Whistleblowing
In order to counter and prevent corruption, maladministration and, more generally, breaches of the law, Tecno S.p.A. S.B. —in compliance with the provisions of Legislative Decree No. 24 of 10 March 2023, “Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law and provisions concerning the protection of persons who report breaches of national regulations”—and in line with the guidelines issued by ANAC, has established a dedicated internal channel that allows stakeholders to securely and confidentially report any conduct, acts or omissions that may constitute violations of both internal and external regulations.
Who can report?
Those entitled to report are persons operating within the Company’s work context in the capacity of:
- employees;
- self‑employed workers;
- collaborators, freelancers and consultants;
- interns and trainees, paid and unpaid;
- shareholders and persons with administrative, management, control, supervisory or representative functions, even if such functions are exercised de facto;
Reports may be submitted:
- when the legal relationship is ongoing;
- during the probationary period, if the information was obtained during the selection process or other pre‑contractual stages;
- when the legal relationship has not yet begun, provided the information on violations was acquired during the selection process or other pre-contractual stages;
- after the legal relationship has ended, if the information on violations was acquired before its termination (retirees);
Are anonymous reports permitted?
Anonymous reports are allowed if they are sufficiently substantiated and are treated the same as identified reports. In that case, anti‑retaliation protections will apply only if the reporting person is subsequently identified.
Who can report?
The report may concern two types of violations, as summarized below:
Violations of national regulations
- Offenses concerning matters under Article 2, paragraph 1, letter a), numbers 3 to 6 (public procurement, public health, personal data protection, consumer protection, environment, competition and state aid….)
- Unlawful conduct relevant under Legislative Decree No. 231 of June 8, 2001 (predicate offences by way of example: unlawful receipt of public funds, fraud against the State, a public body or the European Union to obtain public disbursements, computer fraud against the State or a public body, and fraud in public procurement), or violations of the Organization and Management Model adopted pursuant to Legislative Decree 231/01 or of the Company’s Code of Ethics.
Violations of European regulations
- Offenses that fall within the scope of European Union acts in the following sectors: public procurement; financial services, products and markets and the prevention of money laundering and terrorist financing; product safety and compliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; privacy and personal data protection; and the security of networks and information systems.
- Atti od omissioni che ledono gli interessi finanziari dell’Unione (ad esempio le frodi, la corruzione e qualsiasi altra attività illegale connessa alle spese dell’Unione).
- Acts or omissions concerning the internal market (for example: violations of competition law and state aid).
- Acts or behaviors that frustrate the purpose or objectives of the provisions of Union acts (e.g. acts that undermine the principle of free competition).
What cannot be reported?
- news that are clearly unfounded, information already entirely in the public domain, as well as information obtained solely on the basis of unsubstantiated rumors or gossip (so‑called “corridor talk” or “hearsay”);
- Disputes, claims or requests connected to a personal interest of the reporting person or of the individual who has lodged a complaint with the judicial or auditing authorities, insofar as they relate exclusively to their own individual employment or public‑service relationship, or to their employment or public‑service relationship with their hierarchical superiors. Accordingly, excluded are, for example, reports concerning labour disputes and pre‑litigation stages, discrimination among colleagues, interpersonal conflicts between the reporting person and another worker or with their superiors, and reports regarding data processing carried out in the context of the individual employment relationship where no harm to the public interest or to the integrity of the public administration or private entity occurs.
- Violations already mandatorily governed by EU or national acts listed in Part II of the Annex to the Decree, or by national legislation implementing the EU acts referred to in Part II of the Annex to Directive (EU) 2019/1937, even if not expressly listed in Part II of the Annex to the Decree (for example, reports subject to Legislative Decree No. 385 of 1 September 1993 “Consolidated Law on Banking and Credit” and Legislative Decree No. 58 of 24 February 1998 “Consolidated Law on Financial Intermediation” are excluded).
- violations relating to national security, as well as contracts concerning aspects of defense or national security, unless such aspects fall within the relevant EU-derived legislation;
- issues related to goods and services provided by the Company (e.g., complaints);
What information must the report contain?
Reports must be as detailed as possible, including all information necessary for the management body to carry out the verifications and investigations required to assess their validity.
