Send a report with the outmost confidentiality.
Useful Links
What to report Learn more

WHISTLEBLOWING POLICY

Procedure for reporting offences and irregularities

1.         Introduction and objective of the procedure

Sapio Life S.r.l., in the pursuit of its objectives, is committed to combating any conduct that constitutes a violation of the rules governing the activities of its own Company, as well as of its own internal provisions adopted (Code of Ethics, Models pursuant to Legislative Decree 231/2001, Policies, etc.), both through the promotion of ethical values and principles and through the implementation of internal control processes.

The system for managing reports of violations (in short and hereinafter also referred to as 'whistleblowing') represents a tool for identifying acts or facts that may constitute such violations, implemented with the aim of concretely implementing the principles of transparency and legality on which the company's ethical actions are based, protecting the interests of stakeholders, and, finally, strengthening the already existing internal control safeguards.

In addition, the system is intended to encourage the reporting and combating of such non-compliant conduct; if the aforementioned reports are received from within, a further objective is to protect the positive attitude of the very personnel making the report. To this end, and in order to foster the widest dissemination of transparency and legality at all levels, the Reporting Management System described in this procedure:

  • is brought to the attention of all employees and external subjects working for the company on the date of issue, as well as on the occasion of new hirings/new collaborations
  • is publicised on the company's web page
  • is the subject of periodic reporting to the Board of Directors, Supervisory Bodies, staff and stakeholders.

The purpose of this procedure is to define all the activities, controls and actors involved in the processes relating to:

  • the receipt of reports of breaches;
  • the management of reports;
  • the protection of the reporter.

The procedure was drafted taking into account the need to:

  • define roles and responsibilities;
  • establish the requirements, documents and information necessary for the correct performance of activities;
  • ensure compliance with the rules on reporting violations.

 

2. Scope of application

The procedure applies to reports of violations (or alleged violations) received. The purpose of this document is to remove factors that may hinder or discourage its use, such as doubts and uncertainties about the procedure to be followed and fears of retaliation or discrimination.

  1. Definitions and abbreviations

The expression WHISTLEBLOWER refers to the employee who reports violations or irregularities committed to the detriment of the company's interest to the bodies authorised to intervene.

Whistleblowing, in this perspective, is an act of manifestation of civic sense, through which the whistleblower contributes to the emergence and prevention of risks and situations prejudicial to the company.

Whistleblowing is the procedure aimed at encouraging whistleblowing and protecting the whistleblower precisely because of its social function.

The main purpose of whistleblowing is to prevent or solve a problem internally and promptly. Whistleblowing is based on balancing the need, on the part of private companies, to encourage the reporting of wrongdoing or suspected wrongdoing with the need to protect employees who report such wrongdoing.

In particular, employees who report wrongdoing cannot be subject to disciplinary measures and are protected against retaliatory actions.

The procedure provides operational indications on the subject, content, recipients and transmission methods of whistleblowing reports and sets out, with regard to whistleblowing reports, the forms of protection and guarantees that the law recognises for whistleblowers.

For the purposes of this procedure, the following definitions and abbreviations apply:

ANAC: Autorità Nazionale Anticorruzione.

Whistleblowing: institute aimed at reporting the commission of offences or other irregularities by a person who has become aware of them as a result of his or her employment relationship and which provides for a specific system of protection for the reporter.

Whistleblower: a person who, as an addressee of the Organisation, Management and Control Model or as a worker or collaborator of the companies supplying goods or services and carrying out works in favour of the same, reports unlawful acts or other irregularities of which he/she has become aware by reason of his/her employment relationship with the Company.

MOG 231: Organisation, Management and Control Model pursuant to Legislative Decree No. 231/2001.

 

  1. Normative references

Law No. 179/2017 "Provisions for the protection of the authors of reports of offences or irregularities of which they have become aware in the context of a public or private employment relationship": provides that the Organisation, Management and Control Models shall provide for one or more channels that allow the Recipients of the Model to make reports, in order to protect the integrity of the entity.

Legislative Decree No. 24/2023 implementing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law and laying down provisions concerning the protection of persons who report breaches of national laws.

