Salta al contenuto
Fater Fater

© 2026 - Fater — Via Mare Adriatico, 122 - 65010 Spoltore (PE) — Tutti i diritti riservati

Whistleblowing

Whistleblowing

REPORTS UNDER LEGISLATIVE DECREE 231/2001, LEGISLATIVE DECREE 24/2023 AND SA8000 STANDARD - PRIVACY NOTICE UNDER ARTICLE 13 OF EU REGULATION 2016/679 (GDPR)

DATA CONTROLLER – DPO  

 

The Data Controller of personal data is Fater S.p.A. (VAT No. 01282360682), with its registered office in Spoltore (PE – ZIP 65010), Via Mare Adriatico No. 122.

The contact details of the Data Protection Officer (DPO) appointed by the Controller are as follows: dataprotectionofficer@fatergroup.com.

 

PURPOSE AND LEGAL BASIS OF THE PROCESSING 

 

Personal data are processed by Fater S.p.A. to fulfill specific legal obligations, particularly those related to the verification of any unlawful conduct reported in the interest of corporate integrity by the subjects identified in the applicable legislation. Furthermore, the Controller may process such data in connection with any disputes arising from the reports, in order to properly defend its rights and interests, including in judicial proceedings. In the case of oral reports as permitted by law, such as through the use of voicemail systems, the report may be recorded, with the whistleblower’s consent, on a device suitable for storage and playback, or it may be fully transcribed. Except with the express consent of the whistleblower, their identity will not be disclosed to anyone other than those specifically authorized to receive and manage the report. In the event of disciplinary proceedings against the reported individual, the whistleblower’s identity will be revealed only if they consent to it and when the allegation is based, in whole or in part, on the report, and knowing the whistleblower’s identity is indispensable for the defense of the accused person.

 

CATEGORIES OF DATA SUBJECTS, TYPES OF DATA PROCESSED, AND THEIR SOURCE 

 

The data processed concern the whistleblower, the reported individual, and/or any third parties involved in the report. The data processed include those provided by the whistleblower in the report and any additional data collected during the investigation phase, in accordance with the company’s internal procedures. Only data necessary for the management of the reports will be processed. Data that are not relevant or necessary will not be used and will be promptly deleted.

 

DATA RECIPIENTS

 

For the purposes outlined above, data may be processed by Fater S.p.A.’s authorized personnel and appointed processors, as well as, where legally required, by independent data controllers. A list of these recipients, including their names and contact details, can be provided upon simple request to Fater.

 

DATA PROCESSING AND DATA RETENTION

 

The data collected following a report will be processed, including by electronic and digital means, with appropriate measures in place to protect confidentiality. Data will be retained only for the time necessary to handle and assess the validity of the reports and, in any case, for no longer than five (5) years from the date of communication of the final outcome of the reporting procedure, except for longer retention periods required for legitimate reasons (e.g., pending litigation).

 

DATA TRANSFER OUTSIDE THE EU 

 

The Controller stores personal data on servers located within the European Union. However, some service providers may, for technical reasons, transfer data to countries outside the EU based on adequate safeguards pursuant to Articles 45, 46, and 47 of the GDPR, such as EU Commission adequacy decisions, standard contractual clauses, or binding corporate rules (BCRs). A list of such countries and applicable safeguards can be obtained upon simple request to the Controller.

 

RIGHTS OF THE DATA SUBJECTS AND MODALITIES FOR THEIR EXERCISE 

 

In the cases provided for by Articles 15 et seq. of EU Regulation 2016/679 (GDPR), and within the limits set by Article 2-undecies of Legislative Decree 196/2003 (Italian Privacy Code), data subjects have the right to request from the Controller access to their personal data, rectification or erasure thereof, restriction of processing, or to object to the processing. They may also withdraw any consent previously given. To exercise these rights, data subjects may contact Fater or its DPO using the contact details provided above. Where applicable, data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), according to the procedures established by law.