1. SUMMARY AND PURPOSE
The purpose of this Policy (the “Policy”) is to describe and regulate the organizational aspects and operational processes related to reports of misconducts and violations, as more fully described below, of which Business Integration Partners S.p.A. or other Group Companies (hereinafter also only “BIP” or the “Group”) whistleblowers become aware.
2. SCOPE OF APPLICATION
The procedure is issued by Business Integration Partners S.p.A., which, as the Parent Company, promotes its adoption by its Subsidiaries, which shall: (i) adopt the procedure, including through the drafting of a local version, taking into account applicable regulations, laws and, in general, local regulations, its own operations and organizational structure, and (ii) promote its adoption, if necessary, also by its own Subsidiaries.
The following are the main references relevant to the Policy:
Business Integration Partners S.p.A. – Parent Company. Bip Services S.r.l. – subsidiary Company of Business Integration Partners S.p.A. Subjects related to the whistleblower – all subjects under the same protection regime as the whistleblower, such as facilitators, those who help the whistleblower during the reporting process and whose activities must remain confidential, third parties connected with the whistleblower (such as colleagues and/or family members), and finally to legal subjects related to the whistleblower. BIP Group – all subsidiaries of Business Integration Partners S.p.A. and other Group Companies. Platform – computerized tool used as a reporting channel capable of guaranteeing the confidentiality of the identity of whistleblowers. Receiver – a person who receives the report and designated to handle it.
Whistleblower – subject who may proceed with a report by virtue of his / her relationship (present or past) with the Company or the BIP Group.
Reported person – subject of the report and whose conduct/act is being challenged.
Report – communication concerning facts related to illegal conduct or irregularities, violations of the Company’s Control System, corrupt actions, circumstances or conduct, violations of national and international laws or regulations, violations of company procedures and provisions in general.
Subsidiaries – companies in which Business Integration Partners S.p.A. has control (for Italy, pursuant to Article 2359, paragraphs 1 and 2 of the Civil Code).
For companies located on the Italian territory: Supervisory Board – independent supervisory and control body established pursuant to Legislative Decree 231/2001 (applicable only to Italian companies which approved a Model 231) (hereinafter also only “SB“). ANAC – National Anticorruption Authority (located in Italy), i.e., independent administrative authority for the prevention of corruption in all areas of administrative activity.
5. GENERAL PRINCIPLES
The recipients of this document (Whistleblowers, facilitators, reporting recipients, other parties involved in the management of reports, or any party who receives a report even through other channels not provided for in this document), depending on (and within the scope of) the specific competencies assigned by the Policy, must:
6. MODES OF OPERATION
6.1.1 Object of Reports
Reports may concern:
Reports may not relate to information already in the public domain, or to the Whistleblower’s personal complaints or grievances related to the employment relationship. Reports may relate to:
Whistleblowers may be:
6.1.3 Reporting characteristics
The report must contain elements that are useful to enable the persons in charge of their examination and evaluation to carry out the appropriate checks and verifications as to the merits of the facts and circumstances that are the subject of the report. The report must substantiate the facts reported, indicating the time and place of commission/omission, the author or, if more than one, the authors of the facts themselves as well as any documents proving the same.
The Whistleblower may at any time supplement, rectify or complete the report made or add further evidence, including documentary evidence, in the same manner in which he/she made the report.
6.1.4 Mode of reporting
Reporting can be done anonymously or non-anonymously through the channels described below.
NB: Please note that the reporting channel must be identified by considering the company to which the reported person belongs, to identify the correct Receiver who will have to handle the report.
a. Reporting via Platform
Digitally (both written and oral) through a dedicated Platform, which the Whistleblower can access through the following links:
Business Integration Partners S.p.A.
Bip Services S.r.l.
Vidiemme Consulting S.r.l.
Sketchin Italia S.r.l.
Bip Consulting Iberia, S.L.
NB: To optimize and specialize the work on the reports under review, as required by local regulations, the Italian companies Bip Services S.r.l., Vidiemme Consulting S.r.l., Sketchin Italia S.r.l. and Openknowledge S.r.l. share the reporting channel. By using a single platform and common IT systems for the management of reports, the companies involved act as Co-Processors of the Processing of Personal Data and therefore agree to draft a “Co- Processing Agreement” that will be made available on the intranet and website. In particular, the agreement identifies and details their respective responsibilities regarding compliance with their obligations under current legislation regarding the processing of personal data, with specific reference to the provisions of Article 26 of the GDPR.
The companies involved guarantee that each company, by means of its Receiver, will be able to access only the reports pertaining to it taking also into account the allocation of the relevant responsibility. Therefore, technical and organizational measures have been taken to ensure that each Receiver has access only to the reports for which it is responsible. In fact, each company involved is individually responsible for prosecuting and sanctioning violations committed by employees of that company.
Depending on the reporting company, the Receivers are specified below:
|Business Integration Partners S.p.A.
|Supervisory Board of Business Integration Partners S.p.A.
|Bip Services S.r.l.
|Supervisory Board of Bip Services S.r.l.
|Vidiemme Consulting S.r.l.
|Supervisory Board of Vidiemme Consulting S.r.l.
|Sketchin Italia S.r.l.
|Supervisory Board of Sketchin Italia S.r.l.
|Supervisory Board of Openknowledge S.r.l.
|Bip Consulting Iberia, S.L.
|Other Group companies
|Internal Audit Director
While entering the report data, the Whistleblower must specify whether the report concerns facts or actions carried out by the Receiver of the chosen channel. If the report concerns the Receivers indicated above, the report will be automatically routed through the platform to the Group General Counsel (except for Bip Consulting Iberia for which the report will be automatically routed to the CEO).
In the case of reports concerning Italian companies, if the Whistleblower believes that this modality may result in possible retaliation, he/she could refer to external sources, as indicated in the following point.
NB: Please note that it is important to verify the composition of the bodies/functions receiving the report from time to time in force, so as not to direct the report to the Reported person.
b. Reports to ANAC, public disclosure or judicial authority
If the reported Company is based in Italy, it is envisaged, under certain conditions, that the Whistleblower may make reports (excluding those pertaining to violations of Model 231) through “external” channels, such as:
ANAC website, if:
Public disclosure (via press, media or social media), if;
Competent national authorities (judicial and accounting), in cases where Union or national law requires reporting persons to address the competent national authorities, for example as part of their professional duties and responsibilities or because the violation constitutes a crime.
The Whistleblower, or any related person, may also report to ANAC any retaliation they believe they have suffered as a result of the report, whistleblowing or public disclosure made.
6.2 Report Management
6.2.1 Receiving the report
Once received, the report is accepted by the Receiver who takes it in and initiates the preliminary evaluation.
6.2.2 Preliminary evaluation
Upon receipt of the report, the Receiver performs a preliminary evaluation of the report by checking:
Once the preliminary evaluation has been completed:
This phase shall be completed within 7 (seven) days of receipt of the report and an acknowledgement of receipt of the report shall be issued to the Whistleblower. Upon completion of the preliminary phase, the Receiver shall prepare a report (the “Preliminary Report“) indicating the type of report, the date of receipt, the date of completion of the preliminary evaluation, and the related outcome (dismissal or continuation of analysis), with the reasons for it.
At this stage, taking care not to disclose the identity of the Whistleblower, that of the persons involved in the report and the subject of the report, the Receiver may (i) interface with other functions in the Group to request their cooperation, through the provision of data, documents or information useful for the analysis itself and (ii) request further elements or insights from the Whistleblower, leaving evidence of the relevant interview. The Receiver carries out any activity deemed useful or necessary, including the hearing of the Whistleblower and/or any other individuals who may report on the facts reported, in compliance with the principles of confidentiality and impartiality of judgment, the legislation on the protection of personal data and the relevant applicable labor contracts. Initial feedback on the status of the procedure (with an obligation, if necessary, to speak with the Whistleblower) must be provided to the Whistleblower within 3 (three) months of receipt of the report.
6.2.4 Conclusion and Final Report
At the end of the analysis phase, the Receiver:
The Final Report is transmitted:
6.3 Decision Making Measures
6.3.1 Disciplinary measures against employees
Upon receipt of the Final Report, the Chief Executive Officer of the Company involved and/or the CEO and the Chairman of the Board of Directors of Business Integration Partners S.p.A., having consulted with the relevant Human Resources Department, shall decide whether to initiate disciplinary proceedings against the Reported person if he/she is deemed responsible for the violation or unlawful behavior and held accountable as a result of the analysis performed and the assessment made. If the Whistleblower is co-responsible for the fact that is the subject of the report, he/she may be given more favorable treatment than the other co-responsible persons, provided that he/she complies with the applicable regulations and labor contract. In addition, the Managing Director of the Company involved, i.e., the CEO and/or the Chairman of the Board of Directors of Business Integration Partners S.p.A, shall also assess, with the assistance of the Human Resources Department of the Company involved, whether to initiate disciplinary proceedings: (i) against the Whistleblower who has acted with proven willful misconduct or gross misconduct; (ii) against any perpetrators of retaliatory/discriminatory conduct against the Whistleblower; (iii) against any individuals involved in the process of evaluating and analyzing the report who have breached confidentiality obligations or have failed to consider the report received. Disciplinary proceedings will be taken in accordance with the corporate disciplinary system, where it exists.
