SIA, in full compliance with the legislation in force on whistleblowing, the Code of Ethics, the Organizational Model pursuant to Legislative Decree 231/2001, the regulations, including local regulations, the company's anti-corruption guidelines and the policy on the protection and processing of personal data, has drawn up the procedures for receiving and processing notifications of breaches and violations of the Code of Ethics and the Organizational Model, even potential ones.
SIA's policy for the protection of persons forwarding notifications and of persons who might declare that they are aware of the facts that are the subject of said notifications.
Notifications must contain concrete, sufficiently detailed and, where appropriate, documented facts. The person forwarding the notification and those who declare that they are aware of the facts therein are granted anonymity and benefit from special guarantees of confidentiality and protection, with the exception of the cases in which:
- the person who sent the notification expressly declares their consent to its disclosure;
- national legislation provides for and requires disclosure;
- disclosure is indispensable for the exercise of the right of defense by the person who sent the notification;
- disclosure is required for the prevention or reduction of serious threats to people’s health and/or safety..
In any case, SIA is committed to ensuring that those who have sent the notification will not be subject to retaliation, discrimination or, in any case, penalized, thus ensuring the appropriate confidentiality of such persons (unless otherwise required by law).
Processing of confidential information and documents.
The information and documents transmitted with the notification are classified by the company as "confidential" and are stored securely, in compliance with the regulations, including local regulations, and the company policy on the protection and processing of personal data [only when storage is required by regulations, including local regulations, and the company policy].
Communication regarding the procedure and the processing of personal data.
It is the duty of the company to give communication of the existence of a procedure in place to the person who sent the notification, to the person who is the subject of the notification, to the person included in the notification as somebody able to report on the fact reported, and to any witness. Each one of these persons has the right to request changes, additions, updates or deletion of personal data when they are no longer necessary in relation to the purpose for which they were collected and possibly processed in compliance with the legislation in force, including local legislation, and with the company policy regarding the protection and processing of personal data.