Privacy Policy

PRIVACY POLICY

Introduction

Confidentiality and security are paramount values for DPM FINANZAS EAF, SL and, consequently, we are committed to guaranteeing the User’s privacy at all times and to not collecting unnecessary information. In general, regarding forms where fields are marked as mandatory, these must necessarily be completed in order to process your requests.

This Privacy Policy may be modified to adapt to changes that occur on our website, as well as to legislative or jurisprudential changes regarding personal data that may arise; therefore, it requires reading every time you provide us with your data through this Website.

Below, we provide all the necessary information regarding our Privacy Policy in relation to the personal data we collect, explaining: who is the data controller, for what purposes we collect the data requested, what is the legitimacy for its processing, how long we keep it, to which recipients your data is communicated, and what your rights are.

Who is the data controller?

The Internal Information System Manager (Responsable del Sistema de Información) and the Data Controller regarding the information obtained from reports and corresponding inquiries is the entity DPM Finanzas EAF, S.L. , with registered office at C/ Zurbarán 8, 4ª planta, 28010 Madrid, Spain . You may contact the Data Protection Officer (DPO) of DPM Finanzas at [email protected] .

What data is processed?

The data processed is that included in the information submitted through the channel enabled for this purpose, as well as that derived from any internal investigations to which it may have given rise.

Likewise, we inform you that the personal data processed typically corresponds to the following categories:

  • Contact data.

  • Sensitive or highly personal data: Reports and results of investigations carried out within the framework of the Internal Information Channel.

  • Identification data: Name and surname(s), where applicable.

  • Special categories of data: (For example, data relating to health, sexual life or orientation, ethnic or racial origin, political opinions, and philosophical or religious beliefs).

In the event that the report is made verbally through the pertinent channels, it will be documented by means of recording or transcription. The informant may check, rectify, and accept the transcription of the conversation by means of their signature.

For what purposes will your data be processed?

The data obtained from communications, reports, or investigations carried out through the Whistleblowing Channel (Canal de Denuncias) will be processed for the handling thereof, the investigation of the reported facts, and for the prevention of the possible commission of criminal offenses or infractions of the Internal Code of Conduct by employees or collaborators of the company, in accordance with the requirements of Law 2/2023 . The management thereof includes the receipt of alerts and the investigation of the reported facts.

To whom may your data be communicated?

In general, this information will only be accessed by the System Manager and the persons indicated in the Information Management Procedure.

Access to data received through the Internal Information System is limited to:

  • The System Manager and whoever manages it directly.

  • The Human Resources manager or the duly designated competent body, only when the adoption of disciplinary measures against an employee may be appropriate.

  • The entity's legal services , if the adoption of legal measures in relation to the facts recounted in the communication should be appropriate.

  • The Data Protection Officer (DPO) .

  • External advisors or providers , when their intervention is necessary for the management of the Internal Information System. In these cases, the corresponding confidentiality agreement or data processing agreement will always be formalized.

Competent administrations or legal entities, attorneys in charge of the matter, and judges and courts may also have access.

Furthermore, access to data is foreseen for persons other than those provided for in Article 32.1 of Law 2/2023 , of February 20 (regulating the protection of persons who report regulatory infractions and the fight against corruption), or even its communication to third parties, when necessary for the processing of sanctioning or criminal proceedings that may, where appropriate, be applicable.

How long will your data be kept?

The data subject to processing will be kept in the information system only for the time strictly necessary to decide on the appropriateness of initiating an investigation into the facts contained in the received report. In this scenario, the information will be kept for the time necessary for the processing of the judicial procedure.

In any case, three months after the receipt of the report , if no investigation proceedings have been initiated, the data will be deleted, unless the purpose of conservation is to leave evidence of the functioning of the system.

The personal data included in the record book (libro-registro) provided for by Art. 26.1 of Law 2/2023 , of February 20, will only be kept for the period that is necessary and proportionate for the purposes of complying with this law. In no case may the data be kept for a period exceeding ten years .

Communications that have not been acted upon may only be recorded in anonymized form, without the blocking obligation provided for in Article 32 of Organic Law 3/2018, of December 5, being applicable.

Finally, we inform you that personal data whose relevance is not manifest for handling specific information, and data collected by accident, will be deleted without undue delay, unless the lack of truthfulness may constitute a criminal offense.

What are your rights?

Any person may withdraw their consent at any time, when said consent has been granted for the processing of their data. In no case does the withdrawal of this consent condition the execution of the subscription contract or relationships generated previously.

Likewise, you may exercise the following rights:

  • Request access to your personal data or its rectification when it is inaccurate.

  • Request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

  • Request the limitation of its processing in certain circumstances.

  • Request opposition to the processing of your data for reasons related to your particular situation.

  • Request the portability of the data in the cases provided for in the regulations.

  • Other rights recognized in the applicable regulations.

Where and how to request your Rights: By means of a written request addressed to the controller at their postal address or via email at [email protected] , indicating the reference "Personal Data" ("Datos Personales"), specifying the right you wish to exercise and regarding which personal data.

In case of divergences with the company in relation to the processing of your data, you may file a complaint with the Data Protection Agency (www.agpd.es).


This web portal only uses its own cookies for technical purposes, it does not collect or transfer personal data of users in any case. If you want more information, click on the "Cookies" link below at any time.