Whistleblowing


Tecnopol Sistemas, SLU, in accordance with applicable regulations, provides free access to a Whistleblowing Portal for any person wishing, in good faith, to submit a report of illegal conduct, faults, or omissions, which constitute or may constitute an infringement or incite an infringement of the Code of Ethics, the regulations in the matters indicated in the EU Directive, to which Law 2/2023 also refers, and any internal documentation on the same subjects (for example, Group policies and Company rules).

Reports, even if anonymous, must be made in good faith, detailed, based on precise and consistent verification elements, and must provide accurate information to be easily verifiable.

Tecnopol Sistemas, SLU reserves the right to take legal action against Whistleblowers who make reports with malicious intent or gross negligence that are false, unfounded, defamatory, or made solely to harm the company or the person reported.

METHODS FOR REPORTING

Reports can be sent directly to the local recipients of the Company in the following ways:

  • Via the website through the online Whistleblowing Portal provided by the Subsidiary, which offers guided information for the Whistleblower. The Whistleblowing Portal can be accessed at: https://whistleblowing.mapei.com/#/?lang=en.
  • In printed form, by regular mail addressed to the Local Whistleblowing Team, at the address of the Local Subsidiary office.
  • Through a local dedicated "safe box," such as a physical box located on the premises of the Local Subsidiary used for depositing paper communications, managed by the Local Whistleblowing Team (as locally designated).
  • By phone or in person to the Local Whistleblowing Team.

It should be noted that the paper form, regular mail, and the Whistleblowing Portal are the recommended methods, as they fully guarantee the possible anonymity of the Whistleblower.

In fact, access to the Whistleblowing Portal is subject to a "no log" policy to prevent the identification of the Whistleblower wishing to remain anonymous: this means that the company's IT systems cannot identify the access point (IP address), even if logged in from a computer connected to its corporate network.

For each submitted Report, the Portal assigns a unique identification code allowing each Whistleblower to check the progress of their report anonymously. Similarly, if a Report lacks relevant data, the Recipients (identified in the following paragraph) have the right to request the Whistleblower, via the Portal and always using the previous identification code, for more information about the report.

Reports made through the Whistleblowing Portal, email, phone, or paper ("safe box" or received at the subsidiary address) are received directly by the Company's Whistleblowing Officer and shared with the Corporate Internal Audit Department of the Mapei Group. All recipients of the Report handle it according to the confidentiality principles established in the Whistleblowing Channel Policy and verify its validity based on its content.

PROTECTION AND RESPONSIBILITY OF WHISTLEBLOWERS

This Policy fully complies with the provisions of the EU Directive and Law 2/2023 regarding the rights of whistleblower protection.

Additionally, any specific instructions given locally concerning whistleblower protection, in accordance with local legislation, are fully valid and applicable.

In particular, those who have submitted a Report in good faith will not suffer any retaliation, discrimination, or sanction, whether direct or indirect. In the case of Reports made through the Whistleblowing Portal, the anonymity of the Whistleblower is guaranteed, except in cases where they consent to disclosure and without prejudice to legal obligations. Sanctions for those who violate whistleblower protection measures are defined by the Local Administration in accordance with applicable local legislation, involving the competent local Departments and informing the Corporate Legal and Human Resources Department and Organization.

The Recipients of the Report (and other parties that may be involved in the process) guarantee the maximum confidentiality of the Whistleblower and the protection of their identity. Unauthorized disclosure of the Whistleblower's identity, or information from which it can be inferred, is considered a violation of this Policy.

The Whistleblower will be sanctioned, whenever possible, in cases of Reports made with malicious intent or gross negligence that are false, unfounded, defamatory, or made solely to harm the Local Subsidiary, the Reported Person, or those affected by the Report. The Local Administration of each Local Subsidiary may also take the corresponding legal actions, in accordance with applicable local legislation, involving the competent local Departments and informing the Corporate Legal and Human Resources Department and Organization.

RIGHTS OF THE REPORTED PERSONS

During the investigation and verification of possible breaches, the persons subject to the Reports may be involved in the activity or informed about it, but in no case will a procedure be initiated solely based on the Report, in the absence of concrete evidence regarding the allegations. A procedure can only be initiated based on evidence distinct from the allegations made in the Report itself.

RECIPIENTS OF THE REPORTS

The Company's Local Whistleblowing Team directly receives reports made through the Whistleblowing Portal, by email, phone, or paper ("safe box" or received at the Local Subsidiary address) (see the following paragraph).

Reports made through the Whistleblowing Portal and through the dedicated local electronic mailbox are also accessible, for control/supervision purposes, from the headquarters (e.g., by Corporate Internal Audit).

At the headquarters level, a dedicated team, the Corporate Whistleblowing Committee, is established with the aim of controlling and supervising the processes, as described below.

All Recipients of the Report will handle the report according to the confidentiality principles established in this Policy and will verify its validity according to its content.

TIMING

In accordance with the EU Directive and Law 2/2023, the Report must be managed within a predefined timeframe, which Tecnopol complies with by setting the following deadlines:

  • The acknowledgment of receipt of the report to the whistleblower is set within seven days of receipt.
  • A reasonable time frame for providing feedback is set, not exceeding three months from the acknowledgment of receipt or, if no acknowledgment was sent to the whistleblower, three months from seven days after the report was issued. If the investigation is expected not to be concluded within 3 months, an extension of this period will be agreed upon, specifying the reasons why it could not be concluded within the estimated legal time frame.

DISCLOSURE TO INVOLVED EXTERNAL AUTHORITIES

In accordance with the EU Directive, the Whistleblower must be informed if an external Authority is involved after the investigation of the Report.

For this purpose, Subsidiaries must inform the Whistleblower of the Independent Whistleblower Protection Authority to which they can refer.

DATA PROTECTION AND STORAGE

The Local Whistleblowing Team of Tecnopol Sistemas securely archives the supporting documentation of the Report during the statute of limitations period of the reported violation.

Additionally, the report must be retained for a period of 3 months when it does not lead to an internal investigation.

Any type of personal and sensitive information contained in the Report, including that relating to the identity of the Whistleblower or other persons, must be processed in accordance with the applicable data protection standards, as established by applicable European and local legislation (e.g., GDPR and local implementation legislation, etc.).

 

 

 

WHISTLEBLOWING PORTAL - SUBMIT A REPORT

 

PROCESSING OF PERSONAL INFORMATION WHISTLEBLOWING DATA