Whistleblowing Privacy Policy

Information on the Processing of Personal Data

For users who consult the websites of OpenEconomics S.r.l. pursuant to Article 13 of Regulation (EU) 2016/679
Last updated: 11 October 2024

1. Subject

The data collected within the scope of the Whistleblowing Reporting Procedure are processed by the Supervisory Body of OPENECONOMICS S.r.l. in compliance with Regulation (EU) 2016/679 (hereinafter the “Regulation”) on the protection of personal data, through the “Reports” section available on the website https://www.openeconomics.eu/.

2. Data Controller

The Data Controller is OPENECONOMICS S.r.l., with registered office in Rome (RM), Via Vitorchiano no. 123, tel. +39 06 8414537, reachable at the email address mail@openeconomics.eu and certified email (PEC) openeconomicssrl@legalmail.it

3. Categories of Personal Data Processed

For the purposes set out in Article 5.4 below, the Data Controller processes the information voluntarily provided at the time of submitting a report.
In particular, the processed data include:

- First name;
- Last name;Company;
- Contact details (email address – telephone number);
- Content of the report.

4. Purpose of the Processing

Any personal data collected through whistleblowing reports will be processed:

- for purposes related to compliance with the obligations arising from Legislative Decree no. 24/2023 and within the limits set out in this procedure, with or without the use of electronic means, in accordance with Regulation (EU) 2016/679 (GDPR) and Legislative Decree no. 196/2003, insofar as still applicable;

- exclusively by authorised personnel of the Data Controller, through the corporate function/body responsible for examining and managing the report, using electronic and/or physical systems, in accordance with the principles of lawfulness, fairness and transparency set out in the applicable data protection legislation, and ensuring the confidentiality of the data subject through appropriate technical and organisational security measures to guarantee an adequate level of security;

- the submitted data will be disclosed exclusively to the Control Bodies of OPENECONOMICS S.r.l., as identified in the relevant procedures, to their auxiliaries and, where necessary, to the competent authorities, and will not be disseminated;

- the provision of personal data is voluntary. Failure to provide such data will result in the report being classified as anonymous and therefore assessed only if adequately detailed and supported by factual elements.

5. Legal Basis for the Processing

The processing is necessary where a report is submitted pursuant to Legislative Decree no. 24/2023 and the “Whistleblowing Procedure” of OPENECONOMICS S.r.l.The processing of such data does not require the data subject’s specific consent, as it is carried out in compliance with legal obligations.

6. Processing Methods and Data Retention

Processing activities, including those related to the web services of the website hosting the reporting channel, take place within the European Union. Personal data are processed using paper-based and electronic tools, but not through automated processing.
Specific security measures are adopted to prevent data loss, unlawful or improper use, and unauthorised access.

Personal data will not be subject to automated decision-making processes, including profiling.

7. Recipients or Categories of Recipients of Personal Data. Transfer of Data to Third Countries

The processed data, except for communications to entities legally entitled to request them, such as Judicial Authorities and/or Public Security Authorities, will not be disseminated, communicated to third parties, or transferred outside the European Union, unless expressly provided for by applicable law.


8. Data Retention Period or Criteria Used to Determine Such Period

Personal data will be retained for a period no longer than necessary to fulfil the purposes for which they were collected and processed, in accordance with applicable legislation, namely for the time required to ascertain the alleged violation and to conclude the related proceedings.

Specifically, unless otherwise required under the GDPR, personal data will be retained for a maximum period of five (5) years from the last request for information received through the “Online Reports” section.

9. Rights of the Data Subject

 Subject to the limitations provided for under whistleblowing legislation, the data subject has the right to exercise all rights granted under Chapter III of Regulation (EU) 2016/679 by contacting the Data Controller at the details provided above.

The rights guaranteed under the GDPR include:

- right of access;
- right to rectification;
- right to object to processing carried out for commercial purposes or based exclusively on automated processing;
- right to erasure;
- right to restriction of processing;
- right to data portability;
- right to lodge a complaint with the Data Protection Authority.

10. Contact Details and Exercise of Rights

For any matters relating to the processing of personal data or to exercise the rights granted by law, the data subject may contact the Data Controller, specifying the request and providing all information necessary to identify the applicant, by calling +39 06 8414537 or by emailing privacy@openeconomics.eu. The Data Controller will respond within 30 days. If a response cannot be provided within this timeframe, the Data Controller will inform the data subject of the reasons for the delay.
The exercise of rights is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, including repetitive requests, the Data Controller may charge a reasonable fee based on the administrative costs incurred or refuse to act on the request.
If the data subject believes that the processing of their personal data is not compliant with the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), headquartered at Piazza Venezia no. 11, 00187 Rome, following the procedures and instructions available on the website www.garanteprivacy.it.

11. Updates

This privacy notice may be amended and/or supplemented with additional information, also in consideration of legislative changes or measures adopted by the European Commission or the Data Protection Authority.

EXPLORE
HomeWhat we offerWho we areContact UsInsight WallFAQs
PRODUCTS
SonarExternalytics
COMPLIANCE & POLICY
Organization and management model (ex D.Lgs. 231/01)Code of ethicsWhistleblowingInformation notice for candidatesGender equality policyQuality and information security policySustainability reportIntegrated Policy on Environmental, Occupational Health and Psychosocial Safety
QUALITY & RESPONSABILITY
Social Responsibility Policy SA8000 – 2014
ISO 9001:2015 : 39508/20/S
ISO 14001:2015 : EMS-9855/S
ISO 45001:2018 : OHS-5304ISO 27001:2022ISO 45003:2021 OHS-P-2/25UNI/PdR 125:2022
Legality Rating
TALK TO AN EXPERT
Enabling adaptation. Empowering impact.
With platforms, strategy, and trust.
Via Vitorchiano, 123
00189 Roma (RM)

+39 068414537
Via J. F. Kennedy, 57/59
87036 Rende (CS)

+39 0984302539
Via Nino Bixio, 7
20129 Milano (MI)
© 2025 OpenEconomics |  VAT 12504821005
Privacy PolicyCookie Policy
Termini e Condizioni
IT
EN