Back to top

GENERAL PRINCIPLES OF THE INTERNAL REPORTING SYSTEM AND DEFENSE OF THE REPORTING PERSON

 

Introduction

Law 2/2023, of 20 February, regulating the protection of persons who report regulatory infringements and the fight against corruption (hereinafter, Law 2/2023) transposes into Spanish law Directive 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law. The Directive uses the term "whistleblower", while Law 2/2023 has opted for the term "informant" and, consequently, this is the term also adopted in this document for the following companies operating under the OZONE BOWLING brand (hereinafter, the Entities):

  • OZONE SPORT CLUB S.L.
  • OZONE BOWLING S.L.
  • BOWLING SAN VICENTE S.L.
  • JUYBOL S.L.
  • LONIMARE S.L.
  • OZONE BOWLING MURCIA S.L.
  • OZONE BOWLING SUR S.L.
  • OZONE ORENES BOWLING S.L.
  • OZONE BOWLING EUSKADI S.L.
  • OZONE BOWLING ZARAGOZA S.L.
  • OZONE BOWLING MADRID S.L.
  • OZONE BOWLING CANARIAS 2022 S.L.
  • VALDEBOL GAMES S.L.
  • OZONE BOWLING ALBACETE S.L.
  • OZONE GAMES ZARAGOZA S.L.
  • OZONE BOWLING LLEIDA S.L.
  • OZONE INSULAR 2023, S.L.

Law 2/2023 explains and clarifies in its preamble, part III, that its purpose is to protect, against possible retaliation, those persons who, in an employment or professional context, detect serious or very serious criminal or administrative offenses and report them through the mechanisms regulated therein. For this purpose, Law 2/2023 requires any body or entity bound by this Law to have a preferential channel for reporting the actions and infringements referred to in the Law itself, known as "Internal Information System" (hereinafter, IIS) and requires them to have a policy or strategy that sets forth the general principles regarding the IIS and the defense of the reporting person.

 

FIRST.- Principles governing the actions of the Entities in the implementation of the SII and protection of the reporting person.
  • Appointment of an Internal Information System Manager: In the implementation of the SII and defense of the reporting person, each of the entities designate as "System Responsible" the person in charge of Human Resources of the Entity, who will be responsible for the management of the SII, which allows the resolution of files quickly with guarantees of continuous operation, an objective and multidisciplinary examination of the information or communications received and the respect of the legally established deadlines.
  • Information Security: Entities shall ensure the availability, integrity and confidentiality of information, prohibition of unauthorized access, durable storage of information, comprehensive protection of the reporting person and respect for good faith.
  • Independence and impartiality: The Entities shall also guarantee, by respecting the independent performance of the person in charge of the internal information system and of the external third party (in the event of having such a figure), objectivity and impartiality in the examination of the information received and shall avoid conflicts of interest; it shall respect the presumption of innocence and guarantee the right of defense.
  • Accessibility: The Entities shall also ensure accessibility to the Internal Information Channel, the purpose of which is the keeping, recording and preservation of the actions that take place as a result of the submission of information to which Law 2/2023 is applicable.

 

