9a. COMPLAINTS CHANNEL
- 9a.1. INTRODUCTION
- 9a.2. BASIC PRINCIPLES
- 9a.3. CHANNEL MANAGER
- 9a.4. CHANNEL USERS
- 9a.5. COMPLAINT PROCEDURE
- 9a.6. PROTECTION OF PERSONAL DATA
- 9a.7. APPROVAL
The CODE OF ETHICS of MOLGAS GROUP (subsidiaries and affiliated companies under the corporate structure of MOLGAS ENERGY HOLDING, S.L.) embodies a clear commitment not only to respect current legislation but also to the ethical principles contained therein, and a zero-tolerance attitude towards non-compliance of any kinds with legislation, rules and regulations, as well as towards criminal activities or actions that go against our ethical principles.
The Code of Business Conduct developed by MOLGAS GROUP in December 2016 included a Whistleblowing Procedure for reporting suspected irregularities and fraud and a form for reporting infractions, which is currently in place.
By means of this Document 9a COMPLAINTS CHANNEL, the aforementioned Procedure is updated, framing it within the Integral System of Prevention and Management of Legal and Criminal Risks (Integral Compliance Model) of MOLGAS GROUP.
Indeed, the establishment of a Whistleblowing Channel is the fulfilment of one of the requirements that, according to Article 31 bis of the Criminal Code, Organisation and management models must meet.
In particular, the 4th requirement of paragraph 5 of that Article provides that such models "must create an obligation to report potential risks and cases of non-compliance to the body responsible for monitoring the functioning and compliance of the prevention model".
Therefore, in order to promote compliance with the law and the rules of conduct reflected in our Code of Ethics, it has been considered essential to update our Whistleblower Channel, as a means to "create the obligation" to report possible irregularities or illegal acts that occur within MOLGAS GROUP.
The Whistleblowing Channel is therefore the means by which any person in the organisation or linked to it "must" report events related to risks that have materialised, are close to materialising or are suspected of having materialised, which may give rise to civil and/or criminal liability for MOLGAS GROUP.
Its creation, as we have said, is based on the provisions of Article 31 bis of the current Criminal Code, Circular 1/2016 of the State Attorney General's Office on the Criminal Liability of Legal Entities and the ISO 37301, UNE 19601 and UNE 19602 standards.
Based on what is contained therein, MOLGAS GROUP must implement adequate procedures to enable communication channels, so that both members of the organisation and third parties may report in good faith and based on reasonable indications, those circumstances that may involve the materialisation of a legal or criminal risk for the organisation, as well as a case of non-compliance or a weakness in the compliance management system.
We also recall that the possible sanction for inappropriate behaviour is not only incumbent on the offender, but also on those who approve such behaviour and/or have knowledge of such actions and do not try to correct them or report them immediately to their hierarchical superiors or to the Channel manager.
9a.2. BASIC PRINCIPLES
The MOLGAS GROUP 's Whistleblower Channel operates according to the following principles:
- Guarantee the secrecy of the identity of the persons who use it.
- To allow the corresponding communication to be made, therefore, on a confidential basis.
- Prohibit any form of retaliation, taking such measures as may be necessary to protect members of the organisation or third parties who make communications in good faith and on the basis of prima facie evidence.
- Providing advice to any person who may have questions or concerns.
- Inform and train all employees about the existence and purpose of the internal complaints channel and how it works (how to file a report, resolution deadlines, bodies in charge of investigating and resolving reports, accessibility for all staff, etc.).
- Guarantee that the person being reported will be aware of the existence of the report or denounce that may have been filed against him/her and that he/she will have mechanisms for his/her defence.
- Ongoing assessment of the functioning of the whistleblowing system itself, detecting possible deficiencies related to the employees' own perception of the whistleblowing channel, to the non-correlation of the results or reports resulting from investigations with the company's compliance needs and to the existence of security breaches or information leaks, due to errors in the design of the system itself and/or the attribution of insufficient responsibilities and competencies for the effective investigation and resolution of complaints.
