Privacy information for whistleblowing

 

 

INTRODUCTION

This section of the website is intended to inform all persons entitled to submit whistleblowing reports about the features of whistleblowing, as set out in EU Directive 2019/1937 and Legislative Decree no. 24 of 10 March 2023 and the methods by which LEDERPLAST SPA complies with this law.

Reports are handled in compliance with the privacy laws set forth in EU Regulation 2016/679 (GDPR or General Data Protection Regulation) and Italian Legislative Decree no. 196/2003 as subsequently amended and supplemented (hereinafter “Privacy Code”). 
All information on the data processing carried out by the LEDERPLAST SPA Data Controller regarding whistleblowing, pursuant to Articles 13 and 14 of the GDPR, can be found in the dedicated section on the organisation’s website.

WHISTLEBLOWING LAWS

The purpose of whistleblowing laws is to ensure the protection of persons who report breaches of Italian or Union law.

This protection will be in the form of a series of measures designed to protect the identity of the reporting person and what is being reported, to ensure that the reporting person is provided with adequate assistance, and to prevent possible retaliation or attribution of responsibility by the organisation, for conduct engaged in by the reporting person for reporting purposes.

The purposes of whistleblowing laws can be summarized as:

Safety and Transparency: the protections afforded to the reporting person allow for greater safety and transparency in workplaces and organisations as they facilitate the emergence of unlawful conduct.

Prevention: the protections afforded to the reporting person help prevent unlawful conduct, as they provide a disincentive any conduct put in place by the organisation which may be in violation of Italian or European Union law.

Lawfulness: protecting the reporting person contributes to ensuring lawfulness, as it enable the detection and punishment of unlawful conduct, even in the presence of any obstacles or reticence on the part of the organisation.

In summary, whistleblowing laws are an important tool for promoting a culture of lawfulness in businesses, as it encourages the reporting of unlawful conduct and helps prevent such conduct.

WHAT WHISTLEBLOWING IS AND TO WHOM IT APPLIES

Whistleblowing is the reporting of unlawful conduct or danger of unlawful conduct by a person who has become aware of it as a result of their work or professional activities.

Persons eligible to file whistleblowing reports are:

workers (including those who have atypical, part-time and fixed-term contracts, as well as those who have an agreement or employment relationship with a temporary agency, trainees and volunteers, paid and unpaid);

contractors, self-employed workers, freelancers and consultants performing work at the organisation;

shareholders, members of governing bodies, members of supervisory or control bodies, or representatives of the organisation, even if these functions are exercised on a de facto basis.

WHAT CAN (AND WHAT CAN’T) BE REPORTED

Reports may concern breaches (acts or omissions) related to Italian or European Union law.

Breaches of Italian law include criminal, civil, administrative or accounting offenses and unlawful conduct relevant under Italian Legislative Decree 231/2001 or violations of the organisation and management models provided therein.

Breaches of European Union laws include crimes against public administration, crimes against the environment, crimes against public safety, crimes against public health, crimes against consumer protection, crimes against workers, crimes against competition, crimes against intellectual property, and violations of human rights, children’s rights, rights of people with disabilities, women’s rights, and LGBTQ+ rights.

Challenges, claims or demands related to a reporting person’s interest of a personal nature that pertain exclusively to their individual working relationships, or inherent in their working relationships with persons who are subordinate in the organisation, are excluded. Thus, reports concerning labour disputes and pre-litigation stages, discrimination between colleagues, interpersonal conflicts between the reporting person and another worker or with hierarchical superiors, and reports concerning data processing carried out in the context of the individual employment relationship in the absence of injury to the interest or integrity of the private entity are excluded. Also excluded are breaches regulated in European Union directives and regulations and in the implementing provisions of the Italian system that already guarantee special reporting procedures (e.g., reporting procedures on market abuse, relating to credit institutions or investment firms) and violations relating to national security, as well as to procurement related to defense or national security aspects.

WHAT FEATURES MUST A REPORT HAVE

Because of its importance (discovery that laws have been breached with possible resulting measures against reported persons, such as disciplinary measures and/or possible civil and criminal proceedings), a whistleblowing report must have specific features.

