COMPLIANCE

SIPAY PLUS fosters a culture of compliance among its partners, staff, customers, suppliers, collaborators and other stakeholders.

SIPAY has a Criminal Risk Management and Corporate Compliance System, which is essential to communicate to its partners, staff, collaborators, customers, suppliers and other interested parties, the objective of ensuring professional and commercial performance in accordance with the mission, vision, values and commitments of the company, regulatory compliance and risk prevention.

A compliance system in line with SIPAY’s responsible ethical model

As part of the implementation of the Criminal Risk Management and Corporate Compliance System, the Sole Administrator of SIPAY has approved the Criminal Risk Prevention Policy and the Code of Conduct as first-level internal compliance regulations, which establish the main lines of compliance that we wish to establish in the relationships with all our partners. staff, collaborators, customers, suppliers and other interested parties.

Compliance Committee.

In order to provide SIPAY with the necessary mechanisms to ensure compliance with regulations, self-regulation systems, respect for the commitments made and the supervision and improvement of the criminal risk management and corporate compliance system, the Sole Administrator of SIPAY has appointed and empowered a Compliance Committee made up of internal and external experts advising on regulatory requirements and their adequacy. in the management of compliance risk and the design of controls, action plans, self-assessments and verifications, in order to ensure effective compliance with business obligations and risk prevention.

Whistleblowing channel.

At SIPAY we have zero tolerance for non-compliance with regulations, our ethical principles and malpractice.

SIPAY makes its Whistleblowing Channel available to its members, collaborators, customers, suppliers and any interested party, to report confidentially and even anonymously any suspicion or knowledge of conduct, actions or omissions that may constitute a breach of European Union law; criminal or administrative offences, or any breach of the values, guidelines of action or rules of conduct set out in the Code of Appeals. Conduct, in the Criminal Risk Prevention Policy and in the other internal regulations of SIPAY, committed by a member of SIPAY in the exercise of his/her functions in the company.

See our Prevention Policy HERE.

Please see our Code of Conduct HERE.

Access the management procedure for our Complaints Channel HERE.

WHISTLEBLOWING CHANNEL

SIPAY is fully committed to the highest ethical standards and regulatory compliance in its relations with all its partners, staff, collaborators, customers, suppliers and other stakeholders in all the activities it carries out.

To ensure the maintenance of the Criminal Risk Management System and regulatory compliance, the Sole Administrator of SIPAY has appointed and empowered a Compliance Committee made up of internal experts constantly advised by specialists in corporate risk management, whose functions include the management of the Whistleblowing Channel.

SIPAY makes its Whistleblowing Channel available to its members and any interested party to communicate confidentially, and even anonymously, any suspicion or knowledge of conduct, actions or omissions committed by a SIPAY member in the exercise of their functions that constitute:

infringement of European Union law (legal infringement);
Serious or very serious criminal or administrative offence:
any failure to comply with the values, guidelines or rules of conduct set out in the Code of Conduct; in the Criminal Risk Prevention Policy and in the rest of SIPAY’s internal regulations.

The complainant may also request a face-to-face meeting with the Compliance Committee through this form for the purpose of formulating a communication or complaint of the aforementioned requirements. In such a case, the Compliance Committee will summon you for such meeting within a maximum period of seven (7) business days. In the event of a face-to-face meeting, and after obtaining the express and informed consent of the complainant regarding the processing of their personal data, the conversation held will be documented, in one of the following ways:

Recording the conversation in a secure, durable and accessible format.
Complete and accurate transcript of the conversation held. In this case, the complainant will be given the opportunity to check, rectify and accept the transcript of the conversation by signing

Without being the preferred form for filing complaints and as an alternative to this SIPAY Whistleblowing Channel, complaints may be filed through the external reporting channels with the Independent Whistleblower Protection Authority, with the competent administrative authorities, where applicable, or with the institutions, bodies and agencies of the European Union.

All complaints received will be entered into a register of complaints, assigning each of them a unique reference number with which it can be identified throughout its processing.

All reports may be anonymous, i.e. the identification of the person making the report is not mandatory but optional.

It is reported that only in the event that the informant or complainant provides an address, email or safe place for the purpose of receiving notifications, will the acknowledgement of receipt be notified with a reference number of the complaint; SIPAY may request additional information if necessary and keep you informed of the admission or not of the procedure and the corresponding resolution.

Complaints will be evaluated and investigated, with an attempt to resolve them within a period of no more than three (3) months from receipt of the complaint.

SIPAY declares that the Whistleblowing Channel complies with the following principles and offers the following guarantees, the specific development of which can be consulted in the Whistleblowing Channel Management Procedure:

Maximum confidentiality.
Guarantee of the right of defence, presumption of innocence and right to honour.
Guarantee of the principle of proof and contradiction.
Management of conflicts of interest.
Prohibition of retaliation, including threats and attempts at retaliation.
Protection of personal data.

Filing a Complaint:

Personal data is not mandatory. You can file an anonymous complaint.

Name

Surname

DNI - NIF

Email - Only if you wish to receive notifications about the processing of your report do you need to enter a valid email address.

Company

Report text - Please describe all the details about the report you wish to make. Try to be as specific as you can by providing the information that you consider relevant for a correct resolution. In any case, the following should be indicated: time and place of occurrence, possible witnesses, facts that are considered to constitute the act, omission or conduct, identity of the person denounced, and any other information that could favor the investigation of the facts.

Attach files - You can attach files to complete the information.

Select the type of communication or report you want to make (you can select more than one option).

An act or omission that constitutes an infringement of European Union law (regulatory or legal infringement). An act or omission constituting a serious or very serious criminal or administrative offence. Conduct, action or omission that constitutes non-compliance with the values, guidelines of action or rules of conduct set out in the Risk Prevention Policy, the Code of Conduct and other internal regulations of SIPAY.

Basic information on data protection: Data controller: SIPAY PLUS, SL. Purpose: to process, investigate and/or resolve complaints. They will only be processed by those who carry out management functions of the Whistleblowing Channel in SIPAY in accordance with the Whistleblowing Channel Management Procedure, mainly the Compliance Committee. The absolute confidentiality and custody are guaranteed under security measures appropriate to the type of data and the risk of the information processed. Type of data: Identification and, depending on what the user indicates in the text of the complaint or attachments, other types of data may be contained. Legitimation: Compliance with a legal obligation in accordance with the provisions of Law 2/2023, of February 20, 2023, regulating the protection of persons who report regulatory and anti-corruption infringements and SIPAY's legitimate interest in complying with the requirements regarding the prevention of corporate risks, especially those related to the possible criminal liability of the legal entity, by virtue of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights. Recipients: Your data may be transferred to third parties exclusively in the case of external legal advisors and to judicial bodies and to the State Security Forces and Corps or administrative authority, when necessary. Conservation: they will be kept in the system of the Whistleblowing Channel for the time necessary to decide on the admissibility of initiating an investigation into the reported facts and, where appropriate, while the process of investigation and resolution of the complaints submitted is carried out, and always for a maximum period of 3 months from the date of entry of the complaint. Exercise of rights: dpo@sipay.es attaching a photocopy of your ID card or substitute identification document and indicating "Ref. Personal Data SIPAY Whistleblowing Channel" for the processing of said rights by the Compliance Committee. If you do not see the exercise of your rights taken care of, you can file a complaint with the Spanish Data Protection Agency. More information: Privacy Policy.

The use of this form for commercial purposes is not authorized.

I consent to the informed processing of my personal data.