The Spanish Data Protection Agency has frequently expressed its objections to anonymous reports, recommending in its legal reports that while confidential treatment of data obtained from reports submitted through whistleblowing systems (complaint channels) should be guaranteed, the possibility of anonymous reports should be avoided in order to ensure the accuracy and integrity of the information contained in these systems, inter alia, because it may be essential for the management body to contact the whistleblower to obtain more information or nuance the information sent or received, depending on the requirements of the investigation carried out.
Notwithstanding the above, following the reform enacted by Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights, the lawfulness of anonymous internal whistleblowing is expressly recognised in art. 24, which states that â€œit shall be lawful to create and maintain information systems through which a private law entity may be informed, even anonymously, of the commission within the entity or in the actions of third parties contracting with it, of acts or conduct that may be contrary to the general or sectoral regulations applicable to it". Likewise, the UNE 19601 Standard (Criminal Compliance Management Systems) establishes that the Whistleblowing Channel "must allow communications to be made anonymously or confidentially".
9a.3. CHANNEL MANAGER
The person in charge of the COMPLAINTS CHANNEL of the MOLGAS GROUP is the SUPERVISION AND CONTROL BODY of the Compliance Model.
In order to guarantee a greater level of independence and confidentiality in the processing of information, the channel will be managed (as an investigating and processing body) by the consultancy firm HÃBEAS CORPORATE COMPLIANCE, S.L. (hereinafter, HÃBEAS CC), as recommended by Circular 1/2016 of the State Attorney General's Office and the UNE 37301 Standard.
HÃBEAS CC will receive the communications and reports sent through the Whistleblowing Channel, manage them and, at the end, will draw a report to the SUPERVISION AND CONTROL BODY of the Compliance Model (the body responsible for the Whistleblowing Channel), which will carry out the investigation work and come up with a solution proposal.
|Receiving, processing, managing and repairing the pre-investigation report||HABEAS CC|
|Research and Resolution.
|SUPERVISORY BODY FOR THE OPERATION AND COMPLIANCE OF THE COMPREHENSIVE COMPLIANCE MODEL|
9a.4. CHANNEL USERS
The channel is an instrument that can be used by managers and employees, as well as collaborators, suppliers and customers, to report behaviour or acts that are considered contrary to the laws, regulations and rules that affect MOLGAS GROUP, that are contrary to the ethical principles set out in our Code of Ethics or that may be of criminal nature.
9a.5. PROCEDURE FOR REPORTING A COMPLAINT
The procedure for reporting a complaint includes the following steps:
|4||Proceedings of the Supervisory Authority|
The communication of a report must always be in writing (as described in step 2) and may be made anonymously or not, provided that, in the latter case, confidentiality is guaranteed at all times.
The MOLGAS GROUP'S WEBSITE includes this COMPLAINT CHANNEL and the forms to facilitate the submission of a report.
In the case of non-anonymous reports, in order to be admitted for processing, they must contain the following information:
|Information necessary for the admission and processing of a Non-anonymous Report|
|1||Details of the complainant: Name and surname, ID number, address, telephone number and e-mail address.|
|2||A statement of the facts reported of in as much detail as possible.|
|3||The manner in which the whistleblower became aware of the reported facts.|
|4||Person or Entity against whom the report is submitted, stating, in the case of a natural person, as much information as possible to enable their identification (name and surname, position, area of the company, etc.).|
|5||Identification of possible witnesses who may be aware of the alleged facts or who may have information about them.|
|6||Any other information that may be useful in the assessment, investigation and final resolution of the reported facts.|
|7||Any documents that support the report.|
As stated above, the confidentiality of the identity of the whistleblower shall be maintained at all times by the investigating body, unless such information is required by a competent authority, in which case, MOLGAS GROUP will be obliged to provide such information to the requesting body.
In the case of anonymous reports, the following information must be provided:
|Information necessary for the admission and processing of an Anonymous Report|
|1||A statement of the facts reported of in as much detail as possible.|
|2||The manner in which the whistleblower became aware of the reported facts.|
|3||Person or Entity against whom the report is submitted, stating, in the case of a natural person, as much information as possible to enable their identification (name and surname, position, area of the company, etc.).|
|4||Identification of possible witnesses who may be aware of the alleged facts or who may have information about them.|
|5||Any other information that may be useful in the assessment, investigation and final resolution of the reported facts.|
|6||Any documents that support the report.|
In the case of communications made anonymously, they will only be taken into consideration after prior examination and assessment of the veracity, significance and importance of their content.
