Close modal
All filters Close
Show Delete filters
IKEA
0
Discover all our catalogs, guides and magazines
Welcome to a world of new products
More sustainable every day
A great product at a good price
Close menu Products Rooms
Online catalogs New Ideas and inspiration Special prices
English
Page to previous sheet Products Close menu Mattresses and toppers Outdoor Holiday House Sofas, armchairs and foot stools Beds Wardrobes Bedding Cooking and eating Appliances Living room furniture Lighting and electronics Dining chairs & tables Bathroom furniture Children´s room Bedroom furniture Gaming space Desks and computer desks Home organization Home decoration Back to School Rugs Textiles Cleaning and laundry solutions Care & Repair Food & beverages Page to previous sheet Rooms Close menu
Bedroom furniture Living room Outdoor Holiday House Dining Kitchen Home office Children´s room Bathroom Hallway
Page to previous sheet Online catalogs Close menu Catalogues Shopping guides IKEA Family Magazine Fika Magazine Discover all our catalogs, guides and magazines Page to previous sheet New Close menu See what's new STOCKHOLM collection NYTILLVERKAD collection BASINGEN collection Welcome to a world of new products Page to previous sheet Ideas and inspiration Close menu Inspirations Online shopping tips All IKEA events More sustainable every day Page to previous sheet Special prices Close menu All offers IKEA Family Prices Our lowest prices Last units New lower price A great product at a good price

Internal information protocol

Internal Information Management System Protocol

Law 2/2023 of 20th February

INTERNAL INFORMATION MANAGEMENT SYSTEM IMPLEMENTATION PROTOCOL ACCORDING TO THE LAW 2/2023, OF 20TH FEBRUARY

INDEX

  1. INTRODUCTION

  1. REGULATORY REGIME

  1. IMPLEMENTATION REQUIREMENTS

    1. Personal application scope

    2. Material application scope

    3. Temporal scope

    4. Objective scope

    5. Procedural scope

    6. Dissemination and information scope

    7. Responsibility scope

    8. Delimiter scope of the Rights and obligations of the informant

  1. RIGHTS OF THE INFORMANT

  1. "NO REPRISALS" PROTOCOL

  1. RIGHTS OF THE ACCUSED

  1. CONFLICT OF INTERESTS

  1. MANAGEMENT AND INFORMATION PROCESSING PROCEDURE

  1. DESIGNATION OF THE RESPONSIBLE FIGURE OF THE SYSTEM

  1. OBLIGATIONS OF THE ADMINISTRATIVE BODY

  1. RESOLUTIONS TO BE ADOPTED BY THE ADMINISTRATIVE BODY

1. INTRODUCTION

The internal information management systems, under the name of "whistleblower channels", were regulated for the first time by means of the Directive (EU) 2019/1937, 23rd of October (from now on, the Directive), which established the obligatory nature for the legal persons with two hundred and fifty or more workers; such obligation that is transposed to our legal system  with the approval of the Law 2/2023, 20th of February (from now on, the Law 2/2023) that receives the sense and content of the Directive practically in its entirety, profiling and adapting their dispositions to the national and legal particularities. 

This is a legal tool that aims for promotion and to ease making complaints -included the anonymous ones-, avoiding reprisals for those who place them and favour the detection and prevention of ilegal events or infringements in the scope of action of the legal persons, spreading their protection not only towards the workers in it strict sense but to any person that has the knowledge of the information by any employment link, professional service delivery or precontractual link. 

Throughout the present Protocol the objectives and purposes pursued by the Law will be examined, articulating an internal information management system defining the process to follow to its reception, management and resolution of the presented informations, all of it within the framework of the strict compliance of the planned obligations in the laws that result from the application. 

  1. Object of the Information Management System.

The object of the present protocol is, precisely, to give compliance to the dispositions contained in the Law 2/2023, through the implementation of a information management system (or, in other words, "whistleblower channel") and the establishment of a protocol that regulates an information management, reception, processing and resolution system that can form infringements of the Rights of the European Union or serious or very serious infringements, whether it is by criminal or administrative offence,  planned in the Spanish legal system; end that means the definitive factual expression of a strategy of communal nature resulting from the Directive 2019/1937 with the purpose of pursuing detection and prevention -and, in that case, penalty- of administrative and illegal infringements commited by the legal persons and public administrations.

This whistleblower channel, notwithstanding the planned considerations in the regulatory dispositions which is going to be referenced specifically, has as last purpose the attainment of the following objectives:

  • Make available for this entity a source of first-hand information, that will act as a tool for the prevention, early detection and, in that case, correction of the infringements or illegal acts committed.

  • Protect the people that in the context of their own activity they detect serious or very serious criminal or administrative infringements and that they communicate them through the said channel.

  • The search and attainment of an important preventive element through the existence of channels and incentives so that any person that knows the infringement or illegal act confidentially, resulting in a penal risk prevention program is fortified with the option to denounce anonismously by a regulated conduct.

  • Efficient and effective complement for the policy, being that, if the application scope of the whistleblower channel has virtuality beyond the illegal acts also including the administrative infringements, supposes a mean of information for the reception of clearer evidences of the efficiency (or inefficiency) of the existing controls and the adequacy to the reality of the risks assessment made.

Confidentiality and the prohibition of reprisals is established, allowing the anonymous reports, like fundamental pillars for the attainment of the purpose that is aimed by the Law and the term "whistleblower channel" is modified, for "information management system" -notwithstanding that in the present protocol both concepts are used indistinctly-, pretending to establish an agile system of the ad intra fraud detection.

Once the existence of sufficient evidence that can constitue an infringement or an illegal act required by the Law are verified, requires the collaboration with the judicial investigation or with the competent authority for its determination and penalty, in virtue of the contribution of data that has been included in the information and that could have been verified in the spirit of the communication.

The management system gives the possibility apart from the interaction with the informant, searching formulae for the cases in which someone wants to keep their anonimity, designing safe communication mechanisms for the follow up of the investigation' state and, in case of being applicable, adding new data or additional proof, or enhancement of the events first condemned.

The management system, in the terms that will be analized here for its later implementation, was already planned -although not in a taxable way- in the Organic Law 3/2018 of 5 december of Personal Data Protection (article 24): "The creation and maintenance of information systems through which can raise awareness of a Private law entity, even anonymously, the comission in the same entity or third-party actions that have contracted it, of acts or behaviors that might result opposite to the general or sectoral regulation that can be applied, will be illegal.

As main characteristic of the new regulation, scope and requirements of the information management system, the following -notwithstanding the punctual development that is brought to light regarding each one of them- can be highlighted:

    1. Obligation to the legal persons of more than fifty worker to have an "information management system" (whistleblower channel).

