Your identity is protected
The report is not linked to your account. Reports are sent anonymously. Your identity will be accessible only to the whistleblowing manager if necessary.

Create an account

Registration Guide
1
User Data
2
Information and Terms
3
Privacy Policy
  • The password should consist of a minimum of 8 character types.
  • The password must have at least one numerical character.
  • Password must contain at least one uppercase letter.
  • Password must contain at least one lowercase letter.
  • The password must have at least 1 of these special characters: -_.*!$@
  • The password can not contain the following characters ' '.
Aware of liability in case of false statements, production or use of false documents, pursuant to and by effect of art. 76 of the D.P.R. 445 of 28 December 2000, I declare the truthfulness and accuracy of the data entered and transmitted through the present software.
Privacy Policy*

Notice on the processing of personal data

pursuant to art. 13, EU Regulation 2016/679 in relation to whistleblowing reports

 

Pursuant to art. 13, EU Regulation 2016/679 (“European Regulation on personal data protection”, hereafter also “Regulation” or “GDPR”), this notice aims to illustrate how data are collected and what the rights of the subjects involved are in relation to whistleblowing reports.

In the application of current law on whistleblowing and for the purposes of this notice:

  • Whistleblower” means the subject who submits the report;
  • Reported Person” means the subject indicated in the report as the perpetrator of, participant in or witness to the unlawful conduct.

 

1. Data Controller

The Data Controller (hereafter “Controller”) is EI Towers S.p.A., with registered office at no. 21 Via Giacomo Zanella, Lissone (Monza e Brianza).

 

2. Data Protection Officer

The Data Controller has designated Cosimo Calabrese as Data Protection Officer (hereafter “DPO”). You may contact the DPO on all matters regarding the processing of your personal data and exercise the rights provided for in the GDPR at the following email address: DPO-EIT@eitowers.it.

 

3. Type of personal data

Receipt and management of reports gives rise to the processing of so-called general personal data (name, surname, job, contact details, etc.) and also, depending on the content of the reports and deeds and documents attached thereto, so-called sensitive data regarding political or trade union affiliation, religious beliefs and health, as per art. 9, GDPR, and personal data regarding criminal convictions and offences (art. 10, GDPR).

 

4. Purposes of data processing

The data you directly provide from the registration on the platform until reporting alleged unlawful conduct that has come to your notice by virtue of your employment, service or supply relationship with EI Towers S.p.A. are processed by the Data Controller for the purpose of managing such situations.

Personal data are therefore collected because they are in the report and/or deeds and documents attached thereto. They refer to the Whistleblower and may also refer to Reported Persons indicated as possibly responsible for unlawful conduct and persons involved in various capacities in the matters reported.

In paricular such data are processed for the purpose of submitting reports, carrying out the necessary investigations into the grounds of the report and, if appropriate, of taking appropriate corrective measures, which may include disciplinary and/or legal action against the persons responsible for the unlawful conduct.

 

5. Legal basis of processing

Processing of personal data has the following legal bases:

  1. a. processing of “general data” is necessary for compliance with a legal obligation to which the Data Controller is subject (art. 6, para. 1c, GDPR);
  2. b. processing of “sensitive” data is necessary for the purposes of carrying out the obligations and exercising specific rights of the Data Controller or of the data subject in the field of labour law (art. 9, para. 2b, GDPR);
  3. c. processing of data relative to criminal convictions and offences, given the provisions of art. 10, GDPR, is necessary for compliance with a legal obligation to which the Data Controller is subject (art. 6, para. 1c, GDPR).

 

6. Nature of data provision

For a report to be classified as whistleblowing, the whistleblower is required to provide their identification data (name, surname, contact details), as specified by the ANAC (Autorità Nazionale Anticorruzione – national anticorruption authority).

In connection with the legal bases in section 4 above, consent to the processing of data provided via a report is implicit and indispensable and in the case of objection it will not be possible to receive the report and the data will be immediately deleted.

In cases where the Whistleblower in any case wishes to proceed with an anonymous report, such action will only be taken into consideration if the report is adequately detailed to the point of revealing facts and situations related to specific contexts.

Should the report lead to disciplinary proceedings against the person responsible for the unlawful conduct, the Whistleblower’s identity will not in any case be disclosed. If knowledge of the Whistleblower’s identity is indispensable to the defence of the Reported Person, the Whistleblower will be asked whether they intend to grant their free consent to the disclosure of their identity.

 

7. Data processing methods

Personal data are processed by automated and paper-based systems for the time strictly necessary to achieve the purposes for which they were collected.

EI Towers S.p.A. has suitable measures in place to guarantee that data provided are processed appropriately and compatibly with the purposes for which they are being managed. It also employs special security (file encryption), organisational, technical and physical procedures to protect information against alteration, destruction, loss, theft or improper or illicit use.

 

8. Subjects to which data may be disclosed

The personal data of the Whistleblower and Reported Person and of anyone else in any way involved in the matter reported will not be made public. However, on request they may be disclosed to:

  • legal authorities;
  • ANAC, Autorità Nazionale Anticorruzione.

Such subjects are autonomous data controllers.

In the event of any criminal proceedings, the Whistleblower’s identity will be kept secret in the manner and within the limits provided for in art. 329, c.p.p. (code of criminal procedure).

In the event of any disciplinary proceedings, the Whistleblower’s identity will not be disclosed in any case in which the action is based on findings distinct from and further to the report itself, even if consequent upon it, whereas it may be disclosed if the following three conditions are met:

  1. a. disciplinary action is based in whole or part on the report;
  2. b. knowledge of the Whistleblower’s identity is indispensable to the defence of the Reported Person;
  3. c. the Whistleblower has given express consent to the disclosure of their identity.

 

9. Transfer of data to a foreign country

Data will not be transferred to or made public in non-EU countries.

 

10. Data retention and deletion

The body charged with receiving reports carries out a preliminary investigation. If such body finds the report manifestly unfounded, it has the report dismissed. If the report seems founded, on the other hand, it is forwarded, without the Whistleblower’s data, to the relevant internal or external bodies.

The body charged with receiving reports is also responsible for storage of all the personal data, which are kept for a period of:

  • 5 years from collection in the case that the report is dismissed;
  • in all other cases, 5 years from the closure of proceedings brought by the offices or Bodies to which the report was referred.

 

11. Data subject’s rights and Data Controller

As the data subject, you may exercise the rights provided for in articles 15 to 22, EU Regulation 2016/679.

In detail, you are entitled to ask EI Towers S.p.A. for access to personal data regarding you, for rectification or erasure of your data or for restriction of or objection to processing, as well as the right to data portability.

You may exercise your rights by writing to EI Towers S.p.A., Via Giacomo Zanella n. 21 - Lissone (MB), or by sending an email to DPO-EIT@eitowers.it .