This is a means of communication that ICIQ places at the disposal of all those defined groups with access to this Channel. This channel can be used to send communications referring to the areas of application of the Code of conductor or any other ICIQ internal policy and regulations. A series of categories have been defined to help classify communications by area, thus facilitating their management and the completion of data collection forms.

Criminal conduct established both in the Spanish Criminal Code and in the regulations of other countries in which ICIQ operates, which is carried out by a legal representative or employee, for the direct or indirect benefit of ICIQ. This includes: Crimes of discovery and disclosure of secrets, corruption in business, influence peddling, harassment or offences against moral integrity, among others.

No, this channel is not intended to handle urgent or emergency situations. You should contact the authorities or emergency services.

The collegiate body responsible for the channel. The members of the collegiate body are: HR Manager and Financial Manager. They initiate the investigations and if it is considered necessary, the investigation is outsourced and if any of the members of the collegiate body were the accused, when formalizing the complaint, the whistleblower may exclude him as a recipient as he is an implicated party.The persons involved in the research are also bound by the duty of confidentiality and the privacy policy.

The Channel is managed by the collegiate body, with the collaboration, when required, of Regulatory Compliance specialists external to ICIQ.

Yes. MASATS's Compliance Channel is open so that different actors in the business ecosystem can help detect unlawful activities. In any case, if it is a matter of complaints about the service offered, there are other channels available for submitting such complaints.

The collegiate body shall communicate the acceptance of the complaint/consultation within a maximum period of 7 days. The time limit for the resolution of consultations shall be a maximum of 90 days, unless the complexity of the case justifiably requires a longer period.

The important thing is to act in good faith and that there is reason to believe that the facts reported are true. ICIQ does not expect the whistleblower to investigate the facts. The collegiate body e is responsible for this function. If the investigation concludes that no infringement has taken place, and that the complainant has acted in good faith, the complainant should not fear any retaliation.

Integrity, responsibility and transparency are fundamental values for ICIQ. We have an obligation to know and understand the CERCA code of conduct. We also have the responsibility to report any possible breach of this Code.

Unfortunately, for security reasons, only the whistleblower knows your access code and password. If he/she loses either of them, he/she will not be able to follow up the communication. This does not mean that the communication will not continue, but simply that he/she will not be able to see how it is progressing, or to provide more information if the company requires it.

In the reporting process you can decide whether or not to report your personal data. If you decide not to do so, you will need to set up your own monitoring through the reporting channel to see the progress and resolution. The channel will provide you with a username and password to access the progress of the report. The channel is independent of the company and does not record IP information from where you connect.

Some tips to achieve maximum anonymity, in addition to informing that the report is anonymous, are:

• Make sure that in the description of the communication you do not include information from which it is easy to identify you. The same applies to the documents you attach as possible evidence.
• Do not report from a computer connected to the company network, including a mobile phone connected to the corporate wifi. Report2box does not log information, but before it reaches our systems it must pass through our own control systems such as proxy's or firewalls and there may be configurations that allow us to know which services you connect to.
• You can use the open source browser TOR, which anonymises the IP address.

Yes, you can review the CERCA Code of conduct to which ICIQ adheres and the Internal Information System Policy here.

In accordance with current data protection legislation, ICIQ is responsible for the processing, management and storage of the personal data of all persons involved in queries and complaints. Both the Group and the external experts engaged comply with the necessary technical and organisational measures to guarantee the security of the data and to prevent its alteration, loss and unauthorised processing or access. The platform is designed to apply the current regulations on personal data protection, in particular Article 24 GDPR, relating to reporting channels.

The reporting channel operates on an external platform that has the necessary security measures in place to protect the confidentiality of the information stored. Among other measures, we inform you that your data is encrypted to avoid risks of intrusion as much as possible. Furthermore, it is worth mentioning that the servers are located in European data centres, thus guaranteeing European security standards.

These complaints will be dealt with by the research integrity committee. You will find more information at User ID - ICIQ

These complaints will be dealt with according to the protocol stipulated by the ICIQ for this case "protocol of prevention and action against harassment at work". You will find the protocol on the intranet or here.