FAQ

1.Who are the company people/departments that could know a Report has been received?

All Reports are received and analysed by the Whistleblowing Committee composed by the Head of Internal Audit & Risk Management, the Head of Human Resources & Organization and the Head of Legal Affairs & Compliance.
If a Report refers to a member of the aforementioned Committee, the reported person shall not be involved in any activity regarding the process of receiving, analysing and processing the Report.
Aggregated data regarding Reports received as well as detailed information arisen from the analysis of significant Reports may be shared – depending on the topic and specific areas of responsibility – with the Top Management, the Surveillance Body ex L.D. 231/01 and the Board of Statutory Auditors.

2.Is it possible to submit anonymous Reports?

No. The Company will not take into consideration anonymous Reports and requires that Whistleblowers indicate their personal data to allow the company to ask further evidence and information while analysing and managing the Report.
Although anonymous Reports are not admitted, Italo shall guarantee confidentiality as well as protect the identity of Whistleblowers and eliminate all elements that may discourage anyone from submitting reports.

3.How is the Whistleblower’s identity protected?

Italo’s Whistleblowing IT platform stores data on a dedicated server and guarantees confidentiality of the Whistleblower’s identity as:

IPs and servers from which Reports were submitted are not traced (“no log policy”);
Reports and ID data are stored in separated databases;
An anonymous ID code is automatically assigned to every single Report.

Therefore, from the moment in which the report is received and during its processing, only the anonymous ID code will be visible into the platform.

4.Who can access the Whistleblower’s personal data and how?

Italo’s Whistleblowing Committee and its members (the Head of Internal Audit & Risk Management, the Head of Human Resources & Organization and the Head of Legal Affairs & Compliance).
In the cases foreseen by the law, the identity of the Whistleblower can be viewed only inside the IT platform through a function that stores activity logs regarding the person who and the reasons why identity has been disclosed.

5.The reported person may become aware of the Report and the identity of the Whistleblower?

ITALO shall treat all data acquired through the Report in compliance with Regulation n. 2016/679 (“GDPR”) and any applicable temporary internal procedures. Therefore:

the Company shall not indicate to the reported person the identity of the Whistleblower, but for the cases foreseen by the law in order to avoid retaliation, threats, violence, etc. and protect the Whistleblower’s confidentiality;
the reported person may not know about the registration of their data in all those cases in which the communication may not allow ITALO to verify effectively the legitimacy of the Report or to collect all necessary evidence;
in case of “Reports in bad faith” – i.e. without any ground, made intentionally or with gross negligence to damage or otherwise arm the reported person – the reported person has the right to access the data and obtain information on the identity of the Whistleblower

6.How can I send a Report as Italo employee?

Employees can submit a report by accessing the IT platform from any fixed or mobile device with an Internet browser, by logging-in with their company username and password.
Or they may send a letter to the Company: Italo Viale del Policlinico 149/ b - 00161 Roma, to the attention of Internal Audit and Risk Management Department. In this case, please remember that anonymous Reports will not be taken into consideration and that we will need to know you are a Company employee in order to protect you from any retaliation and/or discriminating acts for reasons directly or indirectly linked to the Report.

7.How can I send a Report as an external party?

External parties can make a report by accessing the IT platform from any fixed or mobile device with an Internet browser, by inserting the following data: name, surname, email address and phone number.
Or they may send a letter to the Company: Italo Viale del Policlinico 149/ b - 00161 Roma, attention of Internal Audit and Risk Management Department. In this case, please remember that anonymous Reports will not be taken into consideration.

8.How can I get to know about the progress of my Report?

Whistleblowers may monitor the progress of their Reports by accessing the dedicated portal.
Employees can access the IT platform by logging-in with their company username and password.
External parties can access the IT platform by inserting their ID code – a 10 character numeric code – assigned by the system when the Report was forwarded.

9.Can I attach documents to my Report?

The IT platform allows you to attach text, image, audio and video files to your Report for up to 60 mb.

Corporate Governance

FAQ