Compliance Channel



The Compliance Channel is a secure and confidential tool available to anyone involved in RNB’s business. It is designed to resolve issues related to ethics, transparency and regulatory non-compliance with a view to ensuring compliance with the company’s code of ethics and internal policies.

You can read RNB’s code of ethics, request our company policy or submit a report if you deem it necessary.

Compliance channel Check status Code of ethics Policy request

Compliance Channel and Policy

1. INTRODUCTION AND PURPOSE

In accordance with the provisions of Law 2/2023, of 20 February, regulating the protection of persons who report regulatory breaches and the fight against corruption (“Law 2/2023”), RNB S.L. (hereinafter “RNB”, the “Organisation” or the “Company”) has implemented an Internal Information System (the “System” or “Compliance Channel”) that serves as a cornerstone of the Organisation’s compliance culture and is designed to strengthen both its information culture and the integrity framework established within the Company.

Through the Internal Information System, any person connected to the Organisation’s activities may report conduct that could be contrary to current legislation, where such conduct constitutes a serious or very serious administrative offence, is suspected of being a criminal offence, relates to breaches of labour law concerning health and safety at work, or may constitute violations of European Union law affecting its financial interests or the internal market, provided that such conduct was carried out by members of the Organisation.

RNB has outsourced the management of the System via a technological platform, thereby ensuring that all data is stored on an external server, outside the Organisation.

Information may be reported through the System either in writing or orally by means of a voice recording system. Reports may also be made verbally through a face-to-face meeting, at the request of the interested party. This meeting must take place within seven (7) days.

RNB has incorporated all pre-existing reporting channels into this System. Please note that the Organisation has designated its Compliance Committee (the “CC”) as the Controller of the Internal Information System (the “Controller”).

The steps for processing information received are defined in the operating procedure for reports received via the Compliance Channel (the “Procedure”). The basic principles and safeguards that govern the receipt, handling and investigation of reports are outlined below.

2. COMPLIANCE CHANNEL GUARANTEES

  • Confidentiality: All information shall be handled with the utmost confidentiality and in full compliance with the data protection regulations. Individuals responsible for managing the System and conducting investigations shall maintain strict confidentiality regarding the identity of both whistleblowers and any individuals affected, should they become aware of this information.
  • Anonymity: Reports may be submitted anonymously, at the whistleblower’s discretion. Accordingly, when submitting a report, it is not necessary to provide identifying details such as the whistleblower’s name, department or any information that could reveal their identity.
  • Independence and autonomy: The Controller of the Internal Information System, appointed by the Organisation’s Governing Body, acts autonomously and independently in managing the System.
  • Conflicts of interest: The System includes safeguards to prevent conflicts of interest during the management and investigation of reports.
  • Protection against retaliation: RNB guarantees protection against retaliation for any whistleblower who, in good faith, reports a breach of the current legislation.
  • Rights of defence and presumption of innocence: RNB guarantees the right to defence and the presumption of innocence for any individuals who may be affected.
  • Timely handling: Reports shall be processed without undue delay, thus avoiding unjustified delays in the management of the System and in the investigation of reports.

3. BASIC PRINCIPLES OF THE INVESTIGATION PROCEDURE

  • An acknowledgement of receipt shall be sent to the whistleblower within seven (7) calendar days of receiving the report. This requirement may be waived if such communication could compromise the confidentiality of the report.
  • The investigation must be completed within three (3) months from the date of receipt of the report. In cases of particular complexity, this period may be extended by a further three (3) months.
  • Ongoing communication with the whistleblower is permitted, and additional information may be requested if deemed useful to the investigation.
  • The individual concerned has the right to be informed of the actions or omissions attributed to them and to present their version of events. This communication shall take place at a time and in the manner deemed appropriate by the Controller of the Internal Information System to ensure that the investigation is conducted successfully.
  • Upon conclusion of the investigation, the Controller of the System shall prepare a report and forward it to the relevant body, depending on the nature of the matter, for appropriate action.
  • If the facts may constitute evidence of a criminal offence, the matter shall be referred to the Public Prosecutor’s Office.

4. EXTERNAL REPORTING CHANNELS

Whistleblowers are hereby informed that the so-called Independent Whistleblower Protection Authority, under the Ministry of Justice, has been established as an external reporting channel. It is responsible for receiving and processing reports received via the external channel regulated in Title III of Law 2/2023, of 20 February, concerning breaches or violations set out in said law that have an impact or produce effects throughout Spanish territory, regardless of whether the Autonomous Communities have designated their own independent authorities. It is also responsible for handling reports of breaches or violations that occur across more than one Autonomous Community or in those Autonomous Communities that have not designated their own independent authority.

5. DATA PROTECTION

The information and personal data provided by whistleblowers via this System shall be processed by the Organisation for the purpose of managing, investigating and processing the report, and, where appropriate, resolving any potential legal or regulatory non-compliance. Processing of this data shall be based on compliance with the legal obligations set out in applicable regulations, the public interest and the Organisation’s legitimate interest. The whistleblower’s data shall not be disclosed to third parties unless it is necessary to resolve the matter reported.

Whistleblowers may exercise their rights of access, rectification, erasure, objection, restriction of processing and data portability, and the right not to be subject to automated individual decisions, by contacting RNB and providing a copy of their ID to prove their identity.

Whistleblowers may also lodge a complaint with the Spanish Data Protection Agency (AEPD) or with RNB’s Data Protection Officer (lopd@rnbcosmeticos.com).

6. UPDATING AND REVIEW OF THE POLICY

This Policy shall be reviewed and updated as necessary, at the suggestion of the Controller of the System, to ensure alignment with any legislative or case law developments or changes to RNB’s business model, thereby guaranteeing its effective implementation at all times.

Submit your report


Terms of Service Agreement: The personal data collected in this form will be processed by RNB in accordance with current data protection regulations, with the sole purpose of investigating, processing, and, where appropriate, resolving the reported potential breach of the Code of Ethics. Your data will not be disclosed to third parties. You may exercise your rights of access, rectification, erasure, 1 opposition, and restriction of processing before the data controller. Before completing the form, you should read the additional information on data protection.

Check the status of your report