Whistleblowing
1. PURPOSE
The purpose of this document - referred to as the "Whistleblowing Procedure" or simply the "Procedure" - is to regulate the operational procedures for handling Whistleblowing in the light of the Legislative Decree 24/2023 concerning "the protection of persons reporting breaches of European Union law and violations of national regulations" ("Whistleblowing Decree"). The Procedure is an integral part of the organizational, management and control model adopted by Sergio Rossi S.p.A. pursuant to Legislative Decree No. 231/2001 and can be consulted at any time and by anyone who is interested at the web page https://www.sergiorossi.com, Legal Area section.
2. REGULATORY FRAMEWORK AND DEFINITIONS
For the purposes of the Procedure, the following regulatory framework and definitions shall have the following meaning:
3. RECIPIENTS
This Procedure applies to all the recipients who enter or have entered legal relationships with Sergio Rossi as:
4. OBJECT OF THE REPORT
Pursuant to the provisions of Articles 2(1)(a) and 3(2) of the Whistleblowing Decree, Reports may concern:
Reports concerning the following are excluded from the scope of application of the Procedure:
1To be understood as: a. offences falling within the scope of application of EU acts and relating to the following areas (public procurement, services products and financial markets and prevention of money laundering and terrorist financing; product safety and compliance; transport safety, environmental protection, nuclear safety, food safety and animal welfare, public health, consumer protection, protection of privacy and personal data and security of networks and information systems; b. acts or omissions detrimental to the financial interests of the EU in the areas of competition and state aid; c. acts or conduct that frustrate the object or purpose of the provisions of EU acts in the above areas.
5. CHARACTERISTICS OF THE REPORT
Reports must be made in good faith, be as detailed as possible and provide as much information as possible in order to enable the Whistleblowing Office to carry out the necessary verification and provide the adequate reply. In order to provide useful input, the Whistleblower may attach documents and indicate other persons who are even potentially aware of the facts. Reports made on the basis of a reasonable belief founded on factual and detailed evidence shall be deemed to have been made in good faith. Reports that turn out to be intentionally futile or unfounded, having a merely defamatory or slanderous content against the Reported Person and/or the Company, shall be deemed to be in bad faith. In such a case, the Company reserves the right to take against the Whistleblower the disciplinary measures deemed appropriate and provided for in the paragraph “Disciplinary Sanctions” of the Organizational Model and in this Procedure. In particular, the Whistleblowing Office, after carrying out a preliminary assessment of the content of the Reports, will close:
6. REPORTING MODALITIES
6.1 INTERNAL REPORTING CHANNELS
In compliance with the Whistleblowing Decree, Sergio Rossi has set up Internal Reporting Channels that allow Recipients to submit Reports in written or oral form, including face-to-face meetings. The Management of Internal Reporting Channels is entrusted to the Whistleblowing Office appointed by the Company's Board of Directors, which consists of 2 members with the following functions:
All the Internal Reporting Channels set up by Sergio Rossi guarantee the confidentiality of the identity of the Whistleblower, the Reported Person, as well as the content of the Report and of the relevant documentation.
As part of the Reporting Management process, the data will be processed by:
6.1.1 WRITTEN REPORTS
Reports in written form may be sent to the attention of the Whistleblowing Office by paper-based mail. In this case, the Whistleblowing Report must be submitted in two closed envelopes: the first one containing the data of the Whistleblower together with a photocopy of his/her identification document; the second one containing the Report, in order to separate the identity data of the Whistleblower from the Report. Both should then be placed in a third closed envelope specifying "Confidential - Whistleblowing" or other similar wording. The envelope should be sent by ordinary mail to the attention of the Whistleblowing Office at the following address:
To the kind attention of the Whistleblowing Office
c/o Sergio Rossi S.p.A.
Via Pontaccio, n. 13, 20121, Milano (MI)
Discussions with the Whistleblowing Office will be allowed if the Whistleblower leaves contact details.
6.1.2 ORAL REPORTS
Reports may also be submitted orally through a recorded voice messaging system to the following telephone number: 0276320810.
Subject to the Whistleblower's consent, the Whistleblowing Office - with the confidentiality guarantees provided for by the Procedure and the Whistleblowing Decree – will record the Report on a device suitable for storage and listening or by integral transcription. In the event of transcription, the Whistleblower may verify, rectify or confirm the contents of the transcript by signing it.
6.1.3 DIRECT MEETINGS
At the Whistleblower's request, through the channels specified above, i.e. in written or oral form, a direct meeting with the Whistleblowing Office may be arranged.
In such a case, subject to the Whistleblower's consent, the interview is documented by the Whistleblowing Office either by recording on a device suitable for storage and listening or in a minute that the Whistleblower can verify, rectify and confirm by signing.
6.1.4 ANONYMOUS REPORTS
Anonymous Reports, i.e. without elements allowing the identification of the Whistleblower and delivered through the above-mentioned methods, if they are punctual, detailed and supported by appropriate documents, may be treated by Sergio Rossi as ordinary Reports and processed in compliance with the internal rules where implemented. In any case, the Whistleblower, if subsequently identified and if he/she should suffer retaliation, shall benefit from the protection provided by the Decree and the Report shall be handled on the basis of the provisions of this Whistleblowing Procedure. In any case, Anonymous Reports must be recorded by the Whistleblowing Office and the documentation received must be retained in accordance with the law.
