This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
PRIVACY POLICY
In compliance with the obligations established in Organic Law 3/2018 of December 5 on Personal Data Protection and Guarantee of Digital Rights, and Regulation (EU) 2016/679 (General Data Protection Regulation), the following information regarding the processing of your personal data is provided:
Who is responsible for processing your data?
Entity: PROPAV INFRAESTRUCTURAS, S.L.U.
Tax ID (CIF): B05280722
Address: Avenida de Manoteras, 14, 3rd Floor, Door A, 2850, Madrid
Phone: +34 917 871 250
Email: [email protected]
Website: https://propav.com/
Data Protection Officer: PRODAT PRINCIPADO, S.L.
Email: [email protected]
You may contact us by any means for communication purposes.
We reserve the right to modify or adapt this Privacy Policy at any time.
For what purpose do we process the personal data you provide?
To process the information submitted through the Internal Information System.
Communications submitted through the Internal Information System will initially be received by an external entity responsible for managing the channel, in order to reinforce independence, confidentiality, and the proper initial handling of the information received. Subsequently, and only when necessary for the management, analysis, and investigation of the reported facts, the information may be transferred to PROPAV INFRAESTRUCTURAS, S.L.U., through expressly authorized internal persons or bodies, who will process it with restricted access, confidentiality obligations, and full compliance with current data protection regulations.
To manage communications received through the ethics channel, including, where applicable, those submitted via voice recordings, for the purpose of analyzing, processing, and investigating the reported facts, maintaining communication with the reporting person, and keeping a record of the information provided when necessary for proper case management. Additionally, with your consent, a transcription of the recording may be made and attached to the file.
Therefore, users are informed that:
In compliance with personal data protection regulations and whistleblower protection regulations, we process your data and the information you provide (as well as personal data of other individuals you may provide) for the purposes specified in this Privacy Policy.
No automated decisions will be made, nor profiling carried out, in relation to the information and data collected.
What data do we process?
We will process identifying and contact data of the reporting person when provided, identifying data and other information relating to individuals affected or mentioned in the communication, the information and documentation provided in relation to the reported facts, and, where applicable, voice data and audio recordings when the communication is made verbally or sound files are attached.
If the voice functionality of the ethics channel is used, the recording or audio provided will not be subject to biometric processing, as the voice will not be used to uniquely identify the person or verify their identity.
What is the legal basis for processing your data?
The processing of personal data within the ethics channel is based on the legitimate interest of PROPAV INFRAESTRUCTURAS, S.L.U. in receiving, managing, and investigating communications related to possible regulatory or ethical code breaches, in accordance with Article 6.1(f) of the GDPR and Article 24 of the LOPDGDD.
How long do we retain the data provided?
Data from the reporting person, employees, and third parties will only be retained in the system for the time necessary to determine whether to initiate an investigation.
In any case, after 3 months from the entry of the data, it must be deleted from the system unless the purpose of retention is to provide evidence of the functioning of the corporate crime prevention model, in accordance with Article 24 of Organic Law 3/2018.
Personal data not necessary for the knowledge and investigation of the information will not be processed and will be immediately deleted.
If it is proven that the information provided is not truthful, it will be immediately deleted once this is known, unless the lack of truthfulness may constitute a criminal offense, in which case it will be retained for the duration of judicial proceedings.
To whom may your data be disclosed?
Organizations or individuals directly contracted by the Data Controller to provide services related to the processing purposes: collaborators and subcontracted entities managing the ethics channel, advisors, consultants, and auditors of the compliance system.
Access to personal data contained in internal information systems will be limited to:
(i) the Ethics Channel Manager and their team,
(ii) the Head of Human Resources (if disciplinary measures apply),
(iii) the Head of Legal Services (if legal action is required),
(iv) designated data processors, and
(v) the Data Protection Officer.
Law Enforcement Authorities: where access is required in the investigation of regulatory breaches.
Data may also be processed or disclosed to third parties when necessary for administrative or criminal proceedings.
The identity of the reporting person may only be disclosed to judicial authorities, the Public Prosecutor, or competent administrative authorities within the framework of investigations, and always subject to legal safeguards. The reporting person will be informed prior to disclosure unless doing so would compromise the investigation.
Under what guarantees are your data communicated?
Use of the ethics channel implies that the user has read this data protection information. Data processing will be carried out in accordance with the legal basis indicated and exclusively for managing, analyzing, and investigating communications.
To comply with the data minimization principle, users are advised not to provide unnecessary personal data or special categories of data unless strictly necessary.
By accepting this policy, users guarantee that the personal data provided is true, accurate, complete, and up to date, and undertake to communicate any changes as soon as possible.
By accepting and/or validating the communication submission process, users declare that they are over 14 years old, have legal capacity, and expressly consent to data processing as described.
If acting on behalf of a minor under 14 or a legally incapacitated person, users declare they hold parental authority or legal representation, which may be required for verification.
Users should be aware that submitted communications are confidential. The identity of whistleblowers acting in good faith will be protected against retaliation.
The Ethics Channel Manager will not disclose the identity of the reporting person unless:
Required by judicial or competent authority
Deemed strictly necessary with the reporting person’s explicit consent
There are objective reasons to believe the report was made in bad faith
Users are advised not to share their identification, password, or communication reference.
Data disclosures to third parties will only be made to entities compliant with data protection regulations.
If voice recordings are used, they will be processed exclusively for receiving, documenting, managing, and investigating the communication, under strict confidentiality and security measures.
What are your rights?
- Data subjects may exercise the following rights:
- To know whether their data is being processed
- To access their personal data
- To request rectification of inaccurate data
- To request deletion when data is no longer necessary or consent is withdrawn
- To request restriction of processing in certain cases
- To data portability in a structured, commonly used format
- To lodge a complaint with the Spanish Data Protection Agency or competent authority
- To withdraw consent at any time
To exercise your rights, please contact: [email protected]
Last updated: 13-03-202026