PROCEDURE FOR HANDLING REPORTS AND COMPLAINTS
AND COMPLAINTS REGARDING VIOLATIONS OF THE CODE OF ETHICS
This procedure governs the procedures for handling complaints, claims and reports (hereinafter referred to as “complaints”) concerning violations of the ethical-behavioral principles set out in the Politubes S.r.l. Ethics Code and classified in five macro-categories (hereinafter referred to as “violations”):
- misappropriation: theft or misuse of the Organization’s assets (for example money, material goods, data and information, including intellectual property) for the benefit of the person committing the fraud;
- economic-financial reporting fraud: intentional errors or omissions of information and/or values or presentation of the same in a manner that does not comply with generally accepted accounting principles, in order to mislead the recipients;
- corruption: improper use of one’s influence in a business relationship or in a commercial transaction in violation of the law or the duty of office, in order to obtain a direct or indirect benefit;
- unlawful acts: the intentional violation of laws and/or regulations;
- other violations: any behavior which is not in line with the principles expressed in the Code of Ethics or which significantly differs from the policies and procedures adopted and disseminated by Politubes S.r.l. Complaints received from members of the company bodies, from personnel (whether or not employed) and from all those who, directly, indirectly, permanently or temporarily, establish relations with Politubes S.r.l., or in any case work to pursue its objectives (“Complainants”), shall be taken into consideration. Politubes S.r.l. undertakes to safeguard the anonymity of whistleblowers and to ensure that they are not subject to any form of retaliation.
2. REPORTING METHODS
Reports of violations may be made by letter or by e-mail, signed or anonymously, to one of the following addresses
- by ordinary mail to Politubes S.r.l., Corso di Porta Nuova 15 – 20121 Milan, for the attention of the CEO, in his capacity as Supervisory Body;
- by e-mail to: firstname.lastname@example.org – with “complaints” indicated in the subject matter;
However, Complainants are encouraged not to report anonymously, in order to facilitate any possible investigations. Politubes S.r.l. ensures maximum protection of Complainants’ data and opposes any retaliation against those who report alleged violations.
3. REPORTING PROCEDURE
- All reports of violations received, regardless of who receives them and their source, must be sent to the attention of the CEO.
- The Chief Executive Officer, with the support of other appropriate functions, will ensure that all reports received are:
- recorded and safeguarded;
- qualified (archiving or activation of investigations) with an explanation of the reasons for the decision;
- subjected, where deemed necessary, to the verification process with notification of the parties concerned.
- In order to activate the necessary checks, the CEO may, at his discretion, avail himself of any department he deems to have the professionalism and/or knowledge to provide him with the necessary support.
- It shall be the responsibility of the CEO to assess whether it is necessary to inform the whistleblower and/or complainant in advance before proceeding with the investigation.
- The CEO shall suspend or terminate the investigation at any time if it is found that the complaint is unfounded and, if it is found that the complainant is acting in bad faith, reserves the right to propose the initiation of proceedings against the complainant.
- The CEO, in compliance with the necessary confidentiality criteria, shall communicate the results of the checks and any measures proposed to remedy the irregularities found to the Head of the Department(s) concerned.
- In the event of complaints concerning the financial statements, accounting, internal controls and auditing, he/she may request further details from the Head of the Department(s) concerned, whether internal or external.
4. WHISTLEBLOWER PROTECTION
In accordance with the best practices on the subject, Politubes S.r.l. does not tolerate any kind of retaliation against anyone who, in good faith, reports an illegal activity or violation or provides assistance to the CEO and/or Management in the investigation activity.
The CEO shall not disclose the identity of the whistleblower and shall not tolerate any initiatives designed to identify the whistleblower.
Politubes S.r.l. also ensures that reports received are treated with absolute confidentiality and discretion, in line with regulatory provisions.
5. ADOPTION OF THE PROCEDURE AND INFORMATION TO EMPLOYEES AND THIRD PARTIES
This Procedure was approved on 11 January 2022.
In order to make communication and training to Employees effective, the Administration will activate the following process
- e-mailing the text of the Procedure to the heads of departments;
- posting of this Procedure on the notice board;
- indication of the references to which complaints should be addressed;
- inclusion of the Procedure on the website, so that external parties can also view its contents.
For the purposes of current legislation on data protection (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (General Data Protection Regulation, or “GDPR”), the Data Controller your personal data is: Politubes Srl, with registered office in Corso di Porta Nuova 15, 20122 – Milan – Italy, and with production site in Burago di Molgora, (MB) via E. Fermi, 9/11, 20875 – Italy, VAT number: IT 07346410967, email@example.com.
The data will be processed in the premises of Politubes in Burago di Molgora (MB) via E. Fermi, 9/11, Italy.
We protect personal data in a serious, lawful, correct and transparent way towards the interested parties. Your data is treated with great care and in full compliance with the applicable law on data processing. Both organizational and technical security measures have been adopted to protect personal data during processing. Our partners who support us will also have to comply with these provisions.
