Confidential channel for Ethical and Criminal notifications

Approval of the Internal Information System and Protection of Informants and Affected Persons (Ethical Channel)

In accordance with MILLER-INGRAM's commitment to a true culture of ethics and compliance, as well as to the effective execution of the Code of Ethics and Conduct, the Criminal Compliance Policy, the Protocol for the prevention, detection and action against harassment, sexual assault, and/or discriminatory acts, and other related internal regulations, and in accordance with the provisions of art. 31 bis 5.4 of the Spanish Penal Code and Law 2/2023, of February 20, regulating the protection of persons who report regulatory violations and the fight against corruption, the Organization has implemented an Internal Information and Protection System for the Informant and Affected Persons - Ethical Channel (hereinafter also "Internal Information System", "Ethical Channel" or "the System").

All of this within the framework of our Compliance System, and the protection of our image and reputation, responding to our commitment to regulatory compliance and the strengthening of the culture of participation and internal communication as a mechanism to prevent and detect irregular conduct, as well as to guarantee the protection of whistleblowers against possible reprisals.

Consequently, the management body of MILLER-INGRAM ASSOCIATES SL and its parent company have approved the creation and implementation of the Internal Information and Informant Protection System unique to the Group, in accordance with the provisions of the aforementioned Law 2/2023, and in accordance with the principles and requirements established in the aforementioned regulation.

Within this framework, the Organization has enabled internal channels for communicating infractions ("Internal System for Information and Protection of Informants and Affected Persons") as a procedure for nominal and confidential or anonymous communication in order to report or bring to its attention, in good faith and based on reasonable indications, possible risks, non-compliance or irregularities included in the scope of the indicated Internal System, as well as to transfer queries or any suggestions for improving the system of compliance and respect for the law, and other regulations of the Organization.

And this as an appropriate and effective way to facilitate the detection, discovery and sanction, through the collaboration of all, of possible irregularities or non-compliance.

It also aims to provide adequate protection against retaliation that may be suffered by individuals who report any of the actions or omissions that may constitute violations referred to in the aforementioned Law 2/2023.

MILLER-INGRAM has chosen to establish a specialised external management system (reception of communications), with the aim of providing it with greater professionalism and autonomy, and offering appropriate guarantees of respect for independence, confidentiality, data protection and the secrecy of communications.

Purpose of the Internal Information System and Protection of the Whistleblower

It is a System that facilitates the preferential channel for bringing to the attention of MILLER-INGRAM information about actions or omissions that may constitute infractions, which has been obtained (i) in an employment or professional context (ii) within the framework of an employment or statutory relationship that has already ended (iii) volunteers (iv) interns (v) workers in training periods regardless of whether or not they receive remuneration (vi) as well as by those people whose employment relationship has not yet begun in cases where the information about infractions has been obtained during the selection process or pre-contractual negotiation.

Regulation of the Internal Information System and Defense of the Whistleblower

The complete regulation of the Internal Information System and Protection of the Informant is found in the General Policy of the Internal Information System and Defense of the Informant and the Procedure for Management of Received Information and Internal Investigations.

You can access the full text of the document at the link provided below. Below we also highlight a summary of some of its contents as a guide to facilitate the use of the information channels established to report violations or make inquiries.

The general principles and requirements of the System (developed in detail in the indicated document containing the aforementioned General Policy and Management Procedure) are: Regulatory compliance, accessibility, good faith, protection of the whistleblower and the principle of non-retaliation, confidentiality and anonymity, secrecy, objectivity and impartiality, transparency, adherence to the guiding principles of the legal system, traceability and security, data protection, possibility of prior knowledge by the Organization itself, integration into the System of the Organization's various internal information channels, person responsible for the System and due diligence, implementation by agreement or decision of the Administrative Body, independent and differentiated from other entities, and absence of retaliation.

Summary guide to facilitate the use of established internal information channels
Who can make these communications?
  1. Employees (self-employed workers) of the Companies that make up the Group.
  2. Shareholders and persons belonging to the administrative, management or supervisory body of the Companies that make up the Group (of the Organization), including non-executive members, as well as volunteers, interns, and workers in training periods, regardless of whether or not they receive remuneration.
  3. In general, all Members of the Organization according to the definition established in the Policy.
  4. Business Partners (clients, suppliers, collaborators, etc.) as defined in the Policy, including freelancers and any person working under the supervision and direction of contractors, subcontractors and suppliers.
  5. Informants who no longer have a relationship with the Companies that make up the Group (of the Organization), due to the expiration of this relationship, who communicate or publicly reveal information about violations obtained within the framework of an employment or statutory relationship that has already ended.
  6. Informants whose employment relationship has not yet begun, if the infringement is obtained during the selection process or pre-contractual negotiation.
  7. Any person who works under the supervision and direction of contractors, subcontractors and suppliers.
  8. All those who directly or indirectly intervene in the procedure and may be retaliated against for doing so (advisers of the informant, representatives, etc.).

