Privacy Whistleblowing by FL Medical

PERSONAL DATA PROCESSING NOTICE, WHISTEBLOWING PROCEDURE
In compliance with EU Regulation 2016/679 and LEGISLATIVE DECREE No. 24 of March 10, 2023 24
Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019, on the protection of persons who report breaches of Union law and on provisions concerning the protection of persons who report breaches of national laws.

FL Medical, headquartered at Via Enrico Mattei 20, Torreglia (PD), active in the field of laboratory equipment manufacturing, as the data controller, is concerned about the confidentiality of the reporter and, therefore, your personal data to ensure the necessary protection from any event that could put them at risk of violation.
The Owner has provided an appropriate policy aimed at the correct and safe collection and use of personal data and the exercise of your rights under current legislation. The Controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary and in any case in case of regulatory and organizational changes that may affect the processing of your personal data.

The Holder in relation to reports protected by the protection provided by Legislative Decree No. 24 of March 10, 2023 Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019, may collect and/or receive the following information about you:
– first name, last name;
– physical and telematic address;
– landline and/or mobile phone number;
– data provided in order to represent the alleged illegal conduct of which the reporter has become aware by reason of his or her working relationship and/or collaboration with the company committed by individuals who interact with it in various capacities.

I tuoi dati saranno raccolti attraverso il sistema Trusty AG un fornitore di sistemi di segnalazione interna basati sul web, sicuri e anonimi, alla pagina https://www.flmedical.com/whistleblowing/ oppure con altre modalità da te scelte (email, pec, telefonata).

Personal data about you will be processed for the following purposes:

PurposeLegal Basis
– For the execution and management of the reporting procedure.– Fulfillment of regulatory obligations related to the complete handling of the report from submission to settlement.
PurposeLegal Basis
– For filing and storage of the report.– Fulfillment of regulatory obligations related to the complete handling of the report from submission to settlement.
PurposeLegal Basis
– Control and monitoring of the use of the Owner’s instrumentation and IT infrastructure;
– Implementation of data breach detection and notification procedures.
– Performance of activities dependent on the relationship established;
– Fulfilling legal obligations (detection and notification of data breach events);
– Legitimate interest.

The Controller does not transfer your personal data abroad (non-EU countries). The database is encrypted and hosted on virtual servers in high-security data centers located in the EU.

In compliance with current regulations, Your data are confidential and processed only by the company’s appointees, and may be disclosed to the competent authorities at the outcome of investigations and for the fulfillment of regulatory obligations.
It should be noted that if the allegation is based, in whole or in part, on the report and knowledge of the identity of the reporter is essential to the defense of the accused, the report may be used in the disciplinary proceedings arising from the report only with the explicit consent of the reporter to the disclosure of his or her identity. You will be notified in writing of the reasons for disclosure of confidential data if it is essential to reveal the identity of the reporter and related information, including for the defense of the person involved.

Data processing is carried out as appropriate through paper media or computer systems by the specially authorized individuals. Access to your personal data is granted to the persons in charge to the extent and to the extent necessary for the proper performance of the processing activities concerning you.
FL Medical periodically checks the tools used for the processing of personal data and all the security measures provided with constant updating of the same. In particular, it respects all the rights set forth in Articles 15 to 22 EU Regulation 2016/679, including through its employees specifically trained for this purpose.
The Holder guarantees that data that, even after verification, are found to be excessive or irrelevant will not be used except for the possible preservation, in accordance with the law, of the act or document that contains them.

The processed data are stored in paper, computer and electronic files located within the European Economic Area, and appropriate security measures are ensured to protect them.

Your personal data collected at the time of your report are kept for the time necessary to fulfill the regulatory obligations related to the complete management of the report from its submission to its settlement and for the fulfillments, including legal ones, that follow from it, in any case no longer than 5 years after the closure of the procedure.

At any time, you may exercise the following rights, if the conditions are met and by contacting the data controller at info@flmedical.com, in accordance with Articles 15 to 22 EU Regulation 2016/679:
a. request confirmation of the existence or non-existence of their personal data and obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, where possible, the storage period;
b. Obtain rectification and deletion of data;
c. Obtain the restriction of processing when one of the cases provided for in Article 18 of the EU Regulation 2016/679 is applicable;
d. obtain portability of data, i.e., receive them from a data controller, in a structured, commonly used, machine-readable format, and transmit them to another data controller without hindrance;
e. where the processing is based on consent, withdraw it at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal;
f. Propose a complaint to the Data Protection Authority;
g. Object to automated decision-making related to natural persons, including any profiling.
In case it is needed on request, an appropriate form will be provided.
You will still be given written feedback within 1 month of the request. The response time may be longer in cases of particular complexity, but in any case it will not exceed 3 months. In such cases The Holder will, within 1 month of receiving your request, inform you and make you aware of the reasons for the extension.
Exercise of the rights is, in principle, free of charge, but there may be exceptions: in cases of particular complexity of the response, if the requests are manifestly unfounded, excessive or even repetitive (Art.12(5)), or if multiple “copies” of personal data are requested in the case of the right of access (Art.15(3)). In the latter case, the administrative costs incurred will be taken into account.

If you have any clarifications or concerns regarding FL Medical’s data processing policy and this policy statement, please contact the data controller at e-mail address info@flmedical.com If this policy is changed, we will notify you of the new, updated version.