Policy Whistleblowing

In accordance with art. 4 of Legislative Decree 24/2023 (“Whistleblowing Decree“), Jobrapido S.r.l. (“Jobrapido” or “Company“) has implemented its own whistleblowing system, introducing Internal Reporting Channels that allows the emergence of illicit conduct to protect the integrity of the Company, ensuring that all business activities are carried out legally and legitimately.

In this document (“Whistleblowing Policy” or “Policy“), the objectives of Jobrapido’s whistleblowing system, instructions for making Reports through Internal and External Channels, the procedures for managing Reports, and the protective measures reserved for Reporters and other Protected Persons are summarized.

For definitions not provided in this Whistleblowing Policy, reference is made to Annex 1 Jobrapido Whistleblowing System | Definitions and normative references.

 

1. What are the objectives and purposes of Jobrapido’s whistleblowing system?

Through the establishment and invitation to the conscious use of Internal Reporting Channels, Jobrapido aims to prevent and counteract the commission of illicit behaviors, protecting the confidentiality of the identity of Reporters, Involved Persons, or those mentioned in the Report, as well as the content of the Report and related documentation, prohibiting any Retaliation, in full compliance with all legal provisions.

2. What can Reports cover?

Reports may concern Information on the following Violations:

     a) Violations of EU legislation, namely

  • Illegitimate acts committed in violation of EU legislation listed in Annex 1 to the Whistleblowing Decree and all national provisions implementing it, relating to the following sectors: public contracts; services, financial products and markets, and prevention of money laundering and terrorism financing; product safety and compliance; transport safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; protection of privacy and personal data protection, and network and information systems security;
  • Acts or omissions that harm the financial interests of the European Union, including fraud, corruption, and any other illegal activity related to EU expenses.
  • Acts or omissions concerning the internal market, which compromise the free movement of goods, persons, services, and capital, including: violations in the field of competition and state aid, corporate tax and mechanisms aimed at obtaining a tax advantage that frustrates the purpose or purpose of the applicable corporate tax legislation;
  • Acts or behaviors that frustrate the purpose or purpose of EU provisions in the sectors referred to in the preceding points, including: unfair commercial practices and abuse of dominant position, adoption of so-called predatory prices, target discounts, bundled sales that violate the protection of free competition;

 

    b) Any conduct aimed at concealing the above-mentioned behaviors;

    c) Retaliation against Reporters and other Protected Persons.

 

What elements must the Report contain?
Reports must be made in good faith and be substantiated, i.e., they must contain a description of as many elements and circumstances as possible to allow proper verification. In particular, it is advisable to include in the Report: (a) the personal data of the Reporter and their legal relationship with the Company, except for the possibility of making Anonymous Reports; (b) the circumstances of time and place in which the fact subject to the Report occurred; (c) the description of the facts; (d) the personal data or other elements that allow the identification of the subject deemed responsible for the reported facts (so-called “Involved Person“); (e) any relevant documentary evidence; (f) any other information useful for the assessment of the facts.

Absolute certainty regarding the actual occurrence of the reported events and the responsible party is not necessary. Instead, it is sufficient for the Reporting Party to reasonably believe that the reported Violation Information is true, in light of the data available at the time of the Report and the circumstances of the specific case.

3. What cannot be the subject of Reports?

Reports cannot concern disputes, claims, or requests related to a personal interest of the Reporting Party or pertaining to the employment relationship or relationships with colleagues. Such conduct can be shared and managed with one’s hierarchical superiors or with internally designated functions according to the respective company rules.

 

Reports that are pretextual, blatantly unfounded, based on mere suspicions, indiscretions, or poorly reliable rumors, made with malice (bad faith) or gross negligence, regarding Violation Information already in the public domain, are strictly prohibited and penalized.

