In order to contribute to preventing offences, conduct in violation of the Organisation, Management and Control Model pursuant to Legislative Decree no. 231/2001 ('Model 231'), the Code of Ethics and, in general, violations or internal irregularities of the corporate procedures adopted, as well as of national or European laws or regulations, PhotoSì ('Company') has adopted a Reporting System, aimed at allowing personnel to report acts or facts that may constitute a violation of the aforementioned rules.
The Reporting System and management process are implemented in accordance with Legislative Decree no. 24/2023, known as the 'Law on Whistleblowing'.
The report handling process involves the transmission and receipt of reports either explicitly, by giving personal details, or anonymously, without revealing the whistleblower's identity.
All reports received will be treated in accordance with the law whilst offering the broadest protection of the persons concerned.
In the case of a report that is not anonymous, PhotoSì ensures the confidentiality of the identity of the person making the report ("Whistleblower") and prohibits any form of retaliation or discrimination against anyone making a report or anyone connected to it.
Anonymous reports will be taken into account if they are adequately substantiated with all the information needed to verify them, irrespective of the knowledge of the Whistleblower.
It will nevertheless be possible for the whistleblower to reveal their identity at a later date.
In order to facilitate the sending and processing of reports, an internal reporting channel is made available to the System beneficiaries, consisting of a dedicated IT platform ('Platform') via the site https://photosi.whistlelink.com/.
1. WHO can make a report
Reports can be made by both PhotoSì employees and external parties, in particular:
- - employed persons: e.g. permanent or fixed-term employees, part-time employees, employees on temporary contracts, apprenticeships, casual workers, temporary workers or intermittent workers;
- - self-employed persons: e.g. workers with work or service contracts, or professionals entered in special registers for specific intellectual professions, agents and sales representatives, workers with collaboration relationships with personal and continuous services organised by the principal (external organisation)
- - workers or contractors: as suppliers of goods or services or performing works for third parties;
- - freelancers and consultants: persons who provide professional services;
- - volunteers and trainees: persons who work in a paid or unpaid capacity;
- - shareholders: persons who hold shares in the Company;
- - persons who fulfil administrative, management, control, supervisory or representative functions: for example, members of Boards of Directors, even without executive positions, or members of Supervisory Bodies (SB) or the Board of Statutory Auditors.
2. WHAT to report
Reports may concern facts that have already occurred or are likely to occur, even if exclusively negligent, relating to PhotoSì employees or third parties, which may constitute offences, wrongdoings or conduct in breach of the company procedures adopted, as well as national or European laws or regulations (e.g. on environmental protection, antitrust, money laundering, etc.) or nevertheless conduct such as to cause damage or harm, even if only in terms of image or reputation, to PhotoSì.
Reports must be made in a timely manner with respect to the knowledge of the facts so as to make it possible to verify them.
In order to enable checks to be made to verify the facts, reports should preferably contain the following information:
- the details of the person making the report with an indication of their position or function held within the Company, without prejudice to the provisions of the following section on anonymous reports;
- a clear and complete description of the facts being reported;
- if known, the time and place in which the reported facts occurred;
- if known, the details or other elements enabling identification of the person who has carried out the reported facts (e.g. the job title or the sector in which the activity is carried out);
- details of any other persons who may report on the facts that are the subject of the report;
- any documents, including those of a digital nature, that may confirm the validity of the facts that are the subject of the report;
- any other information that may be useful to clarify facts and the parties involved;
- references of other persons who witnessed the reported facts or situations.
Communications, grievances, claims, petitions that deal with issues other than those of the report are excluded.
Reports must not, and cannot, concern grievances of a personal nature, claims or requests covered by the regulations of the employment relationship or relations with immediate superiors or colleagues, for which reference must be made to the regulations and procedures falling within the competence of the Human Resources Department with reference to the applicable CCNL [National Labour Collective Agreement].The Platform offers a guided tour with a specific indication of the issues that can be reported under the law and this Procedure.
3. HOW to report
3.1 Internal Reporting Channel - the PhotoSì Whistleblowing PlatformThe Whistleblowing Platform is the preferred tool for sending and handling reports, as it is best suited to protecting the confidentiality of the Whistleblower's identity and ensuring adequate security measures pertaining to the information provided.
