This Policy (hereinafter, the "Policy") aims to formalize the operation of the internal information system of Alstp International Advice Services, S.L. (hereinafter, "ALSTP"). This Policy establishes: (i) the protocol for reporting irregular, unlawful, or unethical conduct that, within its scope of application, directly or indirectly affects ALSTP, as well as (ii) the actions, investigation, processing, and conclusion of the corresponding procedure. The Policy also sets out the guarantees and protections provided to the parties involved, particularly to the whistleblower, as well as their rights and duties.
This Policy represents ALSTP’s commitment not only to compliance with the applicable legislation (Law 2/2023, of February 20) but also to achieving the highest ethical and excellence standards. Therefore, the process for investigating irregularities and managing the internal reporting system is aligned with the requirements of the UNE-ISO 37002:2021 standard. To promote this culture of integrity and compliance, it is essential to identify and report any conduct that contravenes our values.
This Policy applies to all natural and legal persons who have or have had a direct or indirect relationship with ALSTP concerning any Reportable Facts disclosed through the internal information system. Without being exhaustive, the following individuals are included: directors and members of governing bodies, workers and employees regardless of the type of relationship with ALSTP, as well as third-party providers, volunteers, interns, trainees, job applicants, clients, entities, or similarly linked persons, regardless of whether they are currently active or have ceased their professional relationship.
The guarantees and rights outlined in this Policy also extend to persons assisting whistleblowers.
By way of example, reportable behaviors include:
This Policy will be published on ALSTP’s corporate website.
ALSTP’s Regulatory Compliance Unit will be responsible for implementing, enforcing, and applying this Policy. According to Article 8.2 of Law 2/2023, the Compliance Unit may formally act as the manager of the internal information system. However, it must delegate the management powers of the system and the processing of investigation files to one of its members.
The President of the Compliance Unit will also be the delegated individual responsible for the internal information system. The appointment of the Internal System Manager and the delegated individual (i.e., the President of the Compliance Unit) will be notified, in accordance with the cited legislation, to the Independent Authority for Whistleblower Protection and, if necessary, to the Catalonia Anti-Fraud Office.
The Compliance Unit, without prejudice to assistance from accredited third parties if necessary, will receive communications and complaints, decide on their admission or dismissal, initiate investigative procedures, conduct and oversee investigations, and propose resolutions to ALSTP’s managing partner.
There are two ways to submit complaints under the Policy:
Any Complaint must meet the following requirements:
The information provided must be truthful and complete.
Upon receiving a Complaint through the designated channels, the Compliance Unit will determine its admission or dismissal within seven (7) calendar days of receipt unless confidentiality is at risk. Complaints that are false, made in bad faith, misleading, or do not meet the Policy's requirements will be dismissed.
Dismissals will be communicated to the whistleblower with full confidentiality, allowing them to present arguments within fifteen (15) business days. The Compliance Unit will resolve these arguments within fifteen (15) business days. If a Complaint is admitted, a case file will be opened.
Once a case file is opened, the Compliance Unit will carry out the necessary investigative actions while maintaining the confidentiality of all parties. Accredited third-party assistance may be sought, subject to this Policy’s confidentiality requirements.
The Compliance Unit may seek advice or delegate investigations to impartial entities, irrespective of their employment or commercial relationship with the organization.
Communications will respect the confidentiality of the information. Ongoing communication with the whistleblower is explicitly provided for, and additional information may be requested.
The accused individual will be informed of the alleged actions and will be granted the right to be heard at an appropriate time. The investigation process must not exceed three (3) months from the Complaint’s receipt, extendable by up to three (3) additional months in complex cases.
Upon completion of the investigation, the Compliance Unit will submit its findings to ALSTP’s managing partner, who may impose appropriate sanctions.
If the Reportable Facts constitute a crime, the managing partner will follow the post-criminal actions procedure attached as Annex 1. Information will be immediately forwarded to the Public Prosecutor's Office if there is reasonable evidence of criminal activity. If the facts affect the European Union's financial interests, they will be reported to the European Public Prosecutor's Office.
The following principles and guarantees apply to complaint handling and internal investigations:
All parties involved must maintain strict confidentiality.
All actions under this Policy and the internal information system, as well as any related documentation, must be kept strictly confidential. Any dissemination of related elements, information, or documentation is prohibited and subject to penalties.
This Policy guarantees whistleblower protection against retaliation. ALSTP will investigate and sanction any conduct that could harm whistleblowers due to their use of the internal information system.
All data processing will comply with the EU General Data Protection Regulation (GDPR) and related laws. To exercise data protection rights, individuals must email info@alstp.com, providing identification and specifying the right they wish to exercise. The privacy policy can be consulted at https://www.alstp.com/politica-de-privacidad.