7. Rights of Data Subjects
The system for the management of Reports guarantees, at every stage, the confidentiality of the identity of the Reporting Party, the Persons involved and/or otherwise mentioned in the Report, the content of the Report and the related documentation, with the exception of the provisions of Article 12 of Legislative Decree No. 24/2023.
Confidentiality will be protected, to the maximum extent permitted, with particular reference to the identity of the reporter, which will not be disclosed to the reported subject or to third parties, except when necessary for the needs of judicial protection, to fulfill legal obligations, and in any case always within the limits provided by law, in order to avoid retaliation, threats, violence, discrimination, etc., direct or indirect against him for reasons related directly or indirectly to the Reporting. The confidentiality of identity cannot be guaranteed in the case of Illegal Reporting (by which is meant that reporting which, from the results of the investigative phase, is found to be unfounded on the basis of objective elements, and with respect to which the concrete circumstances ascertained in the course of the same investigation allow for the belief that it was made in bad faith or with serious negligence).
The reporter or facilitator, has the right to access at any time the data concerning him or her and to exercise the rights provided for in Articles 15 to 22 of the GDPR, as far as applicable (right of access to personal data, right to rectify them, right to obtain their deletion or so-called right to be forgotten, the right to restriction of processing, the right to portability of personal data or the right to object to processing) by sending an e-mail to: privacy@olivari.it
In addition, the Data Subject has the right to file a complaint with the Data Protection Authority.
The aforementioned rights are not exercisable by the person involved or the person mentioned in the report, for the time and to the extent that this constitutes a necessary and proportionate measure, pursuant to Article 2-undecies of the Privacy Code because the exercise of these rights could result in actual and concrete prejudice to the protection of the confidentiality of the identity of the reporting person.
The Data Controller reserves the right to limit or delay the exercise of these rights, within the limits set by the applicable legal provisions, particularly where there is a risk that actual, concrete and not otherwise justified prejudice to the confidentiality of the identity of the Reporting Party may result and that the ability to effectively verify the merits of the Reporting or to gather the necessary evidence may be compromised.