Panier
Il n'y a plus d'articles dans votre panier
Italiano
Deutsch
Español
English.png){kind=icon}
Information on the processing of personal data in the context of the management of reports of alleged illicit conduct pursuant to Legislative Decree 24/2023, so-called. “WHISTLEBLOWING”
Whistleblowing: menabo.whistlelink.com
Pursuant to Regulation 2016/679/EU (General Data Protection Regulation - hereinafter GDPR), the company F.lli Menabò srl ( VAT number 00176860351), in the person of the legal representative, with registered office in Via 8 Marzo, n. 3, Cavriago (RE) – e-mail contacts: customercare@flli-menabo.it – PEC: flli-menabo@pec.it – tel. 0522 1750280 - 0522 942840, provides you, below , the information on the processing of personal data in relation to the receipt and management of reports relating to whistleblowing.
The interested party is informed that the whistleblowing procedure is published on the institutional website of the Data Controller: www.menabocaraccessories.com at the following link: menabo.whistlelink.com/
The privacy information constitutes an integral and substantial part of the "Whistleblowing Procedure" adopted by the Data Controller.
The company F.lli Menabò srl as Data Controller of personal data is the subject who "determines the purposes and means of the processing of personal data" (art. 4, n. 7 of the Regulation General Data Protection – GDPR or GDPR) in relation to the “Whistleblowing Procedure”.
With the Legislative Decree of 10 March 2023, n. 24, Italy has implemented Directive (EU) 2019/1937 of the European Parliament and of the European Council on the protection of persons who report violations of Union law and violations of national regulatory provisions; the community regulation is aimed at harmonizing the individual national legislations on the subject of whistleblowing, through the introduction of adequate protection of subjects who, within companies in both the public and private sector, intend to report offenses of various kinds, whether administrative, accounting, civil or criminal, which they have clearly become aware of as part of their work.
Legislative Decree 24/2023 has expanded the subjective scope of application of the discipline on whistleblowing, extending the protection previously provided for employees only, also to self-employed collaborators, freelancers, paid interns and unpaid workers, interns, customers, suppliers, commercial partners, distributors, agents, shareholders, directors, members, management, supervisory and/or control bodies, former employees, former collaborators, individuals in the selection phase and all other individuals specifically indicated by Legislative Decree 24/2023.
Whoever receives and manages the reports is obliged to ensure the absolute confidentiality of the reporting and reported persons, as well as the content of the reports. It is specified that no negative consequences arise for anyone who has, in good faith, made a Report and the confidentiality of the identity of the reporter is ensured according to specific internal procedures, without prejudice to legal obligations.
- DATA CONTROLLER: The data controller is the Company F.lli Menabò srl (VAT number 00176860351), in the person of the legal representative, with registered office in Via 8 Marzo, n. 3, Cavriago (RE) – e-mail contacts: customercare@flli-menabo.it – PEC: flli-menabo@pec.it – tel. 0522 1750280 - 0522 942840
- OBJECT OF THE PROCESSING AND REPORTING CHANNELS: The owner will process your personal, identification and contact data, as well as all other data that you voluntarily enter into the report or in the documentation attached to it. It is not excluded that the Data Controller may also process particular categories of data, referred to in articles 9 and 10 of the GDPR.
The report can be made by you through the following methods (written or oral):
In written form, through the dedicated internet channel/web platform at the link: https://eu.menabocaraccessories.com/ita/contacts-ita
- fill out the appropriate form;
- orally, by reporting in audio format, always using the web platform which allows the reporter to send the report by recording a voice message.
