Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (hereinafter, the “LOPD”) and other applicable regulations on the protection of personal data GRUPO FERRER INTERNACIONAL, SA (hereinafter, “FERRER” or “the Company”) will process data as the person responsible for the treatment related to the Complaints Channel implemented by FERRER in accordance with article 31 bis of the Penal Code, which could include sensitive data in accordance with the regulations. FERRER's identification data is:
Owner: GRUPO FERRER INTERNACIONAL, S.A.
Registered Office: Av. Diagonal nº 549, 5ª planta, 08029, Barcelona, España
VAT Number: A-61738993
Contact email of the Data Protection Officer firstname.lastname@example.org
1. Personal data processed by FERRER:
We may collect personal data through the FERRER internal reporting information system provided by the employee, even anonymously, (hereinafter "Personal Data") that may encompass a plurality of personal data referring to acts or conduct that could be contrary to the applicable general or sectoral regulations.
The Data may refer to you as a whistleblower or as the subject to which you are reporting. The Data is processed to determine if there is a violation of any of the applicable regulations and / or the FERRER Internal Complaints Manual and, in the event of a violation, to take all necessary decisions and measures, by the FERRER Ethics Committee, including the preparation and sending of reports to the corresponding Department or to People so that they may adopt the appropriate disciplinary measures for the defense of FERRER.
2. Purposes of treatment, legal basis and conservation period
We will process Personal Data for the management of reports on regulatory violations or the provisions of the FERRER Internal Complaints Manual and in accordance with the Penal Code.
In this sense, the legal basis for the above treatment will be the fulfillment of a legal obligation, specifically that of article 31 bis of the Penal Code which establishes that FERRER must impose the obligation to report possible risks and breaches to the body in charge of monitoring the operation and observance of the prevention model. As well as, in accordance with article 10 of the LOPDGDD, which establishes that the creation and maintenance of information systems for complaints within a company will be lawful.
The Personal Data processed for this purpose will be kept in the reporting system only for the time necessary to decide on the origin of initiating an investigation into the reported events. In any case, three months after the introduction of the Data, it will be deleted from said system, unless it is necessary to leave evidence of the operation of the crime prevention model. Finally, those complaints that have not been processed will only be kept anonymous.
3.Access to Personal Data by third parties other than FERRER
In general, access to the Data will be limited exclusively to those who carry out the internal control and compliance functions, that is, the Corporate Ethics & Compliance Advisor and the members of the FERRER Ethics and Compliance Committee, or those in charge of the treatment that eventually they are designated for this purpose. However, their access by other persons of the Group, or even their communication to third parties, will be lawful, when it is necessary for the correct investigation of the reported facts and / or for the adoption of disciplinary measures or for the processing of judicial procedures that, where appropriate, proceed.
Without prejudice to notification to the competent authority of acts constituting a criminal or administrative offense, only when disciplinary measures may be taken against a worker or third party, such access will be allowed to personnel with management and control functions of human resources in FERRER .
In particular, in the case of employees of FERRER Group companies outside the European Economic Area, international data transfers may be made. For this reason, FERRER will take appropriate measures to ensure that your Personal Data remains protected in accordance with the provisions of this document when transferred outside the EEA. We ensure that any third party that receives your Personal Data has appropriate security measures in place to protect such data. The mechanism to determine the level of adequacy can be (i) that the country has the appropriate country status, that is, that the third party has its headquarters in a country that the European Commission considers "adequate" because its protection standards data is similar to that of the European Union; (ii) that the standard contractual clauses of the European Commission are used, (iii) that the third party has the Privacy Shield between the European Union and the United States and the Privacy Shield between Switzerland and the United States; and in the event that none of the above is applicable and the treatment requires it (iii) through your express consent to proceed with the transfer of your Personal Data.
In any case, you will be informed about the transfer of your Personal Data in the event that it takes place.
The processing of your Personal Data by FERRER will be carried out at all times in accordance with the applicable regulations on the protection of personal data.
In any case, you can exercise your access rights at any time and for free; rectification; suppression; limitation of treatment; portability of the data and opposition by writing accompanied by documentation and / or information proving their identity, and expressly indicating which right among the previously related exercises:
Going to the Human Resources Department
Sending an e-mail to email@example.com
By postal mail adressed to FERRER, with adress at Av. Diagonal nº 549, 5ª planta, 08029, Barcelona.
Similarly, for the processing of your data whose legitimacy is based on your consent, you have the right to withdraw said consent at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.
We will consider all requests and provide our response within the time period established by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances by including Personal Data that we need to continue to process for our legitimate interests or to comply with a legal obligation.
In any case, the employee has the right to file a claim with the corresponding supervisory authority if he deems it appropriate.