iten

Home

About us (5)

Services (3)

Careers (3)

News

Contacts

CHANGE LANGUAGE:iten

FOLLOW US:

Whistleblowing Privacy Policy

Website Privacy Policy

Customer Privacy Policy

Supplier Privacy Policy

Candidate Privacy Policy

Whistleblowing Privacy Policy

Cookie Policy

Whistleblowing Privacy Policy versione 4.0 del 21/06/2023
valida dal 21/06/2023
Information notice pursuant to Article 13 of Regulation (EU) 2016/679 (“Regulation” or “GDPR”)
“WHISTLEBLOWING - Reporting Person”

 

Data Controller

 

Value Partners S.p.A., with registered office in Milano, Largo Francesco Richini 6, acting as data controller (hereinafter the “Controller”) pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation” or “GDPR”), hereby informs you that it will process your personal data collected in the context of reports of violations of national or European Union legal provisions that harm the public interest or the integrity of the Controller (hereinafter the “Whistleblowing Report”), for the purposes and in the manner described below.

 

 

Types of data, purposes and legal basis of the processing

 

The personal data processed may include, only if you decide to disclose your identity, your personal identification data, as well as the identifying data of the reported person and the names of other individuals who may provide information on the facts covered by the Whistleblowing Report, as well as all facts connected with your Whistleblowing Report.

 

In the context of the report, you may disclose special categories of personal data or judicial data; however, you are invited not to do so unless strictly necessary for the purposes of the Whistleblowing Report.

 

Your data are processed for the following purposes:

 

  • receiving, analysing and managing the Whistleblowing Report.

    The legal basis for the processing of personal data for this purpose is the performance of a legal obligation to which the Controller is subject (Article 6(1)(c) of the GDPR), in particular as provided for by D.lgs. 24/2023 (Italian Legislative Decree No. 24/2023).

 

Any processing of personal data falling within special categories of data or judicial data is carried out by the Controller in compliance with obligations relating to workplace safety and social security.

 

Please note that, once the Whistleblowing Report has been managed, its content may be further used for the protection of the Controller’s rights in legal proceedings and for the necessary defence actions. In such case, the legal basis for the processing of such personal data is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).

 

The Whistleblowing Report may also be used for the initiation of disciplinary or sanctioning actions in the event that pretextual, retaliatory or discriminatory conduct is carried out to the detriment of the reported person or the reporting person. Such processing is carried out on the basis of the applicable legal provisions (D.lgs. 24/2023).

 

You are reminded that you may also submit a Whistleblowing Report anonymously, which will in any case be taken into consideration and analysed. With regard to the identity of the reported person, the provision of their data is likewise optional; however, the Whistleblowing Report may not be taken into consideration where this is materially not possible.

 

Please note that, if you decide to disclose your identity, your personal data will be processed only by authorised personnel who are bound by confidentiality obligations, without prejudice to the disclosure obligations prescribed by law.

 

 

Recipients of personal data

 

Your personal data may be shared, to the extent strictly necessary for the purposes set out above, with:

 

  • the competent collegial bodies of the Controller and only those persons strictly necessary to follow up on the Whistleblowing Report who are bound by confidentiality obligations, including the facilitator, where applicable;

  • persons, entities or authorities to whom communication of your personal data is mandatory by law or by order of the authorities;

  • any external legal advisers, as well as platform providers with whom the Controller has entered into agreements for the processing of personal data and who act as data processors.

 

 

Methods of data processing

 

Your personal data will be processed both by automated and manual means, ensuring the security and confidentiality of the personal data. Particular attention is paid to the data of the reporting person, which will be protected by anonymity (unless you choose to disclose your identity).

 

 

Transfer of data outside the EU

 

For the processing activities described above, the Controller does not transfer personal data outside the European Economic Area, with the exception of Switzerland, where the email service used for managing reports is located. Further information is available from the Controller.

 

 

Retention of personal data

 

Whistleblowing Reports will be handled within three months from the date of the acknowledgement of receipt or, in the absence of such acknowledgement, within three months from the expiry of the seven-day period following the submission of the Whistleblowing Report. Whistleblowing Reports and the related documentation are retained for the time necessary to process the Whistleblowing Report and in any case no longer than five years from the date of communication of the final outcome of the Whistleblowing Report procedure, in compliance with the confidentiality obligations set out in Article 12 of D.lgs. 24/2023 and with the principle referred to in Article 5(1)(e) of the Regulation.

 

 

Your privacy rights

 

At any time, you may request:

 

  • access to your data: we will provide you with the data we hold about you and, where applicable, the source of your data. This right cannot be effectively exercised by the person who is the subject of a Whistleblowing Report;
  • portability of your data: where applicable, we will provide you with the data we hold about you in a structured, commonly used and machine-readable format;
  • rectification of your data if you believe they are inaccurate or need to be updated;
  • restriction of the processing of your data, for example if you believe that our processing is unlawful and/or that certain processing activities carried out on the basis of our legitimate interest are inappropriate;
  • erasure of your data;
  • objection to the processing of your personal data.

 

The response time provided for under the applicable European legislation is one month from your request (extendable by a further two months in cases of particular complexity).

 

Please note that, pursuant to Article 2-undecies of D.lgs. 196/2003 (Italian Legislative Decree No. 196/2003, as amended), the rights set out in Articles 15 to 22 of the Regulation may not be exercised by submitting a request to the Controller or by lodging a complaint pursuant to Article 77 of the Regulation where the exercise of such rights may result in a concrete and effective prejudice to the confidentiality of the identity of the person who submits a Whistleblowing Report. Such prejudice will be assessed on a case-by-case basis, in concrete terms, and only where the limitation is necessary and proportionate. Where the Controller relies on such limitation, you will be informed thereof in writing without delay. You are reminded that, in such cases, your rights may also be exercised through the Garante per la Protezione dei Dati Personali in accordance with Article 160 of D.lgs. 196/2003 and subsequent amendments.

 

Requests must be submitted in writing to the Controller at the following address privacy@valuepartners.com

 

In any event, you have the right to lodge a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the Regulation, if you consider that the processing of your personal data infringes the applicable legislation, without prejudice to the limitations set out in Article 2-undecies of D.lgs. 196/2003 referred to above.