1. OBJECTIVES AND VIOLATIONS SUBJECT TO WHISTLEBLOWER REPORTS

This procedure defines the management process for whistleblower reports of violations and irregularities, also alleged, in respect of applicable laws and regulations, the provisions of the Code of Ethics of EI Towers Group (hereafter, also “Code of Ethics”), the Organisational, Management and Control Model pursuant to Legislative Decree 231/2001 (hereafter, also “Model 231”) – only for Group Companies provided with one – and the corporate policy and Organisational Guidelines (hereafter, also “OGL”) in force (hereafter, also “Procedure”).

The aim of the Procedure is to provide guidelines for submitting and managing whistleblower reports, and to ensure that operating activities are performed with professionalism, transparency, fairness and confidentiality, in compliance with applicable laws and regulations, and in accordance with the Code of Ethics, Model 231 and corporate policy and OGLs.

The Procedure is designed to deter unlawful activities or conduct that pose a real and significant risk to the company, its personnel or the general public.

“Unlawful conduct” refers to any act or omission occurring in the course of or affecting the performance of work, which causes or is likely to cause damage or harm to the Group (as defined in Section 5 below) and/or its Employees and which:

• is unlawful or improper;
• violates statutory and regulatory provisions;
• does not comply with internal regulations (e.g. Model 231, procedures).

Violations potentially subject to Whistleblower Reports (as defined in Section 4 below) include:

1. administrative, accounting, civil and criminal offences detrimental to the interests, decorum and integrity of the company;
2. unlawful conduct pursuant to Legislative Decree 231/01 or violations of the relevant Organisation, Management and Control Models;
3. offences within the scope of Community and/or national legislation pursuant to Art. 2, Legislative Decree no. 24 of 10 March 2023;
4. acts or omissions detrimental to the financial interests of the European Union or in connection with the internal market pursuant to Art. 2, Legislative Decree no. 24 of 10 March 2023.

 

2.  APPROVAL AND STARTING DATE OF THE PROCEDURE

This Procedure was approved by the Board of Directors of EI Towers S.p.A. on 17 October 2019 and subsequently amended and supplemented on 27 July 2023.

 

3.  REFERENCES

The provisions set out in this Procedure make reference to the following legislative and regulatory sources, guidelines and principles:

• European Directive no. 2019/1937 of 23 October 2019, “on the protection of whistleblowers who report violations of EU law and containing provisions concerning the protection of whistleblowers who report violations of national regulations”;
• Legislative Decree no. 24 of 10 March 2023, containing “Implementation of Directive (EU) 2019/1937 on the protection of whistleblowers who report violations of EU law and containing provisions concerning the protection of whistleblowers who report violations of national regulations”;
• Law no. 179 of 30 November 2017, containing “Provisions for the protection of whistleblowers who report offences or irregularities of which they have become aware in relation to their employment in the public or private sector”;
• Legislative Decree no. 231 of 8 June 2001, on the subject of the "Rules governing the administrative responsibility of legal persons, companies and associations, including those without legal personality”, as amended;
• Legislative Decree no. 196 of 30 June 2003, “Personal data protection code”, as amended;
• Regulation (EU) 2016/679 of 27 April 2016, “Protection of natural persons with regard to the processing of personal data and on the free movement of such data”, also “General Data Protection Regulation”, as amended;
• EIT Organisational Guidelines on the subject of “Personal data protection management”;
• The EI Towers Group Code of Ethics;
• Organisational, Management and Control Models pursuant to Legislative Decree 231/2001;
• EI Towers Group best practices in internal controls;
• National Anti-Corruption Authority guidelines.

 

4. DEFINITIONS

As an aid to understanding this document, certain terms used are defined below:

