top of page
fides-whistleblowing

Whistleblowing, Legislative Decree 231/01

To submit a report, please complete the form by entering the required information and any relevant attachments.

Whistleblowing

Introduction

Fides Consulting S.r.l. hereby informs you about the processing of your personal data carried out for the purpose of collecting reports of corrupt practices, or suspected corrupt practices, through the website www.fides.it (hereinafter, the “Website”). 

Fides Consulting S.r.l., with registered office at Via Motta Casa dei Miri 21, 80054 Gragnano (NA), Italy, acts as the Data Controller. 

This privacy notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR). 

Purpose of Processing and Legal Bases

The purposes for which personal data provided directly by users through the completion of the “ISO 8.9.1 Reporting Form” are processed are listed below: 

  • For the purpose of handling and investigating the submitted report. 

Legal basis for processing: pursuit of the legitimate interests of the Data Controller (Article 6(1)(f) GDPR). 

  • To establish, exercise and/or defend the rights of the Data Controller in out-of-court proceedings, judicial proceedings, litigation management, settlements and arbitration. 

Legal basis for processing: pursuit of the legitimate interests of the Data Controller (Article 6(1)(f) GDPR).

Nature and Methods of Processing

Any processing of Personal Data will be carried out in compliance with Regulation (EU) 2016/679, the provisions of the Italian Privacy Code (Legislative Decree No. 196/2003), as amended by Legislative Decree No. 101/2018, and according to the principles of fairness, lawfulness and transparency, safeguarding confidentiality and fundamental rights and freedoms. 

The provision of personal data is optional for the achievement of the purposes listed above. However, failure to provide, partial provision, or inaccurate provision of such data may result in the objective impossibility for the Data Controller to remain in contact with the data subject and provide feedback regarding the reported matter. 

Personal data will mainly be processed at the registered office of the Data Controller and/or at the premises of any Data Processors appointed pursuant to Article 28 of Regulation (EU) 2016/679 and will not be transferred to countries outside the European Union. 

Categories of Recipients to Whom Personal Data May Be Disclosed

Personal data provided by the data subject for the purpose of investigating the report may be disclosed to employees or collaborators of the Data Controller and any Data Processors appointed pursuant to Article 28 of Regulation (EU) 2016/679, who, acting under the direct authority of the Data Controller, will process such data in accordance with appropriate instructions. The same shall apply to employees or collaborators of any appointed Data Processors. 

Please note that personal data may be disclosed, strictly within the limits necessary to achieve the purposes described above, to entities falling mainly within the following categories. A complete list may be requested from the Data Controller at the following email address, also reachable from ordinary email: info@fides.it 

  • Public Bodies and Public Administrations: for inspections and controls in compliance with tax and civil obligations. 

  • Law Firms and Consulting Companies: for advisory services within their respective areas of professional expertise. 

  • IT Infrastructure Maintenance Companies and Software Providers: for ordinary hardware/software maintenance activities, software development and delivery, or data recovery activities. 

  • Certification Bodies and Accreditation Bodies: for audit activities aimed at obtaining and/or maintaining certifications held by Fides Consulting S.r.l. 

  • Supervisory Bodies or Authorities: for inspections and controls required by law, as well as in the event of complaints.

Processing Duration and Data Retention 

The processed personal data will be retained for the time necessary to fulfil the purposes indicated in points 1 and 2 of the section “Purpose of Processing and Legal Bases” and, in any event, for no longer than five years from the date of communication of the final outcome of the reporting procedure pursuant to Article 14 of Legislative Decree No. 24 of 10 March 2023, while safeguarding the Data Controller’s right of defence.

Data Protection Officer (DPO) 

Fides Consulting S.r.l., on a voluntary basis, has appointed a Data Protection Officer (DPO), who may be contacted by email at: 

dpo@fides.it 

The following examples, which are not exhaustive, identify situations in which the DPO may or should be contacted: 

  • If you wish to exercise a right granted under the European Regulation. 

  • If you wish to challenge the rejection of a request to exercise a right, or if you believe that the response provided was unsatisfactory or not received within the prescribed time limits. 

  • If you believe that a breach of your personal data has occurred during processing carried out by the Data Controller or Data Processor. 

  • If you believe that the information notice provided is not sufficiently clear and transparent. 

  • If you require clarification or further information regarding the processing of your personal data (purposes, legal basis, retention periods, processing methods, etc.). 

  • If you need information in order to submit a complaint to the Supervisory Authority. 

Rights of the Data Subject 

At any time, the data subject may exercise their rights against the Data Controller pursuant to Articles 15 to 21 of the GDPR, whose provisions are hereby expressly referred to. 

The data subject has the right to request access to their personal data, rectification, erasure, or to object to their processing. They also have the right to request restriction of processing and to receive the personal data concerning them in a structured, commonly used and machine-readable format. 

Furthermore, the data subject may withdraw consent at any time for processing activities based on consent, without affecting the lawfulness of processing carried out prior to the withdrawal. 

Finally, the data subject has the right to lodge a complaint with the competent Supervisory Authority if they believe that their rights have not been respected in violation of GDPR principles, according to the procedures described, for example, on the website of the Italian Data Protection Authority at www.garanteprivacy.it

The exercise of the above rights may be carried out by completing the appropriate form available on the website www.fides.it or by sending a communication to the certified email address (PEC) fides@pec.fides.it (also reachable from ordinary email).
 

Changes to this Privacy Notice 

This Privacy Notice may be updated in accordance with national and European legislative provisions and/or operational decisions made by the Data Controller. 

Unless otherwise expressly specified, this Privacy Notice shall continue to apply to personal data processed up to that time. 

bottom of page