WHISTLEBLOWING POLICY
pursuant to Legislative Decree No. 24 of 10 March 2023
(implementing Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law)
MyGold S.p.A. (hereinafter, the “Company”) promotes a corporate culture founded on the principles of legality, integrity, transparency, fairness and accountability, regarding these values as essential to the conduct of its business and to the protection of the interests of clients, collaborators, business partners and all stakeholders.
In this context, the Company encourages the prompt reporting of conduct, acts or omissions that may constitute breaches of applicable law, of the Code of Ethics, of company procedures or, more generally, of the principles of propriety and sound administration.
This Whistleblowing Policy governs the manner in which reports of offences or irregularities are made, handled and protected, in accordance with Legislative Decree No. 24 of 10 March 2023, implementing Directive (EU) 2019/1937, ensuring the confidentiality of the identity of the reporting person, of the persons involved and of the information contained in the report, in compliance with applicable data protection legislation.
The Company ensures that every report received is handled with impartiality, independence, confidentiality and promptness, taking all measures necessary to prevent any form of retaliation, discrimination or penalisation against persons who make a report in good faith.
The purpose of this Whistleblowing Policy is to govern the manner in which reports concerning conduct, acts or omissions that may constitute breaches of national or European Union law, of the Code of Ethics, of internal procedures or of other obligations binding on the Company are made, received, handled and processed.
The Policy is aimed at promoting a working environment based on legality, transparency and accountability, facilitating the timely emergence of possible wrongdoing and contributing to the strengthening of the internal control system and of the culture of compliance.
Reports are handled in accordance with the principles of confidentiality, impartiality, independence, proportionality and protection of the rights of all persons involved.
Reports may be made by persons who have acquired information on breaches in the context of their working or professional relationship with MyGold S.p.A., including, by way of example:
The protection provided for by this Policy applies within the limits and under the conditions laid down by Legislative Decree No. 24 of 10 March 2023.
Reports may concern facts, conduct, acts or omissions that the reporting person believes, on the basis of concrete and reasonable elements, to constitute breaches of applicable law or of the principles the Company adheres to.
By way of example, the following may be the subject of a report:
The following fall outside the scope of this Policy:
It remains understood that reports made with wilful misconduct or gross negligence may give rise to the liability provided for by law.
MyGold S.p.A. makes available to eligible persons a reporting system compliant with Legislative Decree No. 24 of 10 March 2023, designed to ensure the confidentiality of the identity of the reporting person, of the persons involved and of the information contained in the report.
Reports may be made through the internal channel established by the Company and are handled in accordance with the principles of confidentiality, impartiality, independence and protection of personal data.
Where provided for by the platform adopted by the Company, reports may also be submitted anonymously. Providing contact details, however, facilitates any requests for clarification and enables the reporting person to be kept informed of the status of the procedure.
The Company issues an acknowledgement of receipt of the report within seven days of its receipt, in the cases and in the manner provided for by Legislative Decree No. 24/2023.
6.1 Internal reporting channel
The official internal channel adopted by MyGold S.p.A. is the dedicated digital platform:
[INSERT LINK TO THE MITWHISTLE PLATFORM]
The platform makes it possible to:
The platform is provided by a specialised operator and processes personal data in compliance with Regulation (EU) 2016/679 (GDPR) and with Legislative Decree No. 24/2023, on the basis of the roles and responsibilities defined by applicable law.
6.2 Alternative channels
Where, for justified reasons, it is not possible to use the digital channel, the reporting person may request a face-to-face meeting with the Reports Manager, or use any further channels made available by the Company.
These arrangements also guarantee the confidentiality of the identity of the reporting person and are managed in accordance with the protections provided for by applicable law.
6.3 External channel with ANAC
In the cases provided for by Article 6 of Legislative Decree No. 24 of 10 March 2023, the reporting person may make a report through the external channel managed by the Italian National Anti-Corruption Authority (ANAC).
Recourse to the external channel is permitted, among other things, where:
Every report received is handled with the utmost confidentiality, impartiality and diligence, in accordance with the provisions of Legislative Decree No. 24 of 10 March 2023 and with the internal procedures adopted by the Company.
The Reports Manager carries out a preliminary assessment of the report in order to verify its admissibility and its relevance to the scope of this Policy.
Where the report is admissible, the Company carries out the appropriate follow-up, taking all measures necessary to ascertain the reported facts and, where appropriate, involving the competent corporate functions in accordance with the principles of confidentiality and independence.
The Company provides feedback to the reporting person within the time limits laid down by applicable law and, in any event, within three months of the date of the acknowledgement of receipt of the report or, in the absence of such acknowledgement, of the expiry of the seven-day period from its submission.
Any decision to close a report without further action is reasoned and documented in accordance with the internal procedures adopted by the Company.
MyGold S.p.A. guarantees the utmost confidentiality of the identity of the reporting person, of the person concerned, of any persons mentioned in the report and of any other information from which their identity may be directly or indirectly inferred.
The identity of the reporting person may not be revealed or disclosed to persons other than those competent to receive or handle the report, except in the cases expressly provided for by law or with the express consent of the reporting person.
The Company adopts technical and organisational measures suitable to ensure the security of the information and the protection of the personal data processed in the context of the handling of reports, in compliance with Regulation (EU) 2016/679 (GDPR) and with applicable national legislation.
MyGold S.p.A. prohibits any form of retaliation, discrimination or unfavourable treatment against persons who make a report, make a public disclosure or report to the judicial or accounting authorities in the cases and under the conditions provided for by Legislative Decree No. 24/2023.
The following are prohibited, by way of example:
The Company promotes a working environment in which reports made in accordance with the law are regarded as a tool for protecting corporate integrity and respect for legality.
The protection provided for by this Policy applies to persons who, at the time of the report, had reasonable grounds to believe that the information reported was true.
The liability provided for by law remains unaffected with respect to those who make reports with wilful misconduct or gross negligence, or for defamatory, slanderous or abusive purposes.
A finding that a report is unfounded does not in itself give rise to liability of the reporting person where the latter acted in good faith and on the basis of elements reasonably believed to be true.
Personal data processed in the context of the handling of reports are processed in compliance with Regulation (EU) 2016/679 (GDPR), with Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018, and with Legislative Decree No. 24/2023.
The information acquired is processed exclusively for the purposes connected with the handling of reports and with compliance with applicable law, in accordance with the principles of lawfulness, fairness, transparency, data minimisation, integrity and confidentiality.
For further information on the processing of personal data, please refer to the Privacy Notice published on the Company’s website.
This Whistleblowing Policy is subject to periodic review by the Company, in order to ensure its constant alignment with applicable law, with the evolution of the corporate organisation and with best practices in the field of whistleblowing and compliance.
The Policy is approved by the competent corporate bodies and made available through the MyGold S.p.A. website.