Skip to main content
Genomcore

Whistleblowing Policy: Procedure for Handling Reports and Guiding Principles

In accordance with Article 25 of Law 2/2023 of 20 February, regulating the protection of persons reporting regulatory infringements and combating corruption (hereinafter "Law 2/2023"), entities falling within the scope of application of said Act shall provide clear and easily accessible information regarding the use of any internal reporting channels they have established, as well as the essential principles of the management procedure.

GENOMCORE, S.L., in compliance with Law 2/2023, has established an anonymous reporting channel, of which it is the sole owner, through which both Company employees and external parties may anonymously submit reports or complaints regarding regulatory compliance or potentially criminal acts by any person associated with the Company. Its subsidiary, Made of Genes, S.L., does not qualify as a regulated entity, but uses the channel as an affiliated entity; this does not imply that it has its own reporting channel or that it assumes independent legal obligations.

How can the whistleblowing channel be accessed to submit a report?

Reports may be submitted by the whistleblower in writing via the following secure electronic channels:

  • The whistleblowing channel can be accessed via the following URL: Whistleblowing Channel.
  • Furthermore, Company Employees can access it via the HR intranet.

Reports may also be made verbally, either by telephone (933900502) or in person, if requested by the complainant. Such a meeting will take place within a maximum of seven days of the request.

If the informant chooses to make a verbal report, they will be asked to also submit a written report via the URL referenced in this section to ensure the secure processing of the case.

What matters can be reported?

In general, interested parties may use the Whistleblowing Channel to report anonymously any type of non-compliance in these or other matters, such as:

  • Competition
  • Public procurement
  • Corporation tax
  • The union's financial interests (expenditure, revenue collection and funds)
  • Prevention of money laundering/terrorist financing
  • Radiation protection and nuclear safety
  • Environmental protection
  • User and consumer protection
  • Public health
  • Food safety
  • Transport safety
  • Product safety
  • Protection of privacy and personal data, and security of networks and information systems.
  • Acts affecting the financial interests of the European Union (fraud, corruption) and any act or omission that may constitute a serious or very serious criminal or administrative offence.

In any case, this shall be understood to include offences that may constitute sexual harassment, workplace harassment or other discriminatory conduct.

How will the reports received be handled?

The Whistleblowing Channel ensures the security and confidentiality of communications through encryption systems and the assignment of random codes for each new communication.

The confidentiality of communications is also guaranteed even if they are submitted via reporting channels other than those established, or to staff members not responsible for processing them, who have been trained in this matter and who will immediately forward the communication received to the Compliance Committee, which is responsible for the system.

Reports submitted via the Whistleblowing Channel may be anonymous (by default) or the whistleblower may optionally provide their personal details to facilitate better communication. Evidence supporting the reported facts may also be attached.

Communication between the whistleblower and the Company will be managed via the Whistleblowing Channel itself. To track a case, the whistleblower must enter the unique case reference number they received when submitting the report via the Whistleblowing Channel.

Reports are received exclusively by members of the Compliance Committee, the body responsible for the reporting system or channel, and are treated with complete confidentiality and privacy. The operational management of the Reporting Channel is delegated to the Channel Manager, who acts under the direction of the Committee.

What is the whistleblowing management protocol?

In order to manage reports, the following reporting protocol or internal reporting system will be followed:

  • Protocol activation: The Compliance Committee will receive the report and appoint a person responsible for following up the case (the "Investigating Officer"). An acknowledgement of receipt of the report will be sent to the whistleblower within a maximum of seven (7) working days of receipt.
  • Investigation and application of precautionary measures. The Investigator will initiate an investigation into the reported incident. The Compliance Committee will implement reversible precautionary measures to prevent the potential offence from continuing until the facts have been clarified. The maximum timeframe for responding to the report shall be three (3) months from the date of receipt, unless the matter proves to be particularly complex, in which case this period may be extended by a further maximum of three (3) months. During the processing of the report, contact may be maintained with the whistleblower to clarify any doubts or gather additional information deemed necessary for the proper investigation. All contact shall be conducted whilst ensuring the confidentiality and, where appropriate, the anonymity of the whistleblower. The whistleblower has the right to be informed of the status of their report as well as the outcome of the investigations.
  • Resolution of the Case. The Investigating Officer shall draw up a report setting out the findings regarding the reported incident, their assessment of the matter and, where appropriate, proposed measures to be implemented to address the case, and shall submit this to the Compliance Committee. In light of the report, the findings and the proposed measures, the Compliance Committee shall draw up a written proposal – duly substantiated – either to close the case or, failing that, setting out the possible measures to be adopted. The Compliance Committee shall implement the relevant measures. Where the facts appear to constitute a criminal offence, the information shall be forwarded to the Public Prosecutor's Office immediately.
  • Follow-up: The implementation and effectiveness of the measures applied will be assessed periodically until it is considered that the case can be closed as resolved.

What are the guiding principles governing the procedure?

The essential principles governing the management procedure are:

  • Confidentiality and anonymity: It is guaranteed that the identity of the whistleblower and any third party mentioned, as well as the handling of the information and the investigation, will be kept confidential, preventing access by unauthorised personnel.
  • Protection against Retaliation: A commitment not to penalise, dismiss or discriminate against a complainant acting in good faith.
  • Secure and Transparent Procedure: Complaints are handled through clear channels, with an acknowledgement of receipt within a maximum of 7 working days and a record of the information.
  • Impartial Investigation: The independence of those managing the channel is guaranteed, avoiding conflicts of interest.
  • Rights of the Accused: Presumption of innocence; the right to be informed of the acts and omissions attributed to them and of the proceedings; and the right to be heard, in accordance with the provisions of Law 3/2023.
  • Accessibility: Information on the use of the channel is made easily accessible on the organisation's website or intranet.

These principles ensure that the system is secure, confidential and effective. Their aim is to protect the whistleblower and handle reports with transparency and impartiality.

Data Protection

All information and personal data included in reports shall be processed solely for the purposes of the investigation, handling of the report and the adoption of applicable measures resulting therefrom. The security and confidentiality of the data will be guaranteed in accordance with current regulations. The data will be retained only for as long as necessary to fulfil the stated purposes and comply with applicable legal time limits, including the exercise and defence of claims within the relevant limitation period. Once these purposes have been fulfilled, the necessary measures will be taken to ensure its secure deletion.

Data subjects may consult our data protection policy for further information on the processing of data and the exercise of their rights, available at the following link: Privacy Policy

Other policies

Genomcore, S.L. has other internal policies listed below, all of which are overseen by the Compliance Committee, in order to ensure the legal safeguards mentioned in this Whistleblowing Policy:

  • Prevention and handling of sexual and gender-based harassment
  • Prevention and handling of workplace harassment
  • Information security
  • Personal data protection

External Channels

Without prejudice to the use of the internal reporting channel, the whistleblower may contact the external reporting channel via the Independent Whistleblower Protection Authority (AIPI), (https://www.proteccioninformante.gob.es/), located at Calle Luis Cabrera 9, 4th floor. Madrid (28002), and with the email address aipi@proteccioninformante.es, as well as, where applicable, to the competent regional authority, to report the commission of any regulatory infringements falling within the scope of Law 2/2023.

In Catalonia, you may contact the Oficina Antifrau de Catalunya (https://www.antifrau.cat/).