SECOND.- Organizational Structure in the Internal Information System
  • The person in charge of Human Resources Management of the entities has been formally designated as RSII in accordance with article 8 of Law 2/2023. In turn, a person has been designated to act as alternate in the event of absence. These persons will exercise their functions with full independence.
  • The RSII person may delegate the powers of management and instruction of investigation files to an external third party, who will be considered as data processor for the purposes of data protection legislation and will be responsible for the receipt of information, in accordance with the provisions of Article 6 of Law 2/2023.
  • The natural person individually designated as RSII shall be notified to the Independent Authority for the Protection of the Informant, - A.A.I. -, in accordance with the provisions of article 8.3 of Law 2/2023, within ten working days of his designation. They shall also be notified, within the same period, of their dismissals, resignations and the reasons justifying them.
THIRD.- Internal information channel of any of the entities
  • An internal information channel is created in the Entities on actions or omissions that may constitute a serious or very serious criminal or administrative infringement, and other actions provided for in article 2 of Law 2/2023. In any case, all those serious or very serious criminal or administrative offenses that involve economic losses for the Public Treasury and for the Social Security, as well as the offenses that affect the financial interests and the competition rules of the European Union, shall be understood to be included.
  • The Channel is under the administration of RSII. Access to this channel shall be limited, within the scope of its competencies and functions, to:
    • The RSII person and whoever manages it directly.
    • The person responsible for the legal services if legal action should be taken in relation to the facts described in the communication.
    • The persons in charge of the treatment that eventually are designated.
    • The data protection officer, if appointed.
  • The internal information channel must technically guarantee the confidentiality or, eventually, the anonymity of the informant, in order to protect him/her against any leakage and subsequent retaliation to which he/she may be subjected.
FOURTH: Who can be a reporting person and to what type of information does the internal information system of any of the entities refer?
  • Subjective scope.
    • Those persons who have an employment or professional relationship with any of the entities listed above may use the internal reporting channel and benefit from the protection granted by Law 2/2023 as whistleblowers to report information on the actions or omissions described in Article 2 of Law 2/2023. This employment or professional relationship, which entails a dependence on the entities is what makes the special protection against possible retaliation necessary and appropriate.
    • In any case, they are considered reporting persons, for the entities, for the purposes of Law 2/2023:
    • Persons who are employees of any of the entities.
    • Self-employed persons who maintain, or have maintained a professional activity with any of the entities.
    • Shareholders, participants and persons belonging to the administrative, management or supervisory body of a company professionally related to any of the entities, including non-executive members.
    • Any person working for or under the supervision and direction of contractors, subcontractors or suppliers of any of the entities.
    • Those who communicate or publicly disclose information on violations, obtained within the framework of an employment or statutory relationship already terminated with any of the entities volunteers, trainees, workers in training periods regardless of whether or not they receive remuneration, as well as those persons whose employment relationship has not yet begun, in cases in which the information on violations has been obtained during the selection process or pre-contractual negotiation.
  • Objective scope.
    • As regards the purpose of the information, the Internal Reporting Channel may be used to report serious misconduct or suspected corruption, which may constitute serious or very serious criminal or administrative offenses related to the activities of any of the entities that the reporting person has observed or received information about in the course of his/her work for any of the entities, or his/her professional relationship with any of the entities.
    • Law 2/2023 itself and Directive (EU) 2019/1937 list as such information that:
    • Relate to infringements falling within the scope of the European Union acts listed in the Annex to the aforementioned Directive relating to the following areas:
      • Public procurement,
      • Financial services, products and markets, and prevention of money laundering and terrorist financing,
      • Product safety and compliance,
      • Safety in transportation,
      • Environmental protection,
      • Radiation protection and nuclear safety,
      • Food and feed safety, animal health and animal welfare,
      • Public health,
      • Consumer protection,
      • Protection of privacy and personal data, and security of networks and information systems.
      • Affect the financial interests of the European Union as referred to in Article 325 of the Treaty on the Functioning of the European Union (TFEU); or
      • They affect the internal market, as referred to in Article 26(2) TFEU, including infringements of European Union competition rules and aid granted by States, as well as infringements relating to the internal market in connection with acts that infringe corporate income tax rules or practices aimed at obtaining a tax advantage that distorts the object or purpose of the legislation applicable to corporate income tax.
      • They refer to actions or omissions that may constitute a serious or very serious criminal or administrative infraction. In any case, all those serious or very serious criminal or administrative offenses that imply economic loss for the Public Treasury or Social Security shall be understood to be included.
      • They refer to violations of labor law on occupational health and safety that are reported by workers, without prejudice to the provisions of their specific regulations.
      • It follows from the foregoing that neither the Internal Reporting Channel nor the protection mechanism created by the Entities' Internal Reporting System would be necessary when the reporting person does not have a professional or employment relationship with the entities susceptible to possible retaliation on their part.
      • Likewise, as stated in Law 2/2023 (Preamble, Part III), the cases governed by its specific regulations are excluded from the material scope of application, i.e., those that regulate the mechanisms for reporting infringements and protecting reporting persons provided for by sectorial laws or by the European Union instruments listed in Part II of the Annex to Directive (EU) 2019/1937.
FIFTH: Protection of personal data.
  • The processing of personal data arising from the implementation of Law 2/2023 shall be governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter, GDPR) and in the Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter, LOPDGDD).
  • The internal information system must prevent unauthorized access and preserve the identity and guarantee the confidentiality of the data corresponding to the persons concerned and to any third party mentioned in the information provided, especially the identity of the informant in case he/she has been identified.
  • The identity of the informant may only be communicated to the judicial authority, the Public Prosecutor's Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation, and these cases shall be subject to safeguards established in the applicable regulations.
  • If the information received contains special categories of personal data, subject to special protection, it will be immediately deleted, unless the processing is necessary for reasons of essential public interest as provided for in Article 9.2.g) of the RGPD, as provided for in Article 30.5 of Law 2/2023.
  • In any case, no personal data will be collected that is not necessary to process specific information or, if collected by accident, will be deleted without undue delay. In any case, the principle of data minimization will be respected.
  • Communications that have not been followed up may only be recorded in anonymized form, without the blocking obligation provided for in article 32 of the LOPDGDD being applicable.

