Vintegris Internal Information and Whistleblower Protection System Strategy

Related documents	VINTEGRIS
Brief description	This Strategy complies with Law 2/2023, of February 20, regulating the protection of people who report regulatory violations and the fight against corruption. It establishes the principles and functioning of an Internal System Information (SII) that the entity makes available of the persons that the aforementioned Law recognizes under its personal scope of application, to inform of any behavior that involves certain infringements of European Union regulations or may constitute a criminal offense or serious or very serious administrative offenses, as well as any behavior not aligned with the Code Organizational Conduct and Policies. This system protects those who choose to report good faith, as well as to those affected against whom make false, distorted or deliberately malicious or based on information obtained illegally.
Related documents	This Strategy is a local regulation and complements with: – VINTEGRIS Code of Conduct – Complaints Channel and Management Procedure of the Internal Information and Protection System to the Informant – Protocol prohibiting reprisals
Date of last update	28/02/2024
Latest version	28/02/2024
Date of adoption	28/02/2024

1. Introduction

On the occasion of the entry into force of Law 2/2023, of February 20, regulating the protection of persons who report on regulatory infringements and the fight against corruption, VÍNTEGRIS, SLU, (“VÍNTEGRIS” or the “Company”) approves this Internal Information and Whistleblower Protection System Strategy (hereinafter, the “Strategy”) framed within the Company’s Regulatory Compliance Model.

2. Object and scope of application

This Strategy demonstrates VÍNTEGRIS’ commitment to Regulatory Compliance, ethics and dialogue, fostering a culture of active listening with its stakeholders, both internal and external.

The Strategy aims to guarantee the protection of informants against possible reprisals and to state the general principles of the Internal System of Information and Protection of the Informant (hereinafter, the “SII” or “System”).

The SII of VÍNTEGRIS integrates the Complaints Channel or Internal Channel, as the preferred mechanism for communication, consultation or reporting of irregularities.

This Strategy and the SII described herein will be applicable to VINTEGRIS, as well as to:

VÍNTEGRIS employees and self-employed individuals providing services to the Company, including individuals who have had a professional relationship or a professional relationship with VÍNTEGRIS.
Shareholders, participants and persons belonging to the administrative, management or supervisory body of a company, including non-executive members, regardless of their functional, hierarchical position or territory in which they operate;
Anyone working for or under the supervision and direction of contractors, subcontractors, and suppliers. Employees, directors, board members, and, in general, all persons who have an employment relationship with the company VÍNTEGRIS.
Likewise, individuals acting on behalf of VÍNTEGRIS without being part of its organization must act in accordance with this Strategy.

3. How and when to report irregular behavior

Information received through the SII will be managed and investigated in accordance with the Internal Information System Management and Informant Protection Procedure.

VÍNTEGRIS also has a Retaliation Prohibition Protocol that establishes the necessary provisions for the SII and existing internal information channels to comply with the requirements established in current legislation.

The main elements of the SII are described below in a summarized question-and-answer format to facilitate understanding.

3.1 What are the channels enabled for this purpose?

The VÍNTEGRIS Whistleblowing Channel, also known as the Internal Channel (accessible via the following link: https://vintegris.bizneohr.com/whistleblowing) , is the preferred channel for VÍNTEGRIS employees and any related third parties to raise concerns about potential violations so they can be investigated and, where appropriate, addressed. This channel is available to all employees, as well as to third parties with whom VÍNTEGRIS interacts on the aforementioned website.

The SII also offers the following communication channels:

By post addressed to the Compliance System Manager of VÍNTEGRIS, with registered office at Calle Pallars, 99, Floor 3 Office 33, 08018, Barcelona.
Face-to-face meeting: possibility of verbally communicating any conduct by requesting a face-to-face meeting with the System Manager or their delegate within a maximum period of seven days.

The VÍNTEGRIS Whistleblowing Channel is a channel that guarantees the confidentiality of all communications received.

3.2 Can you report anonymously?

Yes, it is possible to report anonymously. However, since it is often useful to have a way to contact informants for more information, it is advisable to provide some contact information (a phone number or email address).