Through the platform it is possible to:
- - submit a report;
- - edit or add information to a report that has been submitted;
- - check the status of a report that has been submitted;
- - receive feedback on the results of the checks, where the Whistleblower has provided their identity.
In addition, the platform:
- - separates the identifying data of the Whistleblower from the content of the report by adopting codes that replace the identifying data, so that the report can be processed anonymously;
- - keeps the content of the report confidential throughout the entire report management phase, allowing access only to authorised persons;
- - adopts secure protocols for data transmission over the network as well as the use of encryption tools for the report’s content and any attached documentation;
- - interacts with the Whistleblower, guaranteeing their anonymity.
Management of the Internal Whistleblowing Channel is entrusted to the Whistleblowing Office, an independent internal office dedicated to handling whistleblowing reports and with specially trained staff.
3.3 External Reporting Channel - the ANAC PlatformWhistleblowers may use the External Channel set up by the Italian National Anti-Corruption Authority (ANAC) when:
- there is no compulsory activation of the Internal Reporting Channel within the working environment, or it is not active or, even if activated, it does not comply with what is required by law;
- the Whistleblower has already submitted an internal report and it was not followed up;
- the Whistleblower has reason to believe that, if they had submitted an internal report, it would not be effectively followed up, or that the report might lead to a risk of retaliation;
- the Whistleblower has reason to believe that the breach may constitute an imminent or obvious danger to the public interest.
It should be noted that ANAC:
- does NOT protect individual rights and interests;
- does NOT carry out activities to ascertain/resolve the subjective and personal matters of the Whistleblower, nor can it affect them, except by indirect and mediated means;
- CANNOT take the place of the relevant institutions;
- does NOT provide legal representation or advice to the Whistleblower.
3.4 Public disclosure
The Whistleblower may directly make a public disclosure when one of the following conditions is met:
- the Whistleblower has previously submitted an internal and external report, or has submitted an external report directly, and no response has been received within the time limits laid down by law on the measures envisaged or taken to follow up the reports;
- the Whistleblower has reason to believe that the breach may constitute an imminent or obvious danger to the public interest;
- the Whistleblower has reason to believe that the external report may entail a risk of retaliation or may not be effectively followed up due to the specific circumstances of the case, such as where evidence may be concealed or destroyed, or where there is a well-founded fear that the report recipient may be colluding with or involved in the violation.
4. Safeguards In compliance with the law, PhotoSì:
- - ensures the confidentiality of the Whistleblower’s identity;
the system separates the identifying data of the Whistleblower from the report’s content so that the content is visible anonymously.
Any subsequent association with the Whistleblower’s identity is used only in the cases provided for by law.
Thanks to the use of an encryption protocol that guarantees the transmission of confidential data, the unique identification code obtained as a result of the report registered on the platform allows the Whistleblower to 'communicate' with PhotoSì in an anonymous and impersonalised way, with no possibility for the recipient or others to trace the origin of the report.
The identity of the Whistleblower may not be disclosed (in the event of disciplinary proceedings where the identity of the Whistleblower is essential for the accused's defence, the Whistleblower may decide whether or not to consent to the disclosure of their identity so that the report can be used for the purposes of the proceedings).
- - ensures the confidentiality of the report’s contents and the related documentation at each stage of handling the report;
the persons in any capacity involved in the handling of reports are bound, within the limits laid down by the law, to confidentialitywith regard to the existence and content of the report and to any activity carried out in this connection, and they guarantee the confidentiality of the Whistleblower’s identity, the reported person and the other persons involved, in accordance with the provisions of the applicable legislation.
Pursuant to Article 2-undecies of the Italian Privacy Code (implementing Article 23 of the GDPR), the report is exempt from the rights set out in Articles 15 to 22 of the GDPR (with a request to the Controller or with a complaint pursuant to Article 77 of the GDPR) if the exercising of these rights would result in actual and concrete prejudice to the confidentiality of the Whistleblower’s identity.
It cannot, therefore, be subject to access, viewing or extraction of copies by any applicant.
