PRIVACY POLICY

INFORMATION NOTICE REGARDING THE PROCESSING OF WHISTLEBLOWER’S PERSONAL DATA ON ARISTON THERMO S.P.A. WEBSITE PURSUANT TO ART. 13 AND 14 OF EU REGULATION 2016/679 ("GDPR")


DATA CONTROLLER
Ariston Holding NV
Amsterdam, The Netherlands
Business Address via Broletto 44
20121 Milano
CF 0076810572
P.IVA: 01527100422
(“Company”).

DATA PROCESSING PURPOSES

  • The data provided by completing the form and/or the browsing data collected by the online configurator will be processed by the Company in order to proceed to the collection and verification reports received through the official website www.aristongroup.com, related to alleged unlawful behaviors which may be relevant under Italian Legislative Decree 179/2017 or violations of the Model of Organization and Management of the Company as for Italian Legislative Decree 231/2001 or any other applicable Whistleblowing legislation.
  • If necessary, to determine, exercise or defend the rights of the Data Controller in court or out-of-court proceedings.

LEGAL BASIS OF THE PROCESSING

  • Legitimate interest (verification of the veracity/correctness of the received report) in compliance with law fulfillments 
  • Legitimate interest (defence in legal proceedings)

DATA RETENTION PERIOD

  • Personal data will be retained for the time estimated as necessary in order to proceed and finalized to the verification on the report, estimated time is no longer than two years.
  • In the event of litigation, for the entire duration of the same, as long as the time limits for bringing an appeal have not expired.

DATA PROVISION
Provision of personal data indicated with an asterisk (*) are mandatory in order to provide You with receipt of the received report. Whistleblowers in good faith are guaranteed against any form of retaliation, discrimination or penalization and in any case the confidentiality of the informant's identity is ensured, without prejudice to the legal obligations and the protection of the rights of the Company or of the people wrongly accused and / or in bad faith.

DATA RECIPIENTS
Personal data may be communicated to parties acting as data controllers (such as supervisory bodies and authorities and public organisations authorised to request data) or processed on behalf of the Company by parties appointed as data processors, who are provided with suitable operating instructions. These parties include the following categories:
a) companies that provide Web Development services on the Company website.

SUBJECTS AUTHORIZED TO PROCESSING DATA
The data may be processed only by the employees expressly authorized by the Whistleblowing procedure adopted by the Company, that have been expressly authorized to process and have received adequate operating instructions.

TRANSFER OF DATA TO NON-EU COUNTRIES
There are no transfers of data outside the European Union.

DPO DATA PROTECTION OFFICER (DPO)
Data Protection Officer (“DPO”) appointed by Data Controller pursuant to Art. 37 and following of the GDPR is Mr. Gabriele Faggioli.
It is possible to contact the Data Protection Officer (“DPO”) via e-mail at: DPO.AristonThermoGroup@aristonthermo.com

DATA SUBJECTS’ RIGHTS - COMPLAINT TO THE SUPERVISORY BODY

  • By contacting Ariston Thermo S.p.A. a by mail to the address Viale Aristide Merloni 45, Fabriano (AN), by e-mail to the address privacy.aristonthermo@ariston.com,data subjects can data subjects can ask the Company for access to personal data, or the correction or deletion of personal data, and also have the right to restrict processing of the data in the cases set out in article 18 of the GDPR, and object to processing in the case of legitimate interests of the controller.
  • Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data controller without obstruction.
  • Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.
  • Data subjects have the right to withdraw consent at any time in relation to data processed for marketing purposes, and object to data being processed for these purposes. Data subjects have the possibility of stating a preference for being contacted for the aforementioned purposes through conventional methods and objecting to receiving communication through automatic methods only.

3/31/2022 9:55:22 AM