    2. Provide a preferential channel to the informants to communicate ther actions or omissions that constitute some of the infringements or illegal acts, even anonymously by the informant's choice.

    3. Avoid reprisals and provide, in that case, the necessary support measures.

    4. Compliance of the data protection regulation.

    5. Preserve, as far as possible, the informant's identity and the affected people.

The information management systems increase significantly the efficiency of the compliance regulatory programs, raising as new self control intrument, both from the ad intra point of view to avoid internal fraud, as well as the ad extra to avoid legal or administrative responsibility to the legal persons.

Ultimately, it is here to complete, complement and improve the mechanisms prestablished by this entity in virtue of the Criminal Risks Prevention Plan. Moreover, this is without perjudice and apart from the several means that the law 2/2023 additionally establishes, being as the external channel of information or the public revelation. However, and in line with the established foresight in the Explanatory Memorandum, like in the article 4 of the Law 2/2023, this internal channel of information is born with preference vocation, not perceptive, but understanding that it bring favorable effects to the whistleblower and the own company.

  1. Directive EU 2019/1937 related to the protection of the people who inform about infringements of the Union Right.

The obligation of the legal persons to have whistleblowing channels arises the date 16th of April of 2019 with the approval by the European Parliament of the so called "Whistleblowing" Directive.

This Directive, legal instrument that, precisely, is transposed with the Law 2/2023 to our legal system, adjusts minimum aspects that have to satisfy the different information channels through which a physical person knows in a working context of an infringement of the European Union Right, can make the existence of said infringement known.

In regards to this entity, the Directive obliges to have an internal information channel, with the purpose that the information about irregular practices can be known by the organization so the damages can be corrected or repaired as soon as possible; it being an expression of the legislative policy evolution, product of the compared models on an international and European level, that regulates anonymous informations and the protection of the person that communicates them.

Notwithstanding the particularities that specifically and singularly are regulared in the Law 2/2023, are outlined as reportable infringements related to the public recruitment; services, financial products and money laundering; the security of the products and the transportation; the environment protection, health and the consumers; the intimacy's protection; etc.

For the effective implementation of the whistleblower channels, the Directive provides that these are negotiated with the legal representation of the workers and specifically indicates the scope and content of the procedures and the processing of the allegations. To know:

  1. The whistleblowing channels must allow the possibility to formulate reports both written and verbally, as well as via telephone or other voice messaging systems and, also on-site if the whistleblower requires it1.

  2. Obligation to acknowledge receipt of the report in a maximum deadline of 7 days;

  3. Dessignation of an impartial person or service, that is competent processing reports, that can be the same person or service that receives the reports and that will maintain the communication with the whistleblower and, if necessary, will request additional information and will give an answer;

  4. Diligent processing of all the reports, anonymous ones included;

1 for it, the informant muct access the link www.islas.ikea/legal/internal-information-channel

  1. Maximum deadline of 3 months to give an answer to the informant about the report processing, counting from the acknowledgement of the receipt or, if there was not an acknowledgement, from the expiration of the seven days deadline from the report presentation.

This way it is established that the whistleblowing channels must allows the people report whether writter, verbally, or both; allowing the legal entities of the private sector to receive or investigate confidentially reports from the workers of the entity -including generic mentions to the directive personnel, advisers or shareholders-, but also, as far as possible, of any of the agents and suppliers and any person that accesses to the information through working activities related to the entity.

The Directive is justified in the determination that the informants "are the most important channel to discover fraud offences committed in the organizations; and the main reason for the people that have knowledge of criminal practicces in their company, or public entity, do not procees to report them, is fundamentally because they do not feel protected enough against possible reprisals resulted from the one whose infringements are being reported". This shall not prevent that reactive mechanisms are established to prevent informations founded on falsehood or false informations.

In short, , what is wanted is the informant's protection and the exercising of their right to have freedom of speech and information acknowledged by the art. 10 CEDH and 11 of the Charter of Fundamental Rights of the EU, and with that increasing their action in the discovery of illegal or criminal practices.

In case that the internal report is not enough, the Directive considers the possibility of an external report and, as last resource, the public revelation. Also being regulated the protection systems for the whistleblower against any type of reprisals.

  1. Law 2/2023, of 20 of February that regulates the protection of the people that inform about regulatory infringements and the fight against corruption.

The present internal information channel is designed with the protection and full follow up of the established requirements in the Law 2/2023, singularly taking into consideration the prospects established in the articles 10 (entities obligated by the private sector), 2 (material application scope), 3 (personal application scope) and the Second Transitory Provision (Maximum deadline for the establishment of the Information Managements Systems and acceptance of the already existant ones).

In any case it must be indicated that the implementation of the internal information channel cannot ignore the requirements also established by the Law related to aspects that could not come into play directly in the internal information channel but that do correspond with the rights of the whistleblower, as well as the correlative obligations of the company affected that, as well, must be advertised for the purposes of the general and effective knowledge by those who use the mentioned internal information channel.

The purpose of the Law, following the spirit of the Directive, is not other than to protect the people that informat about certain acts or behaviors that could mean infringements or illegal acts of the legal system (in the terms that will be describe in the material scope), protection that will also be proclaimed as fundamental element for the detection and prevention of those behaviors. By virtue of that, the informants without the protection granted by the Law, in many cases, does not communicate the information under the fear of being victim of reprisals and, also, the behavior of those who tried to report would not be detected.

Therefore, the rule pursues protecting the people in a working or professional context that detect serious or very serious criminal or administrative infringements through the mechanisms regulated by it, expanding for that the material scope of the Directive to the infringements of the national law, but limited to serious or very serious criminal and administrative to allow both the internal information channels and the external ones to concentrate their investigative activity to violations that are considered to affect more to a part of the society.

This protection is extended advocating the retroactivity of the protective measures against reprisals to the communications that have occurred from the 16th of December of 2019 (date of come into force of the Whistleblowing Directive).

This protection is defined by the very Explanatory Memorandum of the Law being configurated as the central axis in which the Law goes round, as well as the necessity to give safety to the people that inform, safety wihout which the informant could not proceed, in many cases, to communicate the acts or behaviors that they are trying to prevent. It is worth noting: "The good faith, the honest conscience that serious and harmful acts have happened is an indispensable requirement for the informant's protection. That good faith is the expression of the civic behavior and is opposed to others actions that, on the contrary,  is indispensable to exlude from the protection, such as the remission of the false or misinterpreted informations, as well as those that have been obtained illegally". 

The configuration of the Information internal System must meet certain requirements, among others, the afforable use, the confidentiality guarantees, the correct practices of follow-up, investigation and of the informant's protection, requirements which will be referenced in the sections in which they are developed or they can have a single incidence.

