Introduction
The Company considers it fundamental that all stakeholders respect the ethical principles that underpin its operations, as identified in the Code of Ethics approved by the Board of Directors and, likewise, that they comply with all applicable regulatory provisions.
To this end, in line with international best practices, the Company has set up a system for handling reports of unlawful conduct or conduct in breach of ethical principles, known as “Whistleblowing”. This system has been updated to comply with Legislative Decree No. 24 of March 10, 2023, “Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019, on the protection of persons who report breaches of EU law and on provisions concerning the protection of persons who report breaches of national and EU laws”.
Well-founded reports are important because they allow the Company to detect and remedy illegal or irregular behaviour that harms the Company and/or Third Parties.
Substantiated reports are important because they allow the Company to detect and remedy illegal or irregular behaviour that harms the Company and/or Third Parties.
Information on reporting is provided below.
Anyone may make a report, including the following parties specifically:
- Company employees, members of the Company’s Board of Directors and control boards;
- third parties, i.e. those persons who, in various capacities, carry out/have carried out or intend to carry out employment, collaboration or business relations with the Company.
The Company considers reports from named parties and also anonymous reports.
The Company guarantees whistleblowers the protections provided by law.
Click here to view the list of Subjects protected by Decree No. 24/2023
- Alleged violations (including valid suspicions) of rules of law, rules of professional conduct, and/or ethical principles set out in the Code of Ethics, in the Organisation and Management Model pursuant to Legislative Decree No. 231/2001, or in company procedures in general, including elements regarding conduct designed to conceal such violations,
- alleged conflicts of interest (including valid suspicions), including elements regarding conduct designed to conceal such violations,
by employees, members of corporate bodies or other third parties (customers, suppliers, consultants, contractors) that may directly or indirectly cause financial/equity and/or reputational damage to the Company.
Click here to see the list of violations pursuant to Legislative Decree No. 24/2023
It is important that the report is described as fully as possible and that it is based on facts of which the reporter has become aware as part of his/her work in order to allow the bodies responsible for receiving and handling reports to verify the facts. Specifically, the following must be clear:
- the description of the event being reported;
- the time and place when the event occurred;
- the personal information or other elements required to identify the person - where relevant - responsiblefor the event reported.
It is also useful to attach any documents providing elements to enable further investigation of the facts being reported.
The following do not qualify as "whistleblowing" reports
- disputes, requests of a personal nature relating exclusively to individual labour relations (e.g. reports relating to labour disputes, allocation of duties, etc.);
- commercial or operational communications (e.g. complaints, commercial information etc.): for this type of report, the other dedicated channels are available on the Company's website.
Sanctionable reports
The Company reserves the right to take any and all action to protect its direct and indirect interests in the event of defamatory reports and/or those made in bad faith that may harm or prejudice its employees, members of its corporate bodies, or commercial or industrial partners of the Company
The Company’s disciplinary system provides for sanctions for anyone making a report with malice or gross negligence which proves to be unfounded. In such event, in addition to the sanctions provided for by the Company’s disciplinary system, the “exclusion clause” from the protections provided by the law also applies, in the event that the first judicial instance finds liability for malice or gross negligence or for libel or slander for conduct carried out in bad faith by the reporter.
The report should be sent to the “competent bodies” who receive and handle reports. Depending on the subject of the report, these are:
- the Ethics Committee, for reports involving alleged incidents of corruption or violations of the Code of Ethics, including workplace harassment or alleged gender-based discrimination;
- the Supervisory Board, for reports involving the violation or suspected violation of the Organisation and Management Model pursuant to Legislative Decree No. 231/2001;
- SEA’s Auditing Department for reports that do not fall under the areas of responsibility of the other bodies;
- The Chairperson of the Control, Risks and Sustainability Committee, for any reports involving members of the Auditing Department by activating the whole Committee.
In carrying out the operational activities of handling reports, the relevant bodies are supported by the Auditing Department.
Reports that are not under the responsibility of the body receiving them shall be sent to the relevant body with respect for the confidentiality of the information, of personal data of the reporter and the reported person(s), and in accordance with privacy law.
If a member of one of the competent bodies is involved in a report, s/he will not be allowed to join the related management activities.
Whistleblowing platform
For the submission of reports, the Company uses an IT platform which can be accessed via a webpage.
The platform uses secure protocols for data transport over the network and uses encryption tools to protect the content of the report and any attached documentation. It is accessible exclusively to those authorised to verify reports.
The platform is located at a site outside the Company and the reporter’s access is not tracked. The platform is accessible from the most widely used browsers in the updated versions, from both PCs and mobile devices (smartphones, tablets).
How to make a report on the platform
The reporter may make a report by indicating which of the relevant bodies s/he intends to send it to in the following ways:
- Written report: by completing the dedicated form on the platform and attaching any supporting documentary evidence (files, photos, etc.)
- Telephone report: calling xxx takes the reporter to a voicemail inbox with a preset questionnaire: the report will be automatically transcribed on the platform and will be visible to the reporter. The telephone system deletes the audio file after transcribing the content on the platform.
Both written and telephone reports may be made in the following ways:
- Confidentially
Activated by providing name and surname and, optionally, email or certified email (PEC) address.
Important: The reporter’s name and surname are automatically encrypted by the system and therefore will not be visible either during any interactions with the competent bodies or upon verification of the reports.
