Following the case-law of the Constitutional Court, the Supreme Court allows the admission of mails from an Inditex employee’s company mail account as evidence for the dismissal of said employee, in that:
Inditex imposes a set of company rules and regulations on «information systems» and “information security policy” which limits the use of company computers strictly for work purposes and prohibits their use for personal matters.
Furthermore, in order to gain computer access to the company’s IT systems all Inditex employees are required to accept the guidelines established in the Information Security Policy of the Group every time before gaining said access. The Information Security Policy clearly states that the access is strictly for professional purposes, with the company reserving the right to adopt any surveillance and control measures necessary to ensure the correct use of the tools made available to its employees, respecting the conventional labour law concerning the matter and assuring employee dignity and privacy at all times. Therefore, the plaintiff was fully aware of the fact that he had no right to use the mail for personal matters and that the company has the right to control his compliance with the guidelines when using the IT resources it provides.
Moreover, the computer used by the employee, the plaintiff in the case, was searched following the “unexpected finding” of photocopies of bank transfers made by a provider of the company to the employee, the defendant in the case, which is expressly prohibited in the Code of Conduct of the defendant and cited as grounds in the letter of dismissal-.
In this instance, the Supreme Court considers that “the content of certain e-mails from the plaintiff’s corporate mail account was examined, not generally and indiscriminately, but rather focusing on finding elements that would allow selecting the exact mails to be examined, using to that end key words that may allow deducing from which mails information relevant to the investigation may be found, [and considering] dates around the date of the bank transfers”. However, the following two circumstances continue to be relevant: a) the extracted content was limited to mails relating to the bank transfers made to the employee – breaking the Code of Conduct – by a provider of the company; and b) the control was conducted on the “corporate mail of the defendant through access to the server housed in the actual facilities of the company; i.e., no access was made to any apparatus or device belonging to the defendant…; access was made only to the company server housing all mails sent and forwarded from the corporate accounts of all employees”.