- Home
- Internal Information System
Cyberclick Internal Information System
Cyberclick has established an Internal Information System as the preferred means to report actions or omissions that may constitute violations of European Union law or that may constitute serious or very serious criminal or administrative offenses, provided that the infringement can be effectively addressed and if the informant considers that there is no risk of retaliation.
The Internal Information System was created within the framework of Spanish Law 2/2023, of February 20, regulating the protection of people who report regulatory infractions and fight against corruption. The text that you will find below serves the following specific objectives:
- Establish a policy that contains the general principles of the Internal Information System and informant protection at Cyberclick.
- Ensure compliance with the requirements established by the applicable regulations on this matter.
- Ensure that the Cyberclick team, as well as any third party that maintains any type of relationship with Cyberclick, knows the general principles of the Internal Information System and informant protection.
The Internal Information System is available to the Cyberclick team and its external stakeholders, such as suppliers, clients, partners, or anyone who maintains any type of relationship with us, through:
- Email: sistemainternodeinformacion@cyberclick.net
- In person: By prior appointment with the Internal Information System Manager at Cyberclick premises.
- Remotely: By prior appointment with the Internal Information System Manager via videoconference.
Procedure for managing reports:
Once a communication is received through the Internal Information System, the following procedure will be followed:
- Receipt acknowledgment: Within a maximum period of 7 business days from the receipt of the communication, an acknowledgment of receipt will be sent to the informant, unless they have expressly requested otherwise or it is considered that the acknowledgment of receipt could jeopardize the protection of their identity.
- Preliminary analysis: The Internal Information System Manager will analyze the communication to determine if it falls within the scope of the Internal Information System
- Investigation: If the communication is admitted for processing, an internal investigation will be initiated that will be carried out with maximum confidentiality.
- Resolution and response: Within a maximum period of 3 months from the acknowledgment of receipt (extendable for an additional 3 months when necessary due to the complexity of the investigation), the informant will be informed about the measures planned or adopted and the reasons for them.
General principles of the Internal Information System and informant protection
The operation and management of the Cyberclick Internal Information System is governed by the following general principles:
Anonymous reporting of information through the Internal Information System is allowed. In addition, it is essential to guarantee the confidentiality of the informant regarding their identity and the content of the communications they make.
It is not mandatory that communications through the Internal Information System be anonymous; however, the regulation allows for anonymity, as it is the best guarantee for the defense and protection of the informant. Therefore, if the informant opts for anonymity, their identity can never be revealed.
The identity of the informant will never be subject to the right of access to personal data, and the possibility of communicating said identity is limited only to the judicial authority, the Public Prosecutor's Office, or the competent administrative authority, requiring in all cases that access by third parties to it be prevented.
Even if the informant freely decides not to hide their identity, the resolution report of the investigation carried out on the basis of an information communication will never refer to the identity of the informant or the parties involved, in order to guarantee due confidentiality.
Communications made through the Internal Information System will be made based on respect and good faith.
The informant who makes a communication of information will do so whenever they have a genuine suspicion that the information provided is truthful, complete, and accurate, regardless of whether after the investigation process, it is verified that the information provided does not constitute an infringement.
Good faith is the expression that the informant's behavior is civic and, therefore, does not communicate false or illegally distorted information.
The Internal Information System is accessible to Cyberclick employees and to third parties who maintain or have maintained some type of relationship with Cyberclick. Additionally, the informant must receive clear information about its access and operation.
The Cyberclick Ethics Channel is publicly accessible through this page on our website, specifically, accessible through a specific email for such purposes: sistemainternodeinformacion@cyberclick.net
All information communications received through the Cyberclick Internal Information System will be treated and managed following the same criteria, according to what is established in the Procedure for managing information received through the Internal Information System.
The management rules of the Internal Information System have been regulated in a procedure, which implies that all communications are treated equally and managed following the same criteria, regardless of who communicates, whom it affects, and its possible implications, so no information communication will have a particular privilege over others.
In application of the principle of impartiality, when it is revealed that the informant is a specific employee, the People Operations team will be informed so that they ensure the person has not been affected by any negative consequences. If actions are taken against the reporting worker, it could imply the commission of labor infractions.
Data processing is in line with and complies with current regulations on personal data protection. There is a duty to maintain secrecy about any aspect of the communicated information.
It also provides for the possibility of anonymous submission, as well as the general duty to preserve the identity of the informant who has identified themselves when making the communication.
People who communicate or reveal infractions, as well as those affected by the communication, have the right to request protection measures and not to be subject to any retaliation or consequences for their collaboration in the internal investigation process.
The Internal Information System Manager
The Entity has formally designated a System Manager who performs their functions independently, avoiding any conflict of interest. The Manager may turn to expert third parties to receive specialized advice in the performance of their duties.
Independent Authority for Informant Protection
Any natural person can directly inform the Independent Authority for Informant Protection of the commission of any action or omission constituting an infringement in the legal system through its specific channels on its website.
Confidentiality and data protection
Data processing arising from the management of the Internal Information System is governed by the provisions of Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR), and in Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation, and prosecution of criminal offenses and the execution of criminal sanctions.
In any case, interested parties can exercise their rights of access, rectification, deletion, limitation of processing, data portability, opposition, and not to be subject to automated individual decisions, as well as withdraw consent at any time without affecting the legality of the processing prior to its withdrawal, by sending their request to CYBERCLICK (Attn: DPO), Moll de Barcelona, s/n, World Trade Center North Building 2nd floor, 08039 - Barcelona; or to the email address dpo@cyberclick.net. In any case, interested parties have the right to submit a complaint to the corresponding supervisory authority if they deem it appropriate.
Personal data collected in the framework of received communications will be kept only for the time necessary to decide on the appropriateness of initiating an investigation. In any case, after three months from the receipt of the communication without investigation actions having been initiated, the data will be deleted from the Internal Information System, unless the purpose of the conservation is to provide evidence of the functioning of the system.
Communications that have not been processed may only appear in anonymized form. The data from communications will be kept in the Internal Information System for a maximum of three months. If after this period, an investigation is still ongoing and this data is needed, it will be transferred to the competent department to continue with the investigation, eliminating it from the Internal Information System. This transfer ensures that the Internal Information System does not accumulate information beyond the strictly necessary time, while allowing legitimate ongoing investigations to continue.
Prohibition of retaliation
- Cyberclick expressly prohibits any type of retaliation against people who submit communications in good faith through the Internal Information System. The following are considered retaliation, among others: Suspension, dismissal, removal, or equivalent measures.
- Degradation or denial of promotions.
- Change of job position, reduction of salary or hours.
- Negative performance evaluations or negative references.
- Imposition of any disciplinary measure, warning, or sanction.
- Coercion, intimidation, harassment, or ostracism.
- Discrimination, unfavorable or unfair treatment.
- Denial of training.
- Discrimination or unfavorable treatment
Any person who considers that they have suffered retaliation after submitting a communication can report it through the Internal Information System itself or address directly to the Independent Authority for Informant Protection.
Last update: May 2025