 

4. Who can make a Report?

Reports can be made by the following individuals who have become aware of Violation Information within the scope of their work context or professional relationship with Jobrapido:

  • Employees, including holders of part-time, full-time, or intermittent employment contracts, fixed-term or permanent contracts, agency workers, apprentices, occasional workers;
  • Self-employed workers, including holders of contracts for services (exercising intellectual professions for which registration in specific registers or lists is required), agency contracts, commercial representation, and other collaboration contracts that result in a continuous and coordinated work performance, predominantly personal, even if not subordinate in nature (for example, lawyers or engineers who carry out their work activities autonomously);
  • Independent professionals and consultants.
  • Volunteers and interns, both paid and unpaid.
  • Shareholders of the Company.
  • Persons with administrative, managerial, supervisory, oversight, or representational functions of the Company, even if such functions are exercised by de facto means and, therefore, in the absence of regular nomination.
  • Workers or collaborators providing goods or services or carrying out works for the Company.
  • Former employees.
  • Candidates whose selection process is still ongoing.

5. To whom are the Internal Reports directed and who manages them for Jobrapido?

Jobrapido has appointed a Whistleblowing Committee (hereinafter also referred to as the “Committee“) as an autonomous internal office dedicated and specifically trained for receiving and managing Internal Reports related to the Company. The Whistleblowing Committee is composed of the Head of the Company’s HR Department, designated as the Chairperson, and other permanent employees of the HR Department.

6. What are Jobrapido’s Internal Reporting Channels?

Internal Reports can be made in written form, verbally, or through direct meetings via the following Internal Reporting Channels:

A) Written Reports – Online Platform
It is possible to make a Written Report using the online Platform accessible at the following link: https://jobrapido.trusty.report.

Before making the written Report, the Reporting Party must review the privacy policy published on the Jobrapido website.

Subsequently, by accessing the online Platform, the Reporting Party must: (a) click on the “Make a report” box; (b) select the country where the Violation occurred; (c) complete the Report form, entering the required information in the various fields, possibly attaching relevant documentation; (d) express consent to reveal one’s identity to the Committee or remain anonymous and send the Report.

Once the Report is submitted, the Reporting Party can track its status – including confirmation of its receipt – and continue to communicate securely (and optionally anonymously) with the Committee by accessing

the online Platform again, clicking on the “Your mailbox” box, and entering their username and password.

 

B) Oral Report – Telephone Line
It is possible to make an Oral Report by contacting the Committee at the following number: +39 349 3567624.

Before making the oral Report, the Reporting Party must review the privacy policy published on the Jobrapido website. The Committee must document the meeting through a recording of the conversation on a durable medium or a detailed minutes. The method of documentation will be agreed upon with the Reporting Party and carried out with their consent. In the event that the Report is documented through minutes, the Committee must read it back to the Reporting Party and, if possible, provide them with a copy to be signed for acceptance. Any subsequent communication between the Committee and the Reporting Party will only be possible if the Reporting Party has provided their contact information for follow-up (e.g., email, phone number).

 

C) Direct Meeting – Via Video Conference or In Person
The Reporting Party may also request to arrange a direct meeting with the Whistleblowing Committee, to be held within a reasonable timeframe, not exceeding 15 working days from the request. The request for a direct meeting must be made through the written or oral Reporting Channels described above, after reviewing the privacy policy published on the Jobrapido website. The meeting can take place via video conference or in person at a location agreed upon with the Reporting Party.

The Committee must document the meeting through a recording of the conversation on a durable medium or detailed minute. The method of documentation will be agreed upon with the Reporting Party and carried out with their consent.

The Reporting Party may verify, rectify, and confirm the content of the minutes by signing them. In the case of a meeting conducted via video conference, the Reporting Party may verify the content of the minutes by sharing the same video or by exchanging emails with the Committee.

Any subsequent communication between the Committee and the Reporting Party will only be possible if the Reporting Party has provided their contact information for follow-up (e.g., email, phone number).

7. Procedural Steps for Managing Internal Reports

Upon receiving an Internal Report, the Whistleblowing Committee must:

i. Provide the Reporting Party with an acknowledgment of receipt of the written Report within 7 (seven) days from the date of receiving the Report.

ii. Diligently follow up on the Report, verifying its admissibility and validity – also with the support of other internal company functions or external consultants – and maintaining communication with the Reporting Party.

iii. Provide feedback to the Reporting Party within 3 (three) months from the date of the acknowledgment of receipt or, in the absence of acknowledgment, within 3 months from the expiration of the 7-day term from the          submission of the Report; all in accordance with the procedures detailed in the Whistleblowing Reporting Management Regulations, available upon request sent in writing to the Committee.