 

In relation to the protection measures for informants, they will also apply, where appropriate, to:

 

  • Individuals who, within the framework of the organization in which the informant provides services, assist him or her in the process.
  • Individuals who are related to the informant and who may suffer retaliation, such as coworkers or family members of the informant.
  • Legal entities for which the individual works or with which the individual has any other type of relationship in a work context or in which the individual holds a significant stake. For these purposes, the stake in the capital or in the voting rights corresponding to shares or participations is deemed to be significant when, due to its proportion, it allows the person who holds it to have the capacity to influence the legal entity in which the individual holds the stake.
  • Where appropriate, specifically to the legal representatives of the workers in the exercise of their duties of advising and supporting the informant.

 

Without prejudice to the persons who have the duty to report, additionally, any person, natural or legal, who has had, has or may have a relationship with the Organization ("third parties") is encouraged to also use the Internal Information System in the cases regulated in the aforementioned Policy, as a formal mechanism to communicate any infraction, irregularity or non-compliance of which they are aware that is included in its objective scope, independently of other means of communication made available to third parties.

What types of violations can be reported?

A.- Four types of communications are established that can be sent through the Organization's Internal Information System:

 

1.- Communications on actions or omissions referred to in article 2 of Law 2/2023:

 

1.1 Any actions or omissions that may constitute breaches of European Union law provided that:

 

  1. They fall within the scope of the acts of the European Union listed in the Annex to Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, regardless of their classification by domestic law.
  2. Affect the financial interests of the European Union as referred to in Article 325 of the Treaty on the Functioning of the European Union (TFEU); or
  3. They have an impact on the internal market, as referred to in Article 26(2) TFEU, including infringements of EU competition rules and aid granted by States, as well as infringements relating to the internal market in relation to acts that infringe corporate tax rules or practices whose purpose is to obtain a tax advantage that distorts the object or purpose of the legislation applicable to corporate tax.

 

1.2 Actions or omissions that may constitute a serious or very serious criminal or administrative offence. In any case, all serious or very serious criminal or administrative offences that imply financial losses for the Treasury and for Social Security shall be deemed to be included.

 

1.3 Violations of labour law in matters of safety and health at work, without prejudice to the protection established in its specific regulations.

 

2.- Communications related to:

 

  1. Conduct (actions or omissions) classified in the Spanish Penal Code, which may constitute a criminal offence, and the crimes provided for in other special laws detailed in Annex I of the General Policy of the Internal Information System, which apply at any given time to the Organisation.

 

  1. Any breaches or conduct contrary to the principles, values ​​and standards of conduct established in the Code of Ethics and Conduct and/or Criminal Compliance Policy of the Organization, and in general in the Criminal Compliance Management System (SGCP) - policy of prevention, detection, management and reaction to criminal risks.

 

  1. Any breaches or conduct contrary to the Organization's policies, protocols, procedures, manuals, standards or internal controls in relation to criminal risks and/or breaches of the Code of Ethics and Conduct.

 

  1. And, in general, any situations or facts that require the attention of the Organization's Ethics and Compliance Committee.

 

  1. Communications about any type of harassment in accordance with the Protocol for the prevention, detection and action against harassment, sexual assault, and/or discriminatory acts (workplace, moral or psychological harassment, sexual harassment, harassment based on sex, sexual and/or gender identity, sexual assault, digital violence or cyberbullying, physical violence, and/or discriminatory acts) of the Organization.

 

  1. Likewise, the Internal Information System constitutes a way to raise concerns, doubts, queries or suggestions for improvement related to the Code of Ethics and Conduct, the Criminal Compliance Policy, and in general, the Criminal Compliance Management System, or with the Organization's own activities that may give rise to fear of non-compliance.

 

B.- Regardless of the possibility of receiving other complaints, claims and/or claims from other regulatory areas, only and exclusively those communications included in article 2 of the same will be covered under the protection measures established in Law 2/2023 ..