With merely an illustrative purpose it is worth noting that the examined Law that is articulated around the 68 articles, grouped in 9 Titles and 3 Chapters; 6 additional dispositions, 3 transient dispositions and 12 final dispositions.

On the private sphere, following the Directive's provision, all those companies that have more than fify workers will be obligated to configurate an Internal information System, with the particularity that the entities with more than two hunded and fifty workers must implement it totally before the 13th of June of 2023, under penalty of being object of the penalty system intended by the Law.

Besides, the Law does not limit the information channels to which it is object of this regulation (internal), but that complements it with alternate mechanisms like the public revelation or the external systems. This external channel, assignated to the Informant's Protection Independent Authority, is not compatible with the internal channel implemented by this entity, since this one, even though established as preferent, it does not suppose that it is exclusive of the external channel, so they can be make compatible and, inclusive, attent only and exclusively to the mentioned external channel.

The object and nature of the internal information system, following the spirit of the Directive, pursues target swiftly any indication of serious or very serious criminal or administrative infringement against the general interest, looking for the erradication and/or prevention of any fraud, getting ahead exponentially the knowledge that someone is committing irregularities and has the advantage that it can be interevened quickly, avoiding major damages that can exist due to a late detection.

The implementation of the management system requires as previous budget the consultation with the workers' agents, informing them both of the reception, management and resolution procedure of the received informations, as well as all the anonimity guarantees and the informant's confidentiality.

All the same, it is established as basic pillar of the Law the formation of an independent authority for the protection of the informant to which significative competences are assigned in face of watching, guarding and applying the Law's previsions, authority that, however, has not been constituted at the present date nor has been regulated from the transiet situation to the effective constitution of the authority mentioned, aspect that generates a legal void and insecurity specially to face the compliance of certain obligations like the communication to said authority to the people responsible, extreme that will be analised and resolved in the section related to the "Agent's Designation". 

2. REGULATORY REGIME

The regulatory regime to which the configuration of the present Protol is subjected is circumscribed principally based to the following instruments, without damage from those which incidental and punctual conditions might refer1:

    • Directive (EU) 2019/1937 of the 23rd of October 2019 related to the protection of the people that inform about infringements of the Rights of the Union

    • Law 2/2023, of the 20th of February, regulatory of the protection of the people that inform about the regulatory infringements and the fight against corruption.

    • Organic Law 3/2018, of 5th of December, of the Personal Data Protection and guarantee of digital rights.

    • Law 10/2010, of 28th of April, freezing of funds preventions and finaning terrorism. 

    • Organic Law 5/2010 of the Criminal code reform.

    • Prosecutor's office Circular 1/2016.

    • Royal decree-law 11/2018, of 31st of August, modified the Law 10/2010, of 28th of April, of Freezing of Funds Prevention and the Financing of Terrorism.

    • Regulation ISO 19600-2014.

    • Regulation UNE 19601.

1 The referenced regulatory dispositions are such for they face or regulate issues related to the contents of the present Protocol, although sectoral, serving as orientative criteria into the configuration of the management system.

3. IMPLEMENTATION REQUIREMENTS

To the effects of defining the subjective, objective and temporal scope, as well as the different requirements of implementation that have been established in the reference regulation, we will proceed to systematize each one of them in their correspondent subsections, without prejudice that one of them is ulterior and more specific development for its singular relevance. This way, the requirements demanded by the internal channel are configurated in the following: 

  1. Subjective scope (I), INFORMANTS, people that are able use this channel.

  2. Objective scope (II), physical or legal affected persons.

  3. Temporal scope.

  4. Objective scope.

  5. Procedural scope.

  6. Dissemination and information scope.

  7. Responsibility scope.

  8. Delimiter scope of the Rights and obligations of the informant.

Each one of the aspects mentioned will be analised from an individual theoretical perspective of the content of the appliable legislation, following a specific definition and configuration that will be implemented by reason of the present Protocol. 

  1. PERSONAL APPLICATION SCOPE (I): INFORMANTS.

The protection of the terms and conditions that will be exposed in the section ("Reprisals prohibition") is preached, from a subjective point of view and taking as a reference what has been exposed in the article 3 of the Law, as long as the informant subject is part of one of the following categories:

  1. People that work for the enitity and that have obtained the information that they report in a working or professional context.

  2. Workers employed by others.

  3. Self-employed people that provide services to this entity;

  4. Shareholders, participants and people from the board of adminstration, direction or supervision of the entity.

  5. Any person that works for or under the supervision and direction of contractors, subcontractors and suppliers of the entity.

  6. Working or regular personnel with already finished links, volunteers, interns, workers in training periods or people whose working relationship with the entity has not yet started, as long as the information reported has been obtained during the selection process or the precontractual process.

Besides that, the protection scope will be extended to the following subjects linked with the informant: 

    1. Legal representatives in the exercise of their functions. 

    2. Physical persons that attend the informant.

    3. Physical persons specially related to the informant.

    4. Legal persons, that work for or maintain any other type of relationship with the informant.

The present information management system will be articulated according to the technical means to preserve and guarantee the rights that the Law grants the informants (see section "Informant's rights"), establishing as well the prohibition of reprisals that gives protection to the mentioned subjects in the present subsection by actions or omissions that, inside the objective application scope of this channel, have been communicated.

  1. PERSONAL APPLICATION SCOPE (II): OBLIGATED ENTITY.

Las personas físicas y jurídicas obligadas a contar con un sistema de gestión de informaciones en los términos definidos en la Ley 2/2023, se encuentran recogidas en el artículo 10 de la misma, siendo

    1. The physical or legal persons of the private sector that have employed fifty or more employees. 

    2. The legal persons of the private sector that enter in the application scope of the acts of the European Union in the financial services, products or financial markets, prevention of money laundering or the financing of terrorism, security of transportation and protection of the environment to which refer the parts I.B and II from the annex of the Directive (EU) 2019/1937.

    1. Political parties, sindicates, business organizations and foundations created by one and all, as long as they get or manage public funds.

This company, having nowadays a personnel that in number of workers exceeds the limit established in the article 10 of the Law2,  more than fifty workers, is obligated to the implementation of the present Protocol configurating an information management system with the requirements and characteristics that will be defined in the subsequent sections.

However, as it will be referred aluding to the temporal application scope of the Law and the responsibility scope, this company already had a whistleblowing channel in the implementation frame of the Criminal Risks Prevention Plan, therefore:

2 Ello en virtud de los datos facilitados por el departamento de Recursos Humanos.

  1. Of conformity with the established prevision in the First Transitional Provision will be accomodated the existant whistleblowing channel to the expectations and agreements that are adopted in the present Protocol frame.

