Whistleblowing – The IT Platform

Grimaldi Group in compliance with D.Lgs. 10 March 2023 no. 24 on the "Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law and on the protection of persons who report breaches of national laws", as well as the indications provided by ANAC, prepares an IT platform that allows stakeholders who wish to report unlawful activities they have become aware of in the work context to report, in a secure and confidential or even anonymous manner, conduct, acts or omissions that may constitute violations of internal or external regulations of the Group.

Who can report?

Persons working in the work environment of the Group are entitled to report as:

  • shareholders and persons with administrative, management, supervisory or representative functions, even if such functions are exercised on a de facto basis.
  • employees;
  • self-employed workers;
  • collaborators, freelancers, consultants and suppliers;
  • interns and trainees, paid and unpaid.

Reporting can be done:

  • when the legal relationship is ongoing;
  • during the probationary period, if the information was acquired during the selection process or at other pre-contractual stages;
  • when the legal relationship has not yet begun, if information on violations was acquired during the selection process or at other pre-contractual stages;
  • after the dissolution of the legal relationship, if the information on violations was acquired before the dissolution of the relationship (pensioners).

Are anonymous reports allowed?

Anonymous reports are allowed if sufficiently substantiated and are treated in the same way as 'named' reports. In such a case, protection measures against retaliation will only be applicable if the reporting person is subsequently identified.

What can be reported?

The report may concern two types of violations, as summarised below:

Violations of national or internal regulations

Breaches of European legislation

  1. Administrative offences
  2. Torts
  3. Criminal offences (regardless of relevance for the purposes of Leg. 231/2001)
  4. Accounting offences
  5. Illegal conduct within the meaning of Legislative Decree No. 231 of 8 June 2001 (e.g. offences against the P.A., corporate offences, computer offences, environmental or occupational safety offences, money laundering, tax offences, etc.) or
  6. violations of the Organisation and Management Model adopted pursuant to Leg. 231/01 or the Code of Ethics.
  1. Offences falling within the scope of European Union acts in the following areas: public procurement; services, products and financial markets and prevention of money laundering and terrorist financing; product safety and compliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; privacy and personal data protection and security of networks and information systems.
  2. Acts or omissions detrimental to the financial interests of the Union (e.g. fraud, corruption and any other illegal activity related to Union expenditure).
  3. Acts or omissions concerning the internal market (e.g. competition and state aid violations).
  4. Acts or conduct that frustrate the object or purpose of the provisions of Union acts (e.g. acts infringing the principle of free competition)

What can NOT be reported?

  • information that is patently unfounded, information that is already completely in the public domain, and information that has been acquired only on the basis of indiscretions or rumours that are scarcely reliable (so-called "news"). 'rumours ' or 'hearsay').
  • disputes, claims or demands linked to a personal interest of the reporting person or of the person making a complaint to the judicial or accounting authorities that relate exclusively to his or her individual employment relationships, or inherent to his or her employment relationships with hierarchically superior persons. This excludes, for instance, reports concerning labour disputes and pre-litigation phases, discrimination between colleagues, interpersonal conflicts between the reporting person and another worker or with hierarchical superiors, reports concerning data processing carried out in the context of the individual employment relationship in the absence of injury to the integrity of the organisation.
  • Complaints about services provided by Group Companies.

What information must the report contain?

Reports must be as circumstantial as possible, including all useful elements for carrying out the necessary checks and investigations to assess their justification.

For this purpose, reporters must provide at least the following elements:

  • the circumstances of time and place in which the event reported occurred;
  • the description of the fact with an indication of the known circumstances (of manner, time and place);
  • personal details or other elements enabling the identification of the person to whom the reported facts can be attributed (so-called reported).
  • Unless the report is anonymous, the identity of the person making the report, with an indication of the position or function held within the company; the identity of the person making the report is supported by specific technical and organisational security measures aimed at guaranteeing the absolute confidentiality of his/her identity;
  • any information or evidence (by attaching the relevant documents) that may provide useful feedback on the existence of the reported facts, in particular also the indication of any other persons who may report on the reported facts;

Where the report is sent in writing via the Whistleblowing Portal, the whistleblower will be guided in providing these elements by the questions provided in the report form.

In any case, where the report is not adequately substantiated, the Management Body may request additional information from the whistleblower via the Whistleblowing Portal or even in person, where the whistleblower has requested a direct meeting.

Reports should not contain excessive personal data, but only the data necessary to prove the justification of the complaint. As a rule, therefore, no special data or personal data revealing health or judicial status should be entered.

How can one consult a submitted report and know the outcome?

When submitting a report through the Whistleblowing Portal, the whistleblower will receive a code that he/she can use to access his/her report through the Portal in order to: monitor its progress; enter further information to substantiate the report; provide personal details; answer any further questions.

In any case, the Management Body:

  • it issues an acknowledgement of receipt to the reporter within 7 days of the date of receipt of the report:
  • provides timely feedback to any requests forwarded by the reporter through the reporting channels (messaging system implemented on the platform)
  • provide feedback on the report within three months from the date of acknowledgement of receipt or, in the absence of such notice, from the expiry of the seven-day period from the submission of the report.

Who handles the report?

Reports are received by a management body consisting of three members: Dr Paolo Pelosi, lawyer Olimpia Del Gaudio and Dr Vincenzo Scarlato. If the alert involves one of the three aforementioned components, the platform allows the reporter the option of excluding the reported component(s) from the list of recipients of the alert.

Protection of the reporter and the reported person

The Grimaldi Group guarantees the confidentiality of the reporter and of any person to whom the report is addressed. It is the responsibility of the reporter to be in good faith. Reports that are manifestly false, or completely unfounded, will not be taken into account. The Company will also take appropriate action against anyone who threatens or retaliates against the whistleblower. Access to the IT platform is managed in no-log mode in order to prevent the identification of the reporter.

To submit a report via the Whistleblowing Portal, click here: https://grimaldigroup.whistleblowings.it.

For more information on the procedure and protections for the reporter and other persons involved in the report, click here