Privacy Policy Whistleblowing
This information concerns the processing of personal data collected through the whistleblowing portal (hereinafter, the "Portal") that the company MARCATO S.P.A., as data controller, (hereinafter the "Company" or the "Data Controller") has made available to those (employees or similar, trainees, top management, suppliers, freelancers and consultants, etc.) who intend to carry out, in accordance with the provisions of the whistleblowing procedure and Legislative Decree 24/2023 and Anac Guidelines (hereinafter, the "Whistleblowing Procedure"), a report (hereinafter also "Report") of unlawful conduct or violations, as indicated on the first page of the portal form.
All the safeguards provided by law are reserved to the whistleblower in good faith in order to ensure their protection and prevent them from suffering harmful consequences (e.g. retaliation) as a result of the report. The Company has entrusted the management of reports to an external body, to guarantee confidentiality and impartiality in the management of the report. The reporting management body and the company providing the portal have been appointed as Data Processors pursuant to art. 28 EU Reg. 679/2016 ("GDPR"). If a Report is made, the information processed includes the personal data of the reporting party (hereinafter also referred to as the "Whistleblower") such as name, surname, contact details as well as the information contained in the Report, including the personal data of the reported person(s), such as, for example, name and surname, company role (hereinafter also "Personal Data"). The Report must not contain insulting tones or contain personal offenses aimed solely at offending or harming the honor and/or personal and/or professional decorum of the person or persons to whom the reported facts refer. The Whistleblower remains, in any case, personally responsible for any defamatory content in the reports.
- Your Personal Data will be processed for purposes related to the management and verification of the Report and to ensure adequate application of the Whistleblowing Procedure. A prerequisite for the processing is the fulfilment of a legal obligation to which the Data Controller is subject pursuant to Article 6(1)(c) of the GDPR as well as the pursuit of a legitimate interest of the Data Controller pursuant to Article 6(1)(f) of the GDPR to ascertain the truthfulness of the Report and to carry out any activity necessary for its management. The provision of the Whistleblower's Personal Data is optional; in fact, on the basis of the Whistleblowing Procedure adopted by the Company, the Whistleblower has the right to remain anonymous. It is also not mandatory to indicate the Personal Data of the reported subject(s). If applicable, the investigation activity carried out following the Report will not be compromised.
- Your Personal Data may be processed for purposes related to (if any) needs to defend rights during judicial, administrative or extrajudicial proceedings and in the context of disputes arising in relation to the Report made. In addition, your Personal Data may be processed by the Company to take legal action or to assert claims against you or third parties. The prerequisite for the processing is the legitimate interest of the Company pursuant to Article 6, first paragraph, letter f) of the GDPR in the protection of its rights. In this case, you are not required to provide a new and specific provision, since the Company will pursue this additional purpose, where necessary, by processing the Personal Data collected for the purposes referred to above, deemed compatible with this (also due to the context in which the Personal Data were collected, the relationship between you and the Company, the nature of the data and the appropriate safeguards for their processing, as well as the link between the purpose under A. and this additional purpose).
The Report must not contain facts that are not relevant for the purposes of the Report, nor special categories of personal data, as per art. 9 of the GDPR (hereinafter also referred to as "Special categories of data", i.e. those from which racial and ethnic origin, philosophical and religious beliefs, membership of political parties or trade unions, as well as health, sex life or sexual orientation may be inferred), except in cases where this is unavoidable and necessary for the purposes of the Report. In this case, the processing is carried out as necessary pursuant to Article 9, second par.2, letter f) of the GDPR. The processing of your Personal Data will be carried out according to principles of correctness, lawfulness and transparency and may also be carried out through electronic methods. Appropriate IT, organizational and physical measures have been adopted to prevent the risks associated with data processing, such as loss, unauthorized access, unlawful use and dissemination. Personal Data and reports will be retained for 5 years from the date of closure of the Report, unless it is necessary to increase the term for purposes related to the handling of disputes. After the storage periods indicated above, the Reports can only be stored anonymously, for statistical purposes.
Without prejudice to the completion of any investigations launched following your Report, as well as the fulfilment of obligations arising from the law, the Personal Data you provide will not be subject to any communication and/or dissemination. Personal Data may be shared with legal advisors and the Judicial Authority, in accordance with the procedures provided for by current whistleblowing legislation.
As provided for by the GDPR, the data subject has the following rights: opposition to processing; access; cancellation; correction; limitation; portability; to send a complaint to the Data Protection Authority using the references available on the www.garanteprivacy.it website, or to take legal action. To exercise the above-mentioned rights, you can send an email to the address odv@scuadra.it