  2. There is also the option and so it is raised in front of the Administration body to the effect of its approval, that is the actual Criminal Risks Prevention Comittee, as collegiate body, that is instituted as Responsible of the management system. Without prejudice that the conformity of the things mentioned in the article 8 of the Law (see these effects in the section "Designation of the responsible of the system") this collegiate body delegates in one their member the management faculties of the internal information System and of processing of investigation reports.

  1. TEMPORAL APPLICATION SCOPE

The temporal application is defined by the content of the second transitory Disposition of the Law, coming from the consideration that the Law 2/2023 has a come into force date the 13th of March 2023:

  1. The Administrations, bodies, companies and other entities obligated to have an Internal information system must implement in a maximum deadline of three months from the come into force of this law.

  2. As an exception, in the case of legal entities of the private sector with two hundred and forty nine workers or less, as well as the municipalities of less than a thousand inhabitants, the planned deadline in the previous paragraph will be extended to the 1st of December 2023.

  3. The channels and procedures of external information will be ruled by their specific regulation resulting of application the dispositions of this law in those aspects in which they are not befitted to the Directive (EU) 2019/1937 of the European Parliament and the Council, of 23rd of October 2019. Said adaptation must happen in the deadline of six months from the come into force of this law. 

By vritue of the exposed considerations, the present Protocol as an expression of the implementation requirements compliance expected in the Law has the deadline for its correct and complete insertion in this entity the 13th of June 2023, every time that the number of workers exceeds the limit planned in the section 1 -more than two hundred and fifty- and being considered to the entities that exdeed this number in a deadline of three months from its come into force (as we indicate, 13/3/2023).

In compliance with the aforementioned, in the section "Obligations of the Administrative body"  the accords and acts that will be performed beforehand the date mentioned in the compliance of the different prospects pointed in the Law will be enumerated.

  1. MATERIAL APPLICATION SCOPE

The information management system configurated through the present Protocol will be limited to the reception and processing of the informations related to the actions executed under the wing, through or benefited from this entity, following the content of the article 2 of the Law3 2/2023, being limited to the following material scope, being specifically excluded those communications whose object does not correspond to the ones intended here:

    1. Any action or omission that can constitute an infringement to the European Union Right as long as:

      1. º Fall within the application scope of the acts of the European Union enumerated in the Directive's annex (EU) 2019/1937, independently from the qualification that from them make the legal system;

      2. º Affect the financial interests of the European Union as set out in the article 325 of the TFEU; o

      3. º Come into play in the internal market en el mercado interior, tal y como se contempla en el artículo 26, apartado 2 del TFUE.

    2. Actions or omissions that can be constitutive of serious or very serious criminal or administrative infringements.

    3. The informations that affect to classified information, professional secrecy of the medical and the legal professionals, of the duty of confidentiality of the Security Foreces and Corps in the scope of their actions are excluded, as well as the secret of the judicial deliberations. 

    4. The informations related to infringements in the processing of contracting procedures that contain classified information or have been declared secret or private, or those whose execution must be accompanied of special measures according to the current law, or in which it is required by the essential protection processes for the State's security, are excluded.

The procedure for the reception, management and resolution of the informations will be degined in the section "procedure of the management and processing of informations". 

  1. PROCEDURAL SCOPE

From a procedural point of view, notwithstanding the specific processes, terms, guarantees and requirements that will be established in the section related to "procedure of management and processing of informations" and that, besides, will be object of advertisement in compliance with the required in the article 25 of the Law 2/2023, the internal information management system will ensure the compliance of the following principles by virtue of the established in the article 5 and the following of the Law: 

    1. Allowing the communication of information in the exposed terms in the subjective and objective application scope.

    2. Guarantee the confidentiality of the informant's identity and of any third party mentuioned in the same communication, and of the actions that are developed from the management and processing of it, as well as the data protection, preventing the access of non authorized personnel.

3 See that the material application scope defined in the present Protocol exceeds that already defined own scope with ocassion of the implementation of the "whistleblowing channel" in the frame of the Criminal Risks Prevention Plan.

    1. Allowing the presentation of written or verbal communications, or both, even during the on-site communication.

    2. Option to present anonymous communications.

    3. Guarantee that the presented communications can be treated effectively.

    4. Be indepedent and appear differentiated.

    5. Have a responsible of the system.

    6. Have a correctly published and accessible policy.

    7. Have a received information managament procedure.

    8. Establish the guarantees for the informant's protection.

    9. Inform about the external channels.

El procedimiento de gestión de informaciones (definido en el apartado "procedimiento de gestión y tramitación de informaciones"), articulará recogiendo las premisas siguientes:

  1. Identification of the internal information channels. 

  1. Identification of the external information channels.

  1. Remission guarantee of acknowledgement of the informant's information, in the term of seven calendar days following its reception, except that it can damage the confidentiality of the communication.

  2. Determination of a maximum deadline to give answer to the investigative actions, that is set in three (3) months counting from the reception of the communication or, if it the acknowledgement was not remitted to the informant, of three (3) months from the expiration deadline of seven (7) day after doing the communication, except special complex cases that require extending the deadline, in which case, this can be extended to a maximum of three more months. 

  3. Anticipation of the posibility of maintaining the communication with the informant and, if necessary, of requesting to the informant additional information.

  4. Establishment of the right of the affected person to which the actions and omissions report is attributed, and be heard in any moment.

  5. Confidentiality guarantee.

  1. Requirement of the compliance of the presumption of innocence and the honor of the affected people.

  2. Respect of the dispositions of the personal data protection.

  1. Referral of the information to the Public Prosecutorón immediately when the events could be qualified a crime. 

  1. DISSEMINATION AND INFORMATION SCOPE

The Law imposes the entities some informative obligations from a double aspect, distinguishing from tge rights of the informant and the management procedure (see section "procedural scope") and, on the other hand,  the advertisement understood as communications directed to the informant competent authority of the formal aspects as, for example, the designation of the Responsible of the system.

Regarding the particular and/or eventual informants the minimum informations are established in the article 25 of the Law ("Information about the internal and external  information"), resulting:

  1. Giving right information and in a easy and clear way about the use of the internal information channel and about the essential principles of the management procedure.

  2. Conditions to be able to benefit from the protection.

  3. The contact data for the external information channels.

  4. The confidentiality regime appliable to the communications and, in particular, the information about the treatment of personal data.

  5. The appeal procedures and the procedures against reprisals, and the availability of confidential counselling.

  6. The contact data of the Independent Authority of the Informant's Protection.

I.A.I.P. or of the authority or competent authority  issued.

The information described in the previous points, as it will be indicated and will defined thoroughly in the section related to the management and processing procedure, will be added to the website of the entity, in a separated section and easy to identify.

