Qomprendo Logo

WHISTLEBLOWER PRIVACY NOTICE

Information pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679

WHISTLEBLOWING PROCEDURE

Dear Whistleblower,

Italia Gas e Luce srl thanks you for choosing to make a whistleblowing report. Your privacy is important to us, and we want to assure you that your personal data will be treated in accordance with applicable privacy laws. This privacy notice provides information on how your personal data will be collected and used during this procedure. Please read it carefully before providing any information.

Data Controller

The data controller is Italia Gas e Luce srl, with legal headquarters at Via della Gronda 8, 55041, Lido di Camaiore, Lucca, VAT No. 02479770469, in the person of its legal representative.

Contacts: info@italiagaseluce.it

Purpose of processing

The processing of personal data is carried out by Italia Gas e Luce srl in the performance of its connected activities. Personal data will be processed using computer and non-computer tools for the following purposes:

  • Allow the correct and complete management of the Whistleblowing procedure in accordance with the current legislation on whistleblowing;
  • allow access to the whistleblowing reporting platform;
  • assess and investigate elements relating to the whistleblowing report submitted;
  • maintain anonymity;
  • communicate any updates on the report or request further information;
  • fulfill legal and regulatory obligations to which the company is subject;
  • fulfill any other obligation strictly connected to the current legislation on whistleblowing and corruption prevention.

Types of data processed

During the whistleblowing procedure, we may collect the following types of personal data:

  • name, surname, and contact information (e.g., email address or phone number), if disclosed by the whistleblower;
  • information about the facts and circumstances of the whistleblowing report.

The personal data you provide will not be transferred to countries outside the European Union.

Method of processing and legal basis

Personal data of users are processed with appropriate security measures; these measures are useful to prevent disclosure, alteration, or other unauthorized uses.

The legal basis for processing is:

  • compliance with legal obligations as provided for by Legislative Decree No. 24 of March 10, 2023 concerning "the protection of persons who report violations of Union law and provisions concerning the protection of persons who report violations of national legal provisions".

Consequences of refusal of data

In case of failure to authorize the processing of data as provided in point 4, the interested party will not be able to use the App for the purpose of making a report.

The provision of the whistleblower's data is mandatory in the “confidential report”. Any refusal to provide data in the “nominative report” prevents the Data Controller from following up on the report you submitted.

The provision of the whistleblower's data is optional in the “anonymous report”

Sharing of Personal Data

Personal data collected during the whistleblowing procedure may be shared with the following categories of recipients:

  • trained, authorized, and appointed employees of the Data Controller and the reported company, to assess and gather more elements about the report;
  • competent authorities, if required by applicable laws;
  • other third parties, if required to protect the rights and legitimate interests of the Data Controller.

Retention period

Data is processed and stored for the time required by the purposes for which they were collected. Therefore:

  • Reports and related documentation are stored for the time necessary and in any case no longer than five years from the date of communication of the final outcome of the reporting procedure.
  • Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
  • The Data Controller may be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
  • At the end of the retention period, the Personal Data will be anonymized. Therefore, upon the expiration of this term, the right of access, deletion, rectification, and the right to data portability can no longer be exercised.

Rights of the data subject

Users can exercise certain rights with respect to the Data processed by the Data Controller. In particular, the User has the right to:

  • Access their Data. The User has the right to obtain information about the Data processed by the Data Controller, on certain aspects of the processing, and to receive a copy of the processed Data.
  • Verify and request rectification. The User can verify the correctness of their Data and request its updating or correction.
  • Obtain the limitation of processing. When certain conditions are met, the User can request the limitation of the processing of their Data. In this case, the Data Controller will not process the Data for any other purpose other than their conservation.

How to exercise the rights

To exercise the User’s rights, Users can send a request accompanied by an identification document to the contact details of the Data Controller indicated in this document. Requests are filed free of charge and processed by the Data Controller as soon as possible, in any case within one month.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller. Please regularly consult this page, referring to the last modification date indicated at the bottom.

Last modification: 12/05/2023