Your identity is protected
The report is not linked to your account. Reports are sent anonymously. Your identity will be accessible only to the whistleblowing manager if necessary.

Create an account

Registration Guide
1
User Data
2
Information and Terms
3
Privacy Policy
  • The password should consist of a minimum of 8 character types.
  • The password must have at least one numerical character.
  • Password must contain at least one uppercase letter.
  • Password must contain at least one lowercase letter.
  • The password must have at least 1 of these special characters: -_.*!$@
  • The password can not contain the following characters ' '.
Aware of liability in case of false statements, production or use of false documents, pursuant to and by effect of art. 76 of the D.P.R. 445 of 28 December 2000, I declare the truthfulness and accuracy of the data entered and transmitted through the present software.
Privacy Policy*

Privacy Policy concerning the processing of personal data of those who report (report) through the Whistleblowing platform in the light of Article 13 of the EU Regulation 2016/679 (GDPR).

 

This document has been drawn up pursuant to art. 13 of the GDPR (hereinafter referred to as the Regulation) to inform Users about the processing of their Personal Data when making a report through the Whistleblowing https://giuseppezanotti.segnalazioni.net/ platform (hereinafter the "Service").

In case of doubt, the Company encourages you to request more information about the data retention period and the criteria used to determine this period, the purposes and legal basis of the processing and your rights and how to exercise them, by sending a written communication to the Data Controller as indicated in paragraph 1 or by writing directly to the Data Protection Officer.

 

Sommario

 

1.      Who are the Data Controller and the DPO? How to contact them?. 1

2.      When does this policy apply?. 1

3.      Why do we process personal data, on what legal basis and what personal data we collect?. 2

4.      What is the nature of the provision of data and what are the consequences of refusal?. 2

5.      To whom do we disclose personal data?. 2

6.      What about international transfers?. 2

7.      How is Personal Data processed?. 2

8.      How long do we keep personal data?. 3

9.      What are your rights in relation to the processing of personal data and how they can be exercised?. 3

 

 

  1. Who are the Data Controller and the DPO? How to contact them?

The Data Controller is Giuseppe Zanotti Spa (hereinafter the Data Controller or the Company) that collects and processes personal data in relation to the use of the whistleblowing platform accessible through the site: https://giuseppezanotti.segnalazioni.net/. As Data Controller, the Company establishes the purposes and methods of processing personal data.

You can contact the Company by ordinary mail, sending a letter to Via dell'Artigianato 28 - 47030 San Mauro Pascoli (FC) or by e-mail to privacy@giuseppezanotti.com.

The Company has appointed a Data Protection Officer ("RPD/DPO") who can be contacted at dpo@giuseppezanotti.com. To know your rights, please refer to the "Rights of the data subject" section below.

  1. When does this policy apply?

The Company, through its Supervisory Body, collects and processes personal data in relation to the use of the corporate whistleblowing platform accessible through the website: https://giuseppezanotti.segnalazioni.net/. Giuseppe Zanotti may also collect data relating to reports of facts or circumstances potentially harmful to the rules on the administrative liability of companies and the Code of Ethics (D.Lgs. 231/01) conveyed also through other communication channels such as, by way of example not exhaustive: ordinary mail, e-mail, telephone, social channels... ).

  1. Why do we process personal data, on what legal basis and what personal data do we collect?

The legal basis for processing is Art. 6 paragraph 1 lett. c) of the GDPR, namely: "The processing is necessary to fulfil a legal obligation to which the data controller is subject" both with regard to common personal data (art. 6 par. 1, lett. c), the other categories of personal data (art. 9, par. 2, lett. b) and for judicial personal data (art. 10 of the GDPR).

By accessing the platform it is possible to report facts and circumstances of importance in orders for possible violations relevant for the purposes of the rules on the administrative responsibility of companies and the code of ethics (D.Lgs. 231/01).

The processing of the personal data provided is aimed at the management of reports in accordance with the regulatory requirements laid down in Law 179/17: "Provisions for the protection of whistleblowers who become aware of crimes or irregularities in the context of a public or private employment relationship".

WARNING: in case of connection to the https://giuseppezanotti.segnalazioni.net/ site via intranet or company device, the company could track the access logs and therefore also the IP address of the device in addition to the date, time and duration of the connection. For this reason, in compliance with the rules governing the Whistleblowing tool, in order to ensure the complete anonymity of the reporter, it is recommended to access the whistleblowing platform only through devices (smartphones, tablets, laptops, PCs...) and connections (network or VPN) other than corporate connections.

The reporter can trace his own report through the unique code linked to the report that is assigned at the time of sending the report.  The reporter may freely communicate certain personal data, in particular common data (by way of example, but not exhaustive: name and surname, e-mail address, telephone). This data makes the report more complete, however it is not mandatory.

  1. What is the nature of data provision and what are the consequences of refusal?

The provision of personal data is entirely voluntary. The use of the platform can also take place anonymously, that is, without the acquisition of any personal identifying data of the reporting person.

