehand. Also, the dismissal itself has to be done with a motivated order delivered to the employee. If the employee refuses to accept the order, the company may send it via post with return receipt. The order is considered delivered as of the date of receipt of the letter.

The immediate termination must be executed in writing and must contain a clearly (factually) defined reason. Proof of delivery to the employee must be procured (i.e. personal delivery is recommendable).

The termination notice must be drawn up in writing and must include the reasons for the termination. The termination notice must be handed over to the employee personally or sent to his/her home address. In addition, the right to termination without notice may be exercised within 15 days of gaining knowledge of the grounds, but in any case, within not more than one year of the occurrence of such grounds. The employee may challenge the termination in court, in which case the employer must be able to prove that the grounds for termination were true and valid.

In any case, the termination of an employment agreement is performed on the basis of the employer’s disposition (decision, order), which is to be notified (under signature) to the employee. Certain other documents may need to be prepared (eg conclusions (report) on the internal investigation, protocols, acts, etc) depending on the reasons for the termination.
Certain termination reasons require a specific termination procedure (eg staff redundancy).

In the situation specified under point 8.1. hereof, the employer shall make decisions with respect to termination of the employment agreement following consultation with the company’s trade union organisation representing the affected employee, which shall be informed of any reasons substantiating termination of the agreement. If the company’s trade union organisation has objections as to the grounds of the termination it must state these without delay, but not later than within three days. The termination notice shall be given in writing, although an oral statement of the employee’s immediate superior shall also be effective. At the same time, the employee shall be informed of the 21-day term for filing objections with the court.

Keeping in mind the above answer, we will only refer to the situation of disciplinary dismissal.
For the disciplinary dismissal of an employee, the following main procedural steps must be followed, subject to compliance with the requirements of the Labour Code and the disciplinary procedure set by the Internal Regulation and the collective bargaining agreement (if any) of each employer: (i) internal reporting of the alleged misconduct(s); (ii) setting up of a disciplinary committee; (iii) summoning of the employee; (iv) disciplinary investigation meeting; (v) issuing the minutes of the disciplinary investigation meeting; (vi) issuing and internal recording of the final disciplinary investigation report; (vii) issuing the disciplinary dismissal decision, and (viii) communicating the dismissal decision to the employee, meaning that the individual employment agreement is terminated.

The employer can terminate an employment agreement without termination notice/warning in three cases: (i) if the employee is convicted of a work-related criminal offence (employment agreement terminates ex lege in this case); (ii) if the employee refuses to conclude the annex to the employment agreement; and (iii) in case of organisational restructuring or decrease in workload. In all other situations, the employer must issue notice of termination to the employee.

Immediate termination must be done in writing and must be delivered to the employee, providing clear determination of the reason for the immediate termination. If a union operates at the employer, the immediate termination must be consulted with the union before the termination documents are handed over to the employee, otherwise the immediate termination is invalid. The union is obliged to consult the immediate termination within two days from delivery of the employer’s written request. If the consultation does not take place in the given period, it is deemed to have taken place. When a union member’s employment is to be terminated, the union must consent to such termination.

The termination must be made in writing and provide a detailed explanation of the reasons for the termination. Before the termination is effected, the employee must be notified in writing of the alleged violation(s) and must be afforded a hearing within not earlier than three days following the notice.

Such termination can be made orally or in written form, but is recommended to be made in written form for evidential purposes, and the termination must be notified to the relevant employee. Moreover, the right to break the employment agreement for the immoral, dishonourable or malicious behaviour of the other party may not be exercised after 6 business days as of learning the facts, and in any event after one year following the commission of the act has elapsed. The one-year statutory limitation shall not be applicable, however, if the employee has extracted material gains from the act concerned.

The termination has to be declared immediately after the company learned about the suspicion of criminal activity or after this suspicion becomes “reasonable”. Otherwise, postponing the termination could be regarded as a waiver of the company’s right to terminate the employment agreement due to this reason.

Generally no, as long as the grounds for termination are still valid at the moment of termination. In case of disciplinary dismissal (see 8.1. above), the employee must be dismissed not later than two months as of the day when the company learned about the breach serving as grounds for dismissal, but not later than one year as of the breach.

Please see our answer to question 8.2.

Under the Moldovan Labour Code, certain termination reasons are regarded as disciplinary sanctions, which are to be applied within 6 months (2 years in respect of certain circumstances).

An employment agreement cannot be terminated without notice due to the reason specified under point 8.1. hereof later than one month after the employer learned about the circumstance justifying termination of the agreement.

