Entity Responsible: Banco de Crédito Social Cooperativo, S.A. (BCC), parent company of Grupo Cooperativo Cajamar (hereinafter the Group).
Purpose of data processing and legitimate grounds: Manage, investigate, and resolve the report filed by the interested party regarding possible actions, behaviours, or irregularities that may constitute a breach of both the internal rules and the Code of Conduct, as well as the laws and other external regulations applicable to the Group’s activity. The legitimate grounds for processing this data are to comply with legal obligations, as well as public interest, and the Group’s own legitimate interest.
Recipients: BCC will not transmit or pass onto third parties any personal data to which it has access through this means unless there is a legal obligation to do so.
Rights: BCC guarantees users’ rights of access, amendment, erasure, opposition, portability and limitation of processing. To exercise these rights, e-mail firstname.lastname@example.org.
BCC fully complies with current regulations on the protection of personal data and, in particular, with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC and Organic Law 3/2018, of 5 December, on Data Protection and the guarantee of digital rights, so that the processing of any personal data you provide when filing a report through this Whistleblower Channel (hereinafter, the Channel) will be carried out in accordance with the required legal guarantees and obligations.
Banco de Crédito Social Cooperativo, S.A. (BCC), parent company of Grupo Cooperativo Cajamar (GCC)
Registered office: Paseo de la Castellana, 87, 28046 – Madrid
Email: email@example.com Data Protection Officer E-mail: firstname.lastname@example.org
Unless you file a report anonymously, BCC, as data controller, will process the following personal data provided by you: i) your name, surname and other contact details; and ii) any others you might provide when describing the alleged misconduct, or the facts reported.
Your personal data will be treated with the utmost confidentiality and strictly for the purposes indicated below.
The purpose of BCC’s Whistleblower Channel is to manage, investigate, and resolve reports filed by the interested party regarding possible actions, behaviours, or irregularities that may constitute a breach of both the internal rules and the Code of Conduct, as well as the laws and other external regulations applicable to GCC’s activity. The legitimate grounds for processing this data are to comply with legal obligations and public interest.
Furthermore, if you are an employee of GCC, the legitimate grounds will be the legitimate interest of GCC to manage and resolve reports filed that aim to communicate irregular behaviour or events that constitute a breach of our internal rules.
If you file a report through our Channel, access to personal data will be limited to those who perform the internal control and compliance functions at BCC and, only if strictly necessary, it might be accessed by human resources management and audit personnel.
If you file a report through our Channel, the personal data that you provide us with will be kept only for the time necessary to investigate the claims reported, and, in the event we do not pursue the report, we will only keep them in an anonymised form.
In accordance with current regulations on data protection, you have the right to exercise your rights of access, amendment, erasure, and opposition to the processing of your personal data, as well as to limit processing and data portability.
To exercise these rights, you can send an email to the following address: email@example.com, accrediting your identity by providing a copy of your ID card or equivalent document.
If you feel that we have not processed your personal data in accordance with the regulations, you can contact the Data Protection Officer at: firstname.lastname@example.org.
You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD).