This document is adopted by Ditta Ermenegildo Rosa Salva srl Unipersonale with its registered office in 30124 Venice, San Marco 950, tax code and VAT number 00381730274, in the person of its pro tempore legal representative, PEC: info@pec.rosasalva.it, e-mail: info@rosasalva.it (hereinafter "Entity").

  • REGULATORY SOURCE AND NATURE OF THE INSTITUTION

Art. 1, paragraph 51, of Law 190/2012 (the so-called anti-corruption law) had inserted a new article, 54 bis, within Legislative Decree 165/2001, titled "Protection of the public employee who reports illicit acts", by virtue of which a measure aimed at encouraging the emergence of cases of wrongdoing, known in Anglo-Saxon countries as whistleblowing, was introduced into our legal system. The term whistleblower refers to an employee of an entity who reports, to the bodies authorized to intervene, violations or irregularities committed against the public interest. The report, in this perspective, is an act of civic sense, through which the whistleblower contributes to the emergence and prevention of risks and situations detrimental to their own entity and, by extension, to the collective public interest. Law 179/2017 titled "Provisions for the protection of authors of reports of crimes or irregularities of which they have become aware in the context of a public or private employment relationship", which came into force on December 29, 2017, then modified the aforementioned art. 54 bis of Legislative Decree 165/2001 and art. 6 of Legislative Decree 231/2001.

More recently, the institution has been regulated by Legislative Decree 24/2023, in force since 30.03.2023, implementing EU Directive 2019/1937 on the protection of persons who report breaches of Union law and containing provisions on the protection of persons who report breaches of national regulatory provisions, which, among other things, repealed art. 54-bis of Legislative Decree 165/2001, art. 6, paragraphs 2-ter and 2-quater, of Legislative Decree 231/2001, as well as art. 3 of Law 179/2017. Legislative Decree 24/2023 repeals the pre-existing national legislation on whistleblowing and consolidates into a single normative text – for the public and private sectors – the regime for the protection of individuals who report illicit conduct of which they have become aware in a work-related context.

  • PURPOSE AND AIMS OF THE PROCEDURE

The objective of the current regulation is to encourage reports of wrongdoings that harm the public interest or the integrity of the entity and, at the same time, to strengthen protection for whistleblowers, with the aim of guaranteeing the reporter's freedom of expression and reinforcing legality and transparency within entities to prevent crimes. From this dual purpose arise protection rights for the whistleblower (confidentiality, anonymity, prohibition of retaliatory acts) and specific organizational obligations for entities (establishment of internal and external reporting channels and procedures to guarantee confidentiality rights).

The purpose of this document, therefore, is to remove factors that may hinder or discourage the use of this institution, such as doubts and uncertainties about the procedure to follow and fears of retaliation or discrimination. In this perspective, the objective pursued by this procedure is to provide the whistleblower with clear operational instructions regarding the subject, content, recipients, and transmission methods of reports, as well as the forms of protection offered.

  • SUBJECT OF THE REPORT

Without prejudice to the entity's ability to extend the objective scope of this procedure, reports concerning behaviors, risks, crimes, or irregularities, committed or attempted, to the detriment of the entity, with regard to violations of national or European Union regulatory provisions that harm the public interest or the integrity of the entity, of which one has become aware in the work context, are to be considered relevant, specifically:

  • administrative, accounting, civil, or criminal offenses;
  • offenses, possibly also relevant with reference to European legislation, in the areas (by way of example) of: public procurement; financial services, products, and markets and the prevention of money laundering and terrorist financing; product safety and compliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; protection of privacy and personal data and security of network and information systems;
  • acts or omissions that harm the financial interests of the European Union;
  • violations of provisions on competition and State aid, as well as violations concerning the internal market related to acts that breach the rules on corporate tax or mechanisms whose purpose is to obtain a tax advantage that defeats the object or purpose of the applicable corporate tax law;
  • information on violations (well-founded suspicions of violations, concealment of violations).

