Rockmark – Internal Communication System for Irregular Practices

1.1. Introduction

The Management Entity promotes an organizational culture of transparency, based on the highest ethical standards of conduct, and for this purpose has created an internal reporting channel (“Internal Whistleblowing Channel”) which, ensuring anonymity and confidentiality of communication, allows all employees, members of corporate bodies, and service providers to report Irregularities and Violations of which they become aware.

Through this Policy, the Management Entity seeks to reinforce the role that its employees and stakeholders play in ensuring the integrity and legality of all its procedures, by implementing an Internal Whistleblowing Channel, which shall be governed by the fundamental principles of confidentiality and zero tolerance for any act of retaliation, as well as by all provisions set out herein, which are deemed essential guarantees for the protection of Whistleblowers.

This Policy aims to define the rules and internal procedures for receiving, processing, and handling reports of Violations and Irregularities made within the Management Entity, and has been prepared in accordance with the General Regime for the Protection of Whistleblowers of Violations (Law No. 93/2021 of 20 December), which transposes Directive (EU) 2019/1937 of the European Union into Portuguese law.

1.2. Objective Scope of Application

For the purposes of this Policy, the following definitions apply:

(i) Violations: all acts or omissions contrary to the rules contained in the acts of the European Union referred to in the annex to Directive (EU) 2019/1937 of the European Parliament and of the Council, the national rules that implement, transpose, or give effect to such acts, or any other provisions contained in legislative acts implementing or transposing them, including those providing for criminal or administrative offences, relating to the fields identified in Annex II to this Policy (“Violations”);

(ii) Irregularities: all situations which, although not falling within the definition of Violations, correspond to the practice or attempted practice of possible breaches of the law, statutory, ethical, or professional conduct rules, including those contained in the Compilation, or internal regulations or instructions of the Management Entity, and including practices of Harassment (“Irregularities”).

1.3. Subjective Scope of Application

This Policy aims to provide an appropriate, secure channel available to all Whistleblowers who, in their interaction and relationship with the Management Entity, intend to disclose information obtained in the context of their professional activity, acting in good faith and with serious reasons to believe that the information is true at the time of reporting.

Accordingly, Whistleblowers must comply with the Protection Conditions and refrain from making reports in bad faith or regarding facts or information they know to be untrue.

1.4. Principles

The Management Entity conducts its Internal Reporting Policy in accordance with the following principles, aligned with applicable legislation and market best practices:

Processing of Personal Data: The purpose of processing information communicated under this Policy is the receipt and follow-up of reports made through the Internal Whistleblowing Channel. Personal data that is manifestly irrelevant to the handling of the report shall not be retained and will be immediately erased.

Data subjects are guaranteed the right to information, as legally provided, particularly regarding the entity responsible for receiving and processing the report, the reported facts, and the purpose of processing the information received, as well as the right to access and rectify their personal data. Under the data protection and information security rules (General Data Protection Regulation No. 2016/679 and Law No. 58/2019), appropriate security measures are established to protect the information and data contained in Internal Reports and corresponding records;

Confidentiality of the Whistleblower’s and Reported Persons’ Identity: The identity of the Whistleblower and of the Reported Persons, as well as information that may allow their identification, is confidential and restricted to those responsible for receiving and/or following up on the reports.

The confidentiality obligation applies to all persons who have received information about the reports or who come into contact with them in any way. The identity of the Whistleblower and the Reported Persons may only be disclosed as a result of a legal obligation or court decision, preceded by written notification to the Whistleblower and/or Reported Persons indicating the reasons for disclosure, unless providing such information would compromise investigations or related legal proceedings;

