Privacy Policy

Privacy policy

Pursuant to the articles 13 and 14 of Regulation (EU) 2016/679

In compliance with the provisions of Articles 13 and 14 of the European Regulation (EU) 2016/679 (General Regulation on the protection of natural persons with regard to the processing of personal data, hereinafter ‘Regulation’) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, we inform you that the personal data provided or otherwise acquired during the reporting will be processed in accordance with the current legislation and the principles of fairness, based on the conditions of lawfulness provided by Article 6 of the Regulation, transparency, and protection of privacy as provided therein.

The following information are provided for the sake of transparency towards the subject who proceeds with the report (whistleblower) and the individuals involved or mentioned in the report, to inform them of the terms and methods of data processing, including the exercise of related rights and the relative limits to the exercise of the same in light of the provisions of Legislative Decree 24/2023 and Legislative Decree 231/2001.

Owner of the processing of personal data

Owner of the processing of personal data (hereinafter ‘Data Controller’) pursuant to Article 26 of the Regulation, is:

TIV Terminal Intermodale Venezia S.p.a., with registered office at Porto Commerciale - MOLO A, 30175 Marghera (VE) (hereinafter “TIV”),

who, within the scope of their prerogatives, may make use of the collaboration of Data Processors and/or designated subjects, expressly appointed, pursuant to article 2-quaterdecies of Legislative Decree 196/2003.

Purpose of the processing of personal data

The data provided to the Data Controller is collected and processed for purposes strictly related to the management of reports of unlawful conduct, concerning activities and/or behaviors that differ from the procedures implemented by TIV. These particularly concern facts and behaviors that constitute, even potentially, a violation of national or European Union regulations that harm the public interest or the integrity of the Data Controller, company policies and procedures, the Code of Ethics of the Organization, Management and Control Model adopted by the Data Controller pursuant to Legislative Decree no. 231/2001, of which the whistleblower has become aware in a public or private work context. More generally, it also includes violations of professional conduct rules and/or ethical principles referred to by current legislation and/or unlawful or fraudulent behaviors attributable to employees, members of corporate bodies, or third parties (customers, suppliers, consultants, collaborators, etc.).

Methods of collecting your Personal Data

The data can be provided by the whistleblower at the time of the transmission of the report through the dedicated channels, or acquired during the necessary investigative activities for the purpose of verifying and investigating the facts subject to the report.

Legal bases of processing

Pursuant to Article 6, paragraph 1, letter b of the Regulation, the legal basis for processing resides in the fulfillment of a legal obligation to which the Data Controller is subject, particularly with reference to the provisions contained in Legislative Decree 24/2023 and Legislative Decree 231/2001, as well as on the basis of the legitimate interest of the same in the pursuit of defensive purposes, internal control, and monitoring of corporate risks arising from the receipt of reports.

In case of an oral report, the explicit consent of the whistleblower will be requested in order to allow the audio recording.

It is specified that the aforementioned consent and any other consent required - as per this information - for the purpose of managing the reporting procedure may be revoked by writing to [email protected], within the limits allowed by applicable law. In particular, the request for revocation will be subject to evaluation by the appointed bodies in order to balance the need to protect the rights of individuals in the field of privacy with the need to counteract and prevent violations of the rules of good corporate management or the applicable regulations in the matter. The revocation of consent does not affect, in any case, the lawfulness of the processing carried out up to that moment.

Should the content of the report fall outside the scope of the requested legislation, the relevant data will be processed by the Data Controller only in the presence of a legal obligation and/or a legitimate interest in protection and/or exercise in the competent forums of their legal reasons.

Type of data processed

The personal data subject to processing are provided by the whistleblower through the reporting channels established by the Data Controller.

The processed data may include:

I. personal information and contact details (e.g., name, surname, telephone number, hierarchical level, business area of affiliation, etc.);

II. data that the whistleblower has intended to provide to represent the facts described in the report. It is specified that in this case the Data Controller is not able to determine in advance the data subject to the report, which may therefore also include special categories of data or data relating to criminal convictions and offenses;

III. information possibly acquired during the necessary investigative activities for the purpose of verifying and investigating the facts subject to the report.

In the event that, during the management of the report, personal data manifestly not useful are accidentally acquired, they will be immediately deleted in accordance with the provisions of Article 13, paragraph 2, of Legislative Decree 24/2023.

Processing of third party data

Pursuant to art. 14 of the GDPR, the Data Controller provides the following further information with reference to the processing of personal data of the people involved and of the people mentioned in the report for the purposes indicated above, in the context of the fulfillment of obligations imposed by the applicable regulatory provisions, specifying that the data of the people involved and of the people mentioned in the report may fall into the same categories indicated above.

