Dear User,
Fincantieri S.p.A., in its capacity as data controller, provides you with information regarding the processing of the personal data of users who consult the website for reports to the Oversight Board/Anti-corruption and 231/2001 Function (the "Site") pursuant to Art. 13 of EU Regulation no. 679/2016 (the "Regulation").
This policy is provided only for the Site and not for other websites that may be accessed via links.
1. Data Controller
The Data Controller for the processing of your personal data collected during the use of the Site is Fincantieri S.p.A., VAT no. 00629440322, with registered office in Trieste, Via Genova 1, (hereinafter also referred to as the "Controller"), e-mail address privacy@fincantieri.it, tel. +39 040 3193111 fax +39 040 3192305.
The Data Protection Officer ("DPO"), responsible of data protection for Fincantieri S.p.A., can be contacted at the following email address: privacy@fincantieri.it.
2. Purposes of the personal data processing and legal basis
Registration data will be collected through the Site, if the user wishes to register, and report data and navigation data and will be processed, with the support of information technology, solely for the purposes of technical management of the Site and management of registered users and reports submitted through the Site. The transmission of data provided by the whistleblower is handled with HTTPS protocol. In addition, all data are encrypted to ensure the confidentiality of the transmitted information.
Registration data: The Site requires users who wish to register to enter their data (such as name, surname, e-mail, password and identity document) with the aim of creating login credentials for users. These data are processed on the basis on the legal obligations to which the Controller is subject.
Report data: users, whether registered or not, can submit reports through the Site. In relation to this activity, in addition to the personal data contained in the text of the reports, the Site uses the information already present for registered users while, for unregistered users, it allows the insertion of first and last name. In addition, this category includes all personal data relating to natural persons who are the subject of the report. These data are processed to ensure the correct management of reports within the internal control system implemented pursuant to Legislative Decree 231/01, the ISO 37001 certified anti-corruption management system, the UNI PdR 125 certified gender equality management system. The processing, where not attributable to the performance of contractual and / or legal obligations on the part of the Controller, will be carried out on the basis of the legitimate interest of the Controller.
Navigation data and access logs: browsing data (e.g., IP addresses) and access logs of the whistleblowers are not tracked.
3. Cookies
The Site makes use of cookies as better specified in the relevant cookie policy available on the Site.
4. Recipients of personal data
Your personal data may be transmitted, in close relation to and where compatible with the purposes set out above, to the following categories of persons:
- Oversight Board/Anti-corruption and 231/2001 Function and support staff;
- service providers;
- any other parties, to whom current legislation requires communication.
The contact data of the external data processors who carry out activities in the interest of the Controller, can be requested by you at the following e-mail address privacy@fincantieri.it.
5. Transfer of personal data to a third country or an international organization
The Controller may transfer your personal data outside the European Economic Area ("EEA"). In order to protect your data in the context of international transfers, the Controller will adopt appropriate safeguards, i.e. adequacy decisions of the European Commission pursuant to Article 45 of the Regulation, standard contractual clauses approved by the European Commission and contractual instruments providing adequate safeguards (Article 46 of the Regulation). Alternatively, transfers will take place subject to the exceptions provided for in Article 49 of the Regulation (i. e. consent of the data subject, necessity of the transfer for the purposes of contractual/pre-contractual measures, overriding public interest, right of defence before the courts, vital interests of the data subject or of other persons, data entered in a public register).
6. Data retention period
Your data will be stored in the following ways:
- access data for the reserved area: for 24 months from the last user update of the information on the Site;
- for the purpose of managing reports to the Oversight Board/Anti-corruption and 231/2001 Function, no later than 5 years from the date of the communication of the final outcome of the reporting procedure.
7. Nature of data provision and consequences of non-provision
Registration data are optional and processed based on the legal obligations to which the Controller is subject.; failure to provide consent will make it impossible for users to register.
The report data collected are necessary for correct handling of the reports.
8. Rights of the data subject
We inform you that, as the data subject, you have the right to obtain from the Controller:
Right of access: (Article 15 of the Regulation) |
confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, the right to obtain, among other things, access to your personal data and information regarding the purposes of the processing, the categories of personal data concerned and the recipients or categories of recipient to whom the personal data have been or will be disclosed. |
Right to rectification: (Article 16 of the Regulation) |
(i) rectification without undue delay of inaccurate personal data concerning you and (ii) completion of your personal data, where incomplete. |
Right to erasure ("right to be forgotten"): (Article 17 of the Regulation) |
erasure of personal data concerning you without undue delay (the Data Controller has the obligation to erase personal data without undue delay in the cases set out in Article 17 of the Regulation). |
Right to restriction of processing: (Article 18 of the Regulation) |
restriction of processing in the cases set out in Article 18 of the Regulation. |
Right to data portability: (Article 20 of the Regulation) |
receipt in a structured, commonly used and machine-readable format of personal data concerning you; the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, in the cases set out in Article 20 of the Regulation. |
Right to object to processing carried out under Article 6(1)(e) or (f): (Article 21 of the Regulation) |
right to object, at any time, on grounds relating to your particular situation, to the processing of personal data relating to you under Article 6(1)(e) or (f), including profiling on the basis of such provisions. |
You will be able to exercise your aforementioned rights at any time, as well as to withdraw the consent given during registration by means of a formal request sent to the e-mail address privacy@fincantieri.it.
Furthermore, you have the right to lodge a complaint with the Italian Data Protection Authority if you believe that the processing concerning your personal data violates the provisions of EU Regulation No. 679/2016.