Whistleblowing Channel IMDEA Networks

Purpose of the Whistleblowing Channel

The purpose of this Whistleblowing Channel is to provide adequate protection against possible retaliation that individuals may suffer for reporting actions or omissions that could be considered:

• Serious and very serious criminal and administrative infractions within Spanish legislation, including those involving breaches of the Public Treasury or Social Security.
• Violations of actions contrary to European Union legislation that affect its financial interests or impact its internal market, in accordance with the acts described in the annex of Directive (EU) 2019/1937.
• Additionally, other incidents may be reported. If these are not within the scope of Law 2/2023 of February 20, which regulates the protection of individuals reporting regulatory breaches and combating corruption, their processing will be adjusted according to the relevant sectorial regulations.

The Whistleblowing Channel aims to strengthen the culture of reporting and promote a culture of prevention and detection of threats to public interest.

Who is the Channel Addressed To?

The Whistleblowing Channel is directed at employees, researchers, interns, trustees, contractors, and suppliers, as well as anyone who has had a relationship with the IMDEA Networks.

Protection measures will also apply to whistleblowers who report or disclose information about breaches obtained in the context of a completed employment or statutory relationship, volunteers, interns, and trainees, regardless of whether they receive remuneration. It also extends to individuals whose employment relationship has not yet begun, provided the information about breaches was obtained during the selection process or pre-contractual negotiations.

Management Procedure and Features of the Whistleblowing Channel

The internal information system of IMDEA Networks is managed by its governing body (the Delegate Committee of IMDEA Networks), which has appointed the "System Manager," a role taken on by the Senior Human Resources Manager of the Institute. The head of this department assumes the role of the internal information system manager, as established by Law 2/2023 of February 20, regulating the protection of individuals reporting regulatory breaches and combating corruption, and will perform the functions assigned by this law.

The Internal Information System and the Whistleblowing Channel have the following characteristics:

• Accessibility: Allows all individuals covered by this regulation to report information about breaches and crimes.
• Secure Design and Confidentiality: Ensures the confidentiality of the whistleblower’s identity and the actions taken, as well as data protection.
• Submission Options: Provides the possibility to submit reports in writing and/or verbally, including in-person meetings.
• Anonymous Reports: Allows for the submission of anonymous communications.
• Procedural Management with Rights Guarantees: IMDEA Networks ensures that whistleblowers can access the protection provided, guaranteeing their anonymity and preventing retaliation, including threats or attempts of retaliation. Any person who believes their rights have been violated as a result of their report or disclosure, after two years, may seek protection from the competent authority.

Exclusions from the Protection Regime

The protection provided under the regulations for protecting individuals reporting regulatory breaches and combating corruption does not apply to those who report or disclose:

• Information contained in reports that have been inadmissible by any internal information channel.
• Information related to claims about interpersonal conflicts or that only affect the whistleblower and the individuals referred to in the report or disclosure.
• Information that is already publicly available or constitutes mere rumors.
• Information referring to actions or omissions not covered by Law 2/2023 of February 20th, which regulates the protection of individuals reporting regulatory breaches and combating corruption, which will be adjusted to the applicable regulations.

Personal Data Protection Information

Responsible Entity

IMDEA Networks Institute (CIF: G84912708) Avda. Mediterráneo, 22; 28918 Leganés (Madrid), Spain

Data Protection Officer: dpo.networks@imdea.org

Purpose

To provide adequate protection against retaliation for reporting actions or omissions constituting breaches.

Legitimacy

GDPR: Article 6.1.c): Processing is necessary for compliance with a legal obligation applicable to the data controller.

Recipients

The identity of the whistleblower will always be kept confidential and will not be disclosed to the individuals referred to in the facts or to third parties, nor will it be transferred to the person involved in the facts.

If the facts constitute a crime, the identity of the whistleblower will only be communicated to the judicial authority, the Public Prosecutor, or the competent administrative authority within the framework of a criminal, disciplinary, or sanctioning investigation, in accordance with the law.

Rights

You may exercise the rights of access, rectification, deletion, and opposition.

Additional Information

For detailed information about data protection, consult the IMDEA Networks Treatment Activities Register.

External Information Channels Contact Details

SPAIN

National Anti-Fraud Coordination Service

National Anti-Fraud Coordination Service

Anti-Corruption and Organized Crime Prosecutor’s Office

Anti-Corruption Prosecutor's Office

EUROPE

European Anti-Fraud Office (OLAF) OLAF

European Court of Auditors (ECA) ECA

For more information about the Whistleblower Protection Law or Whistleblowing Law in Spain, click here.

Read relevant information before submitting your report to the channel here.