Regulations Whistleblowing
The application used by the Savino Del Bene Group for the reporting of infringements is compliant with the following measures:
• Decree 24 dated March 10, 2023, on the “Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019, regarding the protection of persons who report infringements of EU law and on provisions regarding the protection of persons who report infringements of domestic legislation”;
• Decree 196 dated June 30, 2003, on the “Code for the Protection of Personal Data, on provisions for the alignment of domestic legislation with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and which abrogates Directive 95/46/EC;
• Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and which abrogates Directive 95/46/EC, “General Data Protection Regulation”;
• Requirements for digital reporting platforms indicated by the Italian Data Protection Authority in the penalty measure issued on June 10, 2021.
In particular, the application:
• is a completely independent digital reporting platform, separate from the IT systems of the Company, that cannot be accessed or monitored;
• the application has functionality to manage all requirements envisaged in the Decree and the privacy regulations, in compliance with the related specifications;
a) all accesses to the platform and transmissions of data are carried out using encrypted connections (https);
b) all reports are received and managed entirely within the platform environment, which can only be accessed by authorized persons;
c) the identity of reporters can be further protected by pseudonymization. In fact, data can be stored in a format that both prevents the identification of reporters without specific justification, and ensures that accesses made to their identities cannot be traced;
d) the data is held at Microsoft data centers located within the EU.