6.2. MANAGEMENT OF INTERNAL REPORTS
(A) Preliminary Analysis
Upon receipt of the Report, the Whistleblowing Office must:
(B) Preliminary Investigation
As a result of the preliminary analysis, where the admissibility and merits of the Report is ascertained, the Whistleblowing Office carries out the preliminary investigation in order to acquire information, having the power to:
Should the Whistleblowing Office need to involve third parties (e.g. consultants who are expert in the subject reported, persons from company departments affected by the Report, possible judicial and/or administrative authorities) in order to carry out its investigation, it shall in any case proceed in compliance with law provisions on the confidentiality of the Whistleblower/ Reported Person, taking care to obscure the personal data of the aforementioned persons. For Reports concerning unlawful conduct relating to the administrative liability of entities pursuant to Legislative Decree no. 231/2001 or in the presence of predicate offences or violations of the Organizational Model or of the Code of Ethics, and/or of rules, internal procedures, codes of conduct adopted by Sergio Rossi, the Whistleblowing Office shall promptly inform the Supervisory Body, taking care to protect the confidentiality of the identity of the Whistleblower and of the Reported Person.
6.2.1 CONCLUSION OF THE PRELIMINARY INVESTIGATION
On conclusion of the preliminary investigation, the Whistleblowing Office prepares a final report to be sent to the Board of Directors of Sergio Rossi or, in the event that the Whistleblowing concerns one or more members of the Board of Directors, to the Board of Statutory Auditors, in order to agree on the possible “action plan” necessary for the implementation of the relevant control procedures, also ensuring the monitoring of the implementation activities carried out and agreeing with the above mentioned institutional bodies any initiatives to be taken to protect the interests of the Company (e.g. legal action, suspension - cancellation of suppliers, etc.). With the exception of cases in which the Whistleblower may be held liable for calumny and defamation under the Criminal Code or Article 2043 of the Civil Code, and in cases where confidentiality cannot be guaranteed by law (e.g. criminal, tax or administrative investigations, inspections by supervisory bodies), the identity of the Whistleblower is protected in any context subsequent to the report. Therefore, subject to the exceptions mentioned above, the report will contain:
The Whistleblowing Office keeps track of, files and guards the Report and the relevant documents, including reports, transcripts, minutes:
i) in a locked archive at the Company's headquarters with keys in the sole and exclusive availability of the Whistleblowing Office and/or
ii) on specific and distinct file folders which must be zipped, encrypted and encoded. The access to such file folders must be made only by using a password and an encrypted key that will be assigned by the System Administrator to the members of the Whistleblowing Office.
The relevant documentation shall be retained by the Whistleblowing Office for the time necessary for the processing of the Report and in any case for no longer than 5 (five) years from the date of notice of the final outcome of conclusion of the Whistleblowing procedure, in compliance with the confidentiality obligations set out in Article 12 of Legislative Decree no. 24/2023 and in accordance with the personal data protection legislation set out in the Privacy Code and in the GDPR, unless a longer limitation period is provided for the notified disciplinary or criminal offence. As part of its reporting activity and on an annual basis, the Whistleblowing Office shall, in any case, provide the Board of Directors, Board of Statutory Auditors, Supervisory Body of all Reports received and managed.
6.3. SUBMISSION OF REPORTS TO A SUBJECT OTHER THAN THE WHISTLEBLOWING OFFICE
If Reports are mistakenly sent to a person other than the Whistleblowing Office, they must be forwarded to the Whistleblowing Office within 7 (seven) days from their receipt. Upon receipt of the Report, the Whistleblowing Office shall handle the Report in accordance with the timeframe set out in this Whistleblowing Procedure, notifying the Whistleblower and processing it in accordance with paragraph 6.2 of this Procedure. In the event of erroneous transmission of Reports to a person other than the Whistleblowing Office, it will be necessary:
6.4. EXTERNAL REPORTING CHANNELS
The Whistleblower may submit the Report through the External Reporting Channel set up by the National Anticorruption Authority (ANAC).
Access to the External Reporting Channel made available by ANAC is allowed if:
6.5. PUBLIC DISCLOSURE
The Whistleblower may proceed with a Public Disclosure if:
7. PROTECTIVE MEASURES
Sergio Rossi undertakes to guarantee to the Whistleblower and to all the Protected Persons the protection measures provided for by the Whistleblowing Decree. The protection system provides for the following types of protection.