 

The internal management of the information that will be carried out through the Internal Information System and that is the subject of the Protocol for the prevention, detection and action against harassment, sexual assault, and/or discriminatory acts, will be processed in accordance with the provisions thereof, which in any case will have the guarantees provided for in Law 2/2023. Any other conduct that has a specific procedure established for this purpose will be governed by it. In everything not provided for in the Procedure, Law 2/2023 will govern.

 

The corresponding competent unit will be responsible for its resolution, which will inform the body responsible for the Information System, and will carry out the relevant communications.

Prohibition of retaliation

MILLER-INGRAM expressly prohibits acts constituting retaliation, including threats of retaliation and attempts at retaliation against persons who submit a communication in accordance with the General Policy of the Internal Information System and Defense of the Informant and the Procedure for Managing Information Received and Internal Investigations and in the applicable regulations.

The use of the Ethical Channel (Internal Information System) requires us to remember that the prohibition of retaliation provided for in the previous paragraph will not prevent and may result in criminal or civil liability and/or disciplinary measures that may be appropriate, in accordance with the terms contemplated in the current regulations and the disciplinary regime of the Organization when the internal investigation determines that the communication is false and that the person has made it with knowledge of its falsity or with reckless disregard for the truth, thereby waiving the requirements of confidentiality.

What are our internal communication channels?
How to send a communication? Steps to follow

A.- In writing, the communication, complaint or consultation must be made:

As the main channels for receiving information, the Organization makes available to whistleblowers, to facilitate their mandatory accessibility on the corporate website, access to a platform (via app or website) provided by a specialized technology company, which has adequate technical measures to guarantee the confidentiality and security of the information, as well as anonymity when this method of communication is chosen.

There are two options (via the Co-Resol app or via the website) that allow communication to be made either nominally and confidentially or anonymously, and in the first case the identity of the informant is reserved:

OPTION 1: Send a notification via mobile APP (co-resol):

 

               

  1. Download the co-resol app and accept notifications. It is free and available in the App Store and Google Play.
  2. Press the “Click” button and then enter the following code: MILLER
  3. Select the channel button.
  4. Please write your message as specifically as possible. You can attach both images and documentation.
  5. Please log in or choose anonymity. In either case, you must accept the Privacy Policy.
  6. Once you have completed these steps, you will receive a message acknowledging receipt of your click.
  7. Communication for click tracking will be done through a secure chat (you can access it from the chat button on the app's home screen) until it is closed.

OPTION 2: Send a notification through a web page

You can access it through this link: 

https://co-resol.bcnresol.com/webclick 

  1. Press the “Click” button and then enter the following code: MILLER
  2. Select the channel button.
  3. Please write your message as specifically as possible. You can attach both images and documentation.
  4. Please log in or choose anonymity. In either case, you must accept the Privacy Policy.
  5. In this case, you will receive a unique identification code and password that you must save to maintain communication, through a secure chat, about the status of your click.
  6. Every time you want to know if you have a new message in the chat or want to provide more information, to ensure confidentiality, you must enter this code and password on the home page, in the “Access a previous click” button.

Aspects on the use and management of the channel

  • Please note that the channel allows you to make communications for the first time and to access previous communications in order to follow up on them.
  • CO-RESOL (web) is a platform available 24 hours a day, 365 days a year.
  • The Channel (CO-RESOL) provides automatic acknowledgement of receipt and allows the incorporation of files of all types (including audios). It includes end-to-end encryption and encryption of personal data in databases.
  • It strictly complies with Law 2/2023 on the protection of informants and the regulations on the protection of personal data.

B.- In person, at the following address of MILLER-INGRAM, Vía Complutense 135 1ª 28802 – (Alcalá de Henares) – Madrid, at the request of the informant, within a maximum period of seven days, before any member of the Criminal Compliance Body. Verbal communications made through a face-to-face meeting will be documented in the manner provided for in the General Policy of the Internal Information and Defense System of the Informant and the Procedure for the Management of Information Received and Internal Investigations.

External information channel

Any natural person may report to the Independent Authority for the Protection of Informants, AAI, or to the corresponding autonomous authorities or bodies, the commission of any actions or omissions included in the scope of application of Law 2/2023, of February 20, regulating the protection of persons who report regulatory violations and the fight against corruption, either directly or by prior communication through the MILLER-INGRAM Internal Information System.