New written report
General informations
(max 100 characters)
Subjects involved
Locations and Dates
Additional information
Message
Privacy Policy

Dear User,

With this document, drawn up in accordance with Article 13 of EU Regulation No. 679/2016 (hereinafter also referred to as the "Regulation"), Fincantieri S.p.A. informs you, as a data subject for the processing of personal data, of the following:

  1. REGISTERED USERS

1.1 Data Controller

The Data Controller for the personal data requested from you (such as name, surname, email, password, and identity document) is Fincantieri S.p.A., VAT number 00629440322, with registered office in Trieste, Via Genova 1, (hereinafter also referred to as the "Controller"), email privacy@fincantieri.it, tel. +39 040 3193111 fax +39 040 3192305.

The Data Protection Officer ("DPO"), responsible of data protection for Fincantieri S.p.A., can be contacted at the following email address: privacy@fincantieri.it.

1.2 Purposes of the personal data processing and legal basis

Your personal data will be processed, using computerized and/or paper-based means, exclusively for the following purposes and on the following legal basis:

a) Purpose of managing the reserved area of the reporting website to the Oversight Board/Anti-Corruption Function and 231/2001: through the management of the reserved area of the website for whistleblowing reports and the data of registered users; processing carried out based on the legal obligations to which the Controller is subject;

b) Purpose of auditing and compliance of reports to the Oversight  Board/Anti-Corruption and 231/2001 Function: through the activities carried out by the Controller related to the application of Legislative Decree 231/2001, the ISO 37001 certified anti-corruption management system, the UNI PdR 125 certified gender equality management system, and the reports based on Legislative Decree 24/2023; the processing, if not attributable to the execution of contractual and/or legal obligations on the part of the Controller, will be carried out on the basis of the legitimate interest of the Controller.

It is also noted that your data will be communicated and processed within Fincantieri S.p.A. by personnel duly appointed and instructed by the Controller.

1.3 Data retention period

 

Your data will be retained as follows:

  • In relation to the purpose of managing the reserved area, for 24 months from the last update or report made by you;
  • In relation to the purpose of managing reports to the Oversight  Board/Anti-Corruption and 231/2001 Function, for no more than 5 years from the date of communication of the final outcome of the reporting procedure.

1.4 Nature of Data Provision and Consequences of Non-Provision

The data related to registration on the website for reports to the Oversight Board/Anti-Corruption and 231/2001 Function are optional and are processed based on the legal obligations to which the Controller is subject; failure to provide them prevents users from completing the registration activities.

 

The data related to reports made on the website for reports to the Oversight Board/Anti-Corruption and 231/2001 Function and collected by it are necessary to allow for the proper management of the reports themselves.

  1. NON-REGISTERED USERS

2.1 Data Controller

. The Data Controller for the personal data that you may decide to provide (such as name, surname, email) is Fincantieri S.p.A., VAT number 00629440322, with registered office in Trieste, Via Genova 1, (hereinafter also referred to as the "Controller"), email privacy@fincantieri.it, tel. +39 040 3193111 fax +39 040 3192305.

The Data Protection Officer ("DPO"), responsible of data protection for Fincantieri S.p.A., can be contacted at the following email address: privacy@fincantieri.it.

2.2 Purposes of the personal data processing and legal basis

Your personal data will be processed, using computerized and/or paper-based means, exclusively for the purpose of auditing and compliance of reports to the Oversight Board/Anti-Corruption and 231/2001 Function, through activities carried out by the Controller related to the application of Legislative Decree 231/2001, the ISO 37001 certified anti-corruption management system, the UNI PdR 125 certified gender equality management system, and reports based on Legislative Decree 24/2023; the processing, if not attributable to the execution of contractual and/or legal obligations on the part of the Controller, will be carried out on the bases  of the legitimate interest of the Controller.

It is also noted that your data will be communicated and processed within Fincantieri S.p.A. by personnel duly appointed and instructed by the Controller.

2.3 Data retention period

Your data will be retained in relation to the purpose of managing whistleblowing reports, for no more than 5 years from the date of communication of the final outcome of the reporting procedure.

2.4 Nature of data provision and consequences of non-provision

The data related to reports made on the website for reports to the Oversight Board/Anti-Corruption and 231/2001 Function and collected by it are necessary to allow for the proper management of the reports themselves.

  1. ALL USERS

3.1 Recipients of personal data

Your personal data may be transmitted, closely related and compatible with the purposes outlined above, to the following categories of subjects:

  • Oversight Board/Anti-Corruption and 231/2001 Function and supporting personnel;
  • service providers;
  • any other subject to whom current legislation requires communication.

Contact details of external data processors carrying out activities in the interest of the Controller may be requested by you at the following email address: privacy@fincantieri.it.

3.2 Transfer of personal data to a third country or an international organization

The Controller may transfer your personal data outside the European Economic Area ("EEA"). To protect your data in the context of international transfers, the Controller will adopt appropriate safeguards, such as decisions of adequacy by the European Commission pursuant to Article 45 of the Regulation, standard contractual clauses approved by the European Commission, and contractual instruments that provide adequate guarantees (Article 46 of the Regulation). Alternatively, transfers will take place in the presence of derogations provided for in Article 49 of the Regulation (i.e., consent of the data subject, necessity of the transfer for contractual/pre-contractual measures, overriding public interest, , defense in legal proceedings, vital interests of the data subject or other individuals, data entered in a public register).

3.3 Rights of the data subject

We inform you that, as a data subject, you have the right to obtain from the Controller:

Right of access:

(Article 15 of the Regulation)

confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, the right to obtain, among other things, access to your personal data and information regarding the purposes of the processing, the categories of personal data concerned and the recipients or categories of recipient to whom the personal data have been or will be disclosed.

Right to rectification:

(Article 16 of the Regulation)

(i) rectification without undue delay of inaccurate personal data concerning you and (ii) completion of your personal data, where incomplete.

Right to erasure ("right to be forgotten"):

(Article 17 of the Regulation)

erasure of personal data concerning you without undue delay (the Data Controller has the obligation to erase personal data without undue delay in the cases set out in Article 17 of the Regulation).

Right to restriction of processing:

(Article 18 of the Regulation)

restriction of processing in the cases set out in Article 18 of the Regulation.

Right to data portability:

(Article 20 of the Regulation)

receipt in a structured, commonly used and machine-readable format of personal data concerning you; the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, in the cases set out in Article 20 of the Regulation.

Right to object to processing carried out under Article 6(1)(e) or (f):

(Article 21 of the Regulation)

objection, at any time, on grounds relating to your particular situation, to the processing of personal data relating to you under Article 6(1)(e) or (f), including profiling on the basis of such provisions.

 

At any time, you may exercise the above-mentioned rights through a formal request sent to the email address privacy@fincantieri.it.

Furthermore, you have the right to lodge a complaint with the Italian Data Protection Authority if you believe that the processing concerning your personal data violates the provisions of EU Regulation No. 679/2016.