Whistleblowing (literally “blowing the whistle”) indicates the action of reporting abuse and is regulated by the law 179/2017. The main objective is to boost workers' motivation in order to promote the reporting of corruption in public and private bodies, with the provision for systems that allow workers to safely report any abuse they may become aware of. In this regard, SMI, Smigroup, Smilab and Smipack provide an online platform that can be accessed by employees, internal and external collaborators and that is specifically devoted to reports.
The Whistleblowing Portal is accessible directly from the Internet and is subject to no-log policy in order to prevent identification of the reporting individuals who want to remain anonymous. Inside it, a questionnaire shall be filled in, which allows to provide detailed information. Furthermore, it is possible to attach documents supporting the completeness and accuracy of the report. After sending the questionnaire, reporting individuals will receive a code that must be kept in order to access the portal and check the reporting status.
As an alternative to online platform, abuse can be reported by paper mail to the Whistleblowing office of the company.
The European Regulation 679/2016 (GDPR) on the protection of personal data has been fully applicable since May 25th, 2018. This is an important goal, because it lays down rules relating to the processing of personal data for all Countries within the Union. Every company of the SMI Group planned a series of activities, assets or operational modes to comply with the regulation and put into practice the protection of personal data. Here is a list of actions taken to comply with the European Regulation and our policy on personal data processing.
Lawfulness of processing All activities relating to personal data processing shall be lawful (consent, contract obligations, vital interests of the data subject or of third parties, compliance with legal obligations to which the controller is subject, public interest or exercise of official authority, legitimate interest pursued by the controller or by third parties).
Information document The information statement has been improved and updated to the new regulations (art. 13 and 14 GDPR).
Rights of the data subjects (right of access, right to erasure-right to be forgotten, right to restriction of processing, right to object, right to data portability) Technical and organization measures have been adopted to ensure the data subject's exercise of his rights and to meet the data subject requirements.
Controllers, processors Based on the new principle of “accountability”, SMI Group organization was re-defined, in order to proactively ensure integral compliance with the Regulation. Redefinition of the role of data processors and service suppliers whose activity implies personal data processing.
Risk of data processing; accountability measures taken by controllers and processors (Impact assessment, record of processing activities, security of processing, data breach) The “Conformity document”, including records of data processing activity, plans, adopts and demonstrates all technical and organizational measures taken to adequately perform the data processing activities and specifies the necessary procedures to be adopted to notify data breach.
Transfer of personal data to international organizations Smi Group adheres to the general principles and guarantees concerning the transfer of personal data to third Countries.
The Controller is: SMI S.p.A. Head office: Via Carlo Ceresa, 10 - 24015 San Giovanni Bianco (BG) - ITALIA VAT nr: IT03942700166 - R.E.A. 421708 For further information, write to: firstname.lastname@example.org
According to the European Regulation 679/2016, the data subject is entitled to exercise the rights set forth in the Regulation. The integral version of art. 15; 16; 17; 18; 20; 21; 77 of the European Regulation is attached to this document.
SMI S.p.A. Sede amministrativa: Via Carlo Ceresa, 10 - 24015 San Giovanni Bianco (BG) - ITALIA Sede legale: Via Monte Grappa, 7 - 24121 Bergamo (BG) - ITALIA C.F. e P. IVA IT03942700166 - R.E.A. 421708 Capitale Sociale Euro 5.000.000 i.v.