The employer may issue the disciplinary dismissal decision within 30 calendar days as of the date of acknowledgement of the disciplinary misconduct (i.e. from the date of the final disciplinary investigation report (point. (vi) above) and not later than six months from the date when the employee committed the misconduct.

An employment agreement can be terminated if the sentence for the work-related criminal offence became final and binding. Regarding the termination of the agreement explained in our answer under 8.1., the employer can terminate the agreement until the statute of limitations for that criminal act expires. Otherwise, the termination would be considered time-barred.

Furthermore, and unrelated to the potential work-related offence, the employment agreement may be terminated (with prior termination warning) due to a breach of work obligations and/or work discipline provided in the applicable laws, regulations, company bylaws or employment agreement. The statute of limitations for such termination is as follows: (i) six months from the date the company (employer) found out about the facts which are the basis for dismissal, and (ii) one year from the date the facts which are the basis for dismissal occurred. Otherwise, the termination would be considered time-barred.

Yes. Immediate termination generally must be served within two months after the employer learned about the employee’s breach of duties, but not later than within one year after the occurrence of the breach.

The employment may be terminated within (the earlier of): six months of the occurrence of the violation / criminal activity and 30 days upon the employer having gained knowledge of the qualified violation.

Please see our answer to question 8.2. above.

Generally no, the internal investigation alone is not grounds for suspension. Under Bulgarian employment law, an employee could be suspended only if he/she appears at work in a state which prevents him/her from performing his/her labour duties or consumes alcoholic beverages or other strong intoxicating substances during working time. In such a case, the order for the suspension should be delivered to the employee. Other, less restrictive rules could apply if the suspension is agreed under a management agreement (entered into with managing directors / board members).

Czech law does not explicitly regulate the suspension of employees during an internal investigation. In practice, to avoid the employee’s presence at the workplace, employers can (i) order the employee to go on holiday (the disadvantage is that a unilateral order of holiday by the employer is admissible only two weeks in advance and is therefore relevant only if the employee agrees with the holiday or for prolonged investigations) or (ii) use the institute of so-called “other obstacles to work” on the employer’s part. These other obstacles to work are based on the statement of the employer that it currently does not have any suitable work for the employee. This institute is being used more and more often, as it allows the employer to react immediately. No specific requirements and formalities are needed, but in practice, the employee is presented with a written order by the employer to stay at home. During the period of this absence, the employee is entitled to remuneration corresponding to his or her average earnings (average earnings are usually higher than regular wages, as they also include paid bonuses).

Yes, if so required to investigate the circumstances of an employee’s breach of obligations, the employee may be suspended. The suspension may not exceed 30 days. The employee is entitled to receive an absence fee during such suspension.

There is no explicit provision allowing it, but suspending an employee is rather practicable. Considering this legal ambiguity, it is in any case recommended to obtain the employee’s prior consent.

Generally, no. An employer can unilaterally suspend the employment agreement in very limited situations, such as when the employee is prosecuted for criminal acts that are incompatible with their job or if the employee is put under judicial control which prevents the employee from performing work. Also, the employment agreement is suspended by law if the employee is in pre-trial detention.

Slovak law does not explicitly regulate the suspension of employees during an internal investigation. In practice, to avoid the employee’s presence at the workplace, employers can (i) order the employee to go on holiday (the disadvantage is that it has to be consulted with the employee and the employee’s legitimate interests have to be taken into account, while the taking of holiday must be in line with the holiday plan approved by the union) or (ii) use the institute of so-called “other obstacles to work” on the employer’s part. These other obstacles to work are based on the employer’s statement that it currently does not have any suitable work for the employee. This institute is being used more and more often, as it allows the employer to react immediately. No specific requirements and formalities are needed, but in practice, the employee is presented with a written order by the employer to stay at home. During this absence, the employee is entitled to remuneration corresponding to their average earnings (which are usually higher than regular wages, as they also include paid bonuses). Naturally, practical implications (e.g. the employee’s availability for further investigations) should be considered.

Yes, but only when such a possibility is provided in the law, collective agreement and/or the employee’s employment agreement.

The Employment Relationship Act specifies the cases in which employees can be suspended. These are, inter alia, imprisonment or sanctions for a misdemeanour, for all of which the employee is unable to work for six months or less, detention and other cases, provided for by the law (or collective agreement or employment agreement).

During such suspension, all the contractual and other rights and obligations arising from an employment agreement (which are directly related to the performance of work) will be suspended. However, the employer cannot terminate the agreement unless there are reasons for an extraordinary termination or if the procedure for the termination of the employee has already been started prior to the suspension.

The employee has the right and duty to return to work no later than five days after the reasons for the suspension cease to exist.