WHISTLEBLOWING
par. 13 Reg. (UE) 2016/679 (GDPR)
With this privacy policy, Genenta Science S.p.A. wishes to illustrate to all
interested parties what information it collects during the relationship.
DATA CONTROLLER.
Genenta Science S.p.A., VAT number 08738490963, via Olgettina 58, 20132
Milano, Italy, (dpo@genenta.com) is the Data Controller for data directly and
independently processed (hereinafter, “Genenta”).
Genenta has appointed a Data Protection Officer, who can be contacted at:
dpo@genenta.com
INTRODUCTION
In accordance with Legislative Decree no. 24/2023 (“Whistleblowing Decree”),
companies must implement adequate channels for reporting alleged violations
of the law. Such channels must ensure confidentiality of the identity of the
whistleblower; the prohibition of retaliatory or discriminatory acts for reasons
relating to reports.
For the purpose of Whistleblowing Decree, Genenta. will collect and process
personal data related to the whistleblower and may also process personal data
related to third parties, including the reported subject.
This notice therefore provides information on how Genenta will process
personal data in the context of Whistleblowing Decree.
LEGAL BASIS
| Rif. | Finalità dell’attività di trattamento | LEGAL BASIS | LEGAL BASIS Sensitive data |
|---|---|---|---|
| 1 | Management of whistleblowing reports | The data processing is necessary to comply with a legal requirement (Article 6.1 letter c) |
The data processing is necessary for reasons of compliance with obligations in the field of employment and social security, on the basis of Union or Member State law (Article 9.2 letter b) |
RETENTION
The data will be kept for the time strictly necessary in relation to the purpose and,
in particular, for a period not exceeding 5 years from the date
of the communication of the result of the reporting process to the whistleblower.
TYPE OF DATA
First, we ask whistleblowers not to enter information that is irrelevant to the report.
In order to be able to process the whistleblower’s request, we should collect the
whistleblower’s data (name, surname, contact details) and the data that emerges
from the content of his request. Such data may include also special categories of
personal data, pursuant to articles 9 and 10 of the GDPR. It should be noted that
in some cases the report could be anonymous, however it could contain
information attributable to an identified or identifiable individual.
WHAT IF YOU DON’T PROVIDE US WITH DATA
Whistleblowers are in no way obliged to provide us with your personal data.
Anonymous reports can also be taken into consideration if they are well
detailed, capable of bringing out facts related to specific contexts. In such
a case, however, the whistleblower cannot benefit from the protection granted
under the Whistleblowing Decree.
In any case, the provision of personal data for the processing referred to in the
table above is necessary to allow Genenta to correctly establish and manage the
whistleblowing procedure. Whistleblower’s refusal to release certain information
may make it impossible to manage the reporting according to the Whistleblowing
Decree.
RECIPIENTS AND OTHER SUBJECTS TO WHICH DATA IS
COMMUNICATED.
Exclusively for the purposes indicated above, Genenta may transmit personal
data only to subjects authorized to read your reports based on the provisions
of the specific Genenta policy also published on the website www.genenta.com
at the following link: .
https://report.syntrio.com/genenta/english/WHISTLEBLOWING%20PRIVACY
%20POLICY.pdf These subjects are authorized to process personal data
pursuant to article 29 GDPR and article 2-quaterdecies of Legislative Decree
no. 196/2003. Also, personal data will be communicated to the company
managing the platform to submit whistleblowing report, which has been
appointed as data processors pursuant to Article 28 of the GDPR. Finally,
some information could be communicated, for example, to the police and other
public administrations for reasons of public interest and the law.
TRANSFER OF PERSONAL DATA
Personal data will be transferred countries outside the European Economic
Space and, specifically, to the United States, pursuant to articles 45 ff GDPR.
DATA SUBJECT RIGHTS
You will always have the right to obtain confirmation from the Data Controller as
to whether or not personal data concerning you are being processed and, in this
case, to obtain access to the personal data and information indicated in the art.
15 GDPR. Furthermore, you have the right to obtain the rectification,
cancellation and limitation of the processing of your personal data held by the
Data Controller. You may request to exercise such rights using the platform to
submit whistleblowing reports.
Finally, you have the possibility to lodge a complaint with the supervisory
authority of the Member State in which you reside/work or of the place where
the alleged violation occurred (for Italy, the Garante per la protezione dei dati
personali is competent) .
It should be noted that, based on article 2 undecies of Legislative Decree
196/2003, the rights referred to in articles 15 to 22 of the GDPR cannot be
exercised with a request to the data controller or with a complaint pursuant to
article 77 of the GDPR if the exercise of these rights could result in an effective
and concrete prejudice to the confidentiality of the whistleblower’s identity.
HOW DO WE PROCESS DATA?
Genenta processes the whistle-blower’s data in accordance with the General Data Protection Regulation (GDPR). For further information, please refer to the notice available at the following LINK
PLEASE CLICK HERE TO SUBMIT AN INTERNAL REPORT