We would like to inform you about the processing of your personal data when reporting on acts or omissions covered by the Whistleblower Policy applicable to LCI Italy S.r.l. and Ke-Star S.r.l. (hereafter “Whistleblower Policy”).
Data Controller
The Data Controller (“we”, “us”, “our”) responsible for the processing of your personal data when reporting on an act or omission covered by our Whistleblower Policy is the entity to which the report is addressed to.
Personal information and legal basis
To the extent that this information is included in the report, we might process the following personal data:
Any information that is not necessary for the processing of the reports according to the applicable law and our Whistleblower Policy will be deleted immediately.
If you have provided your contact details, we will follow up and inform you about the status of the investigation, to the extent that this is requested and/or permitted by the applicable law and our Whistleblower Policy.
Your personal data will be processed only to the extent necessary for us to comply with applicable law, including, but not limited to, legislative decree 10 March 2023, n. 24 implementing Directive (EU) 2019/1937, and our Whistleblower Policy. To the extent that this is allowed by the applicable data protection law (including, but not limited to, the Regulation (EU) 2016/679 (GDPR) and any other privacy and data protection law applicable at the national level), we might process your personal data for our legitimate interest, namely to review, investigate and evaluate reports as set forth in the Whistleblower Policy.
Unsubstantiated reports and reports not made in good faith and/or not on the basis of reasonable belief or well-founded grounds or reports made despite knowing that the allegations are false will be considered a serious offense and may result in a disciplinary action, up to and including termination of the employment agreement of the Reporter.We may also anonymize the information included in the reports and thereafter use it for statistical purposes.
Origin of the personal data
We might obtain your personal data directly from you or from a third-party reporting through the reporting channels described in our Whistleblower Policy (including e-mail, letter or voice messages).
Recipients
In order to fulfill the purposes stated in our Whistleblower Policy (including review, investigate, evaluate and follow up the reports) the reports will be reviewed by the Whistleblowing Committee, as described in our Whistleblower Policy. We may share information related to the reports to other companies within the LIPPERT Group (some of which are based in the US and other countries that offer an inadequate level of data protection), to the extent that this is required for investigation purposes, provided that there is a legal basis for the data transfer and appropriate transfer mechanisms are in place.
Subject to the anonymization of the personal data therein, we may transfer the information included in the Reports to other companies of the LIPPERT Group (some of which are based in the US and other countries that offer an inadequate level of protection) for statistical purposes.
To the extent that this is required by applicable law, we might disclose your personal data with public authorities and institutions.
We may also share your data with trusted partners, for instance email and voice mail service providers, only if there is a legal basis for the data transfer and appropriate transfer mechanisms are in place.
International transfers of data
To the extent that this is necessary for us to carry out the tasks described in our Whistleblower Policy, we may transfer information related to the reports to other companies within the LIPPERT Group (some of which are based in the US and other countries that offer an inadequate level of protection). We may only transfer your data if there is a legal basis for the data transfer and appropriate transfer mechanisms are in place.
Some of our service providers are based in the US and other countries that provide an inadequate level of data protection and consequently your rights might be restricted in these countries.
Data retention
We will store the information included in the reports for as long as this is necessary for the review, investigation, evaluation and follow-up of the report or for so long as is required by applicable law (including, but not limited to, legislative decree 10 March 2023, n. 24 implementing Directive (EU) 2019/1937).
Data subject rights
To the extent provided for by Article 2-undecies Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 you may have the right to:
If you think that the processing of your data infringes the GDPR, you have the right to lodge a complaint with the Garante per la Protezione dei Dati (the Italian Data Protection Supervisory authority). You can contact the Garante at:
Garante per la protezione dei personali - Responsabile della Protezione dei dati personali
Piazza Venezia, 11
IT-00187, Roma,
email: rpd@gpdp.it
Contact for data protection requests
If you wish to exercise your rights, you can contact us at privacy@lci1.com. If you wish to write to our data protection officer in confidentiality, please use the contact details indicated in the section “Data Protection Officer” below.
Data Protection Officer
Our external data protection officer is:
FIRST PRIVACY BV
Naritaweg 127-137
1043 BS Amsterdam
Netherlands
Changes to the privacy policy
We reserve the right to update this privacy notice at any time. This section provides you with information about the privacy statement version history.
Version | Date |
---|---|
Version 1.0 | July 2023 |