  1. To whom do we communicate personal data?

The personal data thus collected may be shared, for the purposes referred to in section 3 of this Policy, with:

  1. Subjects that typically act as External Data Processors or by subjects that cooperate with the Data Controller for the pursuit of the above purposes, including subjects delegated to perform technical maintenance activities;
  2. Subjects, Bodies or Authorities to whom it is mandatory to communicate personal data pursuant to provisions of law or orders from the authorities;
  3. Persons authorized by the Data Controller to process personal data must carry out activities strictly related to the production of services that have committed to confidentiality or have in any case an adequate legal obligation of confidentiality.
  1. What about international transfers?

There is no transfer of personal data outside the EU. If this happens, the transfer of data to third parties located outside the EU will be carried out in compliance with the requirements set out in EU Regulation 2016/679 ("GDPR").

  1. How is Personal Data processed?

The data are processed exclusively on computer.  Specific security measures shall be observed to prevent unlawful or incorrect use of data and unauthorized access. In particular:

  • all the processed data are encrypted (reporting data, reports) with different crypted keys for each table;
  • the data of the reporting agent are stored in a separate table from the content of the report issued by the reporting agent;
  • the report shall be assigned an anonymous identification code. In this way, for the whole process of managing the report and also after its storage, the personal data of the reporter will be accessible only to personnel specially authorized, only in order to allow verification of the alert and in full compliance with the relevant legislation.
  1. How long do we keep personal data?

Your personal data will be stored for the time strictly necessary to achieve the purposes for which they were collected. In any case, since these treatments are carried out for the management of reports in accordance with the regulatory requirements laid down in Law 179/17: "Provisions for the protection of whistleblowers who have become aware of crimes or irregularities in the context of a public or private employment relationship" shall be retained for as long as it is necessary for their definition and in any event for a period not exceeding five years from the date of notification of the final outcome of the reporting procedure.

  1. What are your rights in relation to the processing of personal data and how can they be exercised?

The user can at any time and free of charge (a) obtain confirmation of the existence or not of data concerning him and being notified; (b) know the origin of the data, the purposes of the processing and its methods, as well as the logic applied to the processing carried out by electronic means; (c) request the updating, rectification or - if interested - integration of data; (d) obtain deletion, transformation into an anonymous form or the blocking of any data processed in violation of the law, and to oppose, for legitimate reasons, the processing; (e) oppose, in whole or in part, the processing of data concerning him for direct marketing purposes carried out through automated and/or traditional methods; (f) revoke, at any time, consent to the processing of data, without affecting in any way the lawfulness of the processing based on the consent given before the withdrawal.

You may at any time, in accordance with the procedures referred to in paragraph 1, (a) request the restriction of the personal data processing in the event that (i) disputes the accuracy of personal data, for the period necessary to verify the accuracy of such personal data; (ii) the processing is unlawful and you oppose the deletion of personal data and instead ask for its use to be limited; (iii) although the company no longer needs it for the purposes of processing, the personal data are necessary for you to ascertain, the exercise or defence of a right in court; (iv) You have opposed the processing pursuant to art. 21, paragraph 1, of the Privacy Regulation pending verification of the possible prevalence of the legitimate reasons of the data controller compared to those of the data subject; (b) object at any time to the processing of personal data based on legitimate interest; (c) request the erasure of personal data concerning him without undue delay; (d) obtain the portability of personal data concerning him; (e) file a complaint with the Data Protection Authority if the conditions are met.

Even the person reported (that is, the alleged author of the offence) is not absolutely precluded the possibility of exercising the rights provided for by art. from 15 to 22 of Regulation (EU) 2016/679.

In fact, according to paragraph 3 of art. 2-undecies of the Privacy Code, the rights in question may be exercised in accordance with the provisions of law or regulation governing the sector. The exercise of the same rights may, in any case, be delayed, limited or excluded by reasoned communication and made without delay to the data subject, unless the communication may compromise the purpose of the restriction, for the time and to the extent that this is necessary and proportionate, taking into account the fundamental rights and legitimate interests of the data subject.

In such cases, the rights of the data subject may also be exercised through the Guarantor in the manner referred to in Article 160. In such cases, the Guarantor shall inform the data subject that he has carried out all the necessary checks or carried out a review, as well as of the right of the data subject to bring legal proceedings. The data controller shall inform the data subject of the possibilities referred to in this paragraph.

At any time you can exercise the above rights by sending a written request to the Data Controller at the addresses referred to in paragraph 1 or by sending an email to dpo@giuseppezanotti.com

  1. Changes and updates.

This information is valid from the date indicated below. The Company may also make changes and/or additions to this information, also as a consequence of any subsequent changes and/or regulatory additions to the Privacy Regulation. Where technically possible, changes will be notified in advance through one of the contact tools that the Company has or by publishing the text of the new information updated at the link https://giuseppezanotti.segnalazioni.net/privacy.

 

San Mauro Pascoli, December 19 2022