COMPLIANCE

SIPAY PLUS fosters a culture of compliance among its partners, staff, clients, suppliers, collaborators, and other stakeholders.

SIPAY has a Criminal Risk Management and Corporate Compliance System, making it essential to communicate to its partners, staff, collaborators, clients, suppliers, and other stakeholders the objective of ensuring professional and commercial performance in accordance with the company’s mission, vision, values, and commitments, regulatory compliance, and risk prevention.

A compliance system aligned with SIPAY’s responsible ethical model

As part of the implementation of the Criminal Risk Management and Corporate Compliance System, SIPAY’s sole administrator has approved the Criminal Risk Prevention Policy and the Code of Conduct as top-level internal compliance regulations. These establish the core compliance guidelines we wish to implement in our relationships with all our partners, staff, collaborators, clients, suppliers, and other stakeholders.

Compliance Committee.

In order to provide SIPAY with the necessary mechanisms to ensure compliance with regulations, self-regulation systems, respect for commitments made, and the supervision and improvement of the criminal risk management and corporate compliance system, SIPAY’s sole administrator has appointed and empowered a Compliance Committee composed of internal and external experts advising on regulatory requirements and their suitability, compliance risk management, and the design of controls, action plans, self-assessments, and verifications, with the aim of ensuring the effective fulfillment of business obligations and the prevention of risks.

Whistleblowing Channel.

At SIPAY, we have zero tolerance for non-compliance with regulations, our ethical principles, and malpractice.

SIPAY provides its members, collaborators, clients, suppliers, and any interested party with its Whistleblowing Channel to report, confidentially and even anonymously, any suspicion or knowledge of conduct, actions, or omissions that may constitute a violation of European Union law. Any criminal or administrative offense, or any breach of the values, guidelines, or standards of conduct set forth in the Code of Conduct, the Criminal Risk Prevention Policy, and other internal regulations of SIPAY, committed by a SIPAY employee in the performance of their duties within the company.

See our Prevention Policy HERE.

See our Code of Conduct HERE.

Access the procedure for managing our Whistleblowing Channel HERE.

WHISTLEBLOWING CHANNEL

SIPAY is fully committed to the highest ethical and regulatory compliance standards in its relationships with all its partners, staff, collaborators, clients, suppliers, and other stakeholders in all its activities.

To ensure the maintenance of the Criminal Risk Management System and regulatory compliance, the sole Administrator of SIPAY has appointed and empowered a Compliance Committee composed of internal experts, who are constantly advised by specialists in corporate risk management. Among its functions is the management of the Whistleblowing Channel.

SIPAY provides its members and any interested party with its Whistleblowing Channel to confidentially and, where technically possible, anonymously report any suspicion or knowledge of conduct, actions, or omissions committed by a SIPAY member in the performance of their duties that constitute:

a violation of European Union law (legal infringement);
a serious or very serious criminal or administrative offense;
or any breach of the values, guidelines, or standards of conduct set forth in the Code of Conduct, the Criminal Risk Prevention Policy, and other SIPAY internal regulations, including violations related to the prevention of money laundering and terrorist financing, where applicable.

The whistleblower may also request, through this form, an in-person meeting with the Compliance Committee to submit a report or complaint as described above. In such cases, the Compliance Committee will schedule the meeting within a maximum of seven (7) business days. In the event of an in-person meeting, and after obtaining the express and informed consent of the complainant regarding the processing of their personal data, the conversation will be documented in one of the following ways:

Recording of the conversation in a secure, durable, and accessible format.
Complete and accurate transcription of the conversation. In this case, the complainant will be given the opportunity to verify the transcript.

To rectify and accept the transcript of the conversation by signing it.
While not the preferred method for filing complaints, and as an alternative to this SIPAY reporting channel, complaints may be filed through external reporting channels with the Independent Whistleblower Protection Authority, the relevant administrative authorities, or the institutions, bodies, and agencies of the European Union.

