Whistleblowing Privacy Policy

Information on the processing of personal data (pursuant to Article 13 of Regulation (EU) 2016/679)

Last updated: 17 March 2026

1 Purpose
The data collected within the framework of PR 01 “Whistleblowing Procedure” are processed by OPENECONOMICS S.r.l. in compliance with Regulation (EU) 2016/679 (hereinafter the “Regulation”) on the protection of personal data.

2 Data Controller
The Data Controller is OPENECONOMICS S.r.l., with registered office in Rome (RM), Via Vitorchiano no. 123, tel. +39 06 8414537, reachable at the email address mail@openeconomics.eu
and certified email (PEC) openeconomicssrl@legalmail.it.

3 Categories of data processed
For the purposes described in Article 5.4 below, the Data Controller processes information voluntarily provided at the time of the report.
In particular, the following information may be processed:

- first name;
- last name;
- company;contact details (email – phone number);
- content of the report.

4 Purpose of processing
Any personal data acquired through reports will be processed:

- for purposes related to compliance with obligations arising from Legislative Decree no. 24/2023 and within the limits of this procedure, with or without the use of electronic means and in compliance with the provisions of Regulation (EU) 679/2016 (GDPR) and Legislative Decree no. 196/2003, where still applicable;
- exclusively by authorised personnel of the Data Controller through the relevant corporate function/body responsible for examining and managing the report, using electronic and/or paper-based systems, in accordance with the principles of fairness, lawfulness and transparency provided for by applicable data protection legislation, ensuring the confidentiality of the data subject through appropriate technical and organisational security measures;
- the data provided will be communicated exclusively to the Supervisory Bodies of OPENECONOMICS S.r.l., as identified in PR 01 “Whistleblowing Procedure”, to its assistants and, where necessary, to the competent authorities, and will not be disclosed;
- the provision of personal data is optional; failure to provide such data will result in the report being treated as anonymous and therefore considered only if adequately substantiated and supported by factual elements.

5 Legal basis for processing
Processing is necessary where a report is submitted pursuant to Legislative Decree no. 24/2023 and PR 01 “Whistleblowing Procedure” of OPENECONOMICS S.r.l.

Such processing does not require any additional specific consent from the data subjects, as it is carried out in compliance with legal obligations.

6 Methods of processing and data retention
Processing, including that related to web services of the website where the reporting channel is available, takes place within the European Union.

Personal data are processed using both paper-based and electronic means, but not through automated decision-making processes.

Specific security measures are adopted to prevent data loss, unlawful or improper use, and unauthorised access.

Personal data will not be subject to any automated decision-making process, including profiling.

7 Recipients or categories of recipients of personal data. Transfer of data to third countries
The data processed, except where disclosure is required by authorised entities such as judicial or public security authorities, will not be disclosed or communicated to third parties, nor transferred outside the European Union, unless expressly required by applicable law.

8 Data retention period or criteria used to determine such period
Personal data will be retained for a period not exceeding that necessary for the purposes for which they were collected and processed in accordance with applicable law, namely for the time required to ascertain the alleged violation and conclude the relevant procedure.

Specifically, unless otherwise required under the GDPR, personal data will be retained for a maximum period of 5 years from the last request for information received through the “Whistleblowing” section available online on the Data Controller’s website.

9 Data subject’s rights
The data subject, subject to the limitations provided for by whistleblowing legislation, has the right to exercise all rights granted under Chapter III of Regulation (EU) 2016/679 by contacting the Data Controller using the contact details indicated above, also to request information or clarification.

The Regulation grants the following rights:

- right of access;
- right to rectification;
- right to object to processing for marketing purposes or based solely on automated decision-making;
- right to erasure;
- right to restriction of processing;
- right to data portability;
- right to lodge a complaint with the Data Protection Authority.

10 Contact details and exercise of rights
If the data subject, for any matters relating to the processing of personal data, wishes to exercise their rights, they may submit a request—providing all necessary information to identify themselves—by contacting the Data Controller at +39 06 8414537 or via email at privacy@openeconomics.eu.

The Data Controller will respond within 30 days. If unable to do so within this period, the reasons for the delay will be communicated.

The exercise of rights is free of charge pursuant to Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, particularly due to their repetitive nature, the Data Controller may charge a reasonable fee or refuse to act on the request.

Furthermore, if the data subject considers that the processing of their personal data does not comply with the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), based in Piazza Venezia no. 11, 00187 – Rome, following the procedures available at www.garanteprivacy.it.

11 Updates
This privacy notice may be amended and/or supplemented with additional information, also in light of regulatory changes or decisions issued by the European Commission or the Data Protection Authority.

EXPLORE
HomeWhat we offerWho we areContact UsInsight WallFAQs
PRODUCTS
SonarExternalytics
COMPLIANCE & POLICY
Organization and management model (ex D.Lgs. 231/01)Code of ethicsWhistleblowingInformation notice for candidatesGender equality policyQuality and information security policySustainability reportIntegrated Policy on Environmental, Occupational Health and Psychosocial SafetyAnti-Corruption Policy
QUALITY & RESPONSABILITY
Social Responsibility Policy SA8000 – 2014
ISO 9001:2015 : 39508/20/S
ISO 14001:2015 : EMS-9855/S
ISO 45001:2018 : OHS-5304ISO 27001:2022ISO 45003:2021 OHS-P-2/25UNI/PdR 125:2022
Legality Rating
TALK TO AN EXPERT
Enabling adaptation. Empowering impact.
With platforms, strategy, and trust.
Via Vitorchiano, 123
00189 Roma (RM)

+39 068414537
Via J. F. Kennedy, 57/59
87036 Rende (CS)

+39 0984302539
Via Nino Bixio, 7
20129 Milano (MI)
t33 OFFICE
Via Calatafimi, 1
60121,Ancona (AN)
+39 0719715460
© 2025 OpenEconomics |  VAT 12504821005
Privacy PolicyCookie Policy
Termini e Condizioni
IT
EN