The processing of personal data resulting from the application of Law 2/2023 will be governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights.
Information regarding the processing of personal data derived from the internal information system:
Purpose
- To identify you and be able to contact you.
- To handle and manage reports related to alleged criminal, administrative, labor, or ethical code violations by professionals associated with Aire Networks del Mediterráneo.
Legitimation
The processing is necessary for compliance with a legal obligation (Article 6.1.c GDPR) provided for in Law 2/2023, of February 20, regulating the protection of individuals reporting regulatory violations and combating corruption, as well as the fulfillment of essential public interest missions (Article 9.2.g GDPR).
If you provide personal data of third parties in the report, you affirm that the information provided is accurate and that you have their consent, committing to convey to them the information contained in this section.
Categories of Data Subjects and Categories of Data
- Whistleblowers (Natural Persons or Legal Representatives):
- Personal Details: Name, last name, ID number or equivalent, and signature.
- Contact Information: Email, postal address, and phone number.
- Professional and Academic Background: Position held and affiliated entity.
- Accused (Natural Persons):
- Information Supplied by the whistleblower, which may include name, last name, phone number, or email.
- Witnesses:
- Information Supplied by the whistleblower, which may include name, last name, phone number, or email.
This data is collected to facilitate the thorough investigation and management of reports concerning potential misconduct or regulatory violations within Aire Networks del Mediterráneo.
Data Retention Period
Data will be securely retained for the duration required to fulfill the original purpose for which it was collected. Additionally, it will be retained to address any potential liabilities that may arise in connection with the purpose and data processing.
It’s important to note that we are committed to only collecting personal data that is directly relevant to the specific information processing. Any irrelevant data, if inadvertently collected, will be promptly removed from our records.
In cases where received information contains special categories of personal data that require special protection, such data will be promptly deleted, unless processing is deemed necessary for reasons of essential public interest, as outlined in Article 9.2.g) of the GDPR and specified in Article 30.5 of Law 2/2023.
Moreover, any communications that have not undergone processing will be securely maintained in an anonymized format. The obligation to block such data, as stipulated in Article 32 of the LOPDPGDD, will not be applicable in these instance
Security Measures
The security measures implemented correspond to those outlined in ISO/IEC 27001:2013 standard and any other measures specified in our internal regulations to ensure the protection of personal data secured within our systems.
Communications:
You have the right to keep your identity confidential from third parties. However, solely to fulfill the purposes of data processing, your personal data may be disclosed, when necessary for the proper handling of your report, to:
- National and European Judges and Courts.
- Public Prosecutor’s Office or European Prosecutor’s Office.
- Law Enforcement Agencies.
- Independent Authority for Whistleblower Protection.
- Other competent authorities in the Public Administration.
- Responsible for Legal Services at Aire Networks del Mediterráneo.
- Responsible for the Human Resources Department at Aire Networks del Mediterráneo, only when disciplinary measures against an employee may be warranted.
- External legal advisors.
International Data Transfers
There are no planned international transfers of the processed data.
Data Controller
Aire Networks del Mediterráneo S.L.U.
C/Santiago Ramon y Cajal Numero 11, Elche Parque Empresarial
CP: 03203 Elche (Alicante) España.
Data Protection Officer
You can contact our Data Protection Officer for any information regarding the processing of your personal data at the following address: rgpd@airenetworks.es.
Exercise of Rights and Claims
You can exercise your rights of access, rectification, erasure, objection, restriction, and data portability by sending a written request by postal mail to the address of AIRE NETWORKS DEL MEDITERRÁNEO, S.L.U. (C/ Ramón y Cajal, Nº 11 03203 Elche, (Alicante), attaching a photocopy of your ID card, or by sending an email to rgpd@airenetworks.es, in both cases specifying the right you wish to exercise.
Furthermore, should your request go unanswered, you retain the right to lodge a formal complaint with the appropriate Data Protection Authority (www.aepd.es).