Send a report with the outmost confidentiality.

WHISTLEBLOWING POLICY

WHISTLEBLOWING POLICY

(Regulation)

 

As implementation of the UE regulation 2019 n.1937, decree n. 24 dated 10 March 2023 was issued concerning the protection of persons who report any breaches of specific regulations or violation of ethical and social standards.

Bertelli & Partners S.r.l. is equipped with an instrument of corporate compliance (DigitalPA Whistleblowing platform), through which the employees, suppliers, customers and external cooperators can report, confidentially and safely, any crimes detected during their activity.

The crimes that can be reported to the designated Body, with detection and action powers, are mainly:

  • The so-called “predicate offences” of rule 231/01 applied by the Company and which represent criminal offences   (fraud, fraud against the State, computer crimes, embezzlement, company crimes, corruption etc.)
  • Poor practices which influence the community’s strategic interests (privacy, antitrust, environment)
  • Behaviours violating Ethical standards 

The rule clearly defines the protection of everyone reporting breaches, who cannot suffer any kind of retaliation.

Obviously, the reports must be documented and must have a serious basis in order not to incur, on the other hand, on the offence of defamation committed by the reporter in case of unfounded or non-existent complaints.

The reporting channels are three: internal to the Body, external to the Body (set up and managed by ANAC), public disclosure. In any case, it is possible to file a complaint to the judicial and accounting authorities, for cases within their competence.

In the case of Bertelli & Partners, it is possible to resort to the internal channel for complaints referring to malfeasance or violation of Organization Model 231. For violations of EU law, it is possible to file a criminal complaint or to resort independently to one of the three channels.

The designated managing institution for Whistleblowing reports is the Supervisory Body currently in charge. If the notification is received by a different body than the one in charge, it will be forwarded to the designated body within 7 days (in this case the Supervisory Body).

The application is available at the following link Whistleblowing.

The platform presents a guided mode to fill in the reports, and it is possible to either log in a new user or enter a report without logging in. Moreover, you can enter voice reports with encrypted voice modified by the system.

 

 

Once entered the notification, the provider takes over and evaluates its eligibility according to standard. Within three months from the date of receipt of the report, the provider must give some feedback to the whistleblower. It might provide one the following kinds of information:

  • The notification has been dismissed, explaining the reasons of the dismissal;
  • The validity of the notification has been assessed and the report has been submitted to the competent bodies;
  • Details of the activity carried out up to that moment and/or of the activity that it is planning to undertake.

The regulation guarantees care and protection not only to the whistleblower, but also to the facilitator (person who supports the whistleblower), to the people in the same workplace and to the co-workers.

According to art. 20 of decree n. 24 dated 10 March 2023, the whistleblower will not be held liable in penal, civil or administrative trials for:

  • disclosure and use of professional secrecy (art. 326 c.p.)
  • disclosure of professional secrecy (art. 622 c.p.)
  • disclosure of scientific and industrial secrecy (art. 623 c.p.)
  • breach of duty of loyalty and allegiance (art. 2105 c.c.)
  • breach of rules concerning the copyright protection
  • breaches of rules concerning the protection of personal data
  • disclosure or spreading of information about the violations offending the reputation of the involved person

However, the Decree sets two conditions for the exclusion of liability of the whistleblower:

  • At the moment of the disclosure or spreading, there were reasonable grounds to assume that the information was essential to reveal the reported breach.
  • The report is filed in accordance with the conditions that need to be met in order to benefit from the protection against retaliations detailed in the Decree.

Below you can find the list of administrative fines established by the regulation:

  • from 10.000 up to 50.000 euros when it is determined that the physical person held responsible has actually committed retaliations;
  • from 10.000 up to 50.000 euros when it is found that the physical person held responsible has hampered the report or attempted to block it;
  • from 10.000 up to 50.000 euros when it is established that the physical person considered responsible has violated the duty of confidentiality according to art. 12 of D.Lgs 24/2023. The sanctions that the Data Protection Authority can impose to competency profiles according to the data protection legislation remain valid;
  • from 10.000 up to 50.000 euros when it is determined that reporting channels were not created; in that case, the policy body is held responsible both in public and in private institutions;
  • from 10.000 up to 50.000 euros when it is proved that specific procedures for filing and managing reports have not been adopted, or that the implementation of such procedures does not comply with the decree; in that case, the policy body is held responsible both in public and in private institutions;
  • from 10.000 up to 50.000 when it is found that the received notifications were not assessed or analysed; in that case, the handler of the reports is held responsible both in public and in private institutions;
  • from 500 to 2.500 euros when the civil responsibility of the whistleblower for libel or slander is established, even with judgment of first instance, in case of  willful misconduct or gross negligence, except if it had already been sentenced, even with judgment of first instance, for crimes of libel or slander or for committing the same crime with report to the judicial authority.

As regards the processing of personal data related to what it is established in the GDPR, please see the policy that can be found in the access page of the Whistleblowing app.