The competent bodies may decrypt the reporter’s name is revealed in the following cases required by law:
- as part of disciplinary proceedings in cases where the charge is based, in whole or in part, on the report and knowledge of the reporter’s identity is essential for the defence of the accused. In such cases, the report will be usable for disciplinary proceedings only if the reporter consents to the disclosure of his or her identity;
- in the event of reports that prove unfounded or which are submitted maliciously or negligently;
- in those cases in which the reporter is found to be criminally liable for the offences of slander or defamation, including by a first instance judgement.
The reporter's name and surname may be decrypted by:
- SEA’s Director of Auditing: for reports whose competent body is the Supervisory Board or the Ethics Committee; in such case the decision of decryption is taken collegially by the competent body; if the competent body is the Auditing Department the decryption is jointly approved by the Auditing Department and the Director of Legal and Corporate Affairs;
- The Chairperson of the Control, Risks and Sustainability for reports sent into the relevant channel: the decision to carry out the decryption is collegially taken by the whole Committee.
Decryption of the reporter's name may only be made from the inquiry stage, i.e. at the time when the reporter’s identity is decisive in the three cases described above.
- anonymously
The reporter logs in to the platform directly and makes the report in his/her chosen mode - written or oral - following the same instructions as described above in points (a) and (b) of the “confidential mode.” Once the report is completed, the IT platform assigns the reporter a unique code - which the reporter must retain - to allow him/her future access to his or her report. Reports made anonymously -whether made in writing or by telephone- may be later supplemented with the reporter’s personal information, thereby becoming “confidential” and handled as per the previous point.
Once the report has been made (in writing or by telephone, anonymously or confidentially) the platform or voicemail inbox will provide the reporter with a unique, 16-digit code, for which the reporter will be responsible. This code will allow the reporter to access their report through the platform, update it, upload files, send and receive messages and check the report status.
Where the competent Board deems that the report – whether made in writing or by telephone, anonymously o confidentially- does not fall within its remit, it forwards it through the platform to another competent Board, informing the reporter of this decision by a chat message sent on the platform. In such event, the reporter -by accessing the platform using their unique code- may select and view:
- the Board to which s/he sent the report: in this case, s/he will see the report sent and any messages received and/or sent until the date it was forwarded to the competent Board;
- the Board charged with handling the report: in this case, s/he will see the report, messages received and/or sent and may monitor the report status.
- other reporting channels
ordinary post - specifying SEA Prime and the competent body - to the address c7o SEA - Società per Azioni Esercizi Aeroportuali - Aeroporto Milano Linate - 20054 Segrate Milano c/o Auditing Department - personal and confidential.
In the event of a report sent through channels other than those indicated above, it is recommended to indicate that the report is confidential.
In addition to the “whistleblowing platform” and “ordinary post” channels, the whistleblower can schedule a direct meeting with the relevant bodies through SEA’s Auditing Department. Only if the whistleblower wants to request a meeting with the Chairperson of the Control, Risks and Sustainability Committee can s/he use the IT platform to directly arrange the meeting. Reports made verbally during a face-to-face meeting are transcribed and entered into the platform, along with any documentation provided by the reporter, by the appropriate body, subject to the reporter’s consent, which is covered by the protections provided for other reporting methods.
Operational management
The operational process to handle reports consists of the following steps:
- Receipt and preliminary verification;
- Investigation;
- Definition of an action plan;
- Reporting;
- Monitoring;
- Archiving.
Click here to learn more about the operational process for handling reports.
Confidentiality obligations
Data relating to the reporter’s identity (where available) and that of any persons reported and the contents of the report are always treated with the utmost confidentiality and exclusively by the competent bodies and, where support is requested, by SEA’s Auditing Department and/or other corporate functions specifically delegated ad hoc by the competent bodies. This process is carried out in accordance with the principles of necessity, proportionality and confidentiality and in compliance with privacy regulations. Such information may not be disseminated, either outside or inside the Company, and must be communicated to the minimum extent necessary to achieve the purposes of the process.
That said, a reporter may always make a report with complete anonymity, including through the IT platform.
The Company guarantees that the reporter’s identity shall not be disclosed without the reporter’s consent, except in the event that:
- the report has been made to harm or prejudice the reported person and there is legal liability for libel or slander;
- confidentiality of the reporter’s identity is not enforceable by law (e.g. in criminal investigations);
- the reports contain facts and/or events that, while outside the corporate sphere, make it appropriate and/or necessary to report to the judicial authorities.
Protection from retaliatory acts
In line with the provisions of Legislative Decree No. 24/2023, the Company prohibits any form of retaliation against anyone who has made a report and third parties connected to the reporter.
Click here to learn more about protection from retaliatory acts.
Processing of personal data
As part of the reporting process, personal data are processed in compliance with the relevant legislation in force (EU Regulation 679/2016 and Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018).
In addition to internal reporting through the channels prepared by the Company, Legislative Decree No. 24/2023 provides for the possibility to make reports through external channels if certain conditions are met taking advantage of the protection provided by tre Decree.
Click here to learn more about external reporting channels.
If you want to report on the platform
- IN WRITING, CLICK HERE
- BY TELEPHONE, with automatic transcription of the message, call xxx (to be published shortly)