In addition to disciplinary sanctions, any power of attorney granted to the employee may also be revoked. The Whistleblower is not required to know the measures taken.
6.3.2 Measures against corporate bodies
If the violation or illegitimate behavior concerns a member of the Corporate Bodies, the Board of Directors and/or the control body/committee, according to their respective competencies, will proceed to take the most appropriate and adequate initiatives in view of the seriousness of the violation and in compliance with the law and the Articles of Association. In the most serious cases, the Board of Directors, having heard the local control body/committee, may propose to the Shareholders’ Meeting to also proceed to remove the director concerned from office. In the case of a violation by a member of the local control body/committee, the Board of Directors may propose that the Shareholders’ Meeting also proceed to remove the person concerned from office. In the case of violations or illegitimate conduct by a director who is also an employee of the Group, the applicability of the various disciplinary actions under the employment relationship will in any case be without prejudice.
In the case of Italian companies, if the violation or illegitimate behavior concerns a member of the Supervisory Board, the Board of Directors will proceed to take the most appropriate and adequate initiatives considering the seriousness of the violation and in compliance with the Organization, Management and Control Model pursuant to Legislative Decree 231/2001.
6.3.3 Measures towards third parties
In the event of violation or unlawful behavior by third parties linked to BIP by a contractual relationship, the Group will consider taking appropriate remedies under the contract and/or law.
6.3.4 Consequential and additional measures
The Receiver may inform the Judicial Authority and/or the local Supervisory Authorities of the facts that are the subject of the report if he/she detects that such facts have the characteristics of a crime or a civil or administrative offence. The Receiver may indicate to the Chief Executive Officer of the Company involved (if it is not the Parent Company, also informing the CEO and/or the Chairman of the Board of Directors of Business Integration Partners S.p.A.) the implementation, in consultation with the Departments concerned, of any preventive measures that may be necessary to foster the promotion of the culture of legality and transparency within BIP and promotes the adoption of any amendments and additions to this policy and control systems in the light of constant monitoring of its application of the results obtained.
7. DOCUMENTATION STORAGE AND REPORTING
All documentation relating to this Policy shall be archived by the Receiver for a period of 5 years or otherwise for a period not exceeding that necessary for the purposes for which it was processed, in an appropriate manner to ensure its confidentiality.
On a quarterly basis, the Receiver shall send to the Group General Counsel (lodovico.bianchidigiulio@bip- group.com) (if the Receiver is obviously different from the same) and, if the Receiver is not the Head of Internal Audit, to the Head of Internal Audit (email@example.com) a synthesis on the reports received during the period, specifying, for each report received, the following information:
Annually, the Receiver shall prepare a summary report regarding the reports received, the analyses performed, and the outcome of those analyses. The report shall contain at least: (i) an indication of all reports received, those under analysis and the outcome (dismissal, in-depth assessment); (ii) the assessment of accepted reports and their outcomes (dismissal, initiation of disciplinary proceedings, sanctions applied); and (iii) the proposal of any corrective or supplementary criteria to the Policy. The above report is kept available to the corporate and supervisory bodies of each Group company.
8. PROTECTIVE MEASURES
Business Integration Partners S.p.A. guarantees the confidentiality of the Whistleblower, related parties and persons mentioned in the report, as well as the data/information transmitted, to protect the Whistleblower or related parties from any form of retaliation or discrimination, regardless of the chosen internal channel (written or oral). The identity of the Whistleblower may not be disclosed without the Whistleblower’s express consent (except when requested by judicial or administrative authorities). In order to guarantee the right to protection of personal data to the reporting or whistleblowing persons, the acquisition and management of reports is carried out in accordance with the legislation on the protection of personal data. All parties involved in this Policy are required to maintain such confidentiality or anonymity of the Whistleblower, except in cases where (in Italy): (i) the Whistleblower incurs a claim for slander or defamation under the Criminal Code; (ii) the Whistleblower performs an act that constitutes an extra- contractual tort, pursuant to Article 2043 of the Civil Code. About the processing of personal data, please refer to the privacy notice attached in the Platform.
The Whistleblower is also recognized as having a limitation of liability with respect to the disclosure and dissemination of certain categories of information that could result in liability for the same. This is done in cases where two conditions are met:
Both conditions must be met to exclude liability. If met, the Whistleblower will not incur any kind of civil, criminal, administrative, or disciplinary liability.