Art. 31.bis. of the Criminal Code talks about the responsibility of the legal person, in it, not only the criminally responsible persons are determined, but in its point 5, it establishes the requirements to be fulfilled by the crime prevention management models to be implemented in the organizations. One of these requirements is the existence of a means of reporting possible non-compliance:
"They shall impose the obligation to report possible risks and non-compliances to the body in charge of monitoring the operation and observance of the prevention model."
On the other hand, and in compliance with the provisions of Law 2/2023, of February 20, regulating the protection of persons who report regulatory infringements and the fight against corruption, specifically in its Article 10 (private sector) and Article 13 (public sector), the obligation to establish internal reporting channels is imposed.
CENTRO EUROPEO DE EMPRESAS E INNOVACIÓN DE ARAGÓN, S.A., informs:
This whistleblowing channel ensures compliance with the provisions of the doctrine derived from the Circular of the Prosecutor's Office 1/2016, of January 22, 2016 and the provisions of the aforementioned Law 2/2023.
Likewise, the external complaints channel established is managed by a qualified trust service provider that complies with the specifications provided for in Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and Law 6/2020, of 11 November, regulating certain aspects of electronic trust services.
The purpose of using a qualified trust service provider is to guarantee the presumption of veracity and authenticity of the proof, establishing the burden of proof on the one who contests the document, in accordance with the provisions of Art. 326 of Law 1/2000, of January 7, of civil procedure.
In any case, the qualified trust service provider shall comply with the instructions established by CENTRO EUROPEO DE EMPRESAS E INNOVACIÓN DE ARAGÓN, S.A. and always in accordance with current legislation on data protection, ensuring compliance with the obligations under Art. 28 of the RGPD.
ANONYMOUS COMPLAINTS AND PERSONAL DATA
Reports shall be anonymous as a general rule and shall be answered through the same channel through which they were received. Anonymity shall be lifted only with the express consent of the reporter or where it constitutes a necessary and proportionate obligation imposed by Union or national law in the context of an investigation carried out by national authorities or in the framework of judicial proceedings, in particular to safeguard the rights of defense of the person concerned.
During the process, compliance with the data protection legislation in force shall therefore be ensured (LOPD and RGPD).
USE OF THE COMPLAINTS CHANNEL
When you go to establish a complaint, you will note that it is directed to an online tool external to the domain CEEIARAGON the message will be transmitted to the tool of the qualified provider of confidence and thus be able to ensure anonymity and data protection of the complainant.
Therefore, this tool may be used by any employee of CENTRO EUROPEO DE EMPRESAS E INNOVACIÓN DE ARAGÓN, S.A. or any other third party who may have knowledge of unethical, fraudulent or illegal conduct committed within our organization.
This whistle-blowing channel is not the appropriate channel for issues related to your employment conditions or disciplinary matters. In that case, you should follow your organization's established policies.
The party responsible for data processing is CENTRO EUROPEO DE EMPRESAS E INNOVACIÓN DE ARAGÓN, S.A. which, in compliance with a legal obligation under Law 2/2023, of February 21, regulating the protection of persons who report regulatory violations and anti-corruption, will process the information in order to manage the complaints received through the channel, guaranteeing the confidentiality of the whistleblower's data by keeping them anonymous without communicating them to third parties unless their identification constitutes a necessary and proportionate obligation imposed by EU or national law in the context of an investigation carried out by national authorities or in the framework of a judicial process, in which case it must be communicated to the authorities competent in the matter.
Your data will be retained for a maximum period of 3 months from the introduction of the data in the channel, after which it will be deleted from the channel, but may remain blocked when it is necessary to demonstrate the functioning of the crime prevention model or may be required by the competent authority for the initiation of the corresponding investigation of the facts.