At the time of reporting, the reporting person must have a reasonable and well-founded reason to believe that the information about the breaches is true and falls within the scope of the cases provided for by law. A report is based on the presumption of the reporting person’s “good faith”. It must be provided by the reporting person to be helpful, in pursuit of the purposes of the law, without prejudice, ulterior motive or intent to cause harm to the organisation.

The report should be made using the prescribed channels (preferably internal channels) and should be reasonably timely, i.e., made as soon as possible after knowledge of the breach.

The report must be relevant, provide substantiated and consistent information, contain precise and corroborating evidence (based on objective factors), capable of describing the circumstances and/or conduct, which may allow all the appropriate investigations necessary to ascertain whether the reported facts are well-founded and to take the appropriate measures.

Specific eligibility requirements are assessed for each report. A report may not be followed up on if it: 1) is clearly unfounded owing to the absence of any factual basis capable of justifying investigation; 2) generic content regarding wrongdoing such as not to allow the facts to be understood; or 3) report of wrongdoing accompanied by inappropriate or irrelevant documentation.

A report must contain: 1) a clear and complete description of the facts; 2) the circumstances of time and, if known, place in which the facts were committed; 3) the generalities, if known, or other elements that would make it possible to identify the persons who have carried out the reported facts (e.g., the title or sector of activity); 4) any documents that could confirm the substantiation of reported facts; 5) any other information that could provide useful feedback about the existence of the reported facts (e.g., the other persons potentially aware of the facts or who could confirm the allegations).

For the purpose of filing a report, the reporting person may also enlist the support of a “facilitator”, that is, a natural person operating within the same work environment as the reporting person who can assist them in the reporting process.

“Anonymous” reports, i.e., reports that come to the manager’s attention in the complete absence of information about the reporting person (not even inferable directly or indirectly from the content of the report) are not allowed.

WHAT DOES A REPORTING PROCESS INVOLVE

A reporting process involves:

the report’s evidence-gathering stage, including the overview of the reporting person, a description of the reported facts, the miscellaneous or other elements that make it possible to identify the persons who have put in place the reported allegations, the circumstances of time and place in which the allegations occurred, and any documentation supporting the substantiation of the allegations;

notifying the reported person of the receipt of the report within seven days from the date of its receipt, unless the reporting person explicitly requests otherwise or unless the Italian Anti-Corruption Authority (ANAC) considers that such notice would undermine the protection of the confidentiality of the identity of the reporting person;

maintaining communication with the reporting person and requesting additional information, if necessary;

the follow-up stage of the report, through a dedicated investigation, including hearings and documentary acquisitions from various sources, aimed at making all the appropriate verification necessary to detect the merits of the report, to put in place the investigations aimed at finding the existence of the reported facts and to take the appropriate measures;

the acknowledgement to the reporting person of the outcome of the report, within three months (if there are justified and substantiated reasons within six months) from the date of the notice of receipt of the report or, in the absence of such notice, from the expiration of seven days from the receipt of the report;

the filing and record keeping of reports for the time strictly necessary for processing and, in any case, no longer than five years from the date of the communication of the final outcome of the reporting process.

WHAT IS THE PROCESS AND METHOD FOR MAKING A REPORT

Breach reports may be made in multiple ways, depending on the specific cases, using internal reporting channels, prepared by the organisation, or with external channels, or through public disclosures. All of these ways of reporting are protected and provide specific protections for the reporting person.

As indicated by the Italian Anti-Corruption Authority’s guidelines: “the legislature’s intent is to encourage reporting persons to first turn to the entity to which they are “connected”. This is because more effective prevention and detection of breaches comes through the acquisition of relevant information from those closest to the source of the breaches. This principle, moreover, is intended, on the one hand, “to foster a culture of good communication and corporate social responsibility within organisations” and, on the other hand, to ensure that, by bringing to light unlawful conduct, omissions or behavior, reporting persons contribute significantly to the improvement of their organisations”.

THE INTERNAL REPORTING CHANNELS SET UP BY THE ORGANISATION

All internal reporting channels are managed by persons (Managers) appointed for this purpose and designated by the organisation, who also operate through specifically trained staff, differentiating the collection and follow-up stages (in order to properly direct reports while avoiding any conflicts of interest, compatibility or attribution).

