SAGAT

The term whistleblower refers to a person who reports "violations of national or European Union law that harm the public interest or the integrity of the private entity", of which he/ he has become aware in a work context.

Legislative Decree 24/2023 - Implementation of EU Directive 2019/1937 of the 23 October 2019 - introduced measures to protect those who report breaches of European Union law and provisions concerning the protection of persons who report breaches of national regulatory provisions.

The object of the reports are the:

• violations as listed in Article 3 paragraph 1 of the aforementioned Decree and understood as conduct, acts or omissions which damage the public interest or integrity of SAGAT S.p.A. and which consist of
   

1. administrative, accounting, civil or criminal offences
2. illegal  relevant conduct under the  Legislative Decree 231/01 or violations of the Management, Organisation and Control Model of SAGAT and/or the procedures and protocols referred to therein
3. offences regarding the application of European Union or national acts and indicated in Annex 1 to the Decree, or national acts that constitute implementation of European Union acts, relating to the following sectors: public procurement, services, products and financial markets and prevention of money laundering and financing of terrorism; product safety and compliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; protection of privacy and protection of personal data and security of networks and information systems;
4. acts or omissions affecting the financial interests of the European Union, as referred to in Article 325 of the Treaty on the Functioning of the European Union
5. acts or omissions affecting the internal market, as referred to in Article 26(2) of the Treaty on the Functioning of the European Union, including violations of European Union competition and state aid rules, as well as violations affecting the internal market related to acts in violation of corporate tax rules or mechanisms whose purpose is to obtain a tax advantage that frustrates the object or purpose of the applicable corporate tax law
6. acts or conduct that frustrate the object or purpose of provisions of European Union acts in the areas referred to in points (iii), (iv) and (v) hereof.

• Information on Breaches under the Article 2, paragraph 1, letter b) of the aforementioned Decree, as information, including well-founded suspicions, concerning Breaches committed or which, on the basis of concrete elements, could be committed in SAGAT with reference to which the reporting person has a legal relationship, understood as a subordinate working relationship, or collaboration, consultancy or apprenticeship relationship, or of which the reporting person is a shareholder or has administrative, management, control, supervisory or representative functions, also by mere fact.

Reports concerning the following fall outside the scope of this policy:
 

1. Notifications, claims or requests linked to an interest of a personal nature of the reporting person or of the person making a report to the judicial or accounting authorities that relate exclusively to his/her individual working relationships, or inherent to his or her working relationships with hierarchically superior figures;
2. reports on breaches of national security, as well as on contracts relating to aspects of national defence and security, unless these aspects fall within the relevant secondary law of the European Union.

• SAGAT S.p.A employees.;
• Self-employed workers and collaborators who perform their work activities at SAGAT;
• Freelance professionals and consultants who perform their activity for SAGAT;
• Volunteers and trainees, both paid and unpaid, who work for SAGAT;
• Shareholders and persons with functions of administration, management, control, supervision or representation, also de facto;
• Persons in the same work context as the reporting person, if they disclose information of which they have become aware within their work context.

• INTERNAL WHISTLEBLOWING: 
   

1. ​Whistleblowing Portal - The Recipient of reports concerning the violations referred to above under i, iii, iv, v and vi is the Head of the Internal Audit Service, and in copy, the Data Protection Officer of the SAGAT Group. The recipient of reports concerning the violations referred to in sub iii above is the Supervisory Board. 
2. Voicemail box - The Recipient of the report is the Head of the Internal Audit Service.
3. Direct meeting with the Head of the Internal Audit Service of the Sagat Group;

• EXTERNAL REPORTING
   

The whistleblower may make an external report under the Article 6 of Legislative Decree 24/2023 if, at the time of submitting the report, one of the following conditions is met:

1. The internal reporting channel activated within his/her work context is not active or does not comply with the legal provisions;
2. he reporting person has already made an internal report and this has not been followed up;
3. The reporting person has reasonable grounds to believe that, if he/she were to make an internal report, it would not be effectively followed up or that the report might give rise to a risk of retaliation;
4. the reporting person has reasonable grounds to believe that the breach may constitute an imminent or obvious danger to the public interest.

The reporting person may make the external report using the channels that will be activated by ANAC according to Article 7 of Legislative Decree 24/2023.
 

• PUBLIC DISCLOSURE
   

The reporting person may make a public disclosure if one of the following conditions is met

1. the reporting person has previously made an internal and external report or has directly made an external report under the conditions set out in the rule and no response has been received within the prescribed time limit;
2. the person making the report has reasonable grounds to believe that the breach may constitute an imminent or obvious danger to the public interest;
3. the person making the report has justified reason to believe that the report may involve a risk of retaliation or may not be effectively followed up because of the specific circumstances of the case, such as where evidence may be concealed or destroyed, or where there is a well-founded fear that the person receiving the report may be colluding with or involved in the violation.

