Internal Information System

WHAT IS THE INTERNAL INFORMATION SYSTEM?

The Internal Information System (IIS) is the system implemented by the LKS Next Group (*) to respond to the obligations established under the LPI: Law 2/2023 of 20 February on the protection of persons who report regulatory infringements and the fight against corruption.

(*) The scope of the IIS implemented for the LKS Next Group is limited to the following companies, with the rest of the companies in the group having their own Internal Information Systems:

• LKS, S.Coop.(group’s parent company)
• LKS NEXT GOBTECH EUSKADI, S.Coop
• IBAI SISTEMAS, SA. 
• INDABA CONSULTORES, S.L. 
• LKS INFRAESTRUCTURAS IT, S.L. 
• LKS FINANCIAL SOLUTIONS CORPORATE, S.L.
• LKS SELECTION TRAINING MANAGEMENT, S.L.
• PROSPEKTIKER, S.A. 
• LKS-Kroczek & Wendland L. Abogados 
• ZAMUNDI INGENIERIA DE SISTEMAS, S.L. 
• AFI SERVICIOS TECNOLÓGICOS AVANZADOS, S.L

Any person related to our organisation, whether occupationally or professionally, may report a possible breach of regulations, law or our Code of Conduct using the internal channels provided, with full guarantees of confidentiality and without suffering any reprisal for doing so, provided they have acted in good faith and in the common interest.

The IIS is part of our Compliance System and consists of the following elements:

A policy or fundamental principles guiding its design and operation.

A specific and independent responsible body, legally appointed by the Governing Board, which has designated a natural person to be in charge of receiving and processing information.

Channels for receiving communications, designed and enabled to comply with the legal requirements of security and confidentiality.

A mandatory internal communications management procedure that guarantees the requirements of protection, confidentiality, objectivity and efficiency in the process of receiving, processing and resolving the communications received.

And an IT system (IIS application) that supports both the receiving channel and the communication and internal management of the procedure. We do this in a secure way and with access to the data restricted exclusively to legally authorised persons, with a private website area for the two-way monitoring and exchange of information and documentation on the case with the reporting person.

• A policy or fundamental principles guiding its design and operation.
• A specific and independent responsible body, legally appointed by the Governing Board, which has designated a natural person to be in charge of receiving and processing information.
• Channels for receiving communications, designed and enabled to comply with the legal requirements of security and confidentiality.
• A mandatory internal communications management procedure that guarantees the requirements of protection, confidentiality, objectivity and efficiency in the process of receiving, processing and resolving the communications received.
• And an IT system (IIS application) that supports both the receiving channel and the communication and internal management of the procedure. We do this in a secure way and with access to the data restricted exclusively to legally authorised persons, with a private website area for the two-way monitoring and exchange of information and documentation on the case with the reporting person.

HOW CAN I SUBMIT INFORMATION?

Through our internal channels using the following procedures:

• This route provides access to an online form with fields for providing detailed information. You can communicate anonymously or by identifying yourself. In the latter case, you have all the guarantees that your personal data will be processed only for the intended purposes and by the persons authorised to do so, and that your identity will not be provided to the person affected by the information under any circumstances.
• If you have any proof or documents to support the information provided, you can attach them in the form itself and, if you wish, you may also record an explanatory audio. In both cases we apply technical measures to protect your identity, removing metadata from the files, distorting speech and always encrypting any communications.
• The form provides the opportunity to request an appointment to discuss or expand on the information directly with the IIS manager. This appointment will be arranged via the monitoring area within a maximum of 7 days from your request. Any verbal communications made shall be documented in one of the following ways, subject to the consent of the reporting person:
  • By a recording of the conversation in a secure, durable and accessible format, and/or
  • Through a complete and accurate transcript of the conversation made by the manager. Without prejudice to his or her rights under data protection regulations, the reporting person shall, where possible, be given the opportunity to verify, rectify and agree by signature to the transcription of the conversation.
• Once you have completed the form, we will confirm the registration of your communication and you will receive a password to access the monitoring area of your case, where, if you wish, you can follow the progress of the case and communicate and exchange information and documents with the case manager in a simple, secure and confidential way. It is essential to keep this password safe because, for reasons of confidentiality, it is not possible to recover it and in case of loss or forgetfulness, you will have to resend the information to us.
• While your information is being processed, you may be asked for additional information through this area if the person in charge considers it necessary, so it is advisable to visit it periodically to check the status or, if you wish, you may provide an e-mail address for the sole purpose of notifying you of the existence of new notifications.
• You will be notified within 10 days whether or not your communication has been accepted for investigation and, if so, you will be notified of the final decision within a maximum period of 3 months (which may be extended to 6 months if necessary).

Via the external channel of the independent Whistleblower Protection Authority:

• Although the preferred channel for reporting possible breaches is the internal channel, if the irregularity you wish to report falls within the scope of Article 2 of Law 2/2023, in other words, it concerns possible criminal, serious or very serious administrative or EU law violations, you can report it via the external channel of the Independent Whistleblower Protection Authority either directly or after having reported it via the LKS Next Group’s Internal Information System.