\Internal reporting channel Managers meet impartiality and independence requirements and aim to ensure that the reporting person is provided with adequate assistance and that the identity of the reporting person, the facilitator (if any) and the persons who are involved and mentioned are kept confidential, and that the content of the report and its supporting documentation are kept confidential.

The internal reporting channels set up by the organisation are:

A main internal whistleblowing channel, based on the WhatsApp messaging system, through a specifically dedicated whistleblowing account, set up from a mobile phone number in the organisation's name. The reporting person should contact the WhatsApp number +393452715181 to act on the report. For each report, a new “group” shall be opened named with a “report identifier”, consisting of unique sequence number (e.g. “LEDERPLAST REPORT 1234567890”). The group is closed, administered exclusively by the Reporting Managers and only the reporting person and the facilitator, if any, may take part. In the group chat, support shall be given to the reporting person, the necessary information on privacy and whistleblowing is provided, and discussions will be developed between the reporting person and the Manager with the primary purpose of ascertaining the identity of the reporting person, acquiring the contents of the report and any additions, along with any supporting documentary evidence (through all the features made available by the WhatsApp messaging system: documents, voice messaging, audio, video footage, images). The group chat is likewise used by the Manager to provide the reporting person with acknowledgement of receipt of the report and give feedback on the follow-up of the report. The Manager who is designated to manage this internal reporting channel is the Supervisory Body (SB) established in compliance with Italian Legislative Decree 231/2001, assisted by third-party professionals.

An internal secondary reporting channel, based on the handling of sealed envelope mailings. At the initiative of the reporting person, the report is placed in two sealed envelopes: the first containing the reporting person’s identifying information along with a photocopy of ID; the second containing the report and any supporting documentation. In this way, the reporting person’s identifying information is separated from the report. Both envelopes must then be placed in a third sealed envelope, which bears on the outside a combination of the words “CONFIDENTIAL WHISTLEBLOWING REPORT” and delivered to the Manager, also by regular mail. The Manager who is designated to manage this internal reporting channel is the Supervisory Body (SB) established in compliance with Italian Legislative Decree 231/2001, assisted by third-party professionals.

An internal secondary reporting channel based on direct meeting with the Manager. At the request of the reporting person, through a face-to-face meeting scheduled with the Manager, within a reasonable period of time, the report shall be made orally and documented, subject to the consent of the reporting person, either by recording on a device suitable for storage and listening or by minutes. The Manager who is designated to manage this internal reporting channel is the Supervisory Body (SB) established in compliance with Italian Legislative Decree 231/2001, assisted by third-party professionals.

The manner in which the alternative secondary channels are managed includes all the privacy and whistleblowing obligations required by the relevant laws (privacy policy, acknowledgement of receipt, acknowledgement of the report, discussions).

Regardless of the internal reporting channel used, all reports will be stored digitally and protected by appropriate encryption systems (the keys to which will be kept by the Managers) that make it impossible for the organisation to understand their contents.

All reports shall be retained for the time strictly necessary for processing (including the collection and follow-up stages that include the time of any investigation initiated for the assessment of the existence of the reported allegations, in terms of circumstances and conduct, the conduct of investigations and inquiries within the scope of the report and the adoption of any measures) and, in any case, no longer than five years from the date of the communication of the final outcome of the reporting process.

The time required to settle any disciplinary action resulting from the report and/or any civil and criminal litigation that has arisen as a result of the report may be added to these time frames, as well as the time required to dispose of or discard electronic and paper documentation related to the report.

Please note that Italian Presidential Decree no. 62 of 2013 states that the report may also be submitted to the hierarchical superior. If a report is made to an entity other than a Manager designated by the organisation or in a way not referable to an internal reporting channel established by the organisation, where the reporting person expressly states that they wish to benefit from whistleblowing protections, or where such a willingness can be inferred from the report or from conclusive conduct (simply the affirmation of the act of “reporting”), the report is considered a “whistleblowing report” and is transmitted, within seven days of its receipt, to the Manager, with simultaneous notice of the transmission to the reporting person. The Manager who is designated to manage this internal reporting channel is the Supervisory Body (SB) established in compliance with Italian Legislative Decree 231/2001, assisted by third-party professionals. Otherwise, if the reporting person does not expressly state that they wish to benefit from the protections, or said willingness is not inferred, the report is considered to be standard.