All complaints received will be entered into a complaint register, assigning each one a unique reference number for identification throughout its processing.

All complaints may be anonymous; that is, identifying the person making the complaint is optional.

Please note that only if the person making the complaint provides an address, email, or other secure location for receiving notifications will they receive an acknowledgment of receipt with a complaint reference number. SIPAY may request additional information if necessary and will keep you informed of the acceptance or rejection of your complaint and the corresponding resolution.

Complaints will be evaluated and investigated, with the aim of resolving them within a period not exceeding three (3) months from receipt of the complaint, without prejudice to any additional legally applicable timeframes when the complexity of the facts so requires, in accordance with Law 2/2023.

SIPAY states that the Whistleblowing Channel complies with the following principles and offers the following guarantees, the specific details of which can be found in the Whistleblowing Channel Management Procedure:

Maximum confidentiality.
Guarantee of the right to defense, presumption of innocence, and right to honor.
Guarantee of the principle of evidence and the right to challenge evidence.
Management of conflicts of interest.
Prohibition of retaliation, including threats and attempted retaliation.
Protection of personal data.

Filing a complaint:

Providing personal data is not mandatory. You can file an anonymous complaint.

Name

Surname

DNI - NIF

Email - Only if you wish to receive notifications about the processing of your report do you need to enter a valid email address.

Company

Report text - Please describe all the details about the report you wish to make. Try to be as specific as you can by providing the information that you consider relevant for a correct resolution. In any case, the following should be indicated: time and place of occurrence, possible witnesses, facts that are considered to constitute the act, omission or conduct, identity of the person denounced, and any other information that could favor the investigation of the facts.

Attach files - You can attach files to complete the information.

Select the type of communication or report you want to make (you can select more than one option).

An act or omission that constitutes an infringement of European Union law (regulatory or legal infringement). An act or omission constituting a serious or very serious criminal or administrative offence. Conduct, action or omission that constitutes non-compliance with the values, guidelines of action or rules of conduct set out in the Risk Prevention Policy, the Code of Conduct and other internal regulations of SIPAY.

Basic information on data protection: Data controller: SIPAY PLUS, SL. Purpose: to process, investigate and/or resolve complaints. They will only be processed by those who carry out management functions of the Whistleblowing Channel in SIPAY in accordance with the Whistleblowing Channel Management Procedure, mainly the Compliance Committee. The absolute confidentiality and custody are guaranteed under security measures appropriate to the type of data and the risk of the information processed. Type of data: Identification and, depending on what the user indicates in the text of the complaint or attachments, other types of data may be contained. Legitimation: Compliance with a legal obligation in accordance with the provisions of Law 2/2023, of February 20, 2023, regulating the protection of persons who report regulatory and anti-corruption infringements and SIPAY's legitimate interest in complying with the requirements regarding the prevention of corporate risks, especially those related to the possible criminal liability of the legal entity, by virtue of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights. Recipients: Your data may be transferred to third parties exclusively in the case of external legal advisors and to judicial bodies and to the State Security Forces and Corps or administrative authority, when necessary. Conservation: they will be kept in the system of the Whistleblowing Channel for the time necessary to decide on the admissibility of initiating an investigation into the reported facts and, where appropriate, while the process of investigation and resolution of the complaints submitted is carried out, and always for a maximum period of 3 months from the date of entry of the complaint. Exercise of rights: dpo@sipay.es attaching a photocopy of your ID card or substitute identification document and indicating "Ref. Personal Data SIPAY Whistleblowing Channel" for the processing of said rights by the Compliance Committee. If you do not see the exercise of your rights taken care of, you can file a complaint with the Spanish Data Protection Agency. More information: Privacy Policy.

The use of this form for commercial purposes is not authorized.

I consent to the informed processing of my personal data.

Tap to Pay

Other solutions

Insights and trends

Contact us