INTERNAL INFORMATION SYSTEM MANAGEMENT PROCEDURE
In order to ensure the effectiveness of the principles and standards of behavior set forth in the Code of EthicsIn addition to the rest of the internal regulations related to the supervision, surveillance and control for the prevention of criminal risks and situations and conducts contrary to the legal regulations applicable to SUNSUNDEGUI and its internal regulations, the Company has implemented an Internal Information System (hereinafter, SII or Information Channel) that constitutes a tool available to all employees of SUNSUNDEGUI, as well as third parties that in any way collaborate with the Company.
This Information Channel is designed, established and managed in a secure manner, so that the confidentiality of the identity of the informant and of any third party mentioned in the communication is guaranteed.
Anyone wishing to make any communication may do so, even anonymously, through any of the channels offered by SUNSUNDEGUI’s Internal Information System, which are as follows:
- By writing to the e-mail address expressly provided for this purpose at the following address: cumplimientonormativo@sunsundegui.com or by post to the attention of the Compliance Officer at Polígono Ibarrea s/n, 31800, Alsasua (Navarra).
- By telephone at 948564308.
- In the case of employees, by means of a written or verbal report to their hierarchical superior, who will forward it to the Compliance Officer.
- Requesting a face-to-face meeting to be held within seven days of the request.
In the event that the communication is made verbally, including those made by telephone or through a voice messaging system, it shall be documented by means of recording, with prior warning to the informant, or transcription, giving the informant the possibility to review and validate such transcription.
All communications guarantee the confidentiality of the identity of the informant, of any third party mentioned in the communication and of the actions carried out in the management and processing of the communications, as well as data protection, preventing access by unauthorized personnel, however, the submission of anonymous communications is permitted. Likewise, confidentiality is guaranteed when the communication is sent through channels other than those established or to members of the personnel not responsible for its processing, for which reason the staff is duly informed on this matter and will immediately forward it to the Compliance Officer.
Likewise, breaches of the regulations referred to in Law 2/2023 may be reported to the Independent Whistleblower Protection Authority (IAPA) or to the corresponding regional authorities or bodies, with internal communication within the organization being the preferred channel for reporting this type of breach, provided that it can be dealt with effectively and there is no risk of reprisals.
SUNSUNDEGUI has an Internal Information System Management Procedure which describes in detail the procedure to be followed from the moment the information is received until, if necessary, the appropriate measures are adopted in response to it in the event that it constitutes a case of non-compliance with regulations.
The provisions of this Procedure respect, in any case, the guarantees of protection to informants in accordance with the provisions of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, Law 2/2023 of 20 February, regulating the protection of persons who report regulatory infringements and the fight against corruption, as well as the provisions of the regulations on the protection of personal data.
The body responsible within the Company for managing the operation of the SII, as well as for receiving information on the possible commission of an illicit, irregular or improper action committed within the Company and the subsequent processing of the investigation file is the Compliance Officer, who will periodically inform the Board of Directors of the information received, being this body ultimately responsible for making decisions on the resolution of the information received.
The SII of the Company reaffirms its commitment that any illicit activity by SUNSUNDEGUI or any of its executives, employees, or third parties that in any way collaborate with the Company will be rigorously investigated, adopting the appropriate measures in accordance with internal and external regulations.