This procedure does not apply to:

  1. disputes, claims, or requests related to a personal interest of the whistleblower or the person who has filed a complaint with the judicial or accounting authority, which pertain exclusively to their individual employment relationships, or related to their employment relationships with their hierarchical superiors;
  2. reports of violations that are already mandatorily regulated by acts of the European Union or national acts concerning financial services, products, and markets and the prevention of money laundering and terrorist financing, transport safety, and environmental protection, or by national acts that implement the European Union acts indicated in Part II of the annex to Directive (EU) 2019/1937;
  3. reports of violations concerning national security, as well as procurement related to defense or national security aspects;
  4. reports related to classified information, legal and medical professional privilege, secrecy of judicial deliberations.

With regard to anonymous reports, the discipline of this procedure does not apply, as it is designed to protect the whistleblower who, in the case of an anonymous report, is by definition anonymous. However, the same discipline will apply if, following an anonymous report, the name of the informant is revealed.

  • CONTENT OF THE REPORT

The reports must, in any case, be detailed and based on precise and consistent factual elements, of which the whistleblower became aware by reason of the functions performed within the entity or otherwise operating with the entity.

The whistleblower must provide all useful elements to allow the designated corporate bodies to carry out the necessary and appropriate checks to verify the validity of the reported facts, in particular:

  • a clear and complete description of the facts being reported;
  • if known, the circumstances of time and place in which the reported facts were committed;
  • if known, the general details or other elements (such as the position and the department in which the activity is carried out) that allow the identification of the person(s) who committed the reported acts;
  • an indication of any other individuals who can report on the facts in question;
  • an indication of any documents that can confirm the validity of these facts;
  • any other information that may provide useful feedback on the existence of the reported facts.
  • WHO CAN REPORT AND WHO IS PROTECTED

The following individuals are appropriately protected by this procedure and its concrete implementation:

  • Whistleblowers: employees of the entity, as well as self-employed workers, freelancers, consultants, partners, persons with administrative, management, control, supervision, and representation functions, volunteers, and trainees, who work for or within the entity.

It should be noted that the protective measures provided for in this procedure are guaranteed at every stage of the employment relationship (selection process or other pre-contractual phases, including any trial period) or collaboration (even after the termination of the contractual relationship).

  • Facilitators: those who operate within the same work context as the whistleblower and assist them in the reporting process.

This procedure guarantees the confidentiality of the facilitator's identity, as well as the assistance provided by them.

  • Colleagues, relatives, owned entities:
  • persons related to the whistleblower up to the fourth degree of kinship or by a stable emotional bond and who operate in the same work context as the whistleblower;
  • work colleagues with whom the whistleblower has a regular and current relationship;
  • entities owned by the whistleblower or for which the whistleblower works or that operate in the same work context as the whistleblower.

The special protection reserved for the subjects listed above provides that the entity, also in the person of the individual in charge of managing the report, adopts all the measures provided for in the subsequent § 8.

  • REPORTING CHANNELS

Whistleblowers can use the following reporting channels:

  • internal reporting channels: online platform, paper communication, telephone report, voice message, in-person meetings;
  • external reporting channel: channel provided by ANAC, which is residual in nature, as the whistleblower can resort to the external procedure only if:
  • in their work context, the activation of the internal channel is not mandatory or, if provided for, has not been activated;
  • the internal report has not been followed up;
  • they have reasonable grounds to believe that, if they were to make an internal report, it would not be followed up or they would face retaliation;
  • they have reasonable grounds to believe that the violation may constitute an imminent or manifest danger to the public interest.

In any case, the possibility of filing complaints with the judicial or accounting authority in cases within their competence remains, or of resorting to public disclosure provided the conditions of Legislative Decree 24/2023 are met.