  1. RESPONSIBILITY SCOPE

The responsibility of the information management system implementation in the required terms by the Law is the Administrative body as it is preached in the article 5 of said law (The administrative body or governance body of each entity or obligated body by this law will be responsible of the Internal Information System implementation"). However, the ruling obligations of the Law that will be mentioned in the relevant section "obligation of the Administrative body", are not only preachable regarding this one but any people, inside the acting scope of the Law incur in the infrignements described in the regulatory body:

Article 62. Responsible subjects.

  1. They will be subjected by the penalty system established in this law the physical and legal people that make any of the described actions like the infringements of the article 63.

  2. Whem the comission of the infringement is attributed to a collegiate body the responsibility will be demandable in the terms that the disciplinary resolution indicated. Those member that have not attended to the meeting due to a justified cause in which the accord was accepted or have voted against it, will be exempt of responsibility.

  3. The requirement of responsibilities resulted from the categorized infringements in this law will be extended to the responsibles even if its relation has disappeared or ended in its activity in or with the respective entity.

Therefore, what is preached is a primary responsibility regarding the administrative body, obligation aiming to the implementation of the Law. Secondly, this responsibility would derive to the management system Responsible, be a physical person or collegiate body that has been named according the required accords in the article 8 of the Law.

This physical person or collegiate body, as subjects entrusted to get, process, resolve the informations and look out for the correct compliance of the premises imposed by the rule, will answer the committed infringements as long as they are not exclusively and exclusionary fault of a third party.

  1. RIGHTS OF THE INFORMANT

The rights of the informant, which will be object of compliance publication of the requirement in the article 25 of the Law., including the paragraph in the section "management and processing procedure" that collect the exact content, will refer in this point in reference to the incidence they have regarding this entity, in other words, from the optics of the passive subject that has to comply to the obligations imposed by the Law:

  1. Confidentiality (article 33):

The entity must guarantee that the informant's identity is not revealed to third parties, looking out that the implemented management system has the personal and technical requirement that protect it, not collecting data that could identify the whistleblower or any person that is alluded in their communication.

The entity or, in that case, the Responsible of the System, can only communicate the identity of the whistleblower to the judicial Authority, Public prosecutors or the competent administrative authority in the frame of a criminal, disciplinary or sanctioning investigation; always communicating previously to the informant that their identity can be revealed, except that this can comprise the investigation or judicial procedure. 

  1. The public entity will publish, for the written communications, a form that will optionally allow the informant to indicate their address, email or safe place to receive the communications they make regarding the investigation, or in that case, renouncing to get any communications. This option will be provided as well when the verbal communications are done, indicating the possibility that the informant chooses a communication mean if desired (article 7).

  1. Legal counseling or assistance: Communicate to the informant the possibility, if they decide to appear being assisted, in their case and if necessary, by a lawyer (article 21).

  1. Personal data protection (article 31):

The entity must provide the information referred in the articles 13 of the Regulation (EU) 2016/679 of the European Parliament and Council, of 27th of April 2016, and 11 of the Organic Law 3/2018, of 5th of December, when the personal data are obtained from the interested people.

  1. Inform the whistleblower,

As long as they have informed of their wish to receive communications, about the processing state of their report and the results of the investigation.

  1. Protection measures (article 35) and no reprisals protocol (article 36):

The entity must guarantee that the protection measures for the informants are met, preventing actions of reprisals resulting of the presented informations through the management system and, in that case, adopting the appropriate disciplinary measures. The protection measures and the protocol against the reprisals will be announced in the section corresponding to "management and processing procedure".

  1. Information duty (article 25):

The entity must provide the right information in a way that is clear and easy to access, about the use of the internal information channel, as well as the essential principles of the management procedure, information that in the present case will be defined in the section "management and processing procedure" and that must be as well object of publication in the website of the company, corresponding, in any case, the following:

    1. the conditions to be able to invoke the protection.

    2. los datos de contacto para los canales externos de información.

    3. the management procedures.

    4. the confidentiality regime appliable to the communications. 

    5. the means of redress and procedures for the protection against reprisals.

    6. the contact data of the Independent Authority of Informant Protection, IAIP or the authority or competent authority relevant.

  1. "NO REPRISALS" PROTOCOL

The prohibition of reprisals is a right that both the whistleblower and the people specially related to them have (defined in the section "subjective application scope I") guaranteeing their protection for a minimum of two years from the information presentation, aiming with the implementation of this program to embrace the relevant measures directed to prevent and avoid any behavior that can constitute any type of reprisals of the ones mentioned in this section, becoming righfully nulled these acts and being able to, in that case, result in corrective disciplinary or responsibility measures, being able to include the correspondent compensations of liquidated damages to the damaged.

The prohibition of reprisals is defined in the article 36 of the Law 2/2023 establishing that "the constitutive acts of reprisal are forbidden, including reprisal threats and reprisals attempts against the people that present a communication", understanding as reprisal "any act or omission that are forbidden by the law, or that, direct or indirectly, mean an unfair treatment that places the people that suffer disadvantage in specific with regard to another in the working or professional context, just by their informant condition, or for making a public disclosure". 

Specifically the behaviors that incur in some of the following situations are forbidden, except that these, due to accredited or creditable causes, that have been taken for alien reasons to the whistleblowing presentation that, in any case, must prove the person that has taken the forbidden measure:

  • Work contract suspension, dismissal or extinction of the working or statuary relationship, including the no renovation or anticipated termination of the contract of a temporal work once the trial period has ended, or an anticipated termination or annulment of the good or services, imposing any disciplinary measure, degradation or denial of the raises and any other sustantial modification of the working conditions and the non conversion of temporal work contract into an indefinite one, in case that the worker has legitimate expectatives that he was going to be offered an indefinite job.

  • Damages, incluyding those with reputational characyer, or economic losses, duress, intimidations, harassment or ostracism.

  • Negative evaluation or references regarding the working or profesional perfomance.

  • Inclusion in the black lists or dissemination of information in certain sectoral scope, that hinder or prevent the access to work or contracting works or services. 

  • Denial or cancellation of license or permit.

  • Training denial.

  • Discrimination, or unjust or unfavorable treatment,.

  • Change of workplace, change of the location of the workplace, salary reduction.

  • Degradation or denial of raises.

  • Denial of training, courses, and others.

  • Negative evaluation or references regarding working results.

  • The suspension, dismissal, destitution or similar measures.

  • Imposition of disciplinary measures, reprimands or other sanctions, including rest period or holidays.

  • Intimidations, harassments, discrimination or unfavorable treatment.

  • Physical, moral or reputational damages, included in social means.

  • Anonymous disclosure of information, identifying the whistleblower so that they suffers hostilities in the working environment.

  • Defamation process outside the working environment.

  • Plead the existance of the confidentiality clause between the whistleblower and the Organization, to sanction the whistleblower for their breach.