• Whistleblower: a person who, in the context of the Group’s operations and by reason of their functions, after becoming aware of unlawful conduct (even if only alleged) and intending to report it, is required to do so as set out in this document, without taking any further initiatives or corrective action.
• Reported Person: the person to whom the Whistleblower Report refers;
• Whistleblower Report: a written or oral report on conduct and practices that do not comply with the provisions of the law and regulations, the Code of Ethics, Model 231 and corporate policy and Organisational Guidelines, encountered in the performance of their work. See Section 1 above for violations subject to Whistleblower Reports. Internal Whistleblower Reports (regulated by this Procedure and external Reports (see Section 9 below) must:
  • refer to facts/acts/events of which the Whistleblower has direct knowledge and not to hearsay;
  • be in good faith, e.g. when the Whistleblower, without prejudice, is reasonably certain of the truth of the report and it is not submitted with the sole aim of causing unfair harm or of obtaining a personal benefit;
  • be substantiated, if they allow the identification of factual elements that are reasonably sufficient to begin an in-depth investigation (e.g. offence committed, period in question, causes, purposes, persons involved);
  • be signed (if the identity of the Whistleblower is identifiable) or alternatively anonymous (if the personal details of the Whistleblower are not explicit and identifiable).
• Conflict of interest: any situation in which a person involved in the management of whistleblower reports has a personal or professional interest that is in conflict with the impartiality required in relation to their responsibilities, such as to prevent the objective assessment of the Report.
• “Need to know” criterion: defined as the criterion by which a user comes into contact with as little information as is strictly necessary for the purposes of the processes of which they are a part or useful for the performance of the task to which the user is assigned.
• Retaliation: any conduct, act or omission, even if only attempted or threatened, carried out in relation to the Whistleblower Report, to the report to the judicial or accounting authorities, or to public disclosure, which directly or indirectly causes or may cause unjustified damage to the Whistleblower or the person who submitted the report, in the sense of unjustified damage as the direct or indirect effect of retaliation and implicit in the content of such retaliation.

 

5. SCOPE AND RECIPIENTS

This Procedure acts as the benchmark for EI Tower Group, intended as EI Towers S.p.A. and its subsidiary companies (hereafter, the “Group”).

The Recipients (“Reported Persons” and/or “Whistleblowers”) are:

• persons who have representation, control, administration or management functions in every Group company;
• persons subject to the direction or supervision of one of the subjects referred to in the previous point;
• the Group’s customers, suppliers, partners, advisors, shareholders and, more generally, all the subjects under Art. 3, Legislative Decree no. 24 of 10 March 2023.

                     

6. GUARANTEES AND PROTECTIONS

6.1 Confidentiality guarantees

All Group personnel involved in various capacities in the management of Whistleblower Reports are required to guarantee confidentiality regarding the existence and content of the Report and the relevant documentation, the identity of the Whistleblowers (where identified) and the reported persons, and all the persons involved or mentioned in the Report.

In order to encourage Recipients to promptly report possible misconduct or irregularities, the Group guarantees the confidentiality of Whistleblower Reports and the information they contain, even in the event they are subsequently found to be in error or groundless.

All communication regarding the existence and content of the Whistleblower Report, as well as the identity of the Whistleblowers (where disclosed) and the Reported Persons, must be in strict compliance with the “need to know” criterion.

 

6.2 Whistleblower protection

The Group guarantees the confidentiality of the Whistleblower’s identity, including any information or element from which same may be inferred, from the moment of receiving the Whistleblower Report, in compliance with the provisions of the law and this Procedure. The identity of the Whistleblower may not be disclosed to persons other that those competent to receive or act on the Whistleblower Report without the Whistleblower’s express consent and, in the cases set out in Art. 12, Legislative Decree no. 24 of 10 March 2023, after informing the Whistleblower in writing of the reasons for the disclosure.

In compliance with the law, the Group prohibits and sanctions any form of retaliation, even if only attempted or threatened, against anyone who has submitted a Whistleblower Report (as well as anyone who has cooperated in verifying the facts reported), without prejudice to the provisions of Section 6.3 below.

Below are some examples of cases that constitute retaliation against Whistleblowers:

1. dismissal, suspension or equivalent measures;
2. change of duties, change of workplace, change of working hours;
3. suspension of training or any restriction of access to same;
4. disciplinary measures or other sanctions, including fines.

The Group reserves the right to take appropriate action against whoever, including the Reported Person, takes or threatens to take retaliatory action against persons who have submitted Reports in compliance with the law and this Procedure, without prejudice to the right of those entitled to legal protection if the Whistleblower is found to be liable under criminal or civil law in relation to the mendacity of their statements or reports.

Without prejudice to the provisions of Section 10 below, the protective measures against retaliation provided for in Art. 19, Legislative Decree no. 24 of 10 March 2023 shall apply to the Whistleblower, e.g. Whistleblowers may notify the National Anti-Corruption Authority (ANAC) of any retaliation they believe they have suffered under the terms and conditions set out in the Decree.

 

6.3 Reported Person protection

The Group requires all its employees to cooperate in maintaining a corporate climate of mutual respect and prohibits attitudes that may offend the dignity, honour and reputation of each individual. The confidentiality guarantees set out in the Procedure also protect the Reported Person.