WHAT OTHER FORMS OF REPORTING ARE ALLOWED

External reporting:

The reporting person may make an external report if one of the following conditions is met at the time of its submission:

within its work environment there is no provision for mandatory activation of the internal reporting channel, or this channel, even if mandatory, is not 
active or, even if activated, does not comply with applicable law;

the reporting person has already made an internal report and it has not been followed up on;

the reporting person has reasonable grounds to believe that, if they made an internal report, the report would not be effectively followed up on or that the same report may result in the risk of retaliation; if the manager may have a conflict of interest with respect to a specific report (as, for example, a reported person or a reporting person), one of the conditions for making an external report to Italian Anti-Corruption Authority is deemed to be met, as it cannot be assured that the report will be effectively followed up on.

the reporting person has reasonable grounds to believe that the breach may pose an imminent or obvious danger to the public interest.

The Italian Anti-Corruption Authority has activated an external reporting channel that ensures the confidentiality, including through the use of encryption tools, of the identity of the reporting person, the possible facilitator and any persons involved and mentioned, as well as the confidentiality of the content of the report and its supporting documentation.

TO MAKE AN EXTERNAL REPORT THROUGH THE IT PLATFORM PREPARED BY ITALIAN ANTI-CORRUPTION AUTHORITY, PLEASE FOLLOW THIS LINK HTTPS://WWW.ANTICORRUPTION.IT/-/WHISTLEBLOWING AND FOLLOW THE ACCREDITATION AND REPORTING INSTRUCTIONS.

Public disclosure:

A reporting person who makes a public disclosure benefits from the protection provided by whistleblowing laws if, at the time of the public disclosure, one of the following conditions is met:

the reporting person has previously made an internal and external report or has directly made an external report, which was not responded to within the prescribed time;

the reporting person has reasonable grounds to believe that the breach may pose an imminent or obvious danger to the public interest;

the reporting person has reasonable grounds to believe that the external report may carry the risk of retaliation or may not be effectively followed up due to the specific circumstances of the particular case, such as those where evidence may be concealed or destroyed or where there is a reasonable fear that the recipient of the report may be colluding with or involved in the perpetrator of the breach.

WHAT PROTECTIONS ARE AFFORDED TO THE REPORTING PERSON

The protection of the reporting person and the report

The law provides that the identity of the reporting person may not be disclosed, without the express consent of the reporting person, to persons other than those responsible for receiving or following up on reports and expressly authorised to process this data. Protection covers not only the name of the reporting person but also all elements of the report from which the identification of the reporting person can be derived, directly or indirectly. The protection of confidentiality is extended to the identity of the persons involved and the persons mentioned in the report until the conclusion of the proceedings initiated on account of the report, subject to the same guarantees provided in favour of the reporting person.

Protecting the reporting person from retaliation
The law defines retaliation as any conduct, act or omission, even if only attempted or threatened, carried out because of the report, complaint to the judicial or accounting authority, or public disclosure, and which causes or may cause, to the reporting person or the person who made the complaint, directly or indirectly, unjust damage, to be understood as unjustified harm.

Typical cases that represent acts of retaliation against the reporting person are as follows:

(a) dismissal, suspension or equivalent measures;
(b) demotion in rank or failure to promote;
(c) change of role, or change of workplace;
(d) reduction of salary, or modification of working hours;
(e) suspension of training or any restriction of access to it;
(f) negative performance reviews or negative references;
(g) adoption of disciplinary measures or other penalties, including fines;
(h) coercion, intimidation, harassment or ostracism;
(i) discrimination or other unfavourable treatment;
(j) failure to convert a fixed-term employment contract into an employment contract of indefinite duration, where the employee had a legitimate expectation of such conversion;
(k) non-renewal or early termination of a fixed-term employment contract;
(l) damage, including to a person’s reputation, particularly on social media, or economic or financial harm, including loss of economic opportunities and loss of income;
(m) improper listing on the basis of a formal or informal sector or industry agreement, which may result in the person being unable to find employment in the sector or industry in the future;
(n) early termination or cancellation of an agreement for the provision of goods or services;
(o) cancellation of a licence or permit; or
(p) a request to undergo psychiatric or medical examinations.

The Italian Anti-Corruption Authority has the power to determine whether retaliation has taken place, and can call on the cooperation of the Italian Civil Service Inspectorate and the Italian National Labour Inspectorate. It is for the courts to declare retaliatory acts null and void.

Protection from retaliation is extended to the following persons:

to the facilitator, identified as the natural person who assists the reporting person in the reporting process and operating within the same work environment;

to persons in the same work environment as the reporting person, the person making a complaint, or the person making a public disclosure and who are related to them by a stable emotional or kinship relationship up to the fourth degree. The Italian Anti-Corruption Authority guidelines provide that this expression could refer, first and foremost, to those who cohabit with the reporting person. Consistent with the rationale of extending protection against retaliation to the greatest extent possible, however, the notion of a stable affective bond can be understood not only as cohabitation in the strict sense, but also as a relationship of an affective nature characterised by a certain stability.

to co-workers of the reporting person or of the person making a public disclosure, who work in the same work environment as the reporting person and who have a regular and ongoing relationship with that person. The Italian Anti-Corruption Authority guidelines provide that in the case of work colleagues, the legislature has provided that they must be those who, at the time of the report, work with the reporting person (thus excluding former colleagues) and who have a regular and current relationship with the reporting person. Thus, the rule refers to relationships that are not merely sporadic, occasional, episodic and exceptional, but rather current, long-lasting, characterised by a certain continuity such as to give rise to a relationship of community, of friendship.

to entities owned by the reporting person or for which those persons work, as well as entities operating in the same work environment as those persons.

Protection from liability for conduct engaged in by the reporting person for the purpose of reporting

For reports made in accordance with the provisions of the Whistleblowing Directive, the law provides that the reporting person is not liable for breaches that damage the reputation of the reported person (whether implicated or mentioned), for breach of copyright, for breach of secrecy obligations (other than professional, forensic and medical obligations), for breach of personal data protection laws for disclosure of trade secrets, on the sole condition that, at the time of the report, denunciation or disclosure, there were reasonable grounds to believe that the disclosure or dissemination of the information was necessary to disclose the reported infringement and that the report was made in the manner required by law.

The exemption from liability covers not only the unlawful acts related to the reporting but also the conduct engaged in for the purpose of acquiring or accessing the information that is the subject of the reported breach.

CONDITIONS GUARANTEEING THE PROTECTIONS AFFORDED TO THE REPORTING PERSON

The protections are not guaranteed when it is established, even by a first instance judgment, that the reporting person is criminally responsible for the offences of defamation or slander or, in any case, for those same offences committed with the report to the judicial or accounting authority, or that they are liable civilly, for the same reason, in cases of wilful or serious misconduct. Under such circumstances, a disciplinary sanction shall be imposed on the reporting  person or complainant.

The confidentiality of the reporting person's identity is protected even after the conclusion of the proceedings initiated as a result of the report, unless (EU Directive 2019/1937):

Disclosure is necessary for the exercise of a public right or power;

Disclosure is necessary to protect the life or physical or moral integrity of a person;

Disclosure is necessary to prevent the commission of a serious crime;

The reporting person has expressly authorised the disclosure of their identity.

In criminal proceedings, the identity of the reporting person is covered by secrecy in the manner and to the extent provided for in Article 329 of the Italian Code of Criminal Procedure.

As part of the proceedings before the Italian Court of Auditors, the identity of the reporting person may not be revealed until the investigation stage is closed.

Within the scope of disciplinary proceedings, the identity of the reporting person may not be disclosed, where the disciplinary charge is based on investigations separate and additional to the report, even if resulting from to it. If the charge is based, in whole or in part, on the report and knowledge of the identity of the reporting person is essential for the defense of the accused person, the report may be used for disciplinary proceedings only if the reporting person expressly consents to the disclosure of their identity.

We thank you for your attention in reading this document.