Retention: Reports made under this Policy are recorded and retained for a period of 5 years and, regardless of that period, during the pendency of judicial or administrative proceedings relating to the report submitted;
Precedence of Internal Reporting: Considering the existence of the Internal Whistleblowing Channel regulated by this Policy, as a rule, the Whistleblower must not resort to External Reporting channels beforehand, but must give precedence to Internal Reporting in order to benefit from the protection granted by this Policy and applicable legislation;
Prohibition of Public Disclosure: As a rule, the Whistleblower must not publicly disclose a Violation or Irregularity, nor communicate it to the media or a journalist, as they will not benefit from the protection granted by this Policy in such circumstances, except in cases legally provided for;
Prohibition of Retaliation for Reporting Violations: In cases of reporting Violations, the Whistleblower, the Whistleblower’s Aide, and any legal persons or equivalent entities owned or controlled by the Whistleblower, for which the Whistleblower works or with which they are professionally connected, must not be subjected to acts of retaliation.

The following acts, when carried out within two years of a report or public disclosure, are presumed to be motivated by such report, unless proven otherwise:

(i) Dismissal;

(ii) Changes to working conditions, such as duties, working hours, workplace, or remuneration, failure to promote the employee, or breach of employment obligations;

(iii) Suspension of the employment contract;

(iv) Negative performance evaluation or negative reference for employment purposes;

(v) Failure to convert a fixed-term employment contract into a permanent contract where the employee had legitimate expectations of such conversion;

(vi) Non-renewal of a fixed-term employment contract;

(vii) Inclusion on a list, based on a sectoral agreement, that may lead to the impossibility of the Whistleblower obtaining employment in the relevant sector or industry in the future;

(viii) Termination of a supply or service contract.

Additionally, any disciplinary sanction applied to the Whistleblower and the Whistleblower’s Aide within two years of the submission of an Internal Report is presumed to be abusive.

Prohibition of Retaliation for Reporting Irregularities Related to Harassment: In cases of reporting Irregularities, the Whistleblower and any witnesses identified by them may not be subject to disciplinary sanctions, unless acting with intent.
Whistleblower Liability: The Whistleblower cannot be held disciplinary, civilly, administratively, or criminally liable for reporting or publicly disclosing a Violation in accordance with this Policy. The Whistleblower cannot be held liable for obtaining or accessing the information that motivated the report or public disclosure, except where such obtaining or access constitutes a crime.

1.5. Procedure Applicable to Internal Reports

The submission of Internal Reports through the channel implemented under this Policy follows the following process and procedure:

Within 7 days of receiving a report through the Internal Whistleblowing Channel, the Responsible Officer for the Internal Whistleblowing Channel shall notify the Whistleblower of its receipt, providing information on the requirements, competent authorities, form, and admissibility of External Reporting;
Within a maximum of 2 months of receiving a report, a written document must be produced containing the analysis carried out on the report, a description of the internal actions taken, and the conclusions reached, including, if deemed appropriate, the initiation of an internal investigation or communication to the competent authority for investigation of the Violation;
Within a maximum of 3 months of receiving a report, the Responsible Officer for the Internal Whistleblowing Channel shall inform the Whistleblower of the follow-up given to the report and of the actions and measures implemented to address the facts and information reported;
The Whistleblower may request to be informed of the result of the analysis of the report within 15 days after its conclusion;
If an internal investigation is initiated, once all investigative procedures have been completed, a report must be prepared detailing the reported case, the steps taken during the investigation, as well as the measures adopted to mitigate the identified risk and prevent recurrence of the reported Violations;
The Responsible Officer for the Internal Whistleblowing Channel may be assisted by internal or external persons designated by them, who will be subject to the applicable confidentiality duty.

1.6. Final Provisions

This Policy shall enter into force on the date of its approval by the Board of Directors, and any amendment to this Policy must likewise be approved by the Board of Directors.

This Policy shall be made available to the Management Entity’s employees and stakeholders, via the intranet and on the respective website.

The legislation in force, namely the General Regime for the Protection of Whistleblowers (Law No. 93/2021 of December 20), shall fill any gaps concerning its interpretation or provisions.

(For more information, please refer to the Portuguese version of this document.)