Your identity is protected
The report is not linked to your account. Reports are sent anonymously. Your identity will be accessible only to the whistleblowing manager if necessary.

Create an account

Registration Guide
1
User Data
2
Information and Terms
3
Privacy Policy
  • The password should consist of a minimum of 8 character types.
  • The password must have at least one numerical character.
  • Password must contain at least one uppercase letter.
  • Password must contain at least one lowercase letter.
  • The password must have at least 1 of these special characters: -_.*!$@
  • The password can not contain the following characters ' '.
Aware of the liability, including criminal responsibility for false declarations, forgery of a document or use of forged documents, as per art. 76 of Presidential Decree no. 445 of 28 December 2000, I declare that the data entered and transmitted through this software are true and correct.
Privacy Policy*

Dear User,

With this document, drawn up in accordance with Article 13 of EU Regulation No. 679/2016 (hereinafter also referred to as the "Regulation"), Cetena S.p.A. informs you, as a data subject for the processing of personal data, of the following:

  1. REGISTERED USERS

1.1 Data Controller

The Data Controller for the personal data requested from you (such as name, surname, email, password, and identity document) is  Cetena S.p.A., VAT number 00848700100, with registered office in Genova, Via Ippolito D’Aste 5, Cap 16121 (hereinafter also referred to as the "Controller"), Certified email address: cetena@pec.cetena.it, tel. +39 010 5965460 fax +39 010 5965790.

1.2 Purposes of the personal data processing and legal basis

Your personal data will be processed, using computerized and/or paper-based means, exclusively for the following purposes and on the following legal basis:

a) Purpose of managing the reserved area of the reporting website to the Oversight Board: through the management of the reserved area of the website for whistleblowing reports and the data of registered users; processing carried out based on the legal obligations to which the Controller is subject;

b) Purpose of auditing and compliance of reports to the Oversight  Board: through the activities carried out by the Controller related to the application of Legislative Decree 231/2001, and the reports based on Legislative Decree 24/2023; the processing, if not attributable to the execution of contractual and/or legal obligations on the part of the Controller, will be carried out on the basis of the legitimate interest of the Controller.

It is also noted that your data will be communicated and processed within Cetena S.p.A. by personnel duly appointed and instructed by the Controller.

1.3 Data retention period

 

Your data will be retained as follows:

  • In relation to the purpose of managing the reserved area, for 24 months from the last update or report made by you;
  • In relation to the purpose of managing reports to the Oversight  Board, for no more than 5 years from the date of communication of the final outcome of the reporting procedure.

1.4 Nature of Data Provision and Consequences of Non-Provision

The data related to registration on the website for reports to the Oversight Board are optional and are processed based on the legal obligations to which the Controller is subject; failure to provide them prevents users from completing the registration activities.

 

The data related to reports made on the website for reports to the Oversight Board and collected by it are necessary to allow for the proper management of the reports themselves.

  1. NON-REGISTERED USERS

2.1 Data Controller

. The Data Controller for the personal data that you may decide to provide (such as name, surname, email) is Cetena S.p.A., VAT number 00848700100, with registered office in Genova, Via Ippolito D’Aste 5, Cap 16121 (hereinafter also referred to as the "Controller"), Certified email address: cetena@pec.cetena.it, tel. +39 010 5965460 fax +39 010 5965790.

2.2 Purposes of the personal data processing and legal basis

Your personal data will be processed, using computerized and/or paper-based means, exclusively for the purpose of auditing and compliance of reports to the Oversight Board, through activities carried out by the Controller related to the application of Legislative Decree 231/2001 and reports based on Legislative Decree 24/2023; the processing, if not attributable to the execution of contractual and/or legal obligations on the part of the Controller, will be carried out on the bases  of the legitimate interest of the Controller.

It is also noted that your data will be communicated and processed within Cetena S.p.A. by personnel duly appointed and instructed by the Controller.

2.3 Data retention period

Your data will be retained in relation to the purpose of managing whistleblowing reports, for no more than 5 years from the date of communication of the final outcome of the reporting procedure.

2.4 Nature of data provision and consequences of non-provision

The data related to reports made on the website for reports to the Oversight Board and collected by it are necessary to allow for the proper management of the reports themselves.

  1. ALL USERS

3.1 Recipients of personal data

Your personal data may be transmitted, closely related and compatible with the purposes outlined above, to the following categories of subjects:

  • Oversight Board;
  • service providers;
  • any other subject to whom current legislation requires communication.

Contact details of external data processors carrying out activities in the interest of the Controller may be requested by you at the following Certified email address: cetena@pec.cetena.it.

3.2 Transfer of personal data to a third country or an international organization

The Controller may transfer your personal data outside the European Economic Area ("EEA"). To protect your data in the context of international transfers, the Controller will adopt appropriate safeguards, such as decisions of adequacy by the European Commission pursuant to Article 45 of the Regulation, standard contractual clauses approved by the European Commission, and contractual instruments that provide adequate guarantees (Article 46 of the Regulation). Alternatively, transfers will take place in the presence of derogations provided for in Article 49 of the Regulation (i.e., consent of the data subject, necessity of the transfer for contractual/pre-contractual measures, overriding public interest, defense in legal proceedings, vital interests of the data subject or other individuals, data entered in a public register).

3.3 Rights of the data subject

We inform you that, as a data subject, you have the right to obtain from the Controller:

Right of access:

(Article 15 of the Regulation)

confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, the right to obtain, among other things, access to your personal data and information regarding the purposes of the processing, the categories of personal data concerned and the recipients or categories of recipient to whom the personal data have been or will be disclosed.

Right to rectification:

(Article 16 of the Regulation)

(i) rectification without undue delay of inaccurate personal data concerning you and (ii) completion of your personal data, where incomplete.

Right to erasure ("right to be forgotten"):

(Article 17 of the Regulation)

erasure of personal data concerning you without undue delay (the Data Controller has the obligation to erase personal data without undue delay in the cases set out in Article 17 of the Regulation).

Right to restriction of processing:

(Article 18 of the Regulation)

restriction of processing in the cases set out in Article 18 of the Regulation.

Right to data portability:

(Article 20 of the Regulation)

receipt in a structured, commonly used and machine-readable format of personal data concerning you; the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, in the cases set out in Article 20 of the Regulation.

Right to object to processing carried out under Article 6(1)(e) or (f):

(Article 21 of the Regulation)

objection, at any time, on grounds relating to your particular situation, to the processing of personal data relating to you under Article 6(1)(e) or (f), including profiling on the basis of such provisions.

 

At any time, you may exercise the above-mentioned rights through a formal request sent to the Certified email address : cetena@pec.cetena.it.

Furthermore, you have the right to lodge a complaint with the Italian Data Protection Authority if you believe that the processing concerning your personal data violates the provisions of EU Regulation No. 679/2016.