Clece / Política de Privacidad del Canal Ético

Privacy Policy of the Ethics Channel

 

Who is the Data Controller responsible for how your information is processed?

Identity: CLECE, S.A. (hereinafter, the “Company”)
Tax code: A80364243
Postal address: Calle de Quintanavides, 19 Bloque 4 – Planta 1 y 2 (28050 – Madrid)
Data Protection Officer: You can contact the Data Protection Officer at the following email address rgpd-clece@clece.es

For what purpose do we process your personal data?

The information that you provide will be processed to manage information relating to any serious and very serious criminal and administrative irregularities or breaches, or unethical acts, the lawfulness of the company’s corporate standards, and in order to take whatever actions may be necessary to investigate the facts reported, including any disciplinary or legal measures that may be appropriate.

Your data will be processed with the utmost confidentiality and will not be used for any purpose other than that indicated. In particular, if your information is identified, the confidentiality of the person who makes the facts known to the Company is guaranteed.

What is the legal basis for processing your personal data?

Your data will be processed in observance of the Company’s legal obligation pursuant to Law 2/2023, of 20 February, on the protection of persons who report regulatory breaches and anti-corruption measures.

The processing of your data is strictly necessary to manage the whistleblowing channel and to comply with the legal obligations set out above.

How long will we keep your data for?

All processed data will be held in the information system for the length of time needed to decide whether or not to initiate an investigation into the facts reported, and to ensure that the system operates correctly.

However, in all cases your data will be processed pursuant to the provisions of Law 2/2023, of 20 February, on the protection of persons who report regulatory breaches and anti-corruption measures.

Who will your data be shared with?

Your data with be processed by our provider, Navex Global, as managers of the channel.

Navex Global may process your personal data in other ways as the data controller and in accordance with its own privacy policy. The Company assumes no liability with regard to the processing of your personal data that this provider may carry out for its own purposes.

Additionally, the data may be shared with other recipients when necessary as part of the investigation of specific facts, such as private investigators / detectives and external assessors, as well as lawyers and court representatives to process sanctioning or criminal procedures, as appropriate.

Your data may also be shared with the Public Prosecutor’s Office, law enforcement officials, and judicial and/or administrative authorities when pertinent and/or necessary.

What rights do you have?

You may ask the Company for confirmation that your personal data is being processed within the framework of managing the whistleblower channel, and if so, to access and request a copy of said data. You may also request for any inaccurate data to be rectified or, as appropriate, request for it to be removed when the information is no longer necessary for the purpose for which it was obtained.

Please bear in mind that in all circumstances this will exclude the right to access the identity of any whistleblowers or any other parties concerned. Exercising the right to access may also be limited if it could endanger or, either directly or indirectly, have an impact on the course of an investigation.

In the event that the person referred to in the facts reported or referred to in the public disclosure were to exercise the right to opposition, it will be assumed that, in the absence of proof to the contrary, there are prevailing lawful grounds to legitimize the processing of the individual’s personal data.

To exercise said rights, the individual must write or send an email to the contact addresses provided in the first section of this policy.

You are also informed of your right to lodge a complaint with the Spanish Data Protection Agency.