3.3 What type of information should be reported through this channel?

Some examples of infractions that may arise are:

Fraud
Human rights violations
Discrimination or harassment
Violations of competition laws
Maintaining inaccurate financial records
Bribery
Serious conflicts of interest
Inappropriate use of company resources
Insider trading
Illegal disclosure of confidential information
Retaliation against anyone who reports in good faith
Actions or omissions that may constitute an infringement of EU law, in particular those relating to public procurement, financial markets and the prevention of money laundering and terrorist financing, product safety, transport safety, environmental protection, public health, consumer protection, protection of privacy and personal data, and the security of networks and information systems
Any action or omission that may constitute a serious or very serious criminal or administrative offense. In any case, this shall include all serious or very serious criminal or administrative offenses that result in economic harm to the Public Treasury and Social Security.

The Internal Channel should not be used:

To report work-related complaints, for example, complaints related to working conditions or issues concerning the interpretation of the applicable Collective Agreement
To report immediate or urgent problems where there is an immediate threat to life or property, or where emergency assistance is needed. In such cases, contact should be made immediately with local authorities or emergency services, without prejudice to reporting to the Whistleblowing Channel later.
To resolve personal disputes
Making accusations you know to be false is prohibited. Doing so may result in disciplinary action.

3.4 What type of information should be provided?

VÍNTEGRIS’s own Reporting Channel provides guidance on the information to provide. Generally speaking, it is advisable to submit as much information as possible so that VÍNTEGRIS can assess and investigate the facts, such as:

Background, past events, and the reason for concern
The possible infraction detected
Details of the person(s) to whom the alleged infringement refers, that allow for its correct determination
Names, dates, places, and other relevant information
Any document that can support the communication

A communication can only be tracked if it contains information detailed enough to allow an investigation to be carried out.

3.5 What happens after reporting an infringement?

When submitting a communication, the Informant will receive an acknowledgment of receipt within seven calendar days.

Next, the VÍNTEGRIS Internal Channel Manager will analyze and evaluate the facts and evidence contained in the report on a preliminary basis. For this purpose, the informant—if they have provided contact information—may be asked to supplement or clarify the information provided, supplying any additional documentation necessary to substantiate the alleged infraction. As a general rule, the matter can be expected to be investigated within three months.

If deemed appropriate, the general conclusions of the investigation, once it is completed, will be shared with the Informant, respecting at all times the rights of confidentiality, privacy, data protection and the rights of all those involved.

3.6 What should I do if I have any questions about the VINTEGRIS Complaints Channel?

It is also possible to ask questions or request a meeting with the Head of the VÍNTEGRIS Complaints Channel, who will provide advice with complete confidentiality and will respond to the meeting request within a maximum of 7 days.

3.7 Can I communicate my suspicions through a channel external to Vintegris?

The Internal Information System – through the VÍNTEGRIS Whistleblowing Channel – should be used primarily for reporting, as this facilitates a swift, diligent, and effective response. Notwithstanding the above, any employee may report violations falling within the scope of Law 2/2023 to the competent authority through external reporting channels, such as the Independent Whistleblower Protection Authority.

4. Principles and guarantees that govern Vintegris' internal information system

The basic principles of action on which this Strategy is based are detailed below:

Regulatory compliance: Legality and corporate ethics are integral pillars of the System. Therefore, communications will be processed in a thorough and professional manner, and in compliance with current legislation, applicable internal regulations, and, in particular, data protection regulations.
Zero tolerance for retaliation: VÍNTEGRIS will not tolerate any employee intimidating a colleague or preventing them from reporting questionable conduct or conduct contrary to the law and VÍNTEGRIS’s internal regulations. Likewise, VÍNTEGRIS does not tolerate any form of retaliation against a whistleblower who reports a violation in good faith and in accordance with VÍNTEGRIS’s internal regulations. VÍNTEGRIS is committed to preventing, investigating, and taking action against any intimidation or retaliation, direct or indirect, as well as any threat or attempt at retaliation against:
- The Informant, by the mere fact of having reported the Infringement in accordance with VÍNTEGRIS’ internal regulations or by having used an external channel or having made a public disclosure, in accordance with applicable legislation; or
- Any other employee who assists you in this process, or participates in it (for example, as a witness or by providing information).
Acts of retaliation include, but are not limited to , discriminatory or unfavorable treatment, demotion or unfair denial of a promotion, changes to working conditions, or termination of employment. VÍNTEGRIS has a Retaliation Prohibition Protocol and will take all measures it deems necessary to protect whistleblowers from retaliation and thus preserve the integrity and impartiality of the investigation into reported irregularities. Any employee who retaliates against or personally harms a whistleblower will be subject to disciplinary action, which may include dismissal.

