Art. 31.bis. of the Penal Code talks about the responsibility of the legal person, in it, not only the criminally responsible persons are determined, but in its point 5, the requirements that must be met by the crime prevention management models to be implemented in the organizations. One of those requirements is the existence of a means to report possible breaches:
"They will impose the obligation to report possible risks and breaches to the body in charge of monitoring the operation and observance of the prevention model."
On the other hand, and in accordance with the provisions of Law 2/2023, of February 20, regulating the protection of people who report on regulatory violations and the fight against corruption, specifically in its article 10 (private sector) and its article 13 (public sector), the obligation to establish internal complaint channels is imposed.
This complaints channel guarantees compliance with the provisions of the doctrine derived from the Circular of the Prosecutor's Office 1/2016, of January 22, and with the provisions of the aforementioned Law 2/2023.
Likewise, the established external whistleblower channel is managed by a qualified trust service provider that complies with the specifications set forth in Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014 on electronic identification and trust services for electronic transactions in the internal market and Law 6/2020, of November 11, regulating certain aspects of trustworthy electronic services.
The purpose of using a qualified trust service provider is to guarantee the presumption of veracity and authenticity of the evidence, establishing the burden of proof on the person who challenges the document, in accordance with the provisions of Article 326 of Law 1/2000. , of January 7, of civil proceedings.
In any case, the qualified trust service provider will comply with the instructions established by GRUPO LACASA and always in accordance with current legislation on data protection, guaranteeing compliance with the obligations set forth in Article 28 of the GDPR.
Anonymous complaints and personal data.
Complaints will be anonymous in general and will be answered through the same channel through which they were received. Anonymity will be lifted only with the express consent of the informant or when it constitutes a necessary and proportionate obligation imposed by Union or national Law in the context of an investigation carried out by national authorities or in the framework of a judicial process, in particular to safeguard the right of defense of the affected person.
During the process, therefore, compliance with current data protection legislation will be guaranteed. (LOPD and GDPR)
Use of the complaints channel
When you go to make a complaint, you will notice that it is directed to an online tool outside the domain of GRUPO LACASA, the message will be transmitted to the tool of the qualified trusted provider and thus be able to guarantee the anonymity and protection of the complainant's data.
Therefore, this tool may be used by any employee of GRUPO LACASA or any other third party who may have knowledge of unethical, fraudulent or illegal conduct committed within our Organization.
This complaints channel is not the ideal channel for issues related to their employment conditions or disciplinary matters. In this case, you must follow the policies established in your organization.