The platform provider is designated as responsible pursuant to art. 28 GDPR by virtue of a specific contract signed between the parties; the Manager pursuant to art. 28 GDPR has the general authorization to hire sub-processors for data processing on behalf of the Customer, for which it will be fully responsible. The reporting system through the platform works in this way: a) written form with filling in the form; You can send the report via a dedicated web page by filling out the appropriate form; the report can also be forwarded anonymously if you prefer not to reveal your identity; the person appointed and authorized to receive the report (the so-called whistleblowing manager) receives a notification and at this point, examines the report received, finding the whistleblower within the legal deadlines (7 days) and carrying out the relevant investigation if he deems the report received to be founded ; b) oral form by sending the report in audio format via the platform, recording a voice message. It should be noted that the person who receives and manages the report forwarded by the whistleblower in written or oral form is a person external to the Data Controller's organization with autonomy (whistleblowing manager). The dedicated internet channel guarantees the confidentiality of the reporter, of the subjects mentioned in the report and of the content of the report. The Whistleblowing procedure is designed to guarantee protection from retaliatory or discriminatory conduct at every stage, as well as the confidentiality/confidentiality of the report. It is also specified that in particular cases the interested party may make the report using the external Anac channel, or may resort to public disclosure or a report to the judicial authority.
- PURPOSE AND LEGAL BASIS OF THE PROCESSING: The Data Controller will process the personal data communicated by you solely for the following purposes:
- taking charge of the report by the recipients (whistleblowing manager);
- sending any requests and/or receiving feedback on the requests sent by the reporting party and the recipients of the report;
- investigative management: carrying out checks on the validity of the report;
- feedback on the outcome of the report, - prevention and repression of illicit acts, including disciplinary action.
The legal basis of the aforementioned treatments can be found in the fulfillment of the legal obligation established by Legislative Decree no. 24/2023 as well as in the legitimate interest of the Data Controller to prevent and repress illicit acts and, if necessary, to protect the rights and legitimate interests of the Data Controller and/or third parties, including in court (art. 6, par. 1, letter f) of the GDPR). The legal basis can also be found, as regards the processing of particular categories of data, in article 9, par. 2, letter. b of the GDPR, as the processing is necessary to fulfill the obligations and exercise the specific rights of the data controller or the interested party in matters of labor law and social security and social protection, as well as in article 9, par. 2 lett. g of the GDPR, as the processing is necessary for reasons of significant public interest.
- STORAGE TIMES: Your personal data will be stored for the time necessary to process the report and in any case for a period of time not exceeding 5 years from the end of closure of the investigation relating to the report. In any case, the adoption of every technical and organizational measure adequate to guarantee the security of personal data pursuant to the GDPR is ensured. After the five-year period has elapsed, should there be a need to conserve the data for judicial or extrajudicial protection, and/or for any disciplinary, criminal, civil proceedings, etc., the data may be retained, even beyond the limit 5 years from the date of closure of the report.
- METHOD AND LOGIC OF PROCESSING:
Your personal data will be processed pursuant to art. 5 of the GDPR and in compliance with the principles of lawfulness, correctness and transparency. The processing of your personal data is carried out both on paper and through IT tools, as well as orally, using procedures, tools and logic that guarantee the security and confidentiality of the data. The reporting management system guarantees, at every stage, the confidentiality of the content of the report (including information on any reported persons and/or third parties indicated by the reporting party) and of the identity of the Reporting Party, also through the use of encrypted communications. There will be no confidentiality of the content of the report and the identity of the reporter in the following cases: - if the Report is unfounded and made for the sole purpose of harming the person reported or due to serious imprudence, negligence or incompetence of the Reporter; - if anonymity is not enforceable by law (e.g. criminal investigations, inspections of supervisory bodies, etc.); - if facts are revealed in the Report which, although extraneous to the corporate sphere, make the Report due to the Judicial Authority (e.g. terrorism crimes, espionage, attacks, etc.).
