Internal Information Channel

Compañía Internacional de Pesca y Derivados, S.A. has implemented an internal information system in compliance with the provisions of Law 2/2023, dated February 20, to protect persons providing information regarding breaches and anti-corruption matters.

This system allows individuals to report actions or omissions mentioned in Article 2, specifically, serious or very serious breaches related to EU law or administrative offenses.

You can consult information about the system, the rights of whistleblowers, the responsible party for the system, and the personal data protection policy by following the link. Furthermore, you can also consult the internal procedure at the link.

For reporting information, the system provides an internal channel for communication via email at: canal-informacion@inpesca.com.

The law establishes the creation of an external channel and the appointment of an Independent Authority for Data Protection. All individuals can report to this authority, or other regional and national bodies, any actions or omissions that fall under the scope of the law, either directly or through the internal channel before doing so.

Information for accessing this external channel will be made available on this website as soon as it is ready.

1. INTERNAL INFORMATION SYSTEM

The internal information system is the preferred means for reporting actions or omissions related to breaches and corruption, in compliance with Law 2/2023 of February 20.

Article 2 covers the material scope and protection for whistleblowers reporting breaches of EU law or serious administrative offenses.

2. RESPONSIBLE PARTY FOR THE SYSTEM

The individual responsible for managing the internal information system has been appointed and will carry out their duties autonomously and independently.

The person in charge of the internal information system at the company is Mr. Aitor Lekue Aldape.

3. WHISTLEBLOWER RIGHTS

Whistleblowers have the right to choose their reporting method, either via the internal or external channel.

In the case of the internal channel, they may choose to report information via email.

Their personal data will be protected and handled with full confidentiality throughout the process. The whistleblower has the right to refuse further notifications and can choose to remain anonymous.

If the whistleblower does not opt for anonymity or refuse further notifications, they will have the right to follow up on the status of their report within the established deadlines.

The law guarantees whistleblower protection, even in the absence of concrete evidence, as long as the report pertains to breaches within the law's scope.

The law clearly prohibits reprisals, including threats or attempts to retaliate against whistleblowers.

If reprisals are taken against whistleblowers or persons protected under Article 3, these actions are considered serious violations as outlined in Article 63 of the law.

4. DATA PROTECTION POLICY

The processing of personal data will comply with the European Union's Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and the Spanish Organic Law 3/2018 (on Personal Data Protection and Digital Rights), as well as the provisions of Title VI of Law 2/2023.

The internal system administrator is responsible for managing the collected data.

5. PROCEDURE

A procedure has been established for managing and processing received information, which can be consulted on the company’s website.

6. PARTIES AFFECTED

According to the law, individuals involved in the investigation have the right to presumption of innocence, right to defense, and right to access the process unless restricted by law.

7. FALSE REPORTING

As specified in Article 63 of the law, knowingly submitting false information is considered a serious offense.

In accordance with Law 2/2023 of February 20, Compañía Internacional de Pesca y Derivados, S.A. has implemented an internal information system. A person has been appointed as the responsible party (RSI) and operates independently and autonomously in fulfilling this role.

Below is the process for managing received communications through the internal channel:

1. ACCESS TO INTERNAL CHANNEL

The internal channel for submitting information has been established, with an option for submission via email.

Details about the channel's operation and the option to access the external channel will be available on the company website.

The internal channel operates with these principles:

• Confidentiality of the whistleblower’s identity is ensured throughout the process.
• Communication with the whistleblower to track the status and request further details if needed.
• The option to submit reports anonymously.
• Right for affected parties to be informed of the process and provide a defense.
• Respecting the principles of presumption of innocence and data protection.

2. RECEIVING A REPORT

The RSI must acknowledge the receipt of a report within 7 days of receiving it.

3. INITIAL ASSESSMENT

The RSI will assess whether the report falls within the scope of breaches outlined in Article 2, specifically serious or very serious breaches.

• EU law violations.
• Serious or very serious administrative offenses.

Based on this assessment, the RSI will decide whether to proceed with the report or dismiss it.

4. ADDITIONAL INFORMATION

If necessary, additional information may be requested from the whistleblower during the investigation.

The whistleblower will be informed of the decision and be asked to provide further details if necessary.

5. FINAL PROCEDURE

Once a decision is made, the RSI will take the following actions:

• Archiving the report.
• Sending it to the relevant authorities if it involves a criminal matter.
• Sending the information to the appropriate regulatory body if the breach involves serious offenses.

If the reported incident occurred outside the company’s scope, the report will be forwarded to the relevant external system.

The RSI will follow up on the report within 3 months from the date of submission or the deadline for actions under investigation.

6. VERIFICATION AND INTERNAL CONTROL

The RSI ensures confidentiality and data protection throughout the process.

Only essential data will be collected and processed.

An internal log will be maintained, which is confidential and will only be accessible under legal conditions.

The collected data will be retained only for the time necessary to fulfill the obligations established by law.

7. BREACHES

The Independent Data Protection Authority will have jurisdiction to investigate breaches, as outlined in Title IX of the law, including reprisals or breaches of confidentiality.

Additionally, knowingly providing false information is considered a serious offense under the law.