iv. Prepare a summary report of the conducted investigations and the evidence gathered, which will be shared, based on the outcomes, with the relevant company functions or bodies, in order to ensure any necessary                      intervention plans and the adoption of remedial and/or improvement actions regarding the reported Violation, for the protection of the Company, verifying their adoption or the reasons underlying their non-adoption.

v. Submit the results of the investigative activities to the company’s administrative body for the initiation of any disciplinary/sanctioning procedures, while the adoption of measures remains the responsibility of the                          competent functions.

vi. Preserve and safeguard the Reports (including Anonymous ones) as well as the documents, reports, transcriptions, and minutes related to them in a dedicated repository with exclusive access reserved for the Committee:

  • For 1 year in the case of Reports that are unfounded/inadmissible.
  • In other cases, for the time necessary for the processing of the Report and in any case not exceeding 5 years from the date of communication of the final outcome of the reporting procedure, in compliance with the confidentiality obligations established by the Whistleblowing Decree, the Privacy Code, GDPR, and/or other applicable laws on the protection of personal In any case, personal data that are manifestly not useful for the processing of a specific Report are not collected or, if collected accidentally, are immediately deleted.

 

1 Note The feedback consists of communicating information regarding the follow-up that has been or is intended to be given to the Report, including the communication of any lack of grounds to proceed with the investigation and the subsequent archiving of the Report.

 

7.1. Cases of Archiving Internal Reports

Internal Reports may be archived where:

  • They are inadmissible because they concern Violations different from those listed under § 2 or are transmitted by individuals other than those indicated under § 4, in which case the Committee must consider the opportunity to transmit the Report to other competent company functions, however, concerning offenses relevant to the protection of Jobrapido’s integrity.
  • They are manifestly unfounded due to the absence of factual elements suitable for justifying investigations.
  • They have generic content, making it impossible to understand the facts, and the Reporting Party has not provided contact information to be contacted for further clarification or – even if contacted by the Committee – has refused to provide them.
  • They are accompanied by inappropriate or irrelevant documentation.
  • The Committee determines that the Report was made by the Reporting Party with malice (bad faith) or gross In this case, the Committee reserves the right to propose to the competent company functions or bodies the initiation of a disciplinary procedure against the Reporting Party, if the legal requirements are met.

7.2. Anonymous Reports

Within the limits permitted by law and the Internal Reporting Channels, Reports may also be made anonymously.

Anonymous Reports, if substantiated, will be treated by the Whistleblowing Committee in the same manner as Internal Reports made by known Reporting Parties.

8. Internal Reports erroneously sent to a party other than the Whistleblowing Committee

Internal Reports erroneously sent to a party other than the Committee must be forwarded to them within 7 (seven) days of receipt by the receiving party through the Internal Reporting Channels.

What to do if you receive Reports by mistake

If someone receives an Internal Report by mistake, they must:

a) Immediately forward it to the Committee via the Internal Reporting Channels, while simultaneously notifying the Reporting Party (if known) of the transmission.

b) Maintain the strictest confidentiality regarding the identity of the Reporting Party and any individuals involved or mentioned in the Report;

c) Not disclose or maintain the strictest confidentiality regarding the content of the Report and any documents attached to it;

d) If the mistakenly received Report is contained in an email or message sent via SMS or other messaging systems, proceed to its permanent deletion after forwarding the Report to the Committee.

9. External Reporting Channels of ANAC

While prioritizing the use of the Internal Reporting Channels provided by Jobrapido, Reports may be submitted through the External Reporting Channels established at the National Anti-Corruption Authority (“ANAC“) and accessible at the following link: https://www.anticorruzione.it/-/whistleblowing, on the condition that:

  • The Internal Reporting Channels are not active or, even if activated, do not comply with the provisions of the Whistleblowing Decree.
  • The Reporter has already made an Internal Report and it has not been followed up.
  • The Reporter has reasonable grounds to believe that if they were to make an Internal Report, it would not be effectively followed up or that the same Report could pose the risk of Retaliation.
  • The Reporter has reasonable grounds to believe that the Violation may constitute an imminent or manifest danger to the public interest.

10.Public Disