PRIVACY INFORMATION
relating to the processing of the personal data concerning those parties who submit a report via My Whistleblowing
Pursuant to art. 13 of Italian Legislative Decree no. 196/2003 of the Italian Privacy Code and pursuant to art. 13 of European Regulation no. 679/2016 (hereinafter, also the “GDPR”) we hereby provide you with this disclosure.
THE CONTROLLER
The Controller in terms of processing personal data is Litokol S.p.A., based at Via Giovanni Falcone 13/1, 42048 Rubiera (RE), Italy email privacy-litokol@litokol.it
THE LOCATION WHERE PERSONAL DATA WILL BE PROCESSED
Personal data will be processed in Italy and no transfer of such data is envisaged, whether outside Italy or to a non-EU country. No personal data shall be communicated or distributed, except for statistical purposes and, in any case, this will be done in an anonymous and/or aggregate way.
PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED
The personal data you provide will be used exclusively to deal with the Whistleblowing report you make.
PERSONAL DATA PROCESSED
The only personal data processed will be:
- First name
- Last name
- Email address
THE LEGAL BASIS FOR SUCH PROCESSING
The legal basis upon which personal data is processed is given by the company’s legal obligation pursuant to art. 6 of Italian Legislative Decree no. 231 of 2001, as amended by Italian Law no. 179 of 2017, concerning the “Provisions safeguarding those parties who report an offence or an irregularity of which they become aware in the context of a public or private employment relationship”.
STORAGE PERIOD
The personal data you provide will be deleted within 5 years from the date on which it was collected.
PARTIES WITH WHOM WE SHARE THE DATA COLLECTED
Employees duly appointed to investigate Whistleblowing reports and members of the Supervisory Body may have access to your personal data, as provided for by Italian Legislative Decree no. 231/2001. Furthermore, considering that Whistleblowing reports are forwarded via the My Whistleblowing software, the provider of this software, duly appointed as a Processor pursuant to art. 28 of the GDPR, may also have access to your personal data. It is understood that, in line with the principle of protecting the confidentiality of every party who makes a report, pursuant to Italian Law no. 179/2017, any personal data concerning a reporting party that is shared will be strictly limited to that data needed to ensure their confidentiality.
METHODS BY WHICH PERSONAL DATA IS PROCESSED
Personal data will be processed with both automated tools and manual ones and for the purposes indicated above. Specific security measures are adopted to prevent any loss of data, any unlawful or improper use and any unauthorised access to it.
A DATA SUBJECT’S RIGHTS
Under certain conditions, Data Subjects have the right to exercise specific rights pursuant to art. 7, 8, 9 and 10 of the Italian Privacy Code and pursuant to arts. 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR and, specifically:
- to ask us for access to the personal data that concerns them,
- to ask us for a copy of the personal data supplied by them (so-called portability),
- to ask us to rectify the personal data in our possession,
- to ask us to delete any data for which there is no longer a valid legal basis upon which to process it,
- to oppose processing, where permitted by applicable legislation,
- to revoke any consent given to processing, in the event that the legal basis for such processing is based on the Data Subject’s consent,
- to restrict the way in which we process personal data, within the limits established by legislation concerning the protection of personal data.
Exercising these rights is subject to certain exceptions which are aimed at safeguarding the public interest (for example, in the prevention or the identification of a crime) as well as our interests (for example, in maintaining professional secrecy). In the event that a Data Subject exercises any of their aforementioned rights, we are responsible for verifying that they are legitimately entitled to exercise such a right and, as a rule, we typically respond within one month.
Any party who has a doubt regarding compliance with the privacy policy adopted by Litokol S.p.A., its application, the accuracy of their personal data, or the use of the information collected, may email us at: privacy-litokol@litokol.it. However, should anyone so wish, they may also lodge a complaint with or make a report to a competent authority, pursuant to art. 77 of the GDPR. In Italy, the competent authority is the Italian Data Protection Authority and their contact details are:
Garante per la protezione dei dati personali - Piazza di Monte Citorio n. 121 - 00186 Rome, ITALY - Fax: (+39) 06.69677.3785 - Telephone: (+39) 06.696771 - Email: garante@gpdp.it - Certified email: protocollo@pec.gpdp.it