Send a report with the outmost confidentiality.
Useful Links
What to report Learn more

Privacy

PERSONAL DATA PROTECTION POLICY FOR WHISTLEBLOWERS

 

This privacy policy is provided, in accordance with Article 13 of Regulation (EU) 2016/679 on the protection of personal data, to individuals (e.g., directors, managers, employees, consultants, supplier workers, etc.) who report suspected irregularities or misconducts in the work environment.

 

 

DATA CONTROLLER

HI-LEX Italy S.p.A.

Via S. Rufino, 29 – 16043 Chiavari (GE), Italy

phone.: +39 0185 368911

e-mail: hlit.privacy@hi-lex.com

 

 

 

CATEGORIES OF DATA PROCESSED

 

Personal data are provided by the whistleblower when making a report through the internal whistleblowing channel made available by the Data Controller.

Specifically,

  • the name, surname and contact details of the reporting person (unless the report is anonymous);
  • a description of the facts and event that are the object of the report that may indirectly identify the reporting party and/or reveal any information relating to special categories of personal data under Art. 9 or Art. 10 GDPR.

 

 

 

PURPOSES AND

 DATA PROCCESSING MODALITIES

 

 

 

  1. Acquisition and management of internal reports of violations of national and European regulations, including the preliminary and investigative stages aimed at ascertaining possible violations.
  2. Possible disclosure of the identity of the whistleblower to persons other than those responsible for receiving or following up reports expressly authorized.

 

The information provided and the identity of the whistleblower (if the report is not anonymous), will be treated as confidential at all stages of processing. In particular, the identity of the whistleblower and the content of the report, from which the identification of the reporter can be derived, even indirectly, will not be disclosed to third parties, nor to the persons reported or the heads of the Organizational Units to which they belong.

The identity of the whistleblower could be disclosed only in cases provided for by law or within the framework of judicial proceedings.

 

 

 

LEGAL BASIS

Fulfilling a legal obligation under the d.lgs. 24/2023 (art. 6, par.1, lett. c e art. 9, par. 2, lett. g GDPR e art. 2-octies Italian Privacy Code) for purpose 1.

Express consent of the whistleblower for purpose 2.

 

 

DATA RETENTION

Reports and related documentation shall be retained for as long as necessary for their management and, in any case, for no longer than five years from the date the report was filed. However, where applicable, such personal data may be retained for a longer period if necessary for the application of sanctions or disciplinary measures.

 

 

DATA PROVISION REQUIREMENT

The submission of data related to the report is optional. In particular, the whistleblower may submit the report anonymously.

In any case, the failure or partial provision of data regarding the reported event and the persons involved will severely limit the possibility of carrying out the necessary investigation.

 

 

 

DATA RECIPIENTS

 

The personal data and information provided may be viewed, processed and used by:

  • internal staff belonging to the office responsible for managing the reporting channel;
  • members of the Supervisory Body:
  • internal collaborators and consultants operating under the authority of the Data Controller, expressly authorized;
  • external supplier providing the reporting platform.

Finally, they may be communicated to subjects entitled to access them pursuant to provisions of law, regulations and European laws.

 

RIGHTS OF DATA SUBJECTS

The whistleblower shall have the following right as specified in the GDPR:

  • Right of access to the personal data and any other information related to the report (art. 15);
  • The right to rectification or erasure of inaccurate data and their supplementation where they are incomplete (art. 16-17).

The whistleblower may exercise the above rights by writing to the Data Controller at the above e-mail address, specifying the subject of the request, the right he or she intends to exercise, and providing any suitable identifying information that attests to the legitimacy of the request.

 

 

 

WITHDRAWAL OF CONSENT

 

 

The whistleblower may at any time revoke the consent given with regard to the disclosure of his or her identity to parties other than the relevant parties using the reporting channel.

This is without prejudice to the lawfulness of the disclosure of the reporter's identity if it is made prior to revocation.

 

 

COMPLAINT TO THE AUTHORITY

The whistleblower has the right to submit a complaint to the Italian Data Protection Authority (art. 77 GDPR).