 

  1. Object of the Report

Reporting" means the communication of acts, facts and/or commission or omission behaviours that constitute or may constitute a violation or inducement to violate laws and/or regulations, values and/or principles enshrined in the Code of Ethics, in the internal control principles, as well as in corporate policies and/or rules.

With reference to the regulatory framework referred to in the previous paragraph, reports may concern:

  • violations or alleged violations of primary or secondary regulations governing the company's activities and services;
  • violations or alleged violations of the values, principles of conduct contained in the Code of Ethics, including reports concerning harassment and/or alleged harassment occurring in the workplace and carried out by colleagues and/or superiors and/or persons who in any way collaborate with the company, whether towards the reporter or towards third parties but of which the reporter has become aware
  • unlawful conduct, relevant under Legislative Decree no. 231/2001, as well as communications of alleged violations of the Organisation, Management and Control Model pursuant to Legislative Decree no. 231/2001
  • violations likely to cause financial damage to the company as well as damage to the health and safety of persons working within it.

Reports that are admissible and manageable under this procedure do not include:

  • general grievances or grievances of a personal nature
  • communications with offensive or denigrating contents;
  • communications with contents concerning private life, unless they are work-related in relation to possible offences or violations of internal rules;
  • complaints raised in accordance with current secondary sector regulations, handled within the framework of the procedures for responding to complaints.

 

 

  1. Process description

The purpose of the "Whistleblowing and anonymous whistleblowing management" process is to manage the receipt and management of whistleblowing reports received in accordance with the legislation in force.

Pursuant to this procedure, the management of whistleblowing reports is carried out in accordance with the following stages:

    • Sending of the report;
    • registration and preliminary verification;
    • preliminary investigation;
    • communication of the results.

 

 

  1. Roles and Responsibilities within the Procedure

The company's Board of Directors is responsible for the adoption of the Whistleblowings Management System.

The Supervisory Board ensures the reporting management system.

The Internal Audit Department is responsible for the management of reports.

Other corporate organisational units provide support to the Internal Audit function, where necessary, within the scope of the subject of the report, in order to carry out checks to ascertain the facts.

 

  1. Receipt of reports

Sapio Produzione Idrogeno Ossigeno s.r.l. is organised in such a way as to provide for the possibility of receiving reports of violations, as specified in paragraph 5 of the procedure above, formulated both by its own employees and by external subjects working for the company.

In the sections dedicated to the reporting management system set up on the company's website, it is possible to access a special confidential and independent channel that guarantees the confidentiality of the reporter's identity, also offering the possibility of making reports anonymously by means of IT tools.

The software application guarantees absolute confidentiality and encryption of the data of the reporter and of the report, as they can only be accessed by the recipient.

 

  1. Reports management

The management of the reports is carried out by the head of the Internal Audit function with the support of the resources of that function responsible for the subject matter of each company concerned; the head of that function is in charge of the activities of investigation, analysis and management of the reports received through all the channels provided.

9.1. Preliminary investigation phase

The Internal Audit function is responsible for verifying the admissibility and grounds of the report, and is entrusted with a timely and accurate investigation, in compliance with the principles of impartiality, fairness, proportionality and confidentiality vis-à-vis all the persons involved.

Any reports whose contents are not admissible are in any case kept in the appropriate file.

In the course of the checks to ascertain whether the reports received are well-founded, the Internal Audit function may avail itself of the support of the competent corporate organisational units and, if necessary, of external consultants specialised in the field of the subject of the report, who may be mandated to carry out checks to ascertain the facts.

At the end of this verification phase, a report summarising the findings is prepared and brought to the attention of the Supervisory Board.

9.1. Pre-trial phase

Verification of the admissibility and validity of the report is the responsibility of the Internal Audit function, which is entrusted with a timely and accurate investigation, in compliance with the principles of impartiality, fairness, proportionality and confidentiality with respect to all the persons involved.

Any reports whose contents are not admissible are in any case kept in the appropriate file.

In the course of the checks to ascertain whether the reports received are well-founded, the Internal Audit function may avail itself of the support of the competent corporate organisational units and, if necessary, of external consultants specialised in the field of the subject of the report, who may be mandated to carry out checks to ascertain the facts.

At the end of this verification phase, a report summarising the findings is prepared and brought to the attention of the Supervisory Board.