7.1 PROTECTION OF CONFIDENTIALITY
Without prejudice to legal obligations, the identity of the Whistleblower and any other information from which it may be inferred, directly or indirectly, may not be disclosed, without the express consent of the Whistleblower, to persons other than the Whistleblowing Office. In particular, the identity of the reporter and any other information from which that identity may be inferred, directly or indirectly, may only be disclosed with the reporter's express consent:
In such cases, the Whistleblower shall be notified - in advance and in writing - with the reasons of the disclosure of the confidential data. Confidentiality is also guaranteed to whistleblowers before the beginning or after the termination of employment, or during the probationary period, if such information was acquired in the context of employment or in the selection or pre-contractual phase. Confidentiality of the identity of the Protected Persons is also guaranteed, with the same guarantees as for the Whistleblower. Excepted for the cases above, any breach of the confidentiality obligations may lead to the request of payment of administrative fines by ANAC against the person concerned, as well as to the adoption of disciplinary measures by the HR Department on the basis of the indications received from the institutional bodies referred to in paragraph 6.2.1. and in line with the provisions of chapter 5 - "Disciplinary Sanctions" of the Organizational Model of Sergio Rossi and of this Procedure.
7.2 PROTECTION FROM RETALIATORY MEASURES
Sergio Rossi prohibits any form of retaliatory act, defined as any conduct, act or omission, even if only attempted or threatened, carried out by reason of the Internal Reporting Channel or External Reporting Channel or Public Disclosure or of the report to the Judicial or Accounting Authorities, which directly or indirectly causes or may cause unfair damage to the Whistleblower and to the other Protected Subjects. Acts taken in violation of the prohibition of retaliation are null and void, and persons dismissed as a result of the Report are entitled to be reinstated in their jobs in accordance with the applicable law. Protection is also granted to the anonymous Whistleblower, who believes he or she has suffered retaliation and has subsequently been identified. Those who believe they have been subjected to a retaliatory measure may notify the ANAC and request its protection. The Whistleblower and/or the other protected persons may invoke the protections provided for in this paragraph if the following conditions are met (to be understood cumulatively):
7.2.1. RETALIATORY MEASURES
Retaliatory measures may consist of, but are not limited to, the following:
7.3 LIMITATIONS OF LIABILITY
The Whistleblower is also guaranteed with a limitation of liability in the event of disclosure and dissemination of certain categories of information, in order to avoid any consequence in terms of criminal, civil and administrative liability. The Whistleblower, in particular, will not be punished if he/she discloses information:
Limitations of liability may be invoked under the following conditions:
8. DISCIPLINARY SANCTIONS AND OTHER MEASURES
Should the investigations on the Reports, carried out by the Whistleblowing Office, reveal unlawful or irregular conduct by the Whistleblower, Sergio Rossi shall assess the activation of disciplinary and/or sanctioning measures, or judicial initiatives. In particular, the Board of Directors or the Board of Statutory Auditors, after receiving the final report from the Whistleblowing Office (or by the office responsible for handling the Report if it concerns one or more members of the Whistleblowing Office), in compliance with the relevant legislation, involves:
Those who violate the measures for the protection of the Whistleblower and the Reported Person, as well as those who maliciously or grossly negligently make reports that turn out to be unfounded and/or made in bad faith, are also subject to possible disciplinary consequences.
9. PROCESSING OF PERSONAL DATA
The processing of personal data of all stakeholders involved in the whistleblowing management process is carried out by Sergio Rossi pursuant to this Procedure, in its capacity as data controller and in full compliance with the applicable data protection legislation and the privacy procedures adopted by the Company.
The Company has defined its reporting management process with this Procedure, identifying appropriate technical and organizational measures to ensure a level of security appropriate to the specific risks arising from the processing performed, on the basis of a data protection impact assessment and regulating the relationship, if any, with any external parties that process personal data on its behalf pursuant to Article 28 of the GDPR.
Consistently with the provisions of paragraph 6.2.1., Sergio Rossi will process the personal data collected only for the time necessary for the management and finalization of the Report, and in any case for no longer than 5 (five) years from the date of the communication of the final outcome of the reporting procedure, except in the event of a longer statute of limitations provided for the disciplinary or criminal offence. It is understood that personal data that are clearly not useful for the processing of a specific Report shall not be collected or, if accidentally collected, shall be deleted immediately.
The processing of personal data for the purposes of this Procedure is carried out exclusively by personnel expressly authorized to process such data pursuant to Articles 29 and 32(4) of the GDPR and Article 2-quaterdecies of the Privacy Code.
It should be noted that the identity of the Whistleblower and any other information from which that identity may be inferred, directly or indirectly, may not be disclosed, without the express consent of the Whistleblower, to persons other than the Whistleblowing Office.
Sergio Rossi provides the interested parties with a special information notice pursuant to Articles 13 and 14 of the GDPR through the channels indicated in paragraph 10 below.
10. INFORMATION AND CIRCULATION OF THE PROCEDURE
This Procedure is adopted and circulated by Sergio Rossi by:
For the purposes of an effective implementation of the Procedure, Sergio Rossi supports a communication, information and training activity to allow the widest knowledge of the Whistleblowing legislation within the Company, of the operation and access to the channels, of the tools made available by the Company to the Reported Persons and of the measures applicable in the event of violations, promoting its operation.
Privacy Information Notice Whistleblower
Privacy Information Notice Reported Person