During the various phases of the Whistleblower Report management process, no disciplinary action will be taken against the Reported Person exclusively on the basis of the Report when there is no concrete evidence to back up its content, but only if such evidence is found and verified, even before the final stage of the investigation. The Reported Person may not request the disclosure of the Whistleblower’s name, except in those cases expressly provided for by the law.

For the further protection of the Reported Person, the actions and powers provided to them by the law remain unaffected.

The Group may take appropriate disciplinary and/or legal measures to protect its rights, assets or image against whoever, with malicious intent or gross negligence, submits Whistleblower Reports that prove to be unfounded or opportunistic and/or for the sole purpose of slandering, defaming or harming the Whistleblower or other persons mentioned in the Report.

 

6.4 Protection of the persons involved and other subjects

The Group protects the confidentiality not only of the Whistleblower, but also of the following persons:

• the facilitator, e.g. the person operating within the same working context as the Whistleblower who assists same in the Whistleblowing process;
• the persons involved or mentioned in the Whistleblower Report or in public disclosures.

The confidentiality of the facilitator, the person involved, and the person mentioned in the Whistleblower Report or in public disclosures is guaranteed until the conclusion of the proceeding initiated as a result of the Whistleblower Report, and in compliance with the same guarantees as those extended to the Whistleblower.

                       

7. WHISTLEBLOWER REPORTS

Whistleblower Reports are submitted to and examined by the Supervisory Board of the Parent Company EI Towers S.p.A. (hereafter, also “Supervisory Board” or “SB”).

If Whistleblowers, regardless of their role or duties, discover violations and/or alleged irregularities, or in any case conduct that is in conflict with the law or regulations as they stand, with the Code of Ethics, with Model 231, or with corporate policy and OGLs, they may send:

1. a Whistleblower Report, in written or oral (voice message) form, using the reserved IT platform provided at URL https://eitowers.segnalazioni.net (hereafter, “EIT Platform”, preferential channel). The Whistleblower Report may be sent after registering with the website or in anonymous form [1];
2. or, with suitable methods of protecting the confidentiality of the information contained, a paper letter in sealed envelope bearing the words “Confidential Whistleblower Report” on the outside, to the postal address: EI Towers S.p.A. Via G. Zanella 21, 20851, Lissone (MB), for the attention of the Supervisory Board. Whistleblower Reports received by paper letter will be entered into and managed within the EIT Platform by the Supervisory Board[2].

Following receipt of the Whistleblower report, the Supervisory Board sends the Whistleblower a notice of receipt and acceptance within seven days from the date of receipt.

Information on violations must refer to conduct, acts or omissions of which the Whistleblower or reporting person has become aware in the context of the Group’s operations.

Whistleblower Reports may not contain, and in this sense will not be taken in any way into consideration, any personal grievances of the Whistleblower (e.g. claims or complaints regarding the Group or relations with superiors or colleagues).

Whistleblower Reports must be substantiated and provide all the necessary and useful elements for the purposes of investigating and verifying the merits of the facts reported, as follows:

• the date on and place in which the event occurred;
• the identity and elements such as to allow the identification of the subject to which the reported facts can be attributed;
• a description of the facts and the manner in which the Whistleblower became aware of them;
• the personal details of any other persons aware of the fact and/or able to report on same;
• reference to any documents and/or other information that can confirm the validity of the facts described.

Information on violations subject to whistleblower reports does not include information that is clearly unsubstantiated, information that is already fully in the public domain, or information resulting exclusively from indiscretions or unreliable rumours.

Whistleblower Reports received outside institutional channels (e.g. communications sent directly to senior executives, verbal communications made to a superior or to other persons such as, for example, the Group Human Resources, Organisation and Services Office), must be submitted to the attention of the Supervisory Board. If the Whistleblower does not expressly state/stipulate that it is a "Confidential Whistleblower Report", or if the Report does not reveal the Whistleblower's intention to benefit from the whistleblowing protections, it could be considered an ordinary Whistleblower Report. 

Specifically, Recipients who for any reason receive Whistleblower Reports regarding alleged violations or irregularities shall: (i) ensure the confidentiality of the Whistleblower, the Reported Person and the other subjects who may be involved or mentioned in the Whistleblower Report, as well as the information received, (ii) direct the Whistleblower to comply with the Whistleblower Reporting methods set out in this Procedure and (iii) in the case of Reports received in writing, send same immediately (or in any case within seven days from receipt, to the email address: ODV.EITowers@eitowers.it or, in the case of a report sent on paper, to EI Towers S.p.A. Via G. Zanella 21, 20851 Lissone (MB), for the attention of the Supervisory Board. Recipients will in any event refrain from taking any independent initiatives for the purposes of assessment and/or investigation. The sending of the Whistleblower Report to the Supervisory Board is concurrently notified to the Reporting Party. Whistleblower Reports received in this way will be entered into and managed within the EIT Platform by the Supervisory Board.