- - prohibits any form of retaliation or discriminationagainst whistleblowers and third parties connected to the whistleblower, and takes steps to protect the rights of the reported party;
The following actions constitute retaliation:
- a) dismissal, suspension or equivalent measures;
- b) demotion or non-promotion;
- c) change of duties, change of workplace, reduction in salary, change of working hours;
- d) suspension of training or any restriction of access to it;
- e) negative feedback scores or negative references;
- f) disciplinary measures or other sanctions, including fines;
- g) coercion, intimidation, harassment or ostracism;
- h) discrimination or unfavourable treatment of any kind;
- i) failure to convert a fixed-term employment contract into an open-term contract where the employee had a legitimate expectation of such;
- j) non-renewal or early termination of a fixed-term employment contract;
- k) damages, including to a person's reputation, in particular on social media, or economic or financial harm, including loss of economic opportunities and loss of income;
- l) inclusion in improper lists on the basis of a formal or informal sectoral or industry agreement, which may result in the person being unable to find future employment in the sector or industry;
- m) early termination or cancellation of the contract for the supply of goods or services;
- n) cancellation of a licence or permit;
- o) request to undergo psychiatric or medical examinations.
- These protection methods are offered to the Whistleblower and also:
- a) facilitators (i.e. the natural person who assists a Whistleblower in the reporting process operating within the same work context and whose assistance must be kept confidential);
- b) persons in the same work environment as the Whistleblower, the person who has made a complaint to the judicial or accounting authorities or the person who has made a public disclosure and who are linked to them by a stable emotional or kinship link up to the fourth degree;
- c) work colleagues of the Whistleblower or of the person who has made a complaint to the judicial or accounting authorities or made a public disclosure, who work in the same work environment as the Whistleblower and who have a regular and current relationship with that person;
- d) entities owned by the Whistleblower or the person who filed a complaint with the judicial or accounting authorities or made a public disclosure, or for which those persons work, as well as entities operating in the same work environment as those persons.
5. Information and the report management process
5.1 Information to the Whistleblower Each report will be assigned a unique case number and the Whistleblower will receive a verification code to confirm receipt of the report.
The Whistleblower will receive confirmation within 7 days of receipt of the report and can use the verification code to enter further information or receive updates on the case.
Within 90 days, the company will provide information on how the case is being handled, i.e. its continuation or outcome, which can be viewed by the Whistleblower with the verification code.
5.2 Information to the Reported PersonThe Reported Person is informed of the existence and content of the report, of which he/she may acquire a copy (without evidence of the name of the Whistleblower) and of the outcome of the investigations carried out, subject to the precautions and protective measures aimed at excluding any harm to the purposes and interests involved.
5.3 The report management processAll reports are received and examined by the Whistleblowing Office, which is authorised to learn about the reported unlawful acts also with a view to preparing any actions aimed at strengthening the measures to prevent the events.
Specifically, PhotoSì's Whistleblowing Office:
- 1) receives and examines all reports received through the Internal Reporting Channel;
- 2) handles all Reports concerning unlawful conduct, violations pertaining to the company's activities and any other violation of the rules that may have an impact (i.e. sanctioning, capital, reputational, etc.) on the Company;
- 3) carries out its activities in compliance with the principles of protection and confidentiality obligations pursuant to Legislative Decree no. 24/2023;
Under current legislation, the Whistleblowing Office shall carry out an initial assessment of the report to determine its suitability.
If the report is substantiated after a preliminary check, investigative activities are carried out to ascertain whether or not the reported facts are indeed well-founded.
Within 90 days, the Whistleblowing Office will provide information on how the case is being handled.
The Platform allows communication with the Whistleblower and an update on the progress of the investigation, if started, in compliance with the relevant provisions and regulations.
6. Personal data processing As part of the reporting process, personal data is processed in compliance with the relevant legislation in force (EU Regulation 679/2016 and Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018).
PhotoSì provides specific information pursuant to Article 13 of the EU Regulation to those who interact with the Site and the Platform, both by simply viewing it and for using the Channel and the services made available for reporting.
Scopri tutti i prodotti
Viaggi e vacanze
Famiglia
Compleanno
Amore e anniversario
Matrimonio
Nascita e Battesimo
Comunione
Cresima