 

SIXTH.- Protection measures for the informant and affected persons.
    • Acts constituting retaliation, including threats of retaliation and attempts to retaliate against persons making a communication under the Act are expressly prohibited.
    • Retaliation is defined as any act or omission that is prohibited by law, or that, directly or indirectly, involves unfavorable treatment that places the persons who suffer it at a particular disadvantage with respect to another in the employment or professional context, solely because of their status as whistleblowers, or because they have made a public disclosure.
    • For the purposes of the provisions of Law 2/2023, and by way of example, reprisals are considered to be those adopted in the form of:
    • Suspension of the employment contract, dismissal or termination of the employment relationship, including the non-renewal or early termination of a temporary employment contract once the trial period has passed, or early termination or cancellation of contracts for goods or services, imposition of any disciplinary measure, demotion or denial of promotions and any other substantial modification of working conditions and the failure to convert a temporary employment contract into a permanent one, in the event that the employee had legitimate expectations that he/she would be offered a permanent job; unless these measures were carried out within the regular exercise of management power under labor legislation, due to circumstances, facts or accredited infractions, and unrelated to the presentation of the communication.
    • Damages, including those of a reputational nature, or economic losses, coercion, intimidation, harassment or ostracism.
    • Negative evaluation or references regarding work or professional performance.
    • Inclusion on blacklists or dissemination of information in a specific sectoral area, which hinder or prevent access to employment or the contracting of works or services.
    • Denial or cancellation of a license or permit.
    • Denial of training.
    • Discrimination, or unfavorable or unfair treatment.
    • The person whose rights have been harmed as a result of its communication or disclosure, once the two-year period has elapsed, may request protection from the competent authority, which, exceptionally and in a justified manner, may extend the protection period, after hearing the persons or bodies that could be affected.
  • Measures to protect the reporting person from retaliation.
    • Persons who communicate information about actions or omissions under the 2/2023 Act or who make a public disclosure under the Act shall not be deemed to have violated any disclosure restrictions and shall not incur any liability of any kind in connection with such communication or public disclosure, provided that they had reasonable grounds to believe that the communication or public disclosure of such information was necessary to disclose an action or omission under the Act, notwithstanding any specific employment protection rules. This measure shall not affect criminal liabilities.
  • The provisions of the preceding paragraph extend to the communication of information made by the legal representatives of the employees, even if they are subject to legal obligations of confidentiality or not to disclose confidential information. All the above without prejudice, likewise, to the specific rules of protection applicable in the labor field.
      • Reporting persons shall not incur liability in respect of the acquisition of or access to information that is publicly communicated or disclosed, provided that such acquisition or access does not constitute a criminal offense.
      • Any other potential liability of reporting persons arising from acts or omissions that are unrelated to the communication or public disclosure, or that are not necessary to disclose a violation under the 2/2023 Act, will be enforceable under applicable law.
      • In proceedings before a court or other authority, concerning prejudice suffered by reporting persons, once the reporting person has reasonably demonstrated that he or she has communicated or made a public disclosure pursuant to Law 2/2023 and has suffered prejudice, it shall be presumed that the prejudice occurred in retaliation for reporting or for making a public disclosure. In such cases, it shall be incumbent upon the person who has taken the injurious action to prove that such action was based on duly justified grounds not related to the communication or public disclosure.
      • In legal proceedings, including those relating to defamation, copyright infringement, breach of secrecy, breach of data protection rules, disclosure of trade secrets, or claims for damages based on labor or statutory law, reporting persons shall not incur liability of any kind as a result of communications or public disclosures protected by Law 2/2023. Such persons shall have the right to assert in their defense in such legal proceedings that they have communicated or made a public disclosure, provided that they had reasonable grounds to believe that the communication or public disclosure was necessary to expose a violation under the 2/2023 Act.
  • Measures for the protection of affected persons.
    • During the processing of the file, the persons affected by the communication shall have the right to the presumption of innocence, the right of defense and the right of access to the file under the terms provided for in Law 2/2023, as well as the same protection established for the informants, preserving their identity and guaranteeing the confidentiality of the facts and data of the procedure.
  • Exemption and mitigation of penalties.
    • When a person who has participated in the commission of the infringement that is the object of the information is the one who reports its existence by submitting the information and provided that the same has been submitted prior to the notification of the initiation of the investigation or sanctioning procedure, the body competent to resolve the procedure, by means of a reasoned resolution, may exempt him/her from compliance with the corresponding administrative sanction, provided that the following points are accredited in the file:
    • To have ceased the commission of the infringement at the time of submission of the communication or disclosure and to have identified, if applicable, the rest of the people who participated in or favored the infringement.
    • To have cooperated fully, continuously and diligently throughout the investigation procedure.
    • To have provided truthful and relevant information, means of proof or significant data for the accreditation of the investigated facts, without having proceeded to the destruction or concealment thereof, nor having disclosed to third parties, directly or indirectly, their content.
    • To have proceeded to the reparation of the damage caused that is attributable to it.
    • When these requirements are not fully met, including the partial repair of the damage, the competent authority, after assessing the degree of contribution to the resolution of the case, will decide whether to mitigate the sanction that would have corresponded to the offense committed, provided that the informant or author of the disclosure has not been previously sanctioned for acts of the same nature that gave rise to the initiation of the proceeding.
    • The mitigation of the sanction may be extended to the rest of the people participating in the commission of the infraction, depending on the degree of active collaboration in the clarification of the facts, identification of other participants and repair or mitigation of the damage caused, appreciated by the body in charge of the resolution.
    • Law 2/2023 excludes from the provisions of this section the infringements established in Law 15/2007, of July 3, 2007, on the Defense of Competition.