 

7.1 Whistleblower Reports through face-to-face meetings

Whistleblowers, in addition to the communication channels set out above, may present Whistleblower Reports to the Supervisory Board in person by requesting a face-to-face meeting to be held within a maximum of 15 days from receipt of same with one of the methods indicated in Section 7[3] or, alternatively, by email sent to the email address of the Supervisory Board (ODV.EITowers@eitowers.it) with the subject “Request to meet for Confidential Whistleblower Report”. Access to this mailbox is restricted to the members of the Supervisory Board.

Following receipt of the request for a face-to-face meeting, the Supervisory Board sets the date of the meeting and communicates it to the Whistleblower within seven days of receipt.

The Supervisory Board, on the date indicated, will be present at the meeting in collective form or, alternatively, in the person of the Chairman or another external member of the Supervisory Board delegated for this purpose.

Minutes are taken of the meeting, with the consent of the Whistleblower. The Whistleblower has the right to amend and/or modify the minutes and confirms the content by signing them.

Whistleblower Reports received through face-to-face meetings will be entered into and managed within the EIT Platform by the Supervisory Board.

 

7.2 Whistleblower Reports concerning Group companies

If the Whistleblower Report refers to a Group company that has appointed its own Supervisory Board, the Supervisory Board of the Parent Company shares the Whistleblower Report without delay with the Supervisory Board of the company involved. The two Supervisory Boards will coordinate their verification activities, except in the case of Whistleblower Reports referring to significant unlawful conduct pursuant to Legislative Decree 231/2001, which remain the exclusive competence of the Supervisory Board of the company involved, as provided for in the Organisational Model adopted by same.

If the Group company to which the Whistleblower Report refers does not have a Supervisory Board, verification activities will be performed in coordination with the Board of Statutory Auditors of the Company involved, with whom the Whistleblower Report will be shared without delay.

If the Whistleblower Report refers to the work of the Supervisory Board itself and its members (conflict of interest), the Supervisory Board will refrain from taking any initiative and immediately inform the Board of Statutory Auditors of the Parent Company about such Whistleblower Report.

In the above cases, the Whistleblower Report will be managed according to the terms and methods provided in this Procedure.

 

8. WHISTLEBLOWER REPORT MANAGEMENT

The Whistleblower Reports will be managed within the EIT Platform as described below.

 

8.1 Preliminary analysis of the Whistleblower Reports

The Supervisory Board performs a preliminary analysis of the Whistleblower Report received, with the aim of verifying that the Whistleblower Report satisfies the minimum requirements established. This analysis is performed on the basis of the following elements:

• the provision of sufficiently substantiated information to support the Whistleblower Report;
• the relevance of the facts reported in relation to the Group’s operating context and the legal framework applied;
• verification of the existence of prior reports/assessments already examined in relation to the same subject;
• verification of the existence of facts or situations that are already the subject of an ongoing investigation by the public authorities (ordinary or special judicial authorities, administrative entities and independent authorities invested with supervisory and control functions).

If this preliminary analysis does not reveal the need for further verifications, the Supervisory Body archives the Whistleblower Report, explaining the reasons in the minutes of meeting for deciding not to investigate further, and will promptly inform the Whistleblower of the outcome of the procedure.

If, however, the preliminary analysis reveals the need for further investigation to verify the facts reported by the Whistleblower, where the Supervisory Board is unable to proceed directly with the competent corporate Departments/Functions, the Supervisory Board entrusts their management to the Group’s Internal Audit Function.

The Internal Audit Function then, based on the information obtained, identifies the company Management Offices/Functions with competence in the area implicated by the Whistleblower Report, which will provide support during activities to verify the Whistleblower Report.

The Supervisory Report may in any case decide to delegate (totally or in part) the performance of investigations to third party specialists and engage, where necessary, an outside Law Firm after signing a specific Mandate[4].

The preliminary analysis of the Whistleblower Report must generally be completed within 30 (thirty) working days of receipt from the Supervisory Board, except in particularly complex cases.

