1. Objective

Law 2/2023, of February 20, regulating the protection of individuals who report regulatory violations and the fight against corruption, incorporates the establishment of an Internal Information System (SII). Its main objectives are to protect individuals who, in a work or professional context, detect criminal or administrative violations, whether serious or very serious and communicate them through a regulated mechanism. The aim is to encourage the prevention of irregular conduct.

2. Scope of Application

This Policy applies to all individuals related to Convertia who report, through the channels provided herein:

  • Actions or omissions that may constitute criminal or administrative violations related to non-compliance with Convertia’s internal regulations.
  • Actions or omissions that may constitute criminal or administrative violations against European Union laws.

Members of Convertia are those who are partners, employees, and collaborators of the Company at any given time.

This Policy also applies to informants who, even if not members of Convertia, have obtained information about any of the aforementioned actions or omissions, including:

  • Clients
  • Suppliers
  • Interns
  • Volunteers
  • Anyone who has not yet established a commercial or employment relationship with Convertia and has obtained information about violations committed within the Company.

Included are those that may constitute a breach of Law 10/2010, of April 28, on the prevention of money laundering and terrorist financing (hereinafter, «ML/TF») and its implementing regulations, or the policies and procedures implemented to comply with them.

3. Internal Information System (SII)

The SII primarily consists of the Internal Information Communication Channel enabled for receiving communications, the Head of the SII, and the procedure that must be followed for processing said communications.

  1. General Principles
    Convertia’s SII is managed internally, independently, and adheres to the following general principles:
    1. Any person may communicate information about identified violations by action or omission, and may do so anonymously.
    2. Convertia’s SII is managed securely, ensuring the confidentiality of the informant’s identity, the actions taken in managing the communication, and the identity of the involved parties. This preserves the rights to privacy, personal integrity, and the presumption of innocence of those involved in the investigation process, in addition to adequate data handling that prevents unauthorized personnel access.
    3. Exceptions to the above may only be communicated to competent authorities within the framework of a criminal, disciplinary, or sanctioning investigation.
    4. Actions carried out during the investigation aim to clarify the received communication or verify the facts. This process will be conducted diligently to provide an objective response as quickly as possible, and investigations must be addressed without any discrimination.
    5. Actions taken during the investigation process will comply with current legislation, ensuring all involved parties are informed of the internal investigation and have the right to be heard at any time.
    6. The informant’s anonymity will be preserved at all times to guarantee their rights.
    7. The informant must act in good faith, being aware of the facts being communicated. Communications that are false or obtained illicitly will be subject to sanctions.
    8. The means to use Convertia’s Internal Information Communication Channel can be consulted on Convertia’s website at https://www.convertia.com/en.
  2. Internal Information Channel
    The aforementioned Internal Information Channel allows for:
    1. Written or Verbal Communications: Communications can be made in writing or verbally (through recording).
    2. Provision of Basic Personal Data: The informant may provide basic personal data (name, email, and phone) when making the communication for the purpose of receiving notifications.
    3. Anonymous Communications: Presentation of anonymous communications.
    4. Reception of Other Communications: Reception of any other communications or information within the work environment related to Convertia.Convertia will implement necessary measures to ensure the confidentiality of received communications, as well as the identity of informants if disclosed within the communication, managed by the Channel Responsible.
  3. External Information Channels
    Convertia encourages the use of its Internal Information Channel, but informants may use external channels established by Public Administrations. Any interested party (individual) may report to the corresponding authorities or regional bodies the commission of any actions or omissions included within the scope of the applicable current legislation, either directly or after communicating through the corresponding Internal Information Channel.

4. Head of the Internal Information System

The Head of Convertia’s SII will diligently assume and initiate the investigation process in accordance with the communication received through the Internal Information Channel.

In the event of a conflict of interest, Convertia’s compliance committee will appoint a new responsible person to follow up until resolution, assuming the same obligations in adherence to the principles mentioned herein as the Head of the SII.

The Head of the SII will maintain a register book, where all received communications will be recorded. Additionally, a digital file will be created for each communication, maintaining the confidentiality of all received information.

The Head of the SII will have the necessary material and personal resources for the proper development of their functions. They will maintain autonomy from the rest of Convertia’s Committees and uphold neutrality, honesty, and objectivity towards all involved parties.

5. Protection Measures

  1. Informants must act truthfully regarding the facts they know and that are directly related to Convertia. Any malicious or false communication will result in sanctions in accordance with Convertia’s Code of Ethics and Conduct.
    Convertia is committed to adopting necessary measures to ensure that employees, executives, sales personnel, shareholders, board members, suppliers, clients, and anyone who communicates committed violations are protected against all reprisals, discrimination, and any other forms of unfair treatment.
    Any action or omission that directly or indirectly constitutes unfavorable treatment within a work environment, such as suspension of employment contract, unjustified dismissal, demotion, salary reduction, or any abusive modification of working conditions; reputational damage, denial of internal training, among others.Exceptions to Protection Measures:
    • Inadmissible Communications via Internal Information Channel:
      1. Communication of facts that are inconsistent in the provided detail, whether written or verbal.
      2. Communication of facts that do not constitute a violation of Convertia’s internal regulations.
      3. Communication of facts that do not constitute a violation of European Union legislation.
      4. Information obtained through the commission of a crime.
      5. Information that is not new or significant regarding the development of an ongoing investigation.
      6. Communication regarding interpersonal conflict claims.
      7. Communication containing public information.
      8. Communication with information involving professional secrecy.
      9. Communication related to the establishment of labor or commercial relationships, containing confidential information or that should not be disclosed.
  • Protective Measures Adopted by Convertia:
    • No administrative sanctions for communication.
    • Free advice on protection procedures.
    • Legal assistance in judicial processes (defamation, copyright, industrial secrecy, data protection), whether criminal, civil, and/or administrative, if necessary.

After making a communication, all involved parties will have the right to the presumption of innocence and the right to defense. Additionally, restricted access to the file will be allowed, maintaining the confidentiality of the informant’s identity, the facts, and the process to be followed.

6. Communication Register Book

The Head of the SII will maintain a register of received communications as well as internal investigations, ensuring the principle of confidentiality and compliance with personal data protection regulations.

The register must contain the following data:

  1. Date of Reception
  2. Type of Communication
  3. Actions Taken
  4. Measures Adopted
  5. Date of Closure

These records will remain private, except when a justified request is made by a competent judicial authority. Upon such a request, the official requesting the information must provide the document where such information is requested and granted under the supervision of the authority. The register book will be provided in whole or in part as required.

7. Personal Data

Personal data obtained through the SII will be processed in full compliance with the principles and guidelines established in the applicable law. The data collected in the SII will be processed by INTELLIGENT CUSTOMER ACQUISITION SLU acting as the data controller.

 

Preparation Date: November 29, 2023
Implementation Date: December 4, 2023