Aviso legal

Ethical Channel Treatment

This Registry of Treatment Activities (hereinafter “RAT”) provides information on the processing of Personal Data through the website https://www.ayesa.com (hereinafter, the “Website”), in accordance with the principles of transparency, loyalty and legality as well as the rights of Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to treatment of personal data and the free circulation of these data and which repeals Directive 95/46/CE (“GDPR”).

We recommend that you carefully review our Privacy Policy to ensure that you understand how your Personal Data will be used on the Website.


Responsible for the treatment:


Postal Address: C/ Marie Curie, 2. Isla de la Cartuja. 41092 – Seville.



Manage, process and investigate the communications sent through the Communications Channel, as well as to adopt disciplinary measures or process the legal proceedings that, if applicable, proceed.



Whistleblowers and defendants in the subjective field of the General Policy for Communication of Violations.


Personal information:

Communications of infringements and conduct, identification data, relationship with Ayesa, country, department, date of the infringement, date of knowledge, any other relevant data for the investigation.



The main addressee is the Ayesa Compliance team.

In addition, if reasons are found to initiate an investigation, the data will be communicated to the company with which the accused maintains a contractual or employment relationship. They may also be communicated to the competent authorities for reasons of public interest.


International transfers:

No international data transfers are planned. For exceptional cases, the provisions of article 49 of the GDPR will apply.


Conservation period:

The data must be deleted three months after its introduction into the complaints system without the blocking obligation being applied, unless the purpose of conservation is to leave evidence of the operation of the model for the prevention of the commission of crimes by the legal entity. Complaints that have not been processed can only be recorded anonymously.


Security measures:

Measures based on ISO 27001 and the National Security Scheme are applied.


Legal Basis:

GDPR: 6.1. e) Public interest. The interest is lawful in accordance with article 24 LOPDGDD and Directive (EU) 2019/1937 of the European Parliament and of the Council, of October 23, 2019, regarding the protection of persons who report violations of Union Law.


Exercise the rights of data protection stakeholders:

You can exercise your rights of access, rectification, deletion, limitation, opposition and portability, when the latter is legally appropriate, by sending Alía to the address C/ Marie Curie, nº 2 – Edificio AYESA, 41092 Sevilla or to the electronic address lopd@ ayesa.com, of a request indicating the right you are exercising and providing a document, or copy of a document, that proves your identity.

The right to file a claim with a Control Authority is also reported, in Spain the Spanish Data Protection Agency, C/ Jorge Juan, 6, 28001 Madrid, 901 100 099 – 912 663 517 (http://www.agpd .es) in particular, in relation to the exercise of their rights.