 

8.2 Performance of investigations

The Internal Audit Function, supported by the competent Management Offices/Functions and/or any third-party consultants, performs the investigations on a confidential basis and without formally announcing the start of work, with the aim of:

• confirming the truthfulness of the Whistleblower Reports and providing a detailed description of the proven facts;
• identifying the areas for improvement of the Internal Control System that enabled (or, in the case of unconfirmed Whistleblower Reports, that could have enabled) the Reported Person to commit the violation referred to by the Whistleblower Report.

The Internal Audit Function:

• will take all reasonable measures to ensure that the investigation is fair and impartial;
• may obtain specialist advice (e.g. external legal advice or internal advice from teams of specialists) on matters outside its sphere of competence, always within the limits of what is strictly necessary for the investigation and in compliance with the confidentiality measures provided for in the Procedure.

Investigation and verification activities must be completed within a period of time appropriate to the scope and complexity of the investigation and verification activities to perform, without prejudice to the terms of Section 8.3 below.

 

8.3 Definition of provisions

On conclusion of investigation and verification work, the Internal Audit Function prepares a summary report of the investigations performed and the evidence found and makes it available to the Supervisory Board.

The report prepared by the Internal Audit Function must:

• summarise the investigation process and the evidence gathered;
• draw reasonable conclusions on the extent of any non-compliances;
• provide recommendations and suggest actions to remedy the non-compliances, with the aim of ensuring within reason that they will not be repeated in the future.

If, based on the evidence gathered and the relevant conclusions, the Whistleblower Report is found to have a basis in fact, the Supervisory Board shares the report with the Group Human Resources, Organisation and Services Office, the Group Legal Affairs Office, and also, in the most important cases, with the Managing Director of the Parent Company and/or the delegated bodies of the company involved, in order to define any provisions to take based on the applicable legal and regulatory provisions.

If, on the other hand, the investigation and verification activities reveal that the Whistleblower Report is unfounded, it is archived.

The Supervisory Board shall provide feedback on the Whistleblower Report within three months from the date of the return receipt or, if absent, within three months starting from the expiry of the period of seven days from the submission of the Whistleblower Report.

 

8.4 Archiving and periodic reporting

The Supervisory Board archives the documentation gathered and analysed during the investigation and retains it for a period of no less than five years from the date of completion of the procedure.

The Supervisory Board monitors the number, type and content of the Whistleblower Reports received, the state of progress of any ongoing investigations, the state of implementation of corrective action defined in relation to the investigations performed, the disciplinary measures applied or any other initiatives undertaken, and sends an annual summary information report of the activities performed in compliance with the confidentiality measures provided to:

• the Board of Directors of EI Towers S.p.A.;
• the Board of Statutory Auditors of EI Towers S.p.A.;

and, for Whistleblower Reports referring to subsidiary companies, to:

• the Board of Directors of the subsidiary company;
• the Board of Statutory Auditors of the subsidiary company;

liaising in the latter two cases with the control bodies involved in the procedure.

 

9. EXTERNAL WHISTLEBLOWER REPORTS AND PUBLIC DISCLOSURE

The Whistleblower may submit a Whistleblower Report to the National Anti-Corruption Authority (ANAC) – or inform same of any retaliation they believe they have suffered – according to the terms and conditions and in the manner set out by Legislative Decree no. 24 of 10 March 2023. Specifically, the Whistleblower may submit an external Whistleblower Report only if, at the time of its submission, one of the following conditions is met: a) there is no provision for compulsory activation of the internal Whistleblowing channel or, although compulsory, it is not active or, although active, does not comply with current legislation; b) the Whistleblower has already submitted a Whistleblower Report and same has not been followed up; c) the Whistleblower has reasonable grounds to believe that if they were to submit an internal Whistleblower Report it would not be effectively followed up or that the Whistleblower Report might give rise to the risk of retaliation; d) the Whistleblower has reasonable grounds to believe that the violation might constitute an imminent or clear danger to the public interest.

ANAC publishes its contact details and instructions on how to use the external reporting channel in a dedicated section on its website (www.anticorruzione.it)[5].