The report can be submitted to the processing body in two ways:
- By ordinary mail to the following address:
HÃBEAS CORPORATE COMPLIANCE, S.L.
complaints Management Department
C/ CastellÃ³, 24, Escalera 2, 4Âº derecha
- By e-mail, at the following address:
The confidentiality of the communication/complaint will be guaranteed at all times.
Once a report has been received, HÃBEAS CC will proceed to register it, opening a file and identifying it by a reference, ensuring compliance with the provisions of the personal data protection regulations.
HABEAS CC may:
- Reject and archive the report, either because it does not comply with the formal requirements set out above, or because the reported behaviour does not show signs of being contrary to the current laws and regulations or to the ethical principles of MOLGAS GROUP.
- Require the whistleblower to correct any formal defects or explain the information reported or provide additional documentation that supports the reported irregular conduct within a maximum period of 15 days. Once the aforementioned period has elapsed without any defects being rectified, the report will be archived.
- Admit the report considering that it complies with the formal requirements and contains indications that the reported behaviour goes against the law or to the ethical principles of MOLGAS GROUP.
In the latter case, it shall prepare a report on the reasons for admission and transfer the report to the Supervisory and Control Body, which shall be responsible for completing the investigation.
4 Proceedings of the Supervisory Authority
Once the report has been accepted, the Supervisory and Control Body shall be responsible for carrying out the investigation.
Throughout the proceedings the presumption of innocence of the accused person (a basic principle of the Spanish legal system) shall be respected.
The procedure is initiated by notifying the interested parties in writing of the approval to start an investigation procedure.
The reported person, as required by the Spanish Data Protection Agency, will be notified in writing of:
- The external entity that manages the processing of reports.
- The facts of which they are accused.
- The departments and services within MOLGAS GROUP that could receive the report.
- How to exercise their rights.
Such notification may be delayed in those cases in which it is likely to jeopardise the investigation or where the seriousness of the facts reported of makes it advisable to do so.
This will be followed by a hearing of all those concerned and witnesses, which will be held in private.
At the hearing with the reported person, they shall be informed of the facts with which they are charged and of the possible consequences thereof, in the event that such facts are proven to be true. In addition, you will be asked for your version of the facts and you will be allowed to provide any evidence and/or witnesses you deem appropriate.
The investigating body shall have 30 days after the hearing, to come up with a solution proposal, which it shall send in writing to the parties so that, within seven days, they may submit any arguments they deem appropriate.
After that period, the decision shall become final and shall be communicated to the parties concerned.
The resolution be:
- 1. A dismissal of the report. In this case, the complainant shall be informed in writing, with a brief detailed statement of the reasons for the decision.
- 2. Upholding the report. This upholding implies a breach of the law or of the company's Code of Ethics and must be reported to the Human Resources Department or the person who performs these functions, so that the appropriate disciplinary measures can be applied (as set out in the company's disciplinary regime, ranging from a mere reprimand to disciplinary dismissal) and, of course, reporting to the authorities if necessary.
We again recall that all persons involved in potential enquiries are under an obligation to maintain confidentiality and to keep secret the data and information to which they have had access.
The data will be deleted no later than two months after the end of the investigations, if the facts have not been established. In the event of legal action, the data shall be retained for as long as necessary for the exercise by the company of its rights.
9a.6. PROTECTION OF PERSONAL DATA
This procedure guarantees the exercise of the rights established in Organic Act 3/2018 (Protection of Personal Data and Guarantee of Digital Rights), in the European Regulation on the Protection of Natural Persons, with regard to the processing of personal data, and in the additional regulations in force on the matter, both in terms of the information that must be provided in the different communications, and in terms of the specific information referring to the processing of the data and the possible exercise by the affected party of their rights.
MOLGAS GROUP's Whistleblower Channel has been approved by its Management and Governing Body.