Art. 31.bis. The Criminal Code speaks about the responsibility of the legal person, in it, not only the criminally responsible persons are determined but also in its point s, the requirements that the management models for the prevention of crimes to be implemented in the organizations must comply with are established. One of those requirements. is the existence of a means of reporting possible non-compliance:
“They shall impose the obligation to report possible risks and non-compliances to the body in charge of monitoring the operation and observance of the prevention model.”
On the other hand, and in accordance with the provisions of Law 2/z023 of September 20, 2002, regulating the protection of individuals and the fight against corruption. Specifically in its article 10 (private sector) and article 13 (public sector), it imposes the obligation to establish Internal Audit reports.
This whistleblower channel ensures compliance with the provisions of the aforementioned Law 2/2023.
Likewise, the external complaint channel established is managed by a qualified trust service provider that complies with the specifications provided for in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and Lev 6/2020. of November 11. regulating certain aspects of trusted electronic services
In any case. the qualified provider of trust services will comply with the instructions established by the Instituto Tecnológico de Aragon) always in accordance with the current legislation on data protection, ensuring compliance with the obligations under Art. 28 of the RGPD.
Complaints will be anonymous in general and will be answered through the same channel through which they were received. Anonymity shall be lifted only in cases of a request for a report in person, with the express consent of the informant or when it constitutes a necessary and proportionate obligation imposed by Union or national law in the context of an investigation carried out by the national authorities or in the context of judicial proceedings, in particular to safeguard the right of detention of the person concerned.
During the process, therefore, compliance with current data protection legislation will be ensured. (LOPGDD and RGPD.
When you are going to establish a complaint, you will notice that you are directed to an on-line tool external to the domain of the Instituto Tecnologico de Aragon, the message will be transmitted to the tool of the qualified trustworthy provider in order to guarantee the anonymity and the protection of the data of the complainant.
Therefore, this tool may be used by any person linked with an employment or training relationship with the Instituto Tecnologico de Aragón or any other third party or any acts or omissions constituting a serious or very serious criminal or administrative offence, which infringe European Union law when they relate to the matters listed in Annex I of Directive (EU) 2019/1937, or affect the financial interests of the Union or affect the internal market and/or are contrary to the internal rules of the entity.
Through this channel, you can request that the filing of the complaint is carried out in person, being informed the complainant that in this case the anonymity is lifted. However, confidentiality of information is guaranteed throughout the entire procedure. You can obtain more information in the User’s Manual provided by the entity.
This whistleblower channel is not the ideal channel for issues related to your employment conditions or disciplinary matters. In that case you should follow the policies established in your organization.
Access the main principles of ITA’s information channel management procedure.
The Instituto Tecnologico de Aragon as responsible for the processing of data that. in fulfillment of a legal obligation under Lev 2/2023. of February 21. The company will process the information for the purpose of handling the reports received through the channel, ensuring the confidentiality of the data of the person reporting them to third parties unless their identification constitutes a necessary obligation imposed by EU or national law in the context of an investigation carried out by the national authorities or in the framework of a judicial proceeding. in which case it shall be communicated to the competent authorities in the matter. Your data will be kept for a maximum period of months from the introduction of the data in the channel, after which it will be deleted from the channel, but may remain blocked as necessary to demonstrate the operation of the crime prevention model or may be required by the competent authority for the initiation of the corresponding investigation of the facts. For more information about the processing of your data or how to exercise your rights, please refer to our Privacy Policy.