Art. 31.bis of the Criminal Code addresses the criminal liability of legal persons; it not only determines the persons who are criminally liable, but also, in its paragraph 5, sets out the requirements that crime prevention management models to be implemented in organisations must meet. One of those requirements is the existence of a means of reporting possible breaches:

«They shall impose the obligation to report possible risks and breaches to the body responsible for monitoring the functioning and observance of the prevention model.»

Furthermore, in accordance with the provisions of Law 2/2023 of 20 February, regulating the protection of persons who report regulatory breaches and combating corruption, specifically in its Article 10 (private sector) and Article 13 (public sector), organisations are required to establish internal whistleblowing channels.

ALERCE informs:

WHISTLEBLOWING CHANNEL.

This whistleblowing channel ensures compliance with the provisions established by the doctrine derived from the Prosecutor's Office Circular 1/2016 of 22 January and by the provisions of Law 2/2023 referred to above.

Likewise, the established external whistleblowing channel is managed by a qualified trust service provider that complies with the specifications set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, and Law 6/2020 of 11 November, regulating certain aspects of electronic trust services.

The objective of using a qualified trust service provider is to guarantee the presumption of veracity and authenticity of the evidence, placing the burden of proof on the party who challenges the document, in accordance with the provisions of Article 326 of Law 1/2000 of 7 January on Civil Procedure.

In any case, the qualified trust service provider will comply with the instructions established by ALERCE and always in accordance with current data protection legislation, guaranteeing compliance with the obligations set out in Article 28 of the GDPR.

ANONYMOUS REPORTS AND PERSONAL DATA.

Reports will generally be anonymous and will be replied to through the same channel by which they were received. Anonymity will only be lifted with the express consent of the reporting person or when it constitutes a necessary and proportionate obligation imposed by Union or national law in the context of an investigation carried out by national authorities or within the framework of judicial proceedings, in particular to safeguard the right of defence of the person concerned.

Throughout the process, compliance with current data protection legislation will therefore be guaranteed. (LOPD and GDPR)

USE OF THE ETHICS CHANNEL.

The ethics channel should be used in situations where there is knowledge of conduct or a fact that may constitute some form of criminal activity, a breach of the company's internal regulations, or any other illegal activity contrary to ALERCE's interests; that is, actions or omissions that may constitute a serious or very serious criminal or administrative offence and, in any case, all serious or very serious criminal or administrative offences involving financial loss to the Public Treasury and Social Security.

The ethics channel is not the appropriate channel for matters related to your employment conditions. In such cases you should follow the policies established within the organisation. More specifically, by way of example and without constituting an exhaustive list, it will not be the appropriate channel for:

• Claims relating to salary, overtime claims or any employment matter that does not constitute a breach of employment law regarding occupational health and safety, without prejudice to the provisions of its specific regulations.
• Information about irregularities that are no more than rumours or that relate to events that lack plausibility.
• Complaints or claims relating to the condition of equipment provided by the company for carrying out work and/or the condition of the facilities, provided they do not pose a risk to occupational health and safety.

If any of these matters or any other matter falling outside the objective scope of Law 2/2023 is received, it will be immediately filed following assessment of the information provided by the body responsible for ALERCE's system.

When submitting a report, you will notice that you are directed to an online tool external to the ALERCE domain; the message will be transmitted to the qualified trust service provider's tool in order to guarantee the anonymity and protection of the reporting person's data.

Therefore, this tool may be used by any ALERCE employee or by any other third party who may have knowledge of conduct contrary to ethics, fraudulent or unlawful conduct committed within our Organisation.

Ethics Channel Form

EXTERNAL COMMUNICATION CHANNELS

Communications may also be made externally through external information channels to the competent authorities in the matter and, where applicable, to the institutions, bodies or agencies of the European Union.

These channels may include:

• Independent Authority for the Protection of the Whistleblower (A.A.I.).
• The corresponding regional authorities or bodies.
• Public Prosecutor's Office.
• European Public Prosecutor's Office, where the facts affect the financial interests of the European Union.
• State Security Forces and Corps (FFCCSE).
• Competent Anti-Fraud Agency.
• Other competent bodies.

The data controller is ALERCE INFORMATICA APLICADA S.A, which, in compliance with a legal obligation provided for in Law 2/2023 of 21 February, regulating the protection of persons who report regulatory breaches and combating corruption, will process the information for the purpose of managing the reports received through the channel, guaranteeing the confidentiality of the whistleblower's data, keeping them anonymous without disclosing them to third parties unless their identification constitutes a necessary and proportionate obligation imposed by EU or national law in the context of an investigation carried out by national authorities or within the framework of judicial proceedings, in which case it must be communicated to the competent authorities in the matter.

Your data will be kept for a maximum period of 3 months from the date the data is entered into the channel, after which it will be deleted from the channel, but may remain blocked where necessary to demonstrate the functioning of the crime prevention model or where it may be required by the competent authority for the initiation of the corresponding investigation into the facts.

For more information about the processing of your data or how to exercise your rights, you may refer to our Privacy Policy.