Reporting violations

The Company has an adopted Procedure for reporting Information on Breach and taking Follow-up Actions at Medicalgorithmics S.A. with its registered office in Warsaw (the “Procedure”).

The Procedure considers (among other things):

1. the provisions of the Act of 29 July 2005 on Public Offering, Conditions Governing the Introduction of Financial Instruments to Organised Trading, and Public Companies (“Act on Offering”)

– regarding the Company’s obligation as an issuer within the meaning of the Offering Act to have, implement, maintain and update a procedure for employees to report anonymously to a designated member of the Management Board, and in specific cases to the Supervisory Board, breaches of the law, in particular the provisions of the Offering Act and Regulation (EU) 2017/1129[1] of the European Parliament and of the Council, as well as ethical procedures and standards,

     2. the provisions of the Act of 24 June 2024 on the protection of whistleblowers (“Whistleblower Protection Act”) implementing into the Polish legal order the Directive of the European Parliament and of the Council (EU) 2019/1937 of 23 October 2019 on the protection of whistleblowers.

– The procedure constitutes the internal procedure established by the Company, as a legal entity within the meaning of the Whistleblower Protection Act, for making whistleblowing reports and taking follow-up action, in accordance with the requirements set out in the aforementioned Act.

Pursuant to Article 3(1) of the Whistleblower Protection Act, a breach of the law is an unlawful act or omission that is unlawful or intended to circumvent the law, relating to, inter alia: corruption; public procurement; financial services, products and markets; anti-money laundering and counteracting the financing of terrorism; product safety and compliance; public health; protection of privacy and personal data; security of networks and information and communication systems; the financial interests of the State Treasury of the Republic of Poland, a local government unit and the European Union; as well as the internal market of the European Union, including public law competition and state aid rules and corporate taxation.

The Company shall ensure that the processing of personal data related to the receipt of reports prevents unauthorised persons from gaining access to the information covered by the report and shall ensure that the confidentiality of the identity of the whistleblower, the reported person and the third party indicated in the report is protected.

The Company encourages immediate reporting of breaches, guaranteeing the confidentiality of the report and the data contained therein as well as the anonymity of the whistleblower, also assuming that the report proves to be erroneous or unfounded. When making a notification, the whistleblower should have reasonable grounds to believe that the information about the reported infringement is true at the moment of making the notification and that it constitutes information about the breach.

A whistleblowing report can be made in Polish or English either anonymously or with personal data that allow the whistleblower to be identified and contacted, including name and contact address (mailing address or e-mail address).

Reports are accepted through the following channels:

• electronically to the e-mail address: whistleblower@medicalgorithmics.com, and in the case of reports concerning: the Management Board as a body acting collectively or individual Board Members, individual Supervisory Board Members – to the Supervisory Board at the e-mail address: whistleblowerRN@medicalgorithmics.com,
• in writing in a closed double envelope – with the necessary annotation on the inner envelope “NOTIFICATION OF THE SIGNALIST”, placed in the outer envelope addressed to the Company’s address: Medicalgorithmics S.A., Al. Jerozolimskie 81, 02-001 Warsaw – delivered to the Company’s address,
• in oral form by notification made in person at a meeting organised at the whistleblower’s request.

External reporting

The Company further informs that a whistleblower may, in accordance with the Whistleblower Protection Act, make an external report concerning information on a breach of the law without first making an internal report as defined in the Company’s adopted Procedure.

External reports are accepted by the Commissioner for Human Rights or the public authority competent to follow up on the subject of the external report. Where appropriate, an external report shall be submitted to the institutions, bodies, offices or agencies of the European Union.

The Commissioner for Human Rights and the public authority for the acceptance of external notifications shall act on the basis of the applicable laws and on the basis of the procedures they have established for the acceptance of external notifications and shall ensure public access to information on the rights and remedies of whistleblowers – in particular by posting such information on their website in the Public Information Bulletin[2].

[1] Regulation (EU) 2017/1129 of the European Parliament and of the Council on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market and repealing Directive 2003/71/EC of 14 June 2017.

[2] Public Information Bulletin of the Commissioner for Human Rights: https://bip.brpo.gov.pl/pl/content/sygnalisci-zgloszenia-zewnetrzne-kanaly