For this purpose, reporters must provide at least the following elements:
- the time and place at which the incident being reported occurred;
- a description of the incident, indicating the known circumstances (manner, time, and place);
- the identity or other information enabling the identification of the person to whom the reported facts are attributed (i.e., the reported person);
- unless the report is anonymous, the personal details of the reporting person, indicating the position or role held within the company;
- the absence of any private interests related to the report and the reporter’s good faith;
- any information or evidence (attaching relevant documents) that can provide useful corroboration of the reported facts, including the identification of any other individuals who may attest to the incidents;
- if the report is not anonymous, the identifying details of the reporter (first and last name, position, etc.); as will be further specified, these are protected by specific technical and organizational security measures to ensure the absolute confidentiality of the reporter’s identity.
In any case, where the report is not adequately substantiated, the management body may request additional information from the reporter via the Whistleblowing Portal or in person, should the reporter have requested a direct meeting.
Reports must not include excessive personal data but only the information strictly necessary to substantiate the allegation. As a rule, therefore, no special‑category data or any personal data capable of revealing health status or judicial matters should be provided.
How can reports be submitted?
The reporter may submit a report, either in writing or orally, using the following internal channels:
• Through the Whistleblowing Portal: gruppotecno.segnalazioni.netTecno S.p.A. S.B. has implemented an IT platform that allows reports to be submitted either in writing—by completing a questionnaire—or orally, via a voicemail system. The Portal will ask the reporter whether they wish to disclose their identity; in any case, they may provide their personal details later through the Portal’s messaging feature. Upon submission, the Portal will issue a unique identification code (ticket). This ticket enables the reporter—always via the Portal—to monitor the status of their report, supply additional information to better substantiate it, provide their personal data, and respond to any follow‑up questions.
• Through a direct meeting: if the reporter prefers to submit the report orally, they may request it from the Management Body via the following e‑mail address organogestorio.tecnocapital@gmail.com to schedule a meeting, which can be held either in person or through remote communication systems, while fully respecting the confidentiality requirements imposed by law. To safeguard privacy and the security of the exchange, the reporter is asked NOT to disclose any details of the allegation (such as factual circumstances, the name of the person reported or of any witnesses, etc.) at that time, but only to agree on the logistical arrangements for the meeting.
Who can provide assistance to the reporter?
The reporter may choose to turn to a trusted individual who, acting as a “Facilitator” under the applicable legislation, is granted the same protections as the reporter.
How can one review a submitted report and learn its outcome?
Upon submitting a report through the Whistleblowing Portal, the reporter will receive a code that they can use—again via the Portal—to access their report in order to monitor its progress; submit additional details to further substantiate the report; provide their personal information; and respond to any follow‑up questions.
In any case, the management body:
- issues the reporter an acknowledgment of receipt within 7 days of the date the report was received:
- It provides timely feedback on any requests submitted by the reporter through the reporting channels (the messaging system implemented on the platform).
- It provides feedback on the report within three months from the date of acknowledgment of receipt or, if no such acknowledgment was issued, from the expiry of the seven‑day period following submission of the report.
Who handles the report?
The management of the internal reporting channel is entrusted to Tecno S.r.l., which has established a dedicated internal office staffed by the Junior Controller and the Head of Compensation and Benefit of the Company.
The management body, as the recipient of the report:
- is autonomous and independent;
- ensures a fair and impartial assessment of the report received;
- respects confidentiality obligations, particularly concerning the identities of the reporter, the reported individual, and other involved parties (facilitator, family members, colleagues, witnesses, etc.);
- handles the report (assesses its admissibility and conducts an investigation into the reported facts or conduct);
- manages communications with the reporter (acknowledgments of receipt and closure of the report, and exchanges of information);
- communicates the outcome to the reporter (detailing the measures planned, taken, or to be taken in response to the report and the reasons for the decision made).
- It ensures adequate publicity of this procedure and of the other channels (external channel, public disclosure, reporting) established by Legislative Decree 24/2023, with particular regard to the prerequisites for access by the competent parties and the related procedures.
If a report is submitted to any person other than the one designated and authorized by the administration or entity, the latter shall forward it, within seven days of receipt, to the competent recipient, simultaneously notifying the reporting person of the transmission.
