WHISTLEBLOWING POLICY
Certiquality (CQY for short) encourages its employees, collaborators, suppliers, customers and stakeholders in general to report, in good faith, any behavior - commission or omission - carried out within the Company or in relations with it, which violates (or leads to a violation of) applicable regulations, its values, policies and procedures, or which may cause economic or reputational damage to CQY itself.
In managing reports, CQY undertakes to respect the principles of confidentiality, impartiality and proportionality, to recognize the good faith of the whistleblowers and to guarantee their anonymity.
CQY does not accept any form of threat, retaliation or discrimination - actual or attempted - against the subjects involved in the reports.
CQY adopts a process for receiving, analyzing and processing reports (even anonymous) which complies with the regulatory changes introduced by the Legislative Decree. 10 March 2023, n. 24 implementing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019, concerning the protection of persons reporting breaches of Union law and containing provisions concerning the protection of persons reporting breaches of national regulatory provisions (so-called “Whistleblowing Decree”) and the Guidelines approved by ANAC( Italian Anti-corruption Authotity) with Resolution no. 311 of 12 July 2023, published on 25 July 2023.
The reporting management process is described in a specific procedure which is an integral part of the Organisation, Management and Control Model of CQY pursuant to Legislative Decree. n. 231/2001.
Recipients of the reports can be
- company top management;
- employees;
- those who, although not falling within the category of employees, work for CQY
- partners, customers, suppliers, consultants, collaborators, company partners;
- anyone, in any capacity, has a relationship of interest with CQY, even in the absence of an employment relationship or any other legal relationship with the company.
Reporters can be:
- CQY employed workers;
- self-employed workers, as well as those with a collaborative relationship who carry out their work at CQY;
- collaborators, suppliers, subcontractors and employees of these, who operate with/for CQY;
- freelancers and consultants who work at CQY;
- paid and unpaid trainees who work at CQY;
- partners and people with administrative, management, control, supervisory or representation functions, even if these functions are exercised merely de facto;
Reporting subject:
Information on violations, including well-founded suspicions, of the European Union legislation indicated in Annex 1 to Legislative Decree no. 24/2023 and national provisions, relating to the following sectors:
a) public procurement;
b) financial services, products and markets and prevention of money laundering and terrorist financing;
c) product safety and conformity;
d) transport safety;
e) environmental protection;
f) radiation protection and nuclear safety;
g) food and feed safety and animal health and welfare;
h) public health;
i) consumer protection;
j) protection of privacy and protection of personal data and security of networks and information systems.
Acts or omissions detrimental to the financial interests of the EU, as identified in EU regulations, directives, decisions, recommendations and opinions (e.g. fraud, corruption and any other illegal activity related to Union expenditure);
Acts or omissions concerning the internal market, which compromise the free movement of goods, people, services and capital. This includes infringements of EU competition and state aid rules, corporate tax rules and schemes the aim of which is to obtain a tax advantage which defeats the object or purpose of the applicable corporate tax law ;
Acts or behaviors that frustrate the object or purpose of the provisions of the European Union in the sectors indicated in the previous points (including, for example, abusive practices defined by the Court of Justice of the EU, including operating on the market in dominant position).
Since CQY has adopted MOG 231, violations relating to behaviours, acts or omissions which harm the public interest or the integrity of the entity may also be reported and consist of:
Illegal conduct relevant pursuant to Legislative Decree no. 231/2001;
Acts or behaviors in violation of the provisions of the art. 26 Equal Opportunities Code and any unlawful conduct attributable to harassment in the workplace
Violations of MOG 231, of the internal procedures adopted by CQY, as well as violations of the principles and/or rules of conduct indicated in the Code of Ethics.
Reporting methods
For sending and managing reports, CQY implements a dedicated IT platform, which constitutes a preferential channel for sending reports.
The report can also be submitted by letter, to the attention of the Organismo di Vigilanza appointed pursuant to Legislative Decree no. 231/2001, sent to Certiquality Srl Via G. Giardino 4 20122 Milan, C.A. President of the Organismo di Vigilanza, by adopting the following procedure.
It is necessary for the report to be inserted in two closed envelopes: the first with the reporting person's identification data together with a photocopy of the identification document; the second with the report, in order to separate the reporting person's identification data from the report. Both must then be inserted into a third sealed envelope bearing the words "confidential" on the outside for the manager of the report at the address indicated above. The report is then subject to confidential registration, also through an independent register, by the manager.
Confidentiality
All subjects involved in the Whistleblowing Process have the obligation to guarantee the confidentiality of the identity of the whistleblower and of the information received, as well as of any other element of the report from the disclosure of which the identity of the whistleblower can be deduced directly or indirectly.
The identity of the reporting person and any other information from which such identity can be deduced directly or indirectly cannot be revealed without the express consent of the same reporting person to persons other than those competent to receive or follow up on the reports, expressly authorized to process such reports. data based on current legislation.
The identity of the whistleblower is protected both during the acquisition of the report and in any subsequent context, even when the report is made orally.
Report management
CQY has identified in the Organismo di Vigilanza the figure responsible for receiving and managing reports, suitable for covering the role due to his professional skills. The SB, an external entity to the company, possesses, in fact, the autonomy requirements required by the legislation, understood as impartiality and independence, and is considered suitable to guarantee an adequate level of protection of confidentiality pursuant to Legislative Decree. 24/2023.
The SB acts as an interlocutor for the reporting party who is required to:
- issue the reporting party with a notice of receipt of the report within 7 days from the date of receipt;
- maintain discussions with the reporting party and, where necessary, request additions;
- follow up correctly on the reports received;
- provide feedback to the reporting person within 3 months of the acknowledgment of receipt or, in the absence of such acknowledgment, within 3 months of the expiry of the 7-day deadline from the submission of the report;
- in the event of a request for a meeting by the reporting party, to meet the party itself as quickly as possible and within the limits of the company organisation.
The ODV is not responsible for any assessment regarding individual responsibilities and any subsequent consequent measures or proceedings; if the investigations lead to the belief that a disciplinary sanction is necessary against the person reported, the ODV informs the competent function in CQY so that it can evaluate the most appropriate measure, to be applied in compliance with labor regulations and collective labor agreements applied by the Company.