HANDLING OF INTERNAL REPORTS

Within 7 days of receipt of the report, the Addressee shall issue the reporting person with an acknowledgement of receipt;

the Addressee shall provide acknowledgement of the report within 3 months from the date of the acknowledgement of receipt and, at the end of the preliminary investigation phase, the Addressee shall take the consequent decisions, stating the reasons, and, where appropriate, file the report or request the Company to assess the findings for disciplinary and sanctioning purposes;

PROTECTION OF THE PERSONS INVOLVED

The identity of the person making the report and any other information from which such identity may be inferred, directly or indirectly, shall NOT be disclosed, without the express consent of the person making the report, to persons other than the Recipient.

When the disclosure of the identity of the person making the report, or of the information from which such identity may be inferred, is indispensable also for the purposes of the defence of the person involved, the Addressee shall notify the person making the report, by means of a written communication, of the reasons for the disclosure of the confidential data.

SAGAT protects the identity of the persons involved and of those mentioned in the report until the conclusion of the proceedings initiated as a result of the report, in compliance with the same guarantees provided for the person making the report.

LIABILITY OF THE WHISTLEBLOWER

If it is established, even by a judgment of first instance, that the whistleblower is criminally liable for the offences of defamation and slander or, in any case, for the same offences committed with the report, or that he/she is criminally liable for the same offences, in cases of wilful misconduct or gross negligence, the protection measures laid down in Chapter III of the aforementioned decree shall not be applied and a disciplinary sanction shall be imposed on the whistleblower.

In accordance with current regulations, we wish to inform you that SAGAT S.p.A. carries out the processing of any personal data provided with the notification in compliance with fundamental rights, with particular reference to the confidentiality of the personal identity and the right to data protection.

The Data Controller is SAGAT S.p.A., with registered office in Caselle Torinese (TO) - Strada San Maurizio n.12, can be reached at the following e-mail address privacy@sagat.trn.it or by writing to SAGAT S.p.A. - Data Controller, Strada San Maurizio n.12, Caselle Torinese (TO).

The Company has appointed a DPO (Data Protection Officer) who can be reached at the following e-mail address dpo.privacy@sagat.trn.it or by addressing the letter to SAGAT S.p.A. - DPO, Strada San Maurizio n.12, Caselle Torinese (TO).

We inform you that any personal data provided with the report are collected and processed exclusively for the purpose of carrying out the necessary investigative activities aimed at verifying the validity of the fact being reported and the adoption of the consequent measures.

The legal basis for the processing is the fulfilment of a legal obligation (Art. 12 Legislative Decree 24/2023).

We inform you that the data will be processed by authorised employees and all data collected will not be disclosed but might  be managed by any third parties appointed as data processors.

The data processing is carried out with electronic and paper support and in any case with compatible methods with the purposes for which they were collected.

SAGAT S.p.A. will not transfer the data to a third country, outside the EU, or to an international organisation.

Please note that, according to Article 14 of Legislative Decree 24/2023, any personal data collected will be kept for the necessary time  to process the report and, in any case, no longer than 5 years from the date of communication of the final outcome of the reporting procedure.

In relation to the data being processed referred to in this notice, in accordance with the EU Regulation 2016/679 the data subject has the right to:

Request the correction of inaccurate personal data and/or the integration of incomplete personal data (Art. 16 of EU Regulation 2016/679);

Request the removal of personal data only if: they are no longer necessary in relation to the purposes for which they were collected or otherwise processed; they are unlawfully processed or must be deleted in order to comply with an obligation under EU or national law (Art. 17 of EU Regulation 2016/679);

Request the restriction of the processing of personal data when: the data subject contests the accuracy of the personal data and requests the restriction for the time necessary for the controller to verify the accuracy of the personal data; the processing is unlawful and the person involved objects to the removal of the data and requests a restricted use of them, even if the owner no longer needs them , the personal data are necessary for the data subject to establish, exercise or defend a right in court (Art. 18 of EU Regulation 2016/679);

To request and receive in a structured, commonly used and machine-readable format (so-called portability) the data entered when filling in the form (Art. 20 of EU Regulation 2016/679).

The right to lodge a complaint with a supervisory authority when  the processing is violating  EU Regulation 2016/679. The complaint may be lodged with the supervisory authority of the Member State where the data subject regularly  resides,works,or where the alleged breach occurred (Art. 77 of EU Regulation 2016/679).

We inform that the data subject may exercise the above rights by writing to privacy@sagat.trn.it or addressing the letter to SAGAT S.p.A., Strada San Maurizio n.12, Caselle Torinese (TO).