What protections does the reporter have?
The protection framework established by Legislative Decree No. 24/2023 comprises the following types of safeguards:
- protection of the confidentiality of the reporter, the facilitator, the person involved, and any individuals mentioned in the report;
- protection against any retaliatory measures taken by the entity in response to the report, public disclosure, or complaint made, and the conditions for its application;
- limitations of liability concerning the disclosure and dissemination of certain categories of information, which apply when specific conditions are met;
- the provision of support measures by Third Sector entities included in a specific list published by ANAC.
These protections extend, in addition to the reporter, to the following parties:
- to individuals in the same work environment as the reporter, the person who filed a complaint or who made a public disclosure, provided they are connected to them by a stable emotional or family bond up to the fourth degree;
- alle persone del medesimo contesto lavorativo della persona segnalante, di colui che ha sporto una denuncia o di colui che ha effettuato una divulgazione pubblica e che sono legate ad essi da uno stabile legame affettivo o di parentela entro il quarto grado;
- to colleagues of the reporter—or of the person who filed a complaint or made a public disclosure—who work in the same environment and maintain a regular, ongoing relationship with that person.
- to entities owned by the reporting person or for which they work, as well as to entities operating in the same work context as those individuals.
Waivers and settlements, whether total or partial, concerning the rights and protections provided by the decree are invalid, unless they are concluded in the protected forums referred to in Article 2113, paragraph 4 of the Civil Code.
How is the reporter’s confidentiality protected?
The Company guarantees the confidentiality of the reporter’s identity from the moment the report is received, in full compliance with legal requirements. To this end, the reporter’s personal identifying data are not directly visible within the report and are stored so as to be accessible only to the body responsible for handling reports. The Company implements all technical and organizational safeguards mandated by law to protect the reporter’s identity, ensuring it is not disclosed to third parties without the reporter’s explicit consent, except in cases of malicious or defamatory reports. Such measures include obscuring personal data—not only of the reporter but also of other individuals whose identities must remain confidential under Legislative Decree 24/2023 (the facilitator, the reported person, and any other persons mentioned)—whenever, for investigative purposes, others must be made aware of the report’s content and/or attached documentation.
When may the reporter’s identity be disclosed?
In the event of disciplinary proceedings, the reporter’s identity may not be disclosed where the disciplinary charge is based on findings that are separate and additional to the report, even if they stem from it; the reporter’s identity may be revealed only where:
- the disciplinary allegation is based, in whole or in part, on the report itself, and knowing the reporter’s identity is absolutely essential for the defense of the accused;
- the reporter has given their consent.
In such cases, the Company will ensure that the reporter is informed in advance, in writing, of the reasons for disclosing their identity.
Under what circumstances is the reporter’s protection not guaranteed?
No retaliation or discrimination, whether direct or indirect, may be taken against anyone who has made a report in good faith, irrespective of whether the report ultimately proves to be well‑founded or not.
Sanctions are provided against those who violate the reporter’s protection and confidentiality measures.
Protections for the reporter are not guaranteed in cases of reports made with intent to deceive (dolo) or gross negligence, or that turn out to be false, unfounded, defamatory, or otherwise made solely to harm the Company, the person reported, or other parties concerned. Sanctions may be imposed on the reporter—if they can be identified—for reports made with intent to deceive or gross negligence, or that prove to be false, unfounded, defamatory, or intended solely to cause harm.
The Company may also undertake appropriate initiatives, including legal action.
When and how can a report be submitted to ANAC?
The Authority responsible for managing the external channel is ANAC. A report may be submitted to the Authority when any of the following conditions apply:
- Within the workplace context, the mandatory internal reporting channel is either not provided, or, even if established, is not operational, or, if operational, does not comply with the requirements of Article 4 of Decree 24/2023.
- Within the employment context, the mandatory internal reporting channel is either not provided, or—even if required—it is not active, or, even if activated, does not comply with the requirements of Article 4 of Decree 24/2023.
- The reporting person has reasonable grounds to believe that, if they were to make an internal report, it would not be effectively acted upon, or that the report itself could expose them to a risk of retaliation;
- The reporting person has reasonable grounds to believe that the violation may pose an imminent or manifest danger to the public interest.
