Whistleblowing

Channels

The internal reporting system consists of the following channel by accessing the link.

By using this channel, the protections provided by the Whistleblowing legislation are guaranteed:

• Obligation of confidentiality: at each stage of the process, the identity of the person making the report, the person reported and the person in any case mentioned in the report, as well as the content of the report and the relevant documentation, is guaranteed.
• Processing of personal data: reports and related documentation are kept for the time necessary to process the report and in any case no longer than five years from the date of the communication of the final outcome of the reporting procedure. Personal data that are clearly not useful for the processing of a specific report are not collected or, if accidentally collected, are deleted immediately. Personal data collected in the reporting process are processed by Cuamm as data controller in compliance with the principles and obligations enshrined in the legislation on the protection of personal data (EU Regulation No. 2016/679 – GDPR and Legislative Decree No. 196/2003 – Privacy Code) and are protected with appropriate security measures. Further information on the processing of personal data can be found in the information notice made available at the following link.
• Prohibition of retaliation: all necessary measures are taken to protect the physical integrity and moral character of the reporting person, ensuring adequate protection against any form of retaliation, penalisation, discrimination or threats.

It should be noted that the protection of whistleblowers also applies when the legal relationship has not yet started (if the information on breaches was acquired during the selection process or in other pre-contractual stages), during the probationary period and after the termination of the legal relationship (if the information on breaches was acquired during the course of the relationship) and also extends to facilitators, to persons in the same employment context as the reporting person and who are linked to them by a stable emotional or kinship link up to the fourth degree, to the reporting person’s work colleagues who work in the same employment context as the reporting person and who have a habitual and current relationship with the reporting person, to the entities owned by the reporting person or for which the same persons work, and to the entities operating in the same employment context as the above-mentioned persons.

Subject of the report

The report may concern any conduct, action or omission on the part of a person belonging to the corporate organisation, which violates regulatory provisions and which harms or may harm the public interest or the integrity of the organisation. The report may concern both violations committed and those not yet committed which the whistleblower reasonably believes could be committed on the basis of concrete elements.

Violations may concern both national and EU regulatory provisions:

• Violations of national regulatory provisions – This category includes, by way of example and not limited to: criminal, civil, administrative or accounting offences, offences underlying the application of Legislative Decree no. 231/2001 and violations of the organisational and management models provided for in the aforementioned Legislative Decree no. 231/2001, violations of the provisions laid down to prevent money laundering and the financing of terrorism, violations of the rules on financial intermediation and governing banking activities.
• Breaches of EU law – This category includes, but is not limited to:
  • Offences falling within the scope of European Union or national acts or national acts implementing European Union acts relating to the following: public procurement; financial services, products and markets and prevention of money laundering and terrorist financing; product safety and compliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; privacy and protection of personal data and security of networks and information systems;
  • Acts or omissions affecting the financial interests of the Union;
  • Acts or omissions relating to the internal market;
  • Acts or conduct that frustrate the object or purpose of the provisions of Union acts in the areas referred to in the previous three points.

The elements that must be included in the alerts are:

• Indication that it is a report for which you intend to keep your identity confidential and benefit from the protections provided for in the event of any retaliation suffered as a result of the report under the Whistleblowing legislation.
• The data of the person making the report, indicating the contact channels for further action. These data are not compulsory as the report may also be anonymous but, in that case, should additions be necessary, the report may not be effectively investigated;
• The circumstantiated and verifiable facts (i.e., what happened, when it happened, where it happened) and the information and data necessary to unequivocally identify the perpetrators of the unlawful conduct;
• Possible conflicts of interest of the reporting person in connection with the report;
• Possible co-responsibility of the person reporting the violations;
• Evidence (with attached documentation if available) for the analysis of reports;
• The person, if any, who assisted in the reporting process.