  1. RIGHTS OF THE ACCUSED

The person that is initially incriminated by the informations given through the management system, as well as those that are investigated in moments ulterior the procedure, have in virtue of the application of the content of the article 39 of the LAW from a series of rights and protections:

Article 39. Medidas para la protección de las personas afectadas.

During the processing of the record from the people affected by the communication will have the right of presumption of innocence, the right of defense and the right of access to the record of in the regulated terms in this law, as well as the established protection for the informants, preserving their identity and guaranteeing the confidentiality of the events and data of the procedure.

The management of informations procedure planned in the present protocol guarantees the following rights to the person regarding the present information (see "procedure of management and processing"):

  • The confidentiality of the correspondent data of the affected people will be preserved and guaranteed and and to any thrid party that is mentioned in the given information.

  • Right of defense. 

  • Right to presumption of innocence.

  • Right to access the record, with the necessary limitations to preserve the identity and confentiality given to the informant third party.

  • Right to make allegations.

  1. CONFLICT OF INTERESTS

The article 8, section 5, of the Law 2/2023 regarding the Responsible person of the management system advocates that, in any case, they must try to avoid when configurating the system the "possible situations of conflict of interest".

By its virtue, in the case that the events denounced can affect any member of the Administration Council, the Criminal Risks Prevention Committee as a collegiate body that will choose as Responsible of the Informations management system (see section "Administration body accords") or, in that case, the physical person where they will delegate the expected effects in the article 8 of the Law, or that in any way can generate a conflict of interest to any of those people, the affected person must avoid intervening in the processing reports procedure, acorrding it is now described.

Conflict of interest shall exist in those cases in which particular interests of any of these people can limit their capacity to make, in due objectivity, neutrality and impartiality, the processing and instruction of the reports. This conflict is assumed to exist when the reported events are located inside the responsibilities and executive functions of any of the Administrarion Council or the Compliance Committee members, and can happen as well when the events affect any person with which any of them has family relationship (until third degree, included) or a corporative interest.

As a consequence of the aforementioned, if the whistleblower suspects that the events can lead to a situation of conflict of interest with the Compliance Committee, they can present a resport directly to the Secretary of the Administration Council. In such cases, and as long as the existence of such situation of conflict of interest is verified, it will be entrusted to the Carlos Cabrera's Office, as internal advisor, the processing and instruction of the report, not having to be followed for the hiring of the budget management controls that can result from the application.

  1. MANAGEMENT PROCEDURE AND INFORMATIONS PROCESSING

The management procedure and informations processing according the established dispositions referenced in the section V) procedural scope, developed throughout this protocol and that will be object to specific advertisement in compliance of the required in the article 25 and following the Law 2/2023, will be ruled by the following actions:

    1. Reception of the informations

The informations will be received:

  1. Though the form inserted in the tab "Internal Information Channel" enabled at the webpage www.islas.ikea.es

  2. Excepcionally, mediating the whistleblower request – request that must formulate the same indicated ways in the previoys points-, it will be allowed the formualtion of the report on site, for the purpose of which a meeting will be placed on the seven calendar days following the request presentation.

If the whistleblower chooses to perform an onsite presentation of the report this will be documented, by choice of the informant:

    1. through a recording of the conversation in a safe, durable and accessible format, or

    2. through the complete and exact transcription made by the personnel responsible of treating it.

The informant, happing accepted by any of the options the information presentation, can choose if they want to receive the communications of the actions that result from the procedure, including the acknowledgement of receipt, having to indicate for that an address, whether it is postal or electronic, or a telephone number for the reception of the communications, notwithstanding the right to report in any moment of the procedure.

A system for the informant will be established by which, when placing the report, a code or referencia of the report will be provided. With this code they will be allowed from the Channel's web, to access to consult, if desired, the state of the processing of the report and the acts and requests of the information that the channel manager has, in that case, required. From that section, the whistleblower, can bring the additional information that is required, always maintaining the safety conditions and anonimity required by the law.

In case of accepting the reception of communications, an acknowledgement of receipt of the information presented will be remitted in a deadline of seven calendar days.

    1. Informations management

The information or presented report and, in that case, the acreditative documentation that has been attached about the reported events, will be treated by the System's responsible that treat its reception, make a preliminary anaylisis of the reported events and its adequacy to the enabled form.

After that, in a maximum deadline of ten (10) business days counting from its effective reception, it will make the following decisions:

      1. Non-admission of the communication, in any of the following cases:

        1. º When the events narrated lack all plausibility.

        2. º When the events narrated are not constituitive of infringement of the legal order included in the application scope.

        3. º When the communication manifestly lacks foundation or exists, according to the Responsible, rational indications of having been obtained by commiting a crime. In this last clase, apart from the non-admission, it will be remitted to the Public Prosecutor detailed description of the evens that are considered a crime.

        4. º When the communication does not contain new and significative information about infringements compared to the previous communications regarding which have concluded the relevant procedures, unless new circumstances arise in fact or in Law that justify a different follow up.

      1. Admit the communication.

      1. Refer immediately the information to the Public Prosecutor when the events can be qualified as crimes or that the European Public Prosecutor in the case that the events affect the finantial interests of the Eurpean Union.

      1. Refer the communicaion to the authority, entity or body that is considered competent for it processing.

After following the aforementioned milestones and timelines, the decision adopted by the Responsibl in this phase of the procedure will be communicated to the whistleblower un a maximum deadline of business days (10), except that the communication is anonymous or the informant has renounced to receive communications.

    1. Communication to the accused

Any person that has been object of admitted report will be informed about:

  1. The reception of the report,

  2. A consice relation of the events and of the documentation, in that case, attached.

  3. Their right to present written allegations in a deadline of ten (10) calendar days from the reception of the communication.

  4. Of the treatment of their personal data.

Exceptionally, if the Responsible considers that it exists a risk that the notification to the accused can compromise the investigation, said communication can be conducted in the hearing procedures if their contruibution its beforehand considered to ease the concealment, destruction or alteration of proof.

In any case, the deadline to inform the accused person will not exeed one (1) month from the reception of the report, whether it is written or a personal communication to the effects described in the previous paragraph.

    1. Investigation of the alleged events

Once the report is admitted to processing, the Responsible will start the  appropriate investigations to check the veracity of the alleged events. To do that they can request as many information and documentation as they consider necessary to try to clarify the alleged events, to as much departments, areas or people of the entity are appropriate.

For this purpose, and as long they are requested, the entity's personnel must give all their collaboration with the investigative labours that are being perfomed.

For the case of the informant having accepted the communication of the mentioned events during the procedure, having pointed out to the effect contact address, it can be required if necessary for the inquiry of the events, that they clarify or expand the information.

In the case that due to the nature of the events the investigation will be considered complex, help or specialized counseling can be requested to a internal expert, that will be coordinated with the Criminal Risks Prevention Committee.