Notwithstanding the foregoing, the mere communication of an Infringement does not exempt the Informant who participated in the reported misconduct from responsibility, although VÍNTEGRIS may take into account the notification of the Infringement when determining the measures to be taken.

Anyone who believes they are a victim of intimidation or retaliation should immediately report it through the communication channels enabled within the SII, preferably using the VÍNTEGRIS Complaints Channel.

Independence and impartiality: The System will guarantee an impartial hearing and fair treatment for all affected persons. All persons involved in the proceedings will act in good faith in the pursuit of truth and the clarification of the facts.
Transparency and accessibility: care will be taken to ensure that information about the System and its regulation is transmitted in a clear and understandable way, for the publicity and accessibility of the System.
Traceability and security: The System will integrate all measures necessary to guarantee the integrity, tracking and security of information.
Confidentiality and anonymity: The System will guarantee anonymity and, in all cases, the utmost confidentiality of the informant’s identity, the information provided, and the actions taken in its management and processing. The informant’s identity will be guaranteed at all stages of the process and will not be disclosed to third parties, the individuals involved in the alleged infractions, or their superiors, unless required by law or in cases of harassment where the effectiveness of the investigation depends heavily on its disclosure. In such cases, disclosure will be limited to a very restricted number of individuals responsible for the investigation, or if the informant has given their consent to reveal their identity.

The System will also allow the submission of anonymous communications, although we encourage Informants to provide identifying or contact information in the communication, as this allows for better and more efficient management of the communication.

The above safeguards also apply to related individuals who, in good faith, assist or support you in communicating your concern, such as colleagues and family members. However, this protection will not apply if you report a concern or breach that you know to be false or illegally obtained.

Mitigating Circumstance: If the Informant is themselves implicated in the reported misconduct, the spirit of reporting/cooperation will be taken into account, but this does not preclude the possibility of appropriate disciplinary or legal action, including criminal proceedings. It is prohibited to obstruct any investigation, attempt to identify an Informant, or take any retaliatory action against an Informant.
Confidentiality: The System will promote that the people involved in the processing and investigation of communications act with the utmost discretion regarding the facts they learn by reason of their position or function.
Diligence and speed: The System will ensure that the investigation and resolution of the reported events are processed with due professionalism, diligence and without undue delays, so that the procedure can be completed in the shortest possible time while respecting due guarantees.
Good faith: All information must be provided in good faith and based on reasonable evidence. The bad-faith use of communication channels may lead VÍNTEGRIS to take disciplinary action and/or, if applicable, legal action against the informant. An informant will be considered to have acted in good faith when they have reasonable grounds to believe that the information provided is truthful, even if they cannot provide conclusive evidence. The System will ensure that information is communicated honestly, completely, and truthfully, without prejudice to any inaccuracies or omissions that the informant may unintentionally make.
Respect and protection of persons: the System will ensure the adoption of the relevant measures to guarantee the right to the protection of the dignity and privacy of the persons affected.
Respect for fundamental rights: The System guarantees the right to information, the right to a defense, the right to challenge evidence, the right to the presumption of innocence, and the right to honor for all persons involved in the proceedings. These persons also have the right to be heard at any time, in the manner deemed appropriate, to ensure the proper conduct of the investigation.
Personal data protection: VÍNTEGRIS undertakes to process at all times the personal data provided through the Complaints Channel and derived from the management and/or Instruction of the Information and investigations carried out, complying with the provisions of current legislation on data protection and, in particular, as provided in Title VI of Law 2/2023.