YOUR PERSONAL DATA ARE PROCESSED
- without your express agreement (Article 24 letter a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following purposes:
- conclude current contracts with our company;
- fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
- fulfill the obligations established by law, by a regulation, by legislation; Community or by an order of the Authority (such as in the field of anti-money laundering);
- exercise the rights of the owner, for example the right to defense in court;
- Only with your specific and distinct agreement (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following marketing purposes:
- send you via e-mail, post and / or text message and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and survey of the degree of satisfaction with the quality of services;
- send you commercial and / or promotional communications from third parties (for example, business partners, insurance companies, other companies connected to our company) via e-mail, post and / or sms and / or telephone contacts.
SHARING YOUR PERSONAL DATA
Where appropriate and in compliance with local laws and requirements, we may transmit your personal data, in various ways and for various reasons, to the following categories of subjects:
- Tax, audit or other authorities, when we believe in good faith that the law or other regulations require us to share this data (for example for requests from the tax authority or in relation to any anticipated dispute); o External service providers, acting on our behalf (including external consultants, business partners and professionals such as lawyers, auditors and accountants, IT consultants and technical support staff who carry out checks and development activities on our IT systems);
- External suppliers of IT services and outsourced archiving of documents, where there is a suitable data processing agreement (or similar protections);
- Marketing technology platforms and providers;
- Persons in charge of data processing (all employees, shareholders, administrators and collaborators of the owner who are entrusted with the management of the services requested from our company).
We disclose your data to other recipients only where necessary to fulfill a contract with you, or if there is a legitimate interest, either ours or the recipient, in the disclosure of your data, or if you have given your consent to such transmission.
TRANSMISSION TO ENTITIES OUTSIDE THE EUROPEAN ECONOMIC AREA
We also transfer personal data to subjects located outside the European economic area, the so-called third countries. In this case we guarantee, before any data is shared, that an appropriate level of data protection is maintained by the recipient (e.g. on the basis of an adequacy decision taken by the European Commission for the respective country or the agreement on clauses contractual standards between the European Union and the recipient) or that you have given your consent to such sharing.
We are happy to be able to provide you with an overview of all recipients in third countries and a copy of the specific clauses agreed to ensure an appropriate level of data protection. To make such a request, please use the contact details provided at the end of this Data Protection Notice.
HOW WE PROTECT YOUR PERSONAL DATA
The data will be processed with and without the aid of electronic tools, in any case by adopting the security measures required by current legislation.
We are committed to taking all reasonable and appropriate measures to protect personal information held by us from misuse, loss or unauthorized access.
To this end, we have put in place a series of appropriate technical and organizational measures. Measures are included to address any suspected data breaches.
If you suspect any misuse or loss or unauthorized access to your personal data, please notify us immediately.
If you have any complaints, you can find a list of your rights below. To exercise your rights, please use the contact information provided in this data protection statement.
RIGHT TO HAVE INFORMATION ABOUT YOUR DATA
We will provide you with all information relating to your data in our possession upon request.
RIGHT OF RECTIFICATION AND COMPLETION OF DATA
We will rectify inaccurate information about you as a result of your notification. We will complete incomplete data reported by you, provided that such data is necessary for the purpose of the processing.
RIGHT TO DELETE DATA
We will delete information held by us as a result of your request.
However, some data will only be deleted after a specific period of time, for example if we are required to keep the data by law or if we need the data to fulfill our contractual obligations towards you.
RIGHT TO BLOCK DATA
In certain cases, provided for by law, we will block your data if you wish. The blocked data will be subject to future processing to a very limited extent.
RIGHT TO WITHDRAW CONSENT
You can revoke the consent given to the processing of your data with effect for the future at any time. The legality of the processing of your data remains unaffected until the time of withdrawal of consent.
RIGHT TO OBJECT TO DATA PROCESSING
You can object to the processing of your data with effect for the future at any time, if our data processing is carried out on the basis of one of the legal justifications provided for by art. 6 (1e or 1f) of EU Regulation 2016/679. In the event of your objection, we will stop processing your data, provided that there are no compelling or legitimate reasons for further processing. The processing of your data for marketing purposes never constitutes a compelling or legitimate reason.
RIGHT TO DATA PORTABILITY
Upon your request, we may make certain information available to you in a structured, commonly used and machine-readable format.
RIGHT TO APPEAL TO THE SUPERVISORY AUTHORITY
You can lodge an appeal in relation to the processing of personal data against the data protection authority.
To do this, please contact the competent data protection authority of your place of residence or the data protection authority under whose jurisdiction our company falls (indicated below).
Guarantor for the protection of personal data
YOUR CONTACT POINTS FOR ANY QUESTIONS RELATING TO DATA PROTECTION
For any questions relating to personal data or to exercise your rights, please use the following references to contact us directly: firstname.lastname@example.org
CHANGES TO THIS INFORMATION ON DATA PROCESSING
This data processing statement reflects the current data processing status.
In the event of changes to data processing, this data processing information must be amended accordingly.