These are the internal reporting channels provided by Ditta Ermenegildo Rosa Salva srl Unipersonale:

  • written report via the online platform available on the website https://www.rosasalva.it/
  • written report to be delivered by paper letter to:

Ditta Ermenegildo Rosa Salva srl Unipersonale

San Marco 950

30124 Venice

Attn: Report Manager / Head of Human Resources

In this case, the whistleblower must use 3 envelopes:

  • in the first envelope, a file with the whistleblower's identification data and a copy of their identity document must be inserted, unless the whistleblower wishes to remain anonymous;
  • in the second envelope, a file with the description of the report and any related attachments must be inserted;
  • in the third envelope, the first two must be inserted; this third envelope must bear the wording "for the exclusive attention of the report manager".
  • oral report through a direct meeting scheduled within a reasonable time, at the request of the reporting person; in this case, with the consent of the reporting person, the report is documented by the designated staff by recording it on a device suitable for storage and listening or by means of minutes. In the case of minutes, the reporting person can verify, correct, and confirm the minutes of the meeting by signing them.
  • HANDLING OF THE REPORT

The report will be handled by the Head of Human Resources (hereinafter referred to as the "Manager"), who must perform the following activities:

  1. issue an acknowledgment of receipt of the report to the reporting person within 7 days from the date of receipt;
  2. maintain communications with the reporting person, being able to request further information from them if necessary;
  3. diligently follow up on the reports received and, therefore, initiate an investigation aimed at assessing the existence of the reported facts, also monitoring and managing the outcomes of the investigations and any measures adopted or to be adopted;
  4. provide feedback on the report within 3 months from the date of the acknowledgment of receipt or, in the absence of such notice, within 3 months from the expiry of the 7-day period from the submission of the report;
  5. ensure that clear information is made available on the reporting channel, on the procedures and prerequisites for making internal reports, as well as on the channel, procedures, and prerequisites for making external reports.
  • PROTECTIVE MEASURES FOR THE WHISTLEBLOWER AND OTHER INVOLVED PARTIES

In managing the report, the following specific protective measures must be guaranteed:

  • the person involved will have the right to be heard or, at their request, to be heard through a paper-based procedure by producing written observations and documents;
  • the confidentiality of the whistleblower, of the persons involved in or mentioned in the report, of the other subjects indicated in § 5, as well as of the contents of the report and related documentation, must always be guaranteed;
  • it is forbidden to disclose the identity of the whistleblower without their express consent;
  • Italian and European legislation on personal data protection (EU Reg. 679/2016, Legislative Decree 196/2003) must be fully respected.

With specific reference to the obligation of confidentiality regarding the identity of the whistleblower and the content of the report, the identity of the whistleblower must be protected in every context following the report, except in cases where liability for slander and defamation under the provisions of the penal code or art. 2043 of the civil code is applicable, and in cases where anonymity is not opposable by law (e.g., criminal, tax, or administrative investigations, inspections by control bodies). Therefore, subject to the exceptions above, the identity of the whistleblower cannot be revealed without their express consent, and all those who receive or are involved in the management of the report are required to protect the confidentiality of this information. Violation of the confidentiality obligation is a source of disciplinary liability, without prejudice to other forms of liability provided for by the legal system. Specifically:

  • the identity of the reporting person and any other information from which such identity can be directly or indirectly deduced cannot be revealed, without the express consent of the same reporting person, to persons other than those competent to receive or follow up on reports, expressly authorized to process such data pursuant to articles 29 and 32, paragraph 4, of Regulation (EU) 2016/679 and article 2-quaterdecies of Legislative Decree 196/2003;
  • in the context of criminal proceedings, the identity of the reporting person is covered by secrecy in the ways and within the limits provided for by article 329 of the code of criminal procedure;
  • in the context of disciplinary proceedings, the identity of the reporting person cannot be revealed if the disciplinary charge is based on separate and additional findings to the report, even if resulting from it. If the charge is based, in whole or in part, on the report and knowledge of the reporting person's identity is essential for the defense of the accused, the report will be usable for the purposes of the disciplinary proceeding only with the express consent of the reporting person to the disclosure of their identity. In the latter case, the reporting person will be notified in writing of the reasons for the disclosure of the confidential data;
  • the reporting person will be notified in writing of the reasons for the disclosure of confidential data also in the event that the disclosure of the identity of the reporting person and the information subject of the report is essential for the defense of the person involved;
  • the identity of the persons involved and the persons mentioned in the report will be protected until the conclusion of the proceedings initiated as a result of the report, in compliance with the same guarantees provided for the reporting person.