Confidentiality and protection of the reporter and the people involved

The Data Controller guarantees the confidentiality of the identity of the reporting person, of the person involved and of the person mentioned in the report, as well as the content of the report and the related documentation.

With the exception of cases in which the criminal liability of the reporting person for the crimes of defamation or slander or in any case for the same crimes committed with the report to the judicial or accounting authority or his liability is ascertained, even with a first degree sentence civil, for the same reason, in cases of fraud or gross negligence, and without prejudice to the other exceptions provided by law (for example, obligation to communicate to the competent authorities), the identity of the person reporting will be protected from the moment the report is received and in each subsequent phase, in compliance with the current provisions of the legislation on privacy.

Therefore, and without prejudice to the aforementioned exceptions, pursuant to art. 12 paragraph 2 of the Legislative Decree. 24/2023, the identity of the reporter and any other information from which such identity can be deduced, directly or indirectly, cannot be revealed, without the express consent of the reporter himself, to people other than those competent to receive or follow up on the reports .

Furthermore, the express consent of the reporter will be acquired in the event that it is necessary to reveal his identity, pursuant to art. 12 paragraphs 5 and 6 of the Legislative Decree. 24/2023, in order to allow the defense of the accused in a disciplinary proceeding that is based only on the report and in which knowledge of the identity of the whistleblower is essential for the defense of the person involved.

Treatment methods

The data will be processed by the staff and collaborators of the Data Controller or by the subjects expressly appointed as Data Processors, with the aid of IT, telematic and/or paper tools, according to logic strictly related to the purposes indicated above and in any case adopting procedures and suitable measures to protect its security and confidentiality.

Data retention time

The reports and the documentation relating to their management will be kept for a maximum period of five years from the date of communication of the final outcome of the reporting procedure, except for further conservation in the event of judicial proceedings or requests from the Authorities or the initiation of disputes or for the different legal deadline. With reference, however, to reports relating to cases not covered by Legislative Decree 24/2023, the data will be retained for as long as is strictly necessary to pursue the purposes for which they were collected and in compliance with the provisions of the protection provisions. of the rights of the interested parties and in compliance with the limitation periods established by law.

Scope of transfers and dissemination of personal data

Personal data will be processed only by persons authorized to process, pursuant to art. 2-quaterdecies of Legislative Decree no. 196/2003 and subsequent amendments, to which adequate instructions have been expressly given by the Data Controller regarding the need to guarantee the protection of the personal data of the subjects involved in the reports.

Personal data may be processed by suppliers of services instrumental to the pursuit of the aforementioned purposes. These subjects, if the conditions are met, will be appointed as data controllers, pursuant to art. 28 of the GDPR.

Furthermore, personal data may be processed for the activation of judicial and/or disciplinary protection connected to the report, or communicated to the competent authorities in the presence of violations of the applicable regulations, as well as be transmitted in response to a binding order from the same authorities.

All those who receive and/or will be involved in the management of reports are required to protect the confidentiality of such information. Violation of the obligation of confidentiality is a source of disciplinary responsibility, without prejudice to other forms of responsibility provided for by law.

The updated and complete list of Managers is available from the Owner and can in any case be requested at the addresses indicated below.

The data being processed are not transferred outside the European Economic Area.

Rights of interested parties

The interested party has the right, at any time and within the limits of the provisions of the art. 2-undecies of Legislative Decree 196/2003, to exercise the rights referred to in the art. 15 and following of the Regulation and obtain:

‒ a copy of the personal data being processed, where this does not harm the rights and freedoms of others;

‒ rectification;

‒ cancellation;

‒ the revocation of any consent provided;

‒ the limitation of the processing of the data in the cases provided for by the art. 18 of the GDPR, to obtain the portability of the data concerning you in the cases provided for by the art. 20 of the GDPR, as well as lodge a complaint with the competent supervisory authority pursuant to article 77 of the GDPR (Guarantor for the Protection of Personal Data).

Interested parties who believe that the processing of personal data relating to them carried out through this service occurs in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as provided for by the art. 77 of the Regulation itself, or to take action in the appropriate judicial offices pursuant to art. 79 of the Regulation.

To this end, the interested party may use the contact details indicated in paragraphs 9 and 10 below.

Exercise of rights

You can use the contact details indicated above to access the updated list of our Data Processors, of the subjects to whom the data are communicated and to exercise the rights provided for in the art. from 15 to 22 of the Regulation. The interested party must address his written request to the attention, in one of the following ways:

• By email to the appropriate address: [email protected]

• By registered letter to the following address: Commercial Port - MOLO A, 30175 Marghera (VE)

Terminal Intermodale Venezia

Navigare in un mondo che cambia

offrendo e fornendo il meglio della conoscenza e dell'esperienza.