CMCC has adopted an IT tool to protect your right to report breaches of national or European Union legal provisions that harm the public interest or the integrity of the entity, which you have become aware of in the context of your working relationship.

Legislative Decree No. 24 of 10 March 2023, “Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law and laying down provisions on the protection of persons who report breaches of national legal provisions”, which entered into force on 30 March 2023, introduced new provisions on whistleblowing, effective as of 15 July 2023.

A whistleblower is a person who reports, publicly discloses, or reports to the judicial or accounting authorities breaches of national or European Union legal provisions that harm the public interest or the integrity of the public administration or private entity, which they have become aware of in a public or private work-related context.

Persons entitled to submit a report are those who operate within the work-related context of a public or private sector entity, in the capacity of: employees, self-employed workers, collaborators, freelancers, consultants, volunteers and trainees, whether paid or unpaid, as well as persons performing administrative, management, control, supervisory or representative functions.

Such persons must have become aware of the breach by virtue of a work-related relationship, which, however, may not yet have begun, where the information on the breaches was acquired during the selection process or other pre-contractual phases, or may already have ended, where the information on the breaches was acquired before the termination of the relationship itself. The information may also have been acquired during the probationary period.

Although aware of certain breaches, the persons listed above may be discouraged from reporting them for fear of retaliation within the same organisation, both in the context of the employment relationship, such as demotion, mobbing, organisational measures worsening their status, dismissal, and in the context of interpersonal relations, such as distancing by colleagues, isolation, or personal retaliation. The legislator therefore deemed it necessary to intervene to protect persons who decide to report, by providing for a series of measures aimed, first and foremost, at protecting the identity of the reporting person and the content of the report.

In order to ensure these protections, the use of IT tools is recommended, enabling the separation of the reporting person’s data from the data contained in the report through encryption tools and further technical safeguards designed to ensure the confidentiality and security of data storage.

The tool we have chosen is available to you so that you can submit reports securely.

You can access the software from any internet-connected device, whether desktop or mobile, from any location. No installation is required.

You can access the software through this link

For the correct use of the software, the user manual is available here.

Useful information

What you can report
You may report:

• administrative, accounting, civil or criminal offences;
• offences falling within the scope of European Union or national acts relating to the following sectors: public procurement; financial services, products and markets and prevention of money laundering and terrorist financing; product safety and compliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; protection of privacy and personal data and security of network and information systems;
• acts or omissions affecting the financial interests of the European Union;
• acts or omissions concerning the internal market;
• acts or conduct that undermine the object or purpose of the provisions set out in European Union acts.

The report may also concern information relating to conduct aimed at concealing such breaches, unlawful activities that have not yet been committed but which the whistleblower reasonably believes may occur on the basis of concrete, precise and consistent elements, or well-founded suspicions.

The report must not concern objections, claims or requests linked to a personal interest relating exclusively to one’s individual employment relationships, or concerning one’s employment relationships with hierarchically superior figures.

Who receives the report
The recipient of the reports is the RPCT, who is responsible solely for assessing whether the essential requirements of the report are met and, where they are lacking, may request the reporting person to supplement the report. The RPCT is not responsible for ascertaining whether the facts actually occurred. Once the admissibility of the report has been assessed, the RPCT forwards it to the competent person or body based on the subject matter of the report, while ensuring the confidentiality of the reporting person’s identity.

Other reporting channels
The IT tool made available is certainly the preferred tool for submitting a report, as it is the one that best ensures the highest level of protection provided for by the applicable legislation.

However, if you prefer to submit a report through an oral channel, you may do so by requesting a meeting with the RPCT.

How reports will be handled
Reports submitted through one of the above channels will be handled in accordance with the provisions of these Regulations for the management of internal reports, available in their updated version in the relevant section of “Fondazione Trasparente”.

External reports
You may submit an external report to ANAC only if one of the following conditions applies:

1. the internal reporting channels are not active or do not comply with the applicable legislation;
2. you have already submitted an internal report but have not received any feedback;
3. you have reasonable grounds to believe that, if you submitted an internal report, it would not be effectively followed up, or that the report could give rise to a risk of retaliation;
4. you have reasonable grounds to believe that the breach may constitute an imminent or clear danger to the public interest.

Information notice on the processing of personal data
With reference to the processing of personal data in connection with the use of the platform and the information to be entered, we invite you to consult the information notice pursuant to Article 13, available at the following link.