With regard to the specific protection of the whistleblower and the other subjects referred to in § 5 from retaliation/discrimination, no form of retaliation or discriminatory measure, direct or indirect, affecting working conditions for reasons directly or indirectly related to the report is permitted or tolerated against the employee who makes a report under this procedure. Discriminatory measures mean unjustified disciplinary actions, workplace harassment, and any other form of retaliation that creates intolerable working conditions. The protection is limited to cases where both the whistleblower and the reported person are employees of the entity. An employee who believes they have suffered discrimination for having made a report of wrongdoing is required to provide a detailed account of the discrimination to the Manager who, after a preliminary assessment of the existence of the elements, reports the case of discrimination to the administrative body. The latter must, after verification, take any necessary or appropriate consequent measure to restore the situation and/or to remedy the negative effects of the discrimination, not excluding the initiation of disciplinary proceedings against the employee who carried out the discrimination. Retaliatory measures include, by way of example:

  • dismissal, suspension, or equivalent measures;
  • demotion or failure to promote;
  • change of functions, change of workplace, reduction of salary, change of working hours;
  • suspension of training or any restriction of access to it;
  • negative performance reviews or negative references;
  • imposition of disciplinary measures or other sanctions, including financial ones;
  • coercion, intimidation, harassment, or ostracism;
  • discrimination or otherwise unfavorable treatment;
  • failure to convert a fixed-term employment contract into a permanent one, where the worker had a legitimate expectation of such conversion;
  • non-renewal or early termination of a fixed-term employment contract;
  • damage, including to the person's reputation, particularly on social media, or economic or financial harm, including loss of economic opportunities and loss of income;
  • blacklisting on the basis of a formal or informal sectoral or industry-wide agreement, which may result in the person being unable to find employment in the sector or industry in the future;
  • early termination or cancellation of a contract for goods or services;
  • cancellation of a license or permit;
  • request to undergo psychiatric or medical assessments.
  • LIABILITY OF THE WHISTLEBLOWER

This procedure does not affect the criminal and disciplinary liability of the whistleblower in the event of a slanderous or defamatory report under the penal code and art. 2043 of the civil code.

Any form of abuse of this procedure, such as manifestly opportunistic reports and/or those made for the sole purpose of damaging the reported person or other subjects, and any other case of improper use or intentional instrumentalization of the institution covered by this procedure, are also a source of liability, in disciplinary and other competent forums.

Furthermore, without prejudice to the above regarding any competent disciplinary measures, if, at the end of the procedure, the Manager, based on the elements acquired, should have evidence that the report also constitutes the crime of defamation and/or slander against the reported person, they will allow the latter, upon request, access to the files of the concluded internal investigation, in order to allow them to exercise their rights.

The entity may protect itself through legal means in the event of criminal or civil offenses committed by the whistleblower.

However, a person who reveals or disseminates information on violations covered by an obligation of secrecy, other than the obligation of secrecy regarding classified information, legal and medical professional privilege, secrecy of judicial deliberations, or relating to the protection of copyright or personal data, or reveals or disseminates information on violations that offend the reputation of the person involved or reported, is not punishable when, at the time of the revelation or dissemination, there were reasonable grounds to believe that the revelation or dissemination of the same information was necessary to reveal the violation and the report or public disclosure or complaint was made in accordance with this procedure and current legal provisions. In this case, any further liability, including civil or administrative, is also excluded.

Furthermore, unless the act constitutes a crime, no liability, including civil or administrative, is incurred for the acquisition of information on violations or for access to it. Nevertheless, criminal liability and any other liability, including civil or administrative, is not excluded for behaviors, acts, or omissions not related to the report or complaint to the judicial authority or public disclosure or that are not strictly necessary to reveal the violation.