    1. Termination of the actions

Concluded all the actions, the System's reponsible will issue a report that will contain:

      1. An exposition of the narrated events along with the identification code of the communication and registration date.

      2. The classification of the communication for the purpose of knowking their priority or not in their processing.

      3. The perfomed actions with the purpose of verify the plausibility of the events.

      1. The reached conclusions in the instruction and conclusiones alcanzadas en la instrucción y la valoración de las diligencias y de los indicios que las sustentan.

Once the report is emitted, the Responsible will adopt any of the following decisions:

  1. Record archive, that will be notified to the informant and, in that case, to the person affected.

  2. Referral to the Public Prosecutor if, despite not appreciating before the signs that the events could cover the criminal character, if the instruction results that way.

  3. Transfering everything performed to the competent authority.

  1. Implementation of internal legal and disciplinary measures, of any type.

The deadline to finish the actions and give an anwer to the informant, in that case, cannot be above three (3) months from the information registration entry, or,  if it was not forwarded the acknowledgement of receipt to the informant, three (3) months before the due date of seven (7) days after performing the communication, except in specially complex cases that require an extension of the deadline, in which case, it can be extended to a maximum of other three additional months. 

    1. Implementation

I will correspond to apply the internal sanction or disciplinary measures planned in each case to the person or people that have said function attributed, under enough power of attorney.

In the case that the correspondent sanctions are of the working environment, the Human Resources department will be in charge. If the sanction is of commercial nature (contractual resolution, etc.) or requires the implementation of legal actions it will be established by the Administration Council, and implemented by the person with the sufficient power of attorney.

    1. Reception of information from different channels than the one enabled

In the case that the communication is received, if it is or could be material object of the application scope of the whistleblower channel, through a channel that is not the competent or by the personnel member that are not responsible for its treatment, the person or people tha have received it will forward the communication immediately to the Management system responsible, not being able to reveal whatever information that could identify the informatn of the affected person.

    1. Identification of external channels

Apart from the internal whistleblowing channel that has been implemented by this entity, the Law provides other mechanisms of information like the external channel (article 16) and the public revelation (article 27). Said external channel is not incompatible with the internal channel implemented by this entity, since said channel, although is preferent, it does not mean it exclusive of the external channel, therefore they can be combined e, also, use only and exclusively the mentioned external channel.

This external channel is managed by the Informant Protection Independent Authority (I.P.I.A).

    1. Rights of the informant

The managament and processing procedure of informants will look out for the compliance of the proclaimed rights in favor of the informant:

  1. Confidentiality of the communications issued through the system and the resolutions that are dictated in that case, preventing the access to it by the non authorized personnel; protection that is extensible to third parties that have been mentioned or are involved in the investigation.

  2. Indicate the address, email and safe place to receive the communications that are made regarding the investigation or Renounce, in that case, the receive communications.

  3. Appear by their own iniciative or when it is required by it, being attended, in that case and if it is necessary, by a lawyer.

  4. Exercise the rights that the lesgislation of personal data protection provides.

  5. Know the state of the report processing and the results of the investigation.

  6. Right of protection: The informant has the right to fulfill the protection measures indicated in the section 5.10, besides any other measures that the competent authorities could release about the external channel. 

  7. Right of no reprisals.

  8. Right of information.

    1. Protection against reprisals

The behaviors that incur in any of the following situations are forbidden, except that said behaviors, due to accredited or creditabled causes, have been taken for alien reasons to the report presentation that, in any case, must prove the person that has taken the forbidden measure: 

    • Suspension of the work contract, dismissal or extinction of the working or statuary relationship, including the no renovation or anticipated termination of a temporary work contract once the trial period is over, or anticipated termination or cancelation of goods or services, imposition of any disciplinary measure, degradation or denial of raises and any other sustantial modification of the working conditions and the non conversion of a temporary work contract into an indefinite one, in case that the employee has the legitimate expectations that an indefinite work would be offered.

    • Damages, including those of reputational, or economic losses, duress, intimidations, harassment or ostracism.

    • Evaluation of negative references regarding the work or professional perfomance.

    • Inclusion in the black lists or dissemination of information to a determined sectoral scope, that makes difficult or prevent the access to the employment or the contracting of works and services. 

    • Denial or cancellation of a license or permit.

    • Denial of training.

    • Discrimiation, or non favorable or unjust treatment.

    • Change of work place, chance of location of the work place, salary reduction.

    • Degradation or denial of raises.

    • Denial of training, courses, among others.

    • Evaluation or negative references about the working results.

    • The suspension, dismissal, destitution or equivalent measures.

    • Imposition of disciplinary measures, admonitions or other sanction, including the decreasing of rest or vacational periods.

    • Intimidations, harassment, discrimination or other unfavorable treatment.

    • Physical, moral or reputational damages, including social means.

    • Anonymous revelation of information, identificating the whistleblower so they suffer hostilities in the working environment.

    • Defamation outside the working environment. 

    • Plead the existence of the confidentiality clause between the whistleblower and the Organization, to sanction the whistleblower for their non compliance.

    1. Rights of the accused

The management of informations procedure guarantees the following rights to the person regarding that they present the information:

    • The confidentiality of the data of the affected people will be preserved and guarantees and and also of any third party that is mentioned in the give information.

    • Right of defense.

    • Right to presumption of innocence.

    • Right to access the record, with the necessary limitations to preserve the identity and confidentiality provided to the third party informant.

    • Right to make allegations.

8.12 Legal warning


In compliance with the things mentioned in the art. 13 of the Regulation (EU) 2016/679 (GDPR), we inform you that the data that you facilitate us through email are going to be added to a responsibility file of SARTON CANARIAS SA., and treated based in the compliance of a legal obligation, with the purpose of processing and resolve the informations received according the established procedure.

Their data will be accessible to external technical service providers, such as website hosting, computer maintenance and other similar linked to SARTON CANARIAS SA.

The data obtained through this way will be preserved for the time necessary to resolve the processing of the report. In any case they can, in any moment, be revoked the allowed consent and exercise their right of access, rectification, cancellation, oposition, revocation, limitation, portability and oposition to automatized decisions, through the delivery of an email to the following address  datos obtenidos a través de esta vía serán conservados durante el tiempo necesario para resolver la tramitación de la denuncia lopd@ikeasi.com.

If you want more information, visit the Legal Warning and Privacy Policiy of SARTON CANARIAS SA in the link, at the site of the correspondent store, accessing the legal section:

www.islas.ikea.es

  1. DESIGNATION OF A RESPONSIBLE FIGURE FOR THE SYSTEM

Following the collected exposition of the "responsibility scope" section, the Law demands to the Administration body a physical person (directive) or collegiate body (that must delegate, as well, in one of their members) as Responsible of the management system, who must develop their functions in a complete independent and autonomous way:
 

Article 8. Responsible of the Internal information system.

