It is an electronic mailbox available to any individual or legal entity with any type of relationship with Ership and through which an irregularity, illicit act or crime that negatively affects the Company in the provision of its services can be reported.
>In accordance with the Regulations covering the channel, its management is entrusted to an outsourced firm, and enables the “Users “ to report breaches in a confidential, although not anonymous, manner.
No. Filing a report via this external channel entails the identification of the reporting party by the mandatory data that appear on the form.
The management of the Reporting Channel by an external firm ensures:
1. The aforementioned firm is in charge of processing the allegation and processing the personal data, with the obligation not to access them. In this way, the allegation is handled in a confidential manner, keeping the identity of the reporting party secret so that their data may only be disclosed if the party gives his/her consent, or, where applicable, with the authorisation of the competent public authority for the investigation of the facts.
2. A reporting party in good faith is guaranteed that there will be no reprisals for the simple fact of filing a report.
3. It is guaranteed that the report will be processed independently to Ership in a professional manner by the external firm.
Reports must be made in good faith and have to be truthful, that is to say, they must be grounded in the existence of reasonable evidence of the commission of an irregularity, crime, illicit act or one that is contrary to the Code of Ethics.
Filing false reports may constitute a criminal offence of defamation and libel defined in Arts. 205 et seq of the Criminal Code.
Yes. The law requires that the subject be aware that a complaint has been filed against him/her and, therefore, as soon as the checks have been made and the file has been processed and, in any case, within three (3) ) months after the receipt of the complaint, the subject will be informed of the existence of the complaint and a summary thereof. Except in the cases specified in the Regulations, the subject of the allegation will not be given the identifying data of the party that filed the report. With regard to the details of the reporting party, they will be eliminated within two (2) months following the relevant findings.
Once the report has been received, it will assigned a unique code and included in the Record of reported breaches. Having analysed the facts of the report, it will be classified according to its main content and the level of seriousness thereof, from minor to serious to very serious. Subsequently, and with the exclusion of the personal data of the reporting party, the external firm sends the Record to Ership's Compliance Committee, which will be the body that will take a decision with regard to the reported allegation. Thus, a dossier is opened with the unique code initially assigned to the reported allegation and the pertinent decision is adopted: an investigation may be initiated with respect to the facts reported or the complaint may be filed if it is considered to be totally unfounded, the reasons for both decisions being stated in the file.
The procedure of investigation of the facts is regulated in Ership's internal regulations. In any event, the deadline for the processing of the file and the taking of a decision in this regard may not exceed two (2) months from the date of its opening.
If the reported facts are confirmed in the investigation, in the first instance, Ership will immediately take all the necessary measures to put an end to such acts or to prevent them from happening. Subsequently, depending on the seriousness of the events, legal actions may be taken against the person or persons allegedly responsible for them, including the internal disciplinary consequences of Ership and as many others as it deems pertinent.
All personal data supplied for the purpose of the complaint will be processed in accordance with Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Safeguarding of digital rights, for legitimate and specific purposes in relation to the investigation that may arise as a consequence of the reported allegation.
They will not be used for incompatible purposes and will be appropriate and not excessive in relation to the aforementioned purposes.