5. Responsible for the internal information system

The person responsible for the internal information system of VÍNTEGRIS in Spain will be the Head of Human Resources of VÍNTEGRIS (“System Manager”), who was appointed by the CEO of VÍNTEGRIS, SLU on February 28, 2024.

6. Interpretation of the present strategy

The provisions of this Strategy constitute the minimum regulations applicable within the framework of the Regulatory Compliance Model of VÍNTEGRIS, SLU, without prejudice to applicable local legislation. The Principles and Guarantees of this Strategy are intended as interpretative principles. However, in the event of any conflict between this Strategy and local legislation, local legislation shall always prevail.

7. Monitoring mechanisms

The CEO, as the highest governing body of VÍNTEGRIS, is responsible for the implementation of the Internal Information System and the supervision of this Strategy.

8. Sanctioning regime

This Strategy is mandatory for all VÍNTEGRIS employees. Failure to comply (whether due to gross negligence or intentionally) will result in appropriate disciplinary action, which, depending on the circumstances, may include dismissal.

9. Approval, publication and entry into force

This Strategy has been approved by the CEO of VÍNTEGRIS, SLU, on [date]

February 28, 2024, entering into force on February 28, 2024, and will remain

This policy will remain in effect until any modification is made, which will be duly communicated.

This Strategy will be published on the VÍNTEGRIS corporate website. It will also be sent to VÍNTEGRIS staff and, where applicable, communicated to third parties with whom VÍNTEGRIS interacts.

Likewise, at the beginning of the professional relationship with VÍNTEGRIS, each new employee will be informed of it and of the existence of the VÍNTEGRIS Whistleblowing Channel as part of their initial training.

Likewise, training will be provided to managers and executives on how to identify and manage reports of violations, as well as their roles and responsibilities within the Internal Information System.

This Strategy will be reviewed, updated, approved and disseminated periodically and whenever it is necessary to make any modifications.

Version Number	Effective date	Approved by (Name and position)	Approval Date	Description	Author (Name and position)
1	28/02/2024	Matthew Walsh, Chief Executive Officer	28/02/2024	Vintegris’ internal information and whistleblower protection system strategy	Noemí Cruz, Head of the Internal Information System

Appendix: Definitions

“Affected” any person to whom an infringement is attributed in the communication made through the VÍNTEGRIS Complaints Channel or other channels.

“Informant” any person who makes a communication of a possible infringement through the VÍNTEGRIS Reporting Channel or through other means or communication channels enabled by VÍNTEGRIS.

“Infringement” means any indication or reasonable suspicion of non-compliance with the Code of Conduct, this Strategy, any other internal regulations of VÍNTEGRIS or current legislation.

“Instruction” or “Investigation” refers to all actions aimed at verifying the veracity of the reported facts.

“Affected Persons” any person referred to in a communication, other than the Informant or Affected Person.

“Strategy” this policy or strategy for protecting the Informant and the Internal Information System of VÍNTEGRIS.

“Procedure” the Internal Information and Whistleblower Protection System Management Procedure

“Employee(s)” means any person who provides services to VÍNTEGRIS through an employment contract, regardless of the type of contract, and the Company’s directors.

“Head of Internal Channel and Internal Information System” responsible for the internal information system of VÍNTEGRIS.

“Internal Information System” system that integrates all of the Company’s information channels, including the VÍNTEGRIS Complaints Channel.

“Third parties” are people linked to VÍNTEGRIS in their capacity as, for example, suppliers, contractors, subcontractors, collaborators, and former employees, people in selection processes and people in practical training without an employment relationship.

“Víntegris, SLU”, CIF: B-62913926 Reg. Merc. Barcelona, Volume 34720, Folio 177, Sheet No. B256168, Inscp. 34th
C. Pallars, 99 Floor 3 Office 33 08018
Barcelona Tel: +34 93 432 90 98

Stay up to date with our news.

Subscribe to our newsletter and discover the latest updates on cybersecurity, digital identity, and trusted business solutions.