  1. The administration body or governing body of each entity or body obligated by this law will be competent for the designation of a physical person responsible of the management of said system or «System's Responsible», and of their destitution or termination. 

  2. If it is decided that the System's Responsible is a collegiate body, this must delegate in one of their members the faculties of the internal management system of information and processing of the investigation reports. 

  3. Both the naming and the termination of the phyisical person individually designated, as well as the members of the collegiate body must be notified to the Informant Protection Independent Authority, I.P.I.A., or, in that case, to the authorities or competent bodies of the autonomous regions, in the scope of their respective competences, in the deadline of then calendar days, specifying, in case of termination, the reasons that have justified it.

  4. The System's responsible must develop their functions in an independent and autonomous way regarding the rest of the bodies of the entity or authority, it cannot receive any type of instruction in their exercise, and must provide of all the personal and material means necessary to perform them.

  5. In the case of the private sector, the System responsible physical person or entity in which the collegiate body responsible has delegated their functions, will be directive or the entity, that will exercise their position with indepence of the administation or governing body of it. When the nature or the dimension of the acitivities of the entitiy do not justify the existence of a directive Responsible of the System, it will be possible the ordinary performance of the functions of the position or job witht the System Responsible, trying to avoid in any case the possible conflict of interest situations.

  6. At the entities or bodies where a responsible person already exists with the function of regulatory compliance or of the integrity policies, whatever their denomination was, this can be the designated person as System Responsible, as long as they comply with the requirements established in this law.

This entity, as it will be referred in the "obligations of the Administrative body" section, as well as in "Elevation of the proposal of agreements", must designate a physical person or collegiate body responsible for the management of the system and its later communication to the competent authority.

In this case, is understood as appropriate that the management of the channel is delegated in the Criminal Risks Prevention Committee, committee that, on the other hand, already managed and reviewed the whistleblowing channel characteristic of the prevention plan, channel that will be adapted for the implementation of the present protocol.

In it virtue, the proposal that will be formulated to the Administration body ("Elevation of the proposal of agreements") to the effects of adopting the decision provided in this section be that the Criminal Risks Prevention Committee that assumes the functions of the Responsible, notwithstanding that the own Administration body adopts the necessary decision regarding of the physical person that in accordance with the transcribed article 8 assumed the management and processing inside the members of the Committee. 

This designation must be communicated to the competent authority, the I.P.I.A., that, if nowadays has not yet been constituted, it will be understood as valid the performed communication to the analogue bodies of the Prevention and Fights against Fraud and corruption, until the moment in which it is constituted. That without ignoring the remission that makes the Law to the transference of the competences of the Autonomous Regions, not having that, currently, the Autnomous Regions of the Canary and/or Balearic Islands have assumed competences in this matter.

  1. OBLIGATIONS OF THE ADMINISTRATION BODY

The obligations imposed by the Law to the Administration body, taking into account that said obligations will be proposed in the following section to the very Administration body for its definite aproval and consequent implementation, are the following:

  1. The implementation of the management system (Article 5: "The administration body or governing body of each entity or obligated body by this law will be responsible of the implementation of the Internal information system").

  2. Submit the management system to a previous information to the workers' agents (Article 5: "previous inquiry with the legal representation of the working people").

  3. Designation of the responsible (Article 8: "The administration body or governing body of each entity or obligated body by the law will be the competent for the designation of a responsible physical person for the management of said system or «Responsible of the System», and of its distribution or termination") and communication of this designation to the competent Authority. 

  4. Aprove the informations management system (Article 9: "The administration body or governing body of each entity or obligated body by the law will aprove the informations management procedure").

  5. Publish the information regarding the use and functioning of the informations management system (Article 25: The individuals included inside the application scope of this law will bring the right information in clear and easy to access way, about the use of all the internal information channel that ahs been implemented, as well as the essential principles of the management procedure. In case of having a website, said information must appear in the home page, in a separate section and easy to identify").

  6. Have a regsitration-book with the received informations and of the internal investigations (Article 26: All obligated individuals, according with what is mentioned in the law, to have an internal informations channel, with independence that they form part of the public or private sector, must have a regsitration-book of the received informations and internal investigations that have happened, guaranteeing, in any case, the confidentiality requirements present in this law").

  7. Facilitate the information established in the regulation of personal data protection (Article 31: "When the personal data of the interested are directly obtained they will be facilitated with the information referred in the article 13 of the Regulation (EU) 2016/679 of the European Parliament and the Council, of 27th of April 2016, and 11 of the Organic Law 3/2018, of 5th of December").

  8. Revise the protocol and functioning of the informations management system (First Additional Disposition: The responsible authorities of the external information channels will revise their reception and information follow up procedures at least once everyt three years, adding performances and good practices with the purpose of being useful with a better efficiency to the purposes for what they were created").

The referred requirements are reflected and developed in the "management and processing procedure" section, which will be submitted to the administration body for its aproval and later implementation, giving, ultimately, filled the demandable requirements; except the prior consultation with the workers agents, extreme that cannot be object of publishing but that, as well, will be elevated to the very Administration Council to be agreed.

  1. ELEVATION OF ACCORDS: ACCORDS TO ADOPT BY THE ADMINISTRATION BODY.

By virtue of the present Protocol and, in specific, of the collected plans of the "OBLIGATIONS OF THE ADMINISTRATIVE BODY" section, is understood as appropriate to elevate to the Administration Council the present Protocol for its final aproval, as well as the following Accords proposal:

    1. The implementation of the management system, in compliance with the established in the article 5 of the Law 2/2023, that after the proper report to the workers' agents.

    2. The aproval of the information management system in the defined terms of the "management and processing procedure" section, in compliance with the established in the article 9 of the Law 2/2023.

    3. Designation of the Responsible of the management system and its ulterior communication to the correspondent authority, due to the required in the article 8 of the Law 2/2023.

    4. Publish the information related to the use and functioning of the informations management system, by virtue of the disposed in the article 25 of the Law 2/2023.

In conclusion, it is relevant and demandable that the Administration body manifests on the exposed points, speaking out about the implementation of the management system, in the terms, procedures and conditions defined in the present Protocol, agreeing its publication and designation of a management Responsible.

Product added to Product removed from your favoritesgo to Your favorites list Close Close modal
The following modal has been opened: Successful processing.

Hej

You're now one step closer to the kitchen of your dreams. We will contact you to schedule the date and time of your appointment. We've sent you an email with more information and contact details.

Accept

Close modal

The following modal has been opened: An error has occurred.

Hej

Failed to send your message, please try again. An email has been sent to technical support.

Accept