The administration of DISEÑO INDUSTRIA CALCULOS Y PROYECTOS DICYP, S.L. (hereinafter, DICYP or “Company”) has attributed the responsibility to formulate the strategy and approve the Company´s Corporate Policies, as well as to supervise the internal control systems. In the exercise of this responsibilities and in congruence with the Code of Ethics and Conduct, as well as with the Mission, Vision and Values of society and with its culture of compliance and prevention of breaches, this Policy dictates to regulate the management of the Channel of Ethics and Compliance and the complaints that enter through this communication channel.
The present Policy has as object to establish the criteria that should guide our professionals, as opposed to the reporting of breaches of the Code of Ethics and Conduct, as well as the breach of external and internal regulations that govern society.
The present Policy is applicable to the administrators and employees of DICYP, as well as third parties with whom we interact doing business, of those subsidiaries in which DICYP has effective control (> 50% participation). DICYP encourages third parties with whom it does business to develop and apply ethical programs that are consistent with our standards. DICYP will take the appropriate measures when it considers that they have not complied with our Policies and their contractual obligations.
3. SCOPE OF APPLICATION. CHANNEL POLICY OF ETHICS AND COMPLIANCE
It is the responsibility of DICYP employees to ensure the integrity of the company. Therefore, before a possible breach of the Code of Ethics and Conduct, internal or external regulations, we have the obligation to communicate it in the most immediate way possible through the authorized channels. Reporting immediately is essential to ensure integrity, reputation and business continuity. It is also essential to ensure that DICYP complies with the legal or regulatory requirements that it may have with respect to a breach.
Complaints must be raised in good faith. The communication “in good faith” implies that accurate, complete and precise information is provided, even if later it is verified that it was wrong. The provision of “bad faith” information is subject to disciplinary action. DICYP will not tolerate any form of retaliation directed against anyone who, in good faith, raises a concern about a possible breach of the Code of Ethics and Conduct or internal or external regulations. Neither will retaliation be allowed against anyone who collaborates in an investigation of a breach. On the contrary, any act or threat of retaliation against a DICYP employee will be treated as a serious violation of our Code of Ethics and Conduct and subject to disciplinary action. DICYP guarantees its commitment regarding the absolute confidentiality of the data of the complainant.
All persons who, for the purpose of correct treatment of possible non-compliance, should know its content, are subject to a commitment of confidentiality. The data of a complainant can only be provided in case of legal requirement and upon request of the competent authority, complying at all times with the legislation on protection of personal data. It is the responsibility of the employees to collaborate proactively with the investigations and audits carried out by DICYP, providing truthful, clear and complete information:
4. COMMITMENTS AND PRINCIPLES OF ACTION AND POLICY OF THE CHANNEL OF ETHICS AND COMPLIANCE
- Proactively provide all the information that is available.
- Avoid the destruction, alteration or concealment of documentation;
- Avoid incomplete, false or misleading statements about facts or persons subject to the investigation or audit.
- The compliance officer will be responsible for processing internal and external complaints, proposing the corresponding sanctions, when the employee or a member of the company’s administration breaches the code of ethics and the internal rules of the company.
Likewise, it will carry out a continuous control over the incoming complaints with the objective of identifying breaches or behaviors contrary to those determined in the Code of Ethics and Conduct, internal regulations of the company or external regulation that may be applicable. Periodically review the Crime Prevention Policy by proposing to the Management Body, as many modifications and updates as deemed necessary for its proper functioning.
RULES OF THE INTERNAL REGIME
1. The compliance officer will be responsible for monitoring compliance with the internal rules of the company and the code of ethics on the part of the workers and administrative bodies. Despite belonging to the company, it will be independent, and its decisions and recommendations will link the administration and workers.
2. Both the management of the company and the workers will comply with tax and labor regulations.
3. Regarding the employees of the company who assume the functions of facultative management in the works, they will ensure that these comply with the rules of prevention of accidents at work, as well as the administrative legislation regarding the obtaining of licenses. Any non-compliance observed, will be communicated to the Compliance Officer and they will require third parties and personnel employed in the works that fulfill said obligations.
If they know of the possible existence of an environmental crime in any work in which they participate, they will immediately inform the Compliance Officer.
4. Both the administration and the employees that deal with the Public Administration will inform the Compliance Officer of any behavior of the officials assigned to it that they consider criminal, abstaining from participating in said act. The company will protect the employee from any reprisal that could be suffered by such abstention
5. Both the management of the company and employees who have managerial functions with respect to workers will ensure that the obligations imposed by labor legislation and social security contribution obligations are met. Any employee who is aware of any breach of their labor rights or social rights may communicate this to the Compliance Officer.
6. The administration and workers of the company in the collection and payment operations, as well as when they intervene in financial operations, will act according to the tax legislation.
7. Transactions that involve a tax risk such as those of an amount exceeding 500,000 euros or that present tax or legal doubts to be adopted by the General Shareholders’ Meeting or the administration of the company, will require the approval of the Compliance Officer and assistance of a lawyer, which may be the same person. Likewise, such approval and assistance will be required, the decisions of the General Shareholders’ Meeting or the administration of the company, provided that a member or employee of the company communicates to the Compliance Officer that the decision to adopt raises legal questions or considers that it could violate the legislation.
8. The right to privacy of workers and members of the company will be scrupulously respected and the obligations imposed by the LOPD and its Regulations regarding the processing of their personal data will be fulfilled; data that will only be used for the purposes that are required. The right to secrecy of communications of workers and members of the company will also be respected.
9. There is a person responsible for the processing of personal data. Likewise, there is also an inventory with the data treatments where the person responsible for data processing, the activity of the treatment, the purpose, the category of the interested parties, the category of the personal data, the transfers of data, the international transfers, the Conservation period and security measures. Personal data will only be used for the purpose for which they were communicated, provision of services, performance of professional work. No data will be transferred to third parties, except legal obligation by the Tax Agency or Organizations or persons directly related to the person responsible. If a transfer to third parties is necessary, the interested party will be informed in advance, requesting express authorization for it. The data provided will be kept for the duration of the contractual relationship and during the period by which responsibilities for the company could be derived. The rights of access, rectification, cancellation and opposition of personal data may be exercised at any time, by means of a request sent to the person in charge of processing personal data.
10. A whistleblower channel is created for any employee or member of the company, who considers that there has been a breach of the previous obligations indicated in all the previous points by another employee, the administration of the company or the General Meeting of partners. It will be initiated by means of an email communication to the Compliance Officer. The Compliance Officer will acknowledge the complainant, carrying out the pertinent investigation and maintaining the confidentiality of the identity of the complainant.
It will transmit the complaint to the author of the infraction, so that within a period of 10 days, it will claim what it considers pertinent, accompanying the evidence it deems appropriate. Once the allegations have been received, the pertinent investigation will be made and the tests deemed appropriate will be carried out within a period of 10 days. After that period, the following resolution will be issued:
I) File of the complaint for lack of evidence or truth.
II) Estimation of the complaint in which case:
A- Internal measures will be adopted to solve the problem in the company.
B- A sanction may be imposed on the author of the act, within the limits allowed by legislation, consisting of:
- Mero warning
- Written communication.
11. The workers and members of the company will sign the Code of Ethics and Internal Rules and will be given a copy together with the work contract. They will also be transferred to suppliers and customers or they will be informed of the Code of Ethics and the rules of the company’s internal regulations.
12. Every 6 months, these controls will be reviewed and evaluated to see if the prevention policy has been efficient; modifying the aspects that are considered appropriate.
13. Periodically, workers and members of the company will be trained in the Code of Ethics and rules of the internal regime for their knowledge.