Ferroli is ready for your Reports.
Ferroli S.p.A. and its affiliates (collectively, the “Ferroli Group”), being sensitive to ethical issues and wishingto operate in a proper, correct way, have established a system to receive and manage reports regardingacts or deeds which could constitute unlawful conduct or a breach of:
• the Group’s Code of Ethics.
• the Organisation, Management and Control Model pursuant to Italian Legislative Decree no.231/2001 (for Italian Companies in the Group).
• the regulations, directives, policies, and internal procedures adopted by the Group.
Employees and every recipient of the Speak-Up Policy (“Speak-Up Policy” document is available in this pagein PDF format) can make a report confidentially, meaning that the Reporting Party’s identity and thereports received will only be known to a limited number of people, or anonymously.
The Speak-Up Policy also indicates the operating procedures used to manage reports, as well as anysubsequent verification activities, in the face of unlawful conduct based on precise and consistent facts ofwhich the Reporting Party becomes aware by virtue of the functions carried out. The Speak-Up Policy alsoinforms the Reporting Party about the forms of protection and confidentiality that he can expect, andwhich are guaranteed.
The rules and principles contained in the Speak-Up Policy do not prejudice and do not limit, in any waywhatsoever, the obligations and laws covering reporting to a competent authority (judicial, supervisory orregulatory), they aim to find the right balance between the Group’s legitimate interests, as well as those ofthe companies which make up the Group, in preventing improper behaviour and the fundamental rights ofemployees and, in general, recipients of this policy, particularly with regard to processing the personal datawhich concerns them.
Download Speak-Up Policy
"The Speak-Up Policy applies to the entire Ferroli Group, to every employee no matter the country in which
they are based, and to third parties which have dealings with the Group”
Send us your report
By clicking on “CONTINUE”, the reporting party declares to have read and accepted the contents of the Policy for the use and management of the Whistleblowing tool made available by Ferroli.
INFORMATION ON THE PROCESSING OF PERSONAL DATA
Who decides why and how personal data is processed?
The Data Controller is the Company Ferroli S.p.A., with registered office in via Ritonda 78/a,37047, San Bonifacio (VR), email: email@example.com (the “Company” or “Data Controller”).
What personal data do we collect?
If a report is made by a Whistleblower (“Reporting Person”), the Company will process the following personal data:
- identification and contact data of the Reporting Person, such as name, surname, contact details, company position, if the report has been sent in a non-anonymous form;
- identification and contact data of the person presumed to have committed the offence (“Reported Person”), such as name, surname, contact data and company position;
- other personal data contained in the report and/or in documents annexed to it;
- additional data that may become available to the Data Controller, even as a result of activities aimed at verifying the validity of the report.
Where contained in the report and/or in documents annexed to it, the Company may process special categories of data and data relating to criminal convictions and offences.In accordance with the Company's defined Speak Up Policy, it will always be possible for the Reporting Person to send an anonymous report.
For what purposes do we process personal data and under what conditions are we entitled to do so?
The Company may process the data referred to in the previous section for the following purposes and conditions of lawfulness (legal basis) of processing:
- To carry out the necessary investigations aimed at verifying the validity of the fact being reported and to manage the report made by the Reporting Person in accordance with the Speak Up Policy defined by the Company.
Legal basis: the need to fulfil a legal obligation to which the Company is subject, in particular Law no. 179 of 2017 on “Provisions for the protection of the authors of reports or crimes or irregularities of which they have become aware in the context of a public or private employment relationship” which amended art. 6 of the Italian Legislative Decree 231/2001 by introducing paragraphs 2-bis, 2-ter and 2-quater.
The provision of data for this purpose is optional and, in the absence of such data, there will be no consequences other than the impossibility of following up a report; with reference to identification and contact data, the Speak Up Policy allows the Reporting Person to send the report anonymously.
- To take disciplinary measures and defend and exercise rights during judicial, administrative or extrajudicial proceedings in the context of disputes arising in relation to, or as a result of, the report. In addition to this, personal data may be processed by the Company in order to take legal action related to or arising from the report.
Legal basis: the legitimate interest of the Company in repressing unlawful conduct or conduct contrary to the Organisation, Management and Control Model pursuant to the Italian Legislative Decree 231/2001, the Code of Ethics or any Policy/Regulation of the Company and to protect its rights.
- To use the report - where it is not anonymous - in any disciplinary proceedings against the Reported Person if the claim is based, in whole or in part, on the report and knowing the identity of the Reporting Person is essential for the Reported Person's defence.
Legal basis: the consent of the Reporting Person to the disclosure of his/her identity.
