Skip to main content

Whistleblowing

Access the Whistleblowing Portal

1. Data controller

The Data Controller is:

Comet Maritime Terminals S.r.l.

Registered office: Via Garibaldi No. 150- 98121- Messina

Email: privacy.cmt@cometlog.com

2. Type of data processed

As part of the management of reports, they can be dealt with:

  • Identifying information about the reporter (if provided)
  • Data on reported subjects
  • Information contained in the report
  • Any special data (ex art. 9 GDPR) if necessary

In the case of anonymous reporting, no identifying data of the reporter will be collected.

3. Purpose of processing.

Personal data are processed for:

  • Management and verification of reports
  • Investigation of possible wrongdoing
  • Adoption of corrective measures
  • Fulfillment of legal obligations

4. Legal basis for processing

The treatment is based on:

  • Legal obligation (Legislative Decree 24/2023)
  • Holder’s legitimate interest in preventing malfeasance
  • Protection of rights in court

5. Method of treatment

Processing is carried out by computer and/or manual means, in accordance with the principles of:

  • lawfulness, fairness and transparency
  • data minimization
  • security and confidentiality

Appropriate technical and organizational measures are taken to protect the data.

6. Access to data

The data are accessible only to:

  • Person(s) in charge of handling reports
  • Any authorized external parties (e.g., consultants)
  • Competent authorities, in cases provided for by law

7. Confidentiality

The identity of the reporter will not be disclosed without the reporter’s consent, except in cases expressly provided for by law.

All measures are taken to ensure confidentiality even in the case of non-anonymous reporting.

8. Data Retention.

Personal data are retained for as long as necessary for the handling of the report and no longer:

  • 5 years from the closure of the report (unless required by law or judicial protection needs)

9. Rights of the data subject

Within the limits provided by the regulations (and subject to exceptions for whistleblowing), data subjects may exercise:

  • Right of access
  • Grinding
  • Cancellation
  • Limitation of treatment

These rights may be restricted to ensure the confidentiality of the reporter and the effectiveness of the investigation.

10. Extra-EU data transfer

The data will not be transferred outside the European Economic Area, except in accordance with the guarantees provided for in current legislation.

11. Complaint to the supervisory authority

Data subjects have the right to lodge a complaint with the competent authority, such as the Data Protection Authority.