- SECRECY OF THE IDENTITY OF THE REPORTER: the whistleblowing procedure adopted by F.lli Menabò srl, is structured so as not to reveal the identity of the reporter. If it is necessary, in the cases strictly provided for by law (art. 12 paragraphs 2 and 5 of Legislative Decree 24/2023), to reveal the identity of the reporting person or any other information from which the identity could be deduced directly or indirectly of the whistleblower, the manager of the report will ask the whistleblower and only at that moment, if the same intends to express his consent to reveal his identity (e.g. this need could arise to guarantee the right of defense of the reported subject who is the recipient of the disciplinary proceedings ). The manager of the report will ask the reporter for his express consent by means of a specific request.
- RECIPIENTS OF THE DATA: Your data will be made accessible to the platform provider responsible pursuant to art. 28 GDPR, to any sub-managers thereof, to the subjects authorized pursuant to art. 29 GDPR who operate under the authority of the manager and any sub-manager, as well as the subjects authorized pursuant to art. 29 GDPR that operate under the authority of the Data Controller, on the basis of specific instructions provided regarding the purposes and methods of data processing, as well as on the external subject/s who receive and manage the reports with autonomy with respect to the Data Controller's organisation. A complete list of external managers and subjects appointed and authorized to process data is constantly updated and available at the headquarters ofF.lli Menabò srl. Your personal data may also be communicated to public entities, for the fulfillment of legal obligations or to satisfy requests from judicial or public security authorities.
- DATA TRANSFER: The Data Controller does not transfer personal data outside the EU area. The servers are located in the EU space. However, the Owner reserves the right to use cloud services, in which case the service providers will be selected from among those who provide adequate guarantees as required by the art. 46 GDPR.
- RIGHTS OF THE INTERESTED PARTY: In relation to the processing purposes and as an interested party, you may exercise the following rights:
- Right of access to personal data (art. 15 GDPR): obtain confirmation of the existence or otherwise of processing of personal data concerning you, as well as obtain a copy of the aforementioned data;
- Right of rectification (art. 16 GDPR): obtain, without unjustified delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data or cancellation;
- Right to cancellation (art. 17 GDPR): obtain from the Data Controller the cancellation, without unjustified delay, of the data concerning you, in the cases provided for by the GDPR;
- Right to limit processing (art. 18 GDPR): obtain from the Data Controller the limitation of processing, in the cases provided for by the GDPR;
- Right to portability (art. 20 GDPR): to receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided by the Data Controller and to obtain that they are transmitted to another data controller without impediments, in the cases provided for by the GDPR;
- Right to object (art. 21 GDPR): object at any time to the processing of personal data concerning you, for reasons related to your particular situation;
- Right to lodge a complaint with the supervisory authority (art. 77 GDPR): lodge a complaint with the Guarantor Authority for the protection of personal data.
It is specified that the requests made by each interested party may be denied in the cases provided for by current legislation. In any case, the Data Controller will provide feedback to the interested party, possibly giving evidence of the reasons for the refusal. A case that justifies the denial is one in which the exercise of these rights could cause an effective and concrete prejudice to the carrying out of the defensive investigations connected to the management of the reports or to the exercise of the right in court by the owner and/or or third parties limited to this period of time.
- HOW TO EXERCISE RIGHTS AND COMMUNICATIONS:
</ strong> The interested party will be able to exercise your rights in accordance with the provisions of the art. 12 of EU Regulation 2016/679, by sending a: - registered letter with return receipt to: F.lli Menabò srl, with registered office in Via 8 Marzo, n. 3, Cavriago (RE), or an e-mail to the following address: customercare@flli-menabo.it or a certified e-mail to the following address: flli-menabo@pec.it
The interested party will also have the right to lodge a complaint with the Guarantor Authority pursuant to art. 13 paragraph 2 lett. d) of the aforementioned regulation as well as pursuant to art. 77 of the regulation.
The rights referred to in articles 15 to 22 of the Regulation cannot be exercised with a request to the data controller or with a complaint pursuant to article 77 of the Regulation, if the exercise of these rights could result in a effective and concrete prejudice to the interests listed in art. 2-undecies of the legislative decree 30 June 2003 n. 196 s.m.i..
.png){kind=small}