 

SEVENTH - Management of the information received in the internal information channel of any of the entities
  • The information may be communicated to the entities anonymously or confidentially. In the latter case, the identity of the informant will be kept confidential and its knowledge will be limited to the RSII person and the people designated in section THIRD of this Policy, or the external third party, if designated.
  • The information will be communicated through the internal information channel by means of the application established for this purpose, identified and accessible from the entities' web page. This channel allows for written communications. The information received by any other means, related to the object of Law 2/2023 will be sent to the internal information channel under the administration of the RSII person of one of the entities.
  • The informant will be informed of the different actions carried out by the RSII person, through the e-mail through which the communication of the information was carried out, or if the communication has been made anonymously through a code that will be provided to the informant so that he/she can access these communications.
  • Once the information has been submitted, it will be registered in the Information Management System, by assigning an identification code, which will be contained in a secure database with access restricted exclusively to the RSII person and to the external third party of the entities properly authorized, if such figure exists, in which all communications received will be registered, with at least the following data:
    • Reference number or identification code.
    • Date received.
    • Relationship with the organization.
    • Type of conduct to be reported in accordance with Directive (EU) 2019/1937 and state regulations.
    • Description of the communication.
    • Actions carried out.
    • Complainant (if applicable).
    • Medium / Channel through which the communication is received.
    • Actions taken.
    • Closing date.
  • Once the information has been received, within a period not exceeding seven calendar days of such receipt, receipt shall be acknowledged to the informant, unless the informant has expressly waived receipt of communications relating to the investigation or the person reasonably believes that acknowledgment of receipt of the information would compromise the protection of the informant's identity.
  • Once the information has been registered, its admissibility will be analyzed, in accordance with the material and personal scope provided for in articles 2 and 3 of Law 2/2023.
  • In any case, the admission procedure and subsequent actions shall be carried out in accordance with the information management procedure adopted for this purpose by the Entities.
EIGHTH.- Update and revision of policies and procedures.
  • This Policy and the rest of the documents that make up the Internal Information System shall be reviewed and updated when appropriate, in order to adapt them to the regulatory developments that may be approved and applicable, to the best practices in the field, as well as to the changes that may arise in the business model of the entities , guaranteeing in any case their effective implementation.
  • Any changes made shall also be published on the website of one of the entities.
  • This document has been approved by the management of each of the entities and includes, in the following sections, the policy on the general principles of the SII and the defense of the reporting person.
Follow us at