In implementation of Directive (EU) 2019/1937, Legislative Decree No. 24 of 10 March 2023 concerning “the protection of persons who report breaches of Union law, laying down provisions concerning the protection of persons who report breaches of national laws” (hereinafter “Whistleblowing Regulation”) was issued.

In compliance with the Whistleblowing Regulation, Luisa Via Roma S.p.A. (hereinafter the “Company”) has set up specific internal reporting channels and adopted a Procedure for the reporting of breaches (hereinafter “Whistleblowing Procedure”).

The following is the information necessary to be able to report breaches in compliance with the Whistleblowing Regulation and with the provisions of the Whistleblowing Procedure in relation to the latter and, consequently, to be able to benefit from the relevant forms of protection.


Whistleblowing reports may be made by anyone who falls into one of the following categories:

  • employee, associate;
  • volunteer, trainee (including unpaid);
  • shareholder, person with an administrative, management, control, supervision or representational role, even de facto;
  • self-employed, consultant, freelancer;
  • worker/associate at the Company’s supplier of goods, services, works.

The protection of the whistleblower also applies when the legal relationship with the Company has not yet begun, if information on breaches was acquired during the selection process or in other pre-contractual stages, as well as during the probationary period and after the termination of the legal relationship, if information on breaches was acquired during the course of the relationship.
Anonymous reports, although they do not constitute “whistleblowing” within the meaning of the Whistleblowing Regulation, will be processed provided that they contain sufficient and circumstantiated factual elements to verify the reported breach.
If the anonymous whistleblower is subsequently identified and, if legally permitted, the measures to protect against retaliation will apply to him/her.


In accordance with the Whistleblowing Regulation, acts or omissions that damage the integrity of the Company or that are against the public interest that have come into the knowledge of the aforementioned persons during the course of their work may be reported, consisting of:

  • offences that fall within the scope of application of European Union or national acts, including national acts implementing European Union acts relating, in particular (taking into account the context in which the Company operates and the activities it carries out), to the following areas: product safety and conformity, environmental protection, public health, consumer protection, protection of privacy and personal data, network and computer system security (the annex to the Whistleblowing Regulation specifically indicating the rules to which the discipline is applicable can be viewed, within the framework of the same, at the link https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativo:2023-03-10;24@originale;
  • acts or omissions that damage the financial interests of the European Union;
  • acts or omissions relating to the internal market, including breaches of Union competition and State aid rules, as well as corporate taxation;
  • acts or conduct that flout the purpose of objectives of the provisions of the acts of the European Union in the areas mentioned above.

The Whistleblowing Regulation does not apply to objections, claims or requests related to a personal interest of the whistleblower, which relate exclusively to his or her individual employment relationships, or are inherent to his or her work relationships with hierarchical superiors.


The whistleblower benefits from the protections afforded by the Whistleblowing Regulation when the following conditions are met:

  • at the time of reporting the breach, he or she has reasonable grounds to believe that the information on the reported breaches is true and falls within the scope of what may be reported;
  • he or she made the report in the prescribed manner.

The above conditions also apply in the event of public disclosure or reporting to the judicial or accounting authorities.


The manager of whistleblowing reports made through internal channels, appointed to receive, analyse and manage the investigation into the reported acts and, therefore, to carry out the appropriate verifications, is the company Moti-f S.r.l., being an external, autonomous entity with specifically trained staff, appointed by the Company. 



The Company has made available the following internal whistleblowing channels for reporting breaches and offences as specified above:

  • IT platform: dedicated IT system available at the following link https://lvr.secure-blowing.com. The whistleblower, once logged in, must proceed to fill in the fields and follow the steps specified in the whistleblowing application
  • Oral whistleblowing report: to be submitted through the voice messaging system on the IT platform
  • Face-to-face meeting: at the request of the Whistleblower, forwarded via the dedicated IT platform, the addressee, within a reasonable time, arranges a face-to-face meeting


It is also possible to notify breaches and offences under the Whistleblowing Regulation by other means, other than through the Company’s internal channels, but only where certain legal requirements are met, i.e.:

  • ANAC (National Anti-Corruption Authority) external channel, according to the modalities made available by the Authority and whose specifications are available on its website at the following link https://www.anticorruzione.it/-/whistleblowing, in the following cases:
    • internal whistleblowing channel not in operation or not compliant with legal requirements;
    • internal whistleblowing report already made but not followed up;
    • the whistleblower has reasonable grounds to believe that, if he or she were to make an internal whistleblowing report, it would not be effectively followed up or that the report might give rise to the risk of retaliation;
    • the whistleblower has reasonable grounds to believe that the breach may constitute an imminent or obvious danger to the public interest.
  • public disclosure (i.e. through the press, electronic media or media capable of reaching a large number of people) in the following cases:
    • the whistleblower has previously made an internal and external whistleblowing report or has made an external whistleblowing report directly, in accordance with the provisions of the Whistleblowing Regulation, and no reply has been received within the prescribed time limits on the measures envisaged or adopted to follow it up;
    • the whistleblower has reasonable grounds to believe that the breach may constitute an imminent or clear danger to the public interest;
    • the whistleblower has well-founded reasons to believe that the external whistleblowing report may entail a risk of retaliation or may not be effectively followed up due to the specific circumstances of the case, such as where evidence may be concealed or destroyed or where there is a well-founded fear that the addressee of the whistleblowing report may be colluding with the perpetrator of the breach or involved in the same.


