Privacy Policy of the Unfair Competition Observatory Platform. ALERTIA

Ministry of Economy, Trade, and Business

Data Controller

Sub-Directorate General for Inspection, Certification, and Technical Assistance in Foreign Trade

Address: Paseo de la Castellana 162, 28071 Madrid

Contact email: sgsoivre.sscc@economia.gob.es

Data Protection Officer email: dpd@economia.gob.es

Spanish Data Protection Agency

The data controller guarantees that the processing of personal data will be carried out in accordance with the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, and Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD).

Purpose of Processing

Personal data will be processed for the following purposes:

  • To manage communications, complaints, or information submitted through this channel.
  • To conduct the necessary investigations to clarify the reported facts.
  • To take corrective measures when appropriate.
  • To ensure the traceability and secure recording of the complaint.

The data will not be used for purposes incompatible with those listed above.

Legal Basis

The processing is based on:

Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or functions assigned to the controller [Art. 6.1(e) of the GDPR and Royal Decree 410/2024 of April 23, establishing the basic organizational structure of the Ministry of Economy, Trade, and Enterprise]

Types of Data Processed

Depending on the report submitted, the following may be collected:

  • Identifying data (first name, last name, ID number).
  • Contact information (email, phone number).
  • Type of reporter.
  • Content of the complaint or report.
  • Information about third parties involved or witnesses.
  • Sensitive data, only when essential for the investigation.

The informant may file the complaint anonymously, if they so choose.

Recipients of the Data

The data will only be accessible to:

  • Authorized personnel of the Internal Information System of the Ministry of Economy, Trade, and Enterprise
  • Internal investigation teams, when necessary.
  • External legal advisors, when absolutely necessary.
  • Competent authorities (judicial, law enforcement, or administrative) when there is a legal obligation or a substantiated request.

No international transfers will be made unless required by law.

Confidentiality and Security Measures

The Ministry of Economy, Trade, and Enterprise guarantees:

  • Absolute confidentiality regarding the identity of the whistleblower.
  • Independent and secure processing within the system.
  • Restricted access limited to authorized personnel only.
  • Protocols for secure storage and archiving.
  • Confidentiality agreements.

Retention Periods

The data will be retained:

For the time strictly necessary to fulfill the purpose for which it was collected, as well as the time necessary to decide whether to initiate an investigation into the reported facts. If it is proven to be untrue, it will be immediately deleted unless such lack of truthfulness constitutes a criminal offense, in which case the information will be retained.

Rights of Data Subjects

You may exercise the following rights:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Objection (where applicable)

Since the system must ensure the integrity of the research, some rights may be temporarily restricted.

These rights may be exercised by writing to: sgsoivre.sscc@economia.gob.es or to the Spanish Data Protection Agency.

Mandatory Provision of Data

The whistleblower may choose whether to provide identifying information or to file the report anonymously.

The information included in the report must be truthful and provided in good faith.

Automated Decisions

No automated decisions or profiling will be carried out based on the data provided.

Policy Updates

The Ministry of Economy, Trade, and Enterprise may update this information when necessary to adapt it to regulatory changes or improvements to the internal information system.

Security Measures

The security measures included in the high-level National Security Scheme will be applied.