9.2 Decision-making measures

On the basis of the findings of the Internal Audit report and on the basis of any further investigations deemed necessary, the Surveillance Body shall invite the competent organisational units to take the appropriate measures, as well as to implement the relevant corrective actions for the company. The functions involved will report to the Supervisory Board on the actions taken.

Where particularly serious situations occur, the Supervisory Board shall promptly inform the Board of Directors and the Board of Auditors.

9.3. Monitoring and reporting

The Supervisory Board shall monitor the corrective and/or remedial actions taken by the company following the report, as well as the application of the necessary measures.

Moreover, the Supervisory Board shall periodically report to the Board of Directors on the types of reports received and on the outcome of the verification activities.

 

  1. Measures to protect the whistleblower

The Company ensures the confidentiality of the whistleblower, excluding the risk of retaliation and/or discrimination against the whistleblower.

The identity of the whistleblower is protected by the Companies except in cases where:

  • the report is made for the purpose of damaging or otherwise prejudicing the reported person and there is a liability for slander or defamation under the law, or for cases of civil liability under Article 2043 of the Civil Code and/or Article 2087 of the Civil Code;
  • anonymity is not enforceable by law;
  • facts and/or circumstances are revealed in the report which, although outside the company sphere, make it advisable and/or due to report to the Judicial Authorities;
  • in any other hypothesis in which identification of the identity of the reporter is indispensable in order to fulfil legal obligations and/or duties.

Notwithstanding the above exceptions, the identity of the person making the report cannot be disclosed without his or her express consent, and all those involved in the handling of the report are required to observe the obligation of confidentiality.

No form of retaliation or discrimination affecting working conditions is allowed against the person making a report, for reasons directly or indirectly linked to the report.

The company also prohibits any form of retaliation or discrimination affecting the working conditions of those who cooperate in the activities of verifying the merits of the report.

Any finding of the situations described above shall be sanctioned by the company in accordance with the Disciplinary System overseeing the Organisational Model pursuant to Legislative Decree No. 231/2001, and may entail the bringing of civil and criminal actions provided for by law.

11. Whistleblower's responsibility

Reports must be well-founded and in good faith.

The whistleblower's protections set out in the preceding paragraph do not operate and the report will not be taken into account if the investigation shows:

    • that the report is made with wilful misconduct or gross negligence on the part of the reporter;
    • that the report is made with an opportunistic intent for the sole purpose of harming the reported person; or
    • that the reporter is jointly responsible (not declared) for the reported breaches
    • and in any other case of improper or instrumental use of the institution.

Any finding of the situations described above will be sanctioned in accordance with the Disciplinary System overseeing the Organisational Model pursuant to Legislative Decree No. 231/2001, and may lead to the civil and criminal actions provided for by law.

12. Tracking of reports and record keeping

The company ensures:

    • the traceability of reports and related investigation activities;
    • storage of the documentation relating to the reports and the relevant verification activities, in special archives, with the appropriate/appropriate levels of security/confidentiality.

The functions involved from time to time in the activities of verifying the merits of the report ensure, each to the extent of its competence, the traceability of the data and information and provide for the storage and archiving of the documentation produced, so as to allow the reconstruction of the various stages of the process itself.

The personal data contained in the reports may be communicated by the head of the Internal Audit function to the corporate bodies and functions/organisational units competent from time to time, as well as to the Judicial Authority, for the purposes of activating the procedures necessary to ensure, as a result of the report, appropriate judicial and/or disciplinary protection of the person(s) reported, where the elements collected and the checks carried out reveal the grounds for the circumstances initially reported.

Personal data and documents containing such data will be processed for a period of time not exceeding that necessary for the purposes for which the data were collected. This processing does not require the consent of the data subject as it is necessary to fulfil a legal obligation.

At the end of the processing, the data will be retained in compliance with the statute of limitations, which is set at 10 years, without prejudice to any action aimed at interrupting the terms.

In the course of the activities aimed at verifying the validity of the report, all necessary measures will be taken to protect the data against accidental or unlawful destruction, loss and unauthorised disclosure. In addition, the documents relating to the report will be stored electronically, for a period not exceeding that required by the applicable regulations.