Reporting work-related breach at the University of Tartu
It is important for the University of Tartu to uphold its values and principles, ensure fair and accurate procedures, stand up for its members’ well-being and good working and learning conditions, and prevent the unfair and unequal treatment of its members. We ask anyone who witnesses something that is contrary to national legislation or the university bylaws to report it.
There are no limitations to who may submit reports, but the report must be related to the University of Tartu or its members and contain information about a breach. A breach is an act or omission that is illegal or conflicts with the university’s procedures or good practices. A breach may be related, for example, to public procurement, workplace or environmental safety, conflict of interest and corruption, intentional damage to university property, theft or embezzlement, research integrity or equal treatment, or improper or offensive behaviour by a university member.
The university expects that, under normal circumstances, any problems can be resolved within the team or unit, or with the help of the immediate supervisor. However, if this is not possible for whatever reason, the university encourages staff to report work-related breaches.
Breaches can be reported via the university’s internal reporting channel or by contacting directly the head of internal audit. The reporting channel allows you to report confidentially or, if requested, anonymously.
If you make a confidential breach report, your identity will be disclosed. The internal auditors handling the report have the obligation to guarantee your confidentiality, which can only be waived with your consent.
When reporting anonymously, the internal reporting channel guarantees your anonymity, and the internal auditors cannot identify you. Even if they can deduct your identity from the content of the report, the report will still be handled as anonymous.
The internal reporting channel is not intended for addressing matters of private life, because the University of Tartu does not interfere in resolving its members’ personal life problems. The internal reporting channel is not intended for reporting study-related complaints or personal data breaches (cl. 3.5).
Internal reporting channel
The internal reporting channel of the University of Tartu is hosted by FaceUp, an external platform that allows reporting confidentially and, if requested, anonymously. The platform is managed by the Czech company FaceUp Technology s.r.o., which ensures the security of the reporting channel and encrypted data exchange. The university gives feedback to and communicates with the reporting person via the reporting channel.
To report a breach, start by clicking the “Create a report” button. On the page that opens, select the incident or event category from the dropdown menu. Then, the breach reporting form opens.
We understand that reporting a breach may be emotionally challenging, but for resolving the case, it is essential that you present the precise facts of the incident. When describing a breach, focus on the facts: put down as much information as possible about what happened, when and where, who did what and who is aware of the incident.
If you wish, you can submit the report by voice message. The system will distort the recorded voice so that the speaker’s age or gender cannot be identified. It is possible to listen to the distorted voice message before sending the report.
If documents or other relevant evidence are available, it is advisable to attach them to the report immediately. Additional materials help better understand the content of the problem and resolve it more effectively.
Before clicking the “Send” button, you may choose to remain anonymous or send the report confidentially.
If you do not want to reveal your identity, tick the box at “I want to report anonymously”. In this case, after clicking the “Send” button, a key will be displayed which allows you to check the status of your report and anonymously communicate with the internal auditor in the internal reporting channel. Copy or write down the key in a secure place. Without the key, you cannot access your report, and it is not possible for the internal auditor to communicate with you regarding the resolution of the case. You can subscribe to receive notifications of actions taken about your report to your email address. The email address will not be displayed to the internal auditor. Even if your identity can be deducted from the content of the report, the internal auditors processing the report will still handle it as anonymous.
Remember that an anonymous report makes it considerably more difficult to resolve the case.
If you want to submit the report confidentially and remove the tick from the box at “I want to report anonymously”, a field is displayed where you can write your name and contact details. In this case, the internal auditors handling the case will guarantee confidentiality, which means that they can share information about you only with your consent. If the internal auditor decides that other university staff need to be involved in resolving the case, they seek your consent to disclose your identity. Remember, however, that if the report leads to criminal proceedings, confidentiality cannot usually be guaranteed.
The received breach report is analysed, and further action will be decided by at least two internal auditors, who will also determine whether it is necessary to involve other persons in resolving the case. You will be informed of the further steps within seven calendar days, except if you have explicitly refused to be informed or if there is reason to believe that it would jeopardise your anonymity or confidentiality. If other persons need to be involved in resolving the case, you are asked for consent to disclose your identity to such persons.
You will be given feedback on the follow-up within three months, except if you have explicitly refused to be informed or there is reason to believe that it would jeopardise your anonymity or confidentiality.
In the interest of transparency, the university will give notice of receiving the breach report to individuals significantly affected by the report – particularly those implicated in the report – at the end of the proceedings at the latest. They will not be informed only in case of exceptional circumstances; the relevant decision and reasons will be documented.
Reports of breaches of equal treatment principles include reports concerning discrimination (including sexual harassment) and bullying. In these cases, the internal auditor asks for permission to involve the head or the legal counsel of the Human Resources Office in resolving the case. The latter will inform you of the possible ways to resolve the case at the university and the counselling opportunities available. The involved person will be bound by the obligation of confidentiality.
More information on what constitutes discrimination or bullying and how such cases are handled can be read in the University of Tartu Guidelines for equal treatment. We also recommend consulting the equal treatment website. The university also has equal treatment support persons who can give first advice.
Knowingly giving false information is punishable by law.
Confidentiality of the reporting person is not absolute. If a criminal proceeding is initiated based on the report, the reporting person’s confidentiality cannot usually be guaranteed.
If the report is anonymous or the reporting person does not agree to reveal their identity to the involved persons, it is considerably more difficult or impossible to resolve the case.
The university is not required to respond to obviously malicious or meaningless and anonymous breach reports if it is impossible to establish the circumstances of the case.
The received breach report and related documents, which are not subject to a longer retention period or an obligation to be stored in the university’s document management system according to other legal acts, will be retained in the internal reporting channel for three years from the date of giving the reporting person feedback on the follow-up.
Clearly malicious reports or reports motivated by revenge
Issues concerning people’s everyday problems, personal life issues or misunderstandings at the level of daily communication
Students’ complaints about the organisation of studies, for example, dissatisfaction with a grade (to resolve the situation, contact the person who made the decision)
Urgent reports of a personal data breach (to resolve the situation, contact a data protection specialist)
