Send a report with the outmost confidentiality.
Useful Links
What to report Learn more

Privacy

WHISTLEBLOWING NOTICE

(art. 13-14 del Reg. UE 2016/679 “GDPR”)

WHO WE ARE

DATA CONTROLLER: Viva Servizi S.p.A.
Site:Via del Commercio, 29 – 60127 Ancona (AN)
Tel.: 071.28931
e-mail: ufficioprivacy@vivaservizi.it 
website: https://www.vivaservizi.it 

DATA PROCESSOR: Morolabs Srl - Avv. Massimiliano Galeazzi
Tel. / FAX: 071.9030585 / 071.2210025
e-mail: dpo@vivaservizi.it

Viva Servizi S.p.A. is the CONTROLLER of the personal data that you (data subject) communicate to us either at the time of registration or at the time of sending anonymous reports. 

DATA PROTECTION OFFICER - DPO is your point of contact for any question or problem related to the application of the Regulation.

 

WHAT WE DO WITH YOUR DATA (Data categories, a necessary requirement)

The Data Controller will process the following categories of data:

  1. common data: which include personal data, contact details, data relating to the employment or professional relationship with the company;
  2. special data: depending on the type of report, data relating to health and data revealing membership in a trade union, a political party and religious beliefs may be processed;
  3. data relating to criminal convictions or offenses: depending on the type of report, data relating to criminal convictions and offenses could be processed, as required by Legislative Decree 24/2;
  4. use of technical cookies: no personal data of users is acquired by the platform. We do not use cookies to transmit information of a personal nature, nor are persistent cookies used to track users. Only technical cookies are used to the extent strictly necessary for the correct and efficient use of the platform. The use of session cookies (which are not stored permanently on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the platform.

The whistleblower may communicate any type of information (referring both to the natural persons subject to the report and to himself) in order to represent the alleged illegal conduct of which he has become aware due to his service relationship with the organization, committed by the subjects who interact with it in various ways. 

The whistleblower is invited to communicate only the essential information. It is not necessary to report your name but, in order to receive communications and feedback from the organization, it is necessary to keep the code of the report in order to obtain the necessary feedback, in accordance with current legislation.

 

WHY WE PROCESS YOUR DATA (Purpose, legal basis)

The legal bases for handling reports of suspected illegal conduct are as follows:

  • fulfillment of a legal obligation (art. 6 pr. 1 letter c) GDPR), if  personal data other than those relating to particular categories or criminal convictions and offenses are indicated in the report;
  • obligations and rights in the field of labor law (art. 9 pr. 2 letter b) GDPR), if  personal data relating to particular categories are indicated in the report;
  • management  of judicial data (art. 10 GDPR and 2-octies Privacy Code), if the  report indicates  data relating to criminal convictions and offenses, as authorized by a law (Legislative Decree 24/23);
  • consent of the interested party (art. 6 pr.1 lett. a) GDPR), Only where the whistleblower decides to register will his personal data be processed, which remain separate from any reports. The association of identity with the report can only be carried out by those who are called to manage the report (Head of Corruption Prevention and Transparency "RPCT", Supervisory Body "OdV"). The possibility of registering remains optional. 

 

HOW WE PROCESS YOUR DATA AND BY WHAT MEANS (Processing methods)

The data will be processed mainly with IT tools and, where necessary, also in paper format, in compliance with the technical and organizational security measures provided for by internal regulations.

The Segnalazioni.net platform of Viva Servizi S.p.A. collects only registration data, if entered, and those communicated in the reports. The reports will be managed by the  RPCT through  the  planned platform, unless a crime falling within the scope of Legislative Decree 231/01 is reported, for which the reports are instead managed by the SB.

Fully automated processing, including profiling, is not foreseen.

 

WHERE YOUR DATA ENDS UP (Communication to third parties and categories of recipients)

The management and verification of the validity of the circumstances represented in the report are entrusted to the RPCT, which provides for it in compliance with the principles of impartiality and confidentiality by carrying out any activity deemed appropriate, including the personal hearing of the whistleblower and any other subjects who may report on the reported facts. 

If, on the other hand, a crime falling within the scope of the legislative decree 231/01 is reported, the report is managed by the Supervisory Body.
The recipients of the data collected following the report, if necessary, may be the Judicial Authority, the Court of Auditors and ANAC. 

It should also be noted that the report is exempt from the access provided for in articles 22 and following of Law 241/1990, articles 5 and following of Legislative Decree 33/2013 as well as articles. 15-22 GDPR. 

The data will not be processed in countries outside the European Union, thus guaranteeing the levels of protection required by current regulations.

 

HOW LONG WE KEEP YOURDATA (Retention period)

Reports and related documentation shall be kept for the time necessary to process the report and no later than five years from the date of communication of the final outcome of the reporting procedure. Personal data that are manifestly not useful for the processing of a specific report are not collected or, if collected accidentally, are deleted immediately. 

 

FROM WHOM WE RECEIVE YOUR DATA (Data source)

Personal data are always collected directly from the whistleblower. Following the report, in order to carry out the necessary investigation, audits, searches on registers and / or public databases can be carried out.

 

WHAT ARE YOUR RIGHTS

The whistleblowers have the right to request and obtain from the organization, in the cases provided, access to their personal data and the correction or cancellation of the same or the limitation of the processing that concerns them or to oppose the processing (articles 15 et seq. of the Regulation), within the limits established by art. 22 of Legislative Decree 24/2023 (Waivers and transactions).

The appropriate request can be forwarded to the Head of Corruption Prevention and Transparency in order to guarantee the necessary level of protection. In any case, the possible exercise of other rights provided for by European and national law (in particular access to administrative documents, civic access and access to personal data, see Article 12, paragraph 8, of Legislative Decree 24/2023, with reference to Articles 22 et seq. of Law no. 241/1990 and Article 5 et seq. of Legislative Decree 33/2013, as well as Article 13,  paragraph 3, of the Decree, with reference to Articles. 15-22 of the Regulation and art. 2-undecies of the Code) is subject to exceptions and limitations to the exercise by the reported party.

If you have any doubts, if we keep incorrect, incomplete data or if you think that we have mismanaged your personal data, please contact the Data Protection Officer (DPO) or send a request using the Request to Exercise Rights form available on the institutional website (this address) or at the offices. Our Data Protection Officer (DPO) will review your request and contact you to resolve the issue as soon as possible. Otherwise you have the right to lodge a complaint with the Authority for the Protection of Personal Data: www.garanteprivacy.it