The manager of the whistleblowing report received through internal channels is required to:

  • notify the whistleblower of the receipt of the whistleblowing report within 7 days of receiving it;
  • liaise with the whistleblower, being able to ask the latter for additional information, if necessary;
  • diligently follow up the whistleblowing reports received and, then, carry out the necessary investigation, using staff from within or without the organization (always in compliance with confidentiality obligations);
  • reply to the whistleblower within 3 months from the date of notification of receipt (or, in the absence of such notification, from 7 days after its effective receipt) on the action taken or intended to be taken on the whistleblowing report (i.e. the action taken to assess the existence of the facts reported, the outcome of the investigations and any measures taken).

With reference to the reports forwarded to the National Anti-Corruption Authority (ANAC) through the external channel, the procedures for handling them are available on the Authority’s website (https://www.anticorruzione.it/-/whistleblowing).


The Whistleblowing Regulation provides, under certain conditions, for specific guarantees and protection measures in favor of the whistleblower, in some cases also extended to other expressly identified persons, as well as specific provisions on the whistleblower’s liability in connection with the report, public disclosure or complaint to the judicial or accounting authorities.


The identity of the whistleblower, and all the elements of the whistleblowing report from which the identification of the person can be deduced, even indirectly, may not be revealed to persons other than the whistleblower, unless the whistleblower him or herself has given his or her express consent to its disclosure.
The protection of confidentiality is extended to the “facilitator”
(i.e. the natural person who assists the whistleblower in the reporting process, who works in the same area of business and whose assistance must be kept confidential), to the identity of the persons involved (the ‘alleged perpetrator’) and of the persons mentioned in the whistleblowing report until the proceedings initiated as a result of the report have concluded, under the same guarantees provided in favor of the whistleblower.


Dismissal, change of duties, adoption of disciplinary measures, as well as any other conduct, act or omission, even if only attempted or threatened, carried out by the Company as a result of the whistleblowing report, the report made to the judicial or accounting authorities, or public disclosure, which causes or may cause unjust damage to the person, shall be null and void.

The whistleblower may inform the National Anti-Corruption Authority (ANAC) of the retaliation he/she believes he/she has suffered.

The measures to protect the whistleblower (or the person who has reported the breach to the judicial or accounting authorities or the person who has made a public disclosure) against retaliation, provided for in the Whistleblowing Regulation, also apply: 

  • to the facilitator;
  • to persons in the same area of business as the whistleblower and who are linked to the whistleblower by a stable emotional or kinship relationship up to the fourth degree, to colleagues of the whistleblower who work in the same area of business and who have a regular and current relationship with the whistleblower;
  • entities owned by the whistleblower or for which the whistleblower works, as well as entities working in the same area of business


The aforementioned protections are not guaranteed on establishing, even with a first degree ruling, the criminal liability of the whistleblower for the offences of defamation or slander or for the same offences committed with the reporting to the judicial or accounting authorities or his or her civil liability for the same reason, in cases of wilful or gross negligence.
In such cases, a disciplinary penalty may be imposed on the whistleblower or plaintiff.

Unless the act constitutes a criminal offence, any liability, including civil or administrative liability, for acquiring or accessing information on breaches is excluded.
Likewise, liability does not extend to a person who discloses or disseminates information on breaches:

  • covered by a duty of secrecy, other than professional forensic and medical secrecy
  • relating to copyright protection
  • relating to the protection of personal data
  • which offend the reputation of the person concerned

if, at the time of the whistleblowing report, report to the authorities or public disclosure, he or she had reasonable grounds to believe that the disclosure or dissemination of the information was necessary to reveal the breach and the whistleblowing report, report to the authorities or public disclosure was made in the manner required by the Whistleblowing Regulation.

Criminal liability and any other liability, including civil or administrative liability, is not excluded for the conduct, acts or omissions of the whistleblower that are not related to the whistleblowing report, the report to the judicial or accounting authorities or the public disclosure or which are not strictly necessary to reveal the breach.


The processing of personal data relating to the handling of whistleblowing reports is carried out by the Company in its capacity as Data Controller, in compliance with the European and national personal data protection regulations (EU Regulation 2016/679, Legislative Decree no. 196/2003 as amended and Legislative Decree no. 24/2023), adopting appropriate measures to protect the rights and freedoms of the data subjects.

The data contained in the reports are processed by the addressee appointed as Data Processor pursuant to Article 28 of the GDPR, who may avail itself of persons within and without the Company in carrying out its investigative activities, always in compliance with the confidentiality obligations provided for by law to protect the identity of the whistleblower (and any facilitator), the alleged perpetrator and all persons mentioned in the report.

Personal data that are clearly not useful for processing a specific report are not collected or, if accidentally collected, are deleted immediately. Reports and related documentation are kept for as long as necessary for the processing of the report and in any case no longer than five years from the date of the communication of the final outcome of the reporting procedure, subject to confidentiality obligations.

It is specified that the data subject’s rights set out in Articles 15 to 22 of the GDPR may not be exercised by making a request to the Data Controller or by lodging a complaint pursuant to Article 77 of the GDPR, if the exercise of such rights would actually and substantially prejudice the confidentiality of the identity of the person reporting breaches of which he or she has become aware by reason of his or her employment relationship or duties performed pursuant to Legislative Decree no. 24/2023 (Article 2 undecies of Legislative Decree no. 196/2003). The exercise of the same rights may, in any case, be delayed, limited or excluded by reasoned communication made without delay to the person concerned. In such cases, the rights of the data subject may also be exercised through the Authority for the protection of personal data in the manner set out in Article 160 of Legislative Decree no. 196/2003.




IP-0A0056BC - 2024-02-26T14:30:24.1130390+01:00