The provision of data for this purpose is optional and, in the absence of it, there will be no consequences other than the impossibility of proceeding with disciplinary proceedings against the Reported Person.
How is personal data processed?
The processing of personal data will be based on the principles of lawfulness, correctness, transparency, purpose and storage limitation, accuracy, integrity and confidentiality, in accordance with current regulations on the protection of personal data. The data will be processed using electronic means, in particular through the following channels:
- mailbox: firstname.lastname@example.org
- online form available at the following address: www.ferroli.com
The data is protected by appropriate security measures to ensure its confidentiality, integrity and availability.
Who do we share personal data with?
In line with the principle of protecting the confidentiality of the Reporting Person, the disclosure of personal data will be limited to what is strictly necessary to ensure his/her confidentiality. If cases where the report has been sent anonymously, the identity of the Reporting Person will only be disclosed if there is a legal obligation to do so, for example in the context of investigations by competent authorities or legal proceedings.Personal data may be accessed by the people expressly authorised to process it by the Company which is responsible for managing reports, i.e. the members of the Corporate Speak Up Committee and, if the report concerns possible unlawful conduct that constitutes or may constitute a violation or suspected violation of the Organisation, Management and Control Model pursuant to the Italian Legislative Decree 231/2001 or significant unlawful conduct pursuant to the Italian Legislative Decree 231/2001, the members of the Supervisory Board.Moreover, in light of the fact that the Corporate Speak Up Committee is able to receive and manage reports of conduct sent to individual Companies of the Ferroli Group, established within and outside the EU, it may avail itself, where deemed appropriate, of the support of locally competent interlocutors (belonging to the individual Companies of the Group), who are entrusted with the task of carrying out investigations and formulating any corrective actions.Finally, the Corporate Speak Up Committee may avail itself of the support and cooperation of corporate functions when, due to the nature and complexity of the verifications, it becomes necessary to involve them. Personal data may also be disclosed to consultants, lawyers and professional firms providing legal assistance to the Data Controller, as well as to competent authorities (including courts), which will process it as independent data controllers.
Will personal data be transferred outside the EU?
Data may be transferred to some non-EU countries to the Companies of the Ferroli Group based in Russia, Belarus, India, China and Vietnam. In this case, the Company undertakes to ensure adequate levels of protection, even of a contractual nature, in accordance with applicable regulations, including the drafting of standard contractual clauses pursuant to art. 46, para. 2, lett. c) of the GDPR, supplemented, if necessary, by additional measures required to ensure that the level of protection of personal data is equivalent to that of the EU.
How long do we retain personal data?
Personal data is retained by the Company only for the time required to fulfil the purposes for which it was collected or any other related legitimate purpose. Therefore, if personal data is processed for two different purposes, it will be kept until the purpose with the longer retention period ends. In any case, personal data will no longer be processed for the purpose whose retention period has expired. Any personal data that is no longer necessary, or for which there is no longer a legal basis for retention, is irreversibly made anonymous (and thus can be retained) or safely destroyed.In particular, data will be retained for the following periods:
- no more than 60 days after the closing date of the investigation regarding the report, if no further action is required at the end of the investigation;
- until the final closure of the procedures activated on the basis of the report, if the report proves to be well-founded and further action is taken (including any disciplinary action or legal proceedings). In the event of judicial or extrajudicial disputes, the data will be retained until the expiry of the applicable status of limitations.
What rights can be exercised in relation to personal data?
If the necessary conditions are met and if the limitations provided for by law are not applicable, the data subjects may exercise their rights of access, rectification, cancellation, restriction and opposition.In addition to this, the data subjects may also lodge a complaint with the Supervisory Authority, the Guarantor for the protection of personal data.
Pursuant to art. 2 -undecies of the Italian Legislative Decree 196/2003 as amended by the Italian Legislative Decree 101/2018 (“Privacy Code”), the above mentioned rights may not be exercised by the Reported Person as the exercise of such rights may compromise the protection of the confidentiality of the identity of the Reporting Person. In any case, the Reported Person may exercise his/her rights through the Guarantor for the protection of personal data, following the procedures set out in art. 160 of the Privacy Code. To exercise these rights, the interested parties can send an email to the following address: email@example.com.
Last update: February 2022
The icons used in this document were created by the Maastricht European Centre on Privacy and Cybersecurity and disseminated by the Guarantor (www.garanteprivacy.it) in the form in which it received them from the authors. The icons are used here in accordance with the licence CC BY 4.0 (the conditions of which are referred to), in the form in which they are published on the Guarantor's website.
I ACCEPT THE INFORMATION AND CONTINUE