Privacy Policy

Purpose and application of the Whistleblowing Channel's Use and Privacy Policy:

The objective of this Privacy and Whistleblower Protection Policy of the CePeDe Group's Whistleblowing Channel is to offer all the information related to the processing of personal data, which where appropriate, will be carried out for the processing and management of complaints that may be submitted through it.

The Canal has been designed, in full compliance with the applicable regulations on data protection; Regulation (EU) 216/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

CePeDe has created this Channel to comply especially with Directive (EU) 1937/2019 of 23 October 2019 on the protection of persons who report breaches of European Union law, ensuring that whistleblowers can report, internally and to the authorities, any infringement of European regulations that occurs within an organisation through channels that guarantee the safety of the whistleblower, without fear of retaliation.

This privacy policy also reflects Law 2/2023, of 20 February, regulating the protection of persons who report regulatory breaches and the fight against corruption "Whistleblower Law", transposition of the Directive, in order to protect whistleblowers, and to establish the rules for internal information channels.

It also complies with the requirements established by Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, and in particular the internal complaints information systems.

Data controller:

His co-managers:

Ideas y Novedades Empresariales ETT SL , Calle Princesa, 2, 6ª planta, oficina 3, 28008, Madrid, Spain.

Cordillera de Actividades SL, Calle Princesa, 2, 6th floor, office 6, 28008, Madrid, Spain.

Luxuan AL1, Calle Leganitos 15, 28013, Madrid, Spain

Email: [email protected]

Data processed:

The following data may be processed in the Complaints Channel:

Of the complainant, they will be:

Identification data, if it is not an anonymous complaint, such as: full name, pseudonyms, email, mobile phone, etc.

Data on the relationship with the Organization, such as worker, user, supplier.

Professional data, such as job position, professional category, department, etc.

Any other information that has been included in the complaint to process it.

The accused will be:

Data that the complainant indicates in the description of the complaint.

Purpose of processing:

The data provided will be used for the main purpose of managing the reception, analysis, response to the whistleblower, processing and possible referral to the authorities, of communications about irregularities, illegal conduct or acts contrary to the law or serious or very serious breaches of the ethical values of the Organization.

The data provided may serve as substantiation for possible disciplinary measures or for the formulation of the corresponding actions before the authorities.

Legitimacy of processing:

The basis that legitimises the processing is compliance with the provisions of the article of Law 2/2023 of 20 February, regulating the protection of persons who report regulatory breaches and the fight against corruption "Whistleblower Law"

It also complies with the requirements established by Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, and in particular the internal complaints information systems.

Data retention period:

In accordance with the Directive, complaints will be kept only for the time necessary to decide on the admissibility of the complaint and investigation for processing, complying with the requirements imposed by the Directive.

If it is proven that the information provided or part of it is not true, it will be immediately deleted, unless the lack of veracity may constitute a criminal offence, in which case the information will be kept for the time necessary for the processing of the corresponding judicial proceedings.

In any case, the data will be kept in the system for a maximum of three months from the date of submission of the complaint, and regardless of this period, the complaints will be kept for the duration of any administrative or judicial procedure related to them.

Any data that is not considered necessary for the processing of the complaint will be deleted.

For statistical purposes, the data may be retained, anonymized for this purpose.

CePeDe will have a record book of the information received and internal investigations carried out, to maintain traceability of the activity of the whistleblowing channel and generate evidence of its operation for a maximum period of ten years, guaranteeing the confidentiality of said information.

Communication of data to third parties:

The data may be communicated to

The national or international authorities if necessary because the facts constitute a crime.

Entity providing legal services, whenever legal measures need to be taken

Entity providing services to the platform that manages the Whistleblowing Channel.

Data Access Limitation:

Internal access to data is limited to those performing the Organization's control and compliance functions, which is limited to:

Responsible for the person or body that manages the Whistleblowing Channel

Person who must instruct the file

HR manager when disciplinary action is required

Responsible Use of the Channel: Good Faith Communications:

Users of the Channel must make responsible use of it, and unfounded or fraudulent complaints are not allowed, and in such a case, the pertinent legal or disciplinary actions may be derived.

The user undertakes to ensure that the data provided is true, accurate, complete and up-to-date, as well as to make a respectful and decorous statement of the facts. The Organization is not responsible for derogatory comments that the complainant may make in front of a third party.

In the event that the body in charge of the investigation of the facts considers that the facts are false, the data of the user who makes the complaint may be transferred to the person reported, so that he or she may consider taking the appropriate measures.

Security measures:

The organization maintains the technical measures to guarantee an adequate level of security, to prevent the loss, misuse, alteration and theft of the data you provide us.

The organization guarantees that a communication system will be used that is effective and has the appropriate measures that preserve confidentiality, thus complying with the basic requirement of the obligation provided for by EU Directive 2019/1937/EC, as well as the Whistleblower Law.

Rights of data subjects:

The complainant may exercise their rights of access, rectification, deletion, limitation, opposition to their processing or portability of the data informed. To do so, you can contact the Data Protection Officer via email [email protected]

This web portal only uses its own cookies for technical purposes, it does not collect or transfer personal data of users in any case. If you want more information, click on the "Cookies" link below at any time.