Privacy Policy

In compliance with Regulation (EU) 2016/679, General Data Protection (RGPD), Organic Law 3/2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Law 2/2023, of February 20, regulating the protection of individuals who report regulatory violations and the fight against corruption, the following are reported

1.Data Controller

The Data Controller is DIKAR S, COOP. with registered address at Garagartza 39, Mondragon, 20500 (Spain) and CIF

F20033817.

Contact details: [email protected] /666 504 905

2. Purpose of

the Treatment The personal data provided through the information channel will be treated exclusively for:

  • The reception, registration and management of communications related to possible regulatory violations or legal violations.
  • The investigation and processing of the information received.
  • The adoption of corrective, disciplinary or legal measures that may apply.
The guarantee of protection of the informant against retaliation.

The data may include information about workers, managers, collaborators, suppliers, partners or any third party related to the facts reported.

3. Legitimation

The legal basis for the treatment is:

  • Compliance with a legal obligation in accordance with Law 2/2023.
  • Public interest in the prevention, detection and correction of regulatory violations.
  • Legitimate interest of the Responsible Party in ensuring the proper functioning of the organization and corporate integrity.
Where appropriate, the consent of the informant when the communication is voluntary and does not derive from a legal obligation.

4. Categories of Processed Data May

be processed:

  • Identifying data of the informant (except for anonymous communicatio).
  • Identifying and employment data of the people affected or mentioned.
  • Data related to the facts reported.
Any documentation or evidence provided or generated during the investigation.

5. Confidentiality and Protection of the Informant

The identity of the informant will only be accessible to authorized personnel of the Internal Information System and will not be disclosed to the affected persons or to third parties, except for legal obligation or express authorization of the informant. The company will implement all necessary measures to avoid retaliation, direct or indirect.

6. Recipients of

the Data The data may be communicated, only when necessary and proportional, to:

Competent administrative
  • authorities.
  • Judicial authorities or security forces and bodies.
  • External legal advisors.
Data processors strictly necessary for the management of the Internal Information System.

International data transfers will not be made, unless there is a legal obligation or need for research.

7. Conservation Periods

The data will be kept:

  • Only for the time necessary to decide whether or not to initiate an investigation, a period that will not exceed 3 months.
  • If the investigation continues, the data will be kept as long as necessary for processing.
Subsequently, they may be kept blocked for the applicable legal period - up to 10 years, in accordance with Law 2/2023 - for the attention of possible liabilities arising from the procedure.


8. Rights of Interested Persons

The informant and the affected persons may exercise their rights of access, rectification, deletion, limitation of treatment and opposition by sending a request to: [email protected]

The company may restrict the right of access when necessary to guarantee: The

  • confidentiality of the informant.
  • The integrity of the investigation.

In addition, a complaint may be filed with the Spanish Data Protection Agency (AEPD).

9. Obligation of Veracity

The informant must guarantee that the information provided is true and has been communicated in good faith. The company may take appropriate action in case of malicious or abusive communications

.