Your identity is protected
The report is not linked to your account. Reports are sent anonymously. Your identity will be accessible only to the whistleblowing manager if necessary.

Create an account

Registration Guide
1
User Data
2
Information and Terms
3
Privacy Policy
  • The password should consist of a minimum of 8 character types.
  • The password must have at least one numerical character.
  • Password must contain at least one uppercase letter.
  • Password must contain at least one lowercase letter.
  • The password must have at least 1 of these special characters: -_.*!$@
  • The password can not contain the following characters ' '.
Aware of liability in case of false statements, production or use of false documents, pursuant to and by effect of art. 76 of the D.P.R. 445 of 28 December 2000, I declare the truthfulness and accuracy of the data entered and transmitted through the present software.
Privacy Policy*

Whistleblowing

Privacy Policy

(articles 13 and 14 of EU Regulation 2016/679)

 

Bertelli & Partners S.r.l. invites you to carefully read the following Privacy Policy regarding the data processed for the receipt, analysis, inquiry and management of the reports and any potential subsequent action.

 

I. Data Controller

The Data Controller is Bertelli & Partners s.r.l., represented by C.E.O. Mr. Pierluigi Bertelli, with registered office in Viale Europa 188/270, 37050 Angiari (VR).

 

II. Types of Personal Data

The processed personal data are included in the following categories:

  • Personal data of the whistleblower in case of reports made not anonymously using the dedicated platform:
  • Common:
    • Mandatory: Name, surname, relationship with Bertelli & Partners s.r.l.
    • Optional: position, job qualification/relationship, telephone number, e-mail address.
  • Personal data referring to people involved in the report: the data the whistleblower provided in order to present the facts described in the report. In this case, please note that Bertelli & Partners s.r.l. cannot determine in advance which data will be the object of the report, which might therefore also involve specific information (e.g. criminal convictions, crimes, etc.). The above-mentioned data will be processed through electronic and paper-based records that guarantee data security and confidentiality. Paper-based documents are used as little as possible, and are stored according to the General Data Protection Regulation (GDPR).

 

III. Purpose of data processing and Legal Basis

Data processing aims at the receipt, analysis, inquiry and management of the reports and of any potential resulting action, and specifically at the assessment of the reported facts and the adoption of any necessary measures. According to art. 6, paragraph 1 letter f) of UE Regulation n. 679/2016 (hereafter named “Regulation”), all the personal data collected during such process are strictly functional and necessary to obtain what expected by D. Lgs. n. 24/2023. They may also be used for internal control, monitoring of company risks, defence of a right in court or for further legitimate interests of the Data Controller.

The contact details the whistleblower may have provided will be used if they need to be contacted directly or in order to give them updates about the status of the report.

 

IV. Recipients of the data

For the above-mentioned purposes, the provided personal data are made accessible only to the Supervisory Body, as co-owner of the personal data processing and competent authority appointed to receive or follow up on the analysis, inquiry and management of the reports or of any potential consequent action.

The Supervisory Body is appropriately trained in order to avoid data loss, access to the data by unauthorized individuals or unlawful processing of the data and, more generally, about the obligations concerning the protection of personal data.

Moreover, the data may also be processed by external Consultants or Third Parties with technical functions (for example, the provider of the IT platform), who act in the capacity of Responsible/Sub-Responsible of the processing. They have signed a specific contract which precisely regulates the processing activities they have been assigned and the obligations concerning data protection and security of the processing according to art. 28, paragraph 3 of the Regulation.

Finally, the personal data might also be transferred to other independent data controllers, in accordance with the previsions of the law (e.g. Public Authorities, Legal Authorities, etc.).

The whistleblower’s identity and any other information from which it can be inferred, directly or indirectly, may be disclosed to people other than the ones in charge to receive or follow up on the reports only with prior express consent of the whistleblower according to D.Lgs. n. 24/2023.  

 

The updated list of the recipients of the data can be requested at the following e-mail address: privacy@bertelli-partners.it

 

V. Data Disclosure

The personal data subject to processing will never be published, displayed or made available/accessible to indeterminate subjects.

 

VI. Data Storage 

The reports and the related documentation are stored for the time needed to process them and, in any case, no longer than 5 years starting from the date of notification of the final result of the report procedure, in compliance with the obligations of confidentiality.

In case of out of scope reports/complaints (for example disputes, claims or requests related to the personal interest of the whistleblower, communications or claims concerning commercial activities or services to the public), they will be stored for a period not exceeding 8 months from the date of first storage.

 

VII. Rights of data subjects

UE Regulation 2016/679 (articles from 15 to 22) grants to data subjects the right to exercise specific rights. In particular, concerning the processing of personal data which is object of the present Policy, the data subject has the right to ask Bertelli & Partners s.r.l. what follows:

access: the data subject can ask for confirmation of whether or not there is an ongoing data processing activity concerning them, and for further explanations about the present policy;

amendment: the data subject can ask to amend the supplied data or add information, in case they are incorrect or incomplete;

cancellation: the data subject can ask for their data to be cancelled when they are no longer necessary for the above-mentioned purposes, in case of withdrawal of the consent or of opposition to the processing, in case of unlawful processing or if there is a legal obligation to erase the data;

restriction: the data subject can ask for their data to be processed for storage purposes only (thus excluding other types of data processing) for the time needed to amend them, in case of unlawful processing for which they object to the cancellation, if they need to exercise their rights in Court and the stored data might be useful and, finally, in case of opposition to the processing during an ongoing examination about the predominance of the legitimate reasons of Bertelli & Partners s.r.l. over their own;

opposition: at any time the data subject can object to the processing of their data, except if there are legitimate reasons that prevail over their own, for example the practice or the defence in Court;

portability: the data subject can ask to receive their data or to have them forwarded to a different data controller appointed by them, in a structured, commonly used machine-readable format. Moreover, if the data subject believes that their rights were violated, they have the right to file a complaint to the Supervisory Authority, which in Italy is the Data Protection Authority.

 

According to article 2-undecies of the D.lgs. n. 196/2003 and s.m.i. (hereafter named “New Privacy Code”) and in compliance with article 23 of the Regulation, please be informed that the above-mentioned rights cannot be exercised by the people involved in the report if the exercise of such rights may cause actual and serious prejudice to the confidentiality of the identity of the whistleblower.

In particular, the exercise of such rights:

▪ is allowed according to the legal provisions or regulations that govern the sector (D.lgs. 24/2023);

▪ may be delayed, limited or excluded by providing without delay a notification explaining the reasons to the data subject, unless such notification may compromise the purpose of the limitation, for the time and to the extent in which it represents a necessary and proportioned measure, taking into account the basic rights and the legitimate interests of the data subject in order to safeguard the confidentiality of the identity of the whistleblower; 

▪ in such cases, the rights of the data subject can also be exercised through the Personal Data Protection Authority as described in article 160 of the New Privacy Code. The Data Protection Authority will then inform the data subject that the necessary assessment or review has been carried out, as well as about the data subject’s right to seek judicial remedy.

 

At any time, the data subject may request to exercise their rights to Bertelli & Partners s.r.l. by writing to the following address: privacy@bertelli-partners.it.