If the conditions set out in Legislative Decree No. 24 of 10 March 2023 are met, the Whistleblower may make a "public disclosure", e.g. "make information on the violations publicly available through the press or electronic means or, in any case, through means of disclosure capable of reaching a large number of people". Specifically, the Reporting Officer may make a public disclosure if, at the time of the disclosure, one of the following conditions is met: a) the Whistleblower has previously submitted an internal and external Whistleblower Report or has submitted an external Report directly, under the conditions and in the manner laid down by current legislation, and no feedback has been given on the measures envisaged or adopted to follow up the Whistleblower Reports; b) the Whistleblower has reasonable grounds to believe that the violation may represent an imminent or clear danger to the public interest; (c) the Whistleblower has reasonable grounds to believe that the external Whistleblower Report may entail the risk of retaliation or may not be effectively followed up due to the specific circumstances of the case, such as where evidence may be concealed or destroyed, or where there is a well-founded fear that the person who received the Whistleblower Report may be colluding with the person responsible for or involved in the violation.

This is without prejudice to the possibility for the protected persons to apply to the competent national judicial and accounting authorities to file a complaint of unlawful conduct of which they have become aware in accordance with the applicable legal provisions.

 

10. SYSTEM OF PENALTIES

If investigations into the Whistleblower Reports, performed pursuant to this Procedure, reveal unlawful conduct attributable to senior executives and/or persons subject to their direction and supervision, the Group will take prompt and immediate action, by applying sanctions that are appropriate and proportionate, in consideration of the relevance of such conduct under criminal law, with the establishment of criminal proceedings if it constitutes a crime, as set out in Model 231, in the Group Code of Ethics and in the collective employment contract and other applicable national legislation.

Such violations damage the relationship of trust established with the Group, which is based on transparency, fairness, integrity and loyalty.

Likewise, the Whistleblower remains liable under civil and criminal law in the case of slanderous or defamatory reports pursuant to the current provisions of the Italian Criminal Code and Article 2043 of the Italian Civil Code. Specifically, in the case of a finding of the criminal liability, including through a judgement in the first instance, of the Whistleblower for the offences of defamation or slander or, in any case, for the same offences committed with a report to the judicial or accounting authorities, or the civil liability of the Whistleblower, for the same reason, in cases of wilful misconduct or gross negligence, the protection provided in the event of retaliation is not guaranteed and a disciplinary sanction is also imposed on the Whistleblower in accordance with the provisions set out in Model 231, the Group Code of Ethics and the collective labour agreement or other applicable national regulations.

 

11. CONFLICT OF INTEREST

In the framework of the Whistleblower Report management process, any conflicts of interest of the subjects involved for various reasons (e.g. competent corporate Departments/Functions, the Internal Audit Function, advisors) must be notified for the purposes of assigning preliminary analysis activities and, if necessary, the appropriate verifications/investigations to persons with no conflict of interest.

In the case of conflict of interest (other than that regulated by Section 7.2 above) regarding the Supervisory Board or the Board of Statutory Auditors of Group companies involved or their respective members, both preliminary analysis work and the appropriate investigations will be performed by the Supervisory Board of the Parent Company.

 

12. PERSONAL DATA PROCESSING

The personal data (including any sensitive data in particular categories, such as racial and ethnic background, religious and philosophical beliefs, political opinions, membership of political parties and trade unions, as well as personal data such as to reveal a person’s state of health and sexual orientation, and judicial data) of the Whistleblowers, Reported Persons and any other persons involved, received and collected during the management of the Whistleblower Reports, will be processed in full compliance with current legislation on the subject of personal data processing, and in any case in line with the EIT Group OGL on the subject of the “Management of personal data protection”, and will be limited to that which is strictly necessary to verify and manage the Whistleblower Report. Personal data will be processed for the sole purpose of implementing the provisions established by this Procedure and, therefore, of the correct management of the Whistleblower Reports received, as well as to fulfil legal and regulatory requirements in relation to confidentiality, basic rights and freedoms, and the dignity of those involved. To this end, the persons concerned will be adequately informed about the personal data processing in place.

While performing activities to verify the Whistleblower Report, all necessary measures will be taken to protect the data from accidental or unlawful destruction, loss and unauthorized disclosure.

Without prejudice to the above, all persons involved for whatever reason in the preliminary, investigative or other activities established by this Procedure guarantee, in their own sphere of knowledge and competence, the confidentiality of the documents, the data, the communications and the information received and/or provided in relation to the procedure, and that, after being taken into consideration by the Supervisory Board, same will be deleted at the end of the Whistleblower Report management procedure.

Violations of the duty of confidentiality referred to in Section 6.1 above by persons involved in managing the Reports may be the subject of disciplinary sanctions.

 

13. REVISION/UPDATING OF THE PROCEDURE

This Procedure will be reviewed periodically based on the operations and experience gained during its application, in order to ensure effectiveness over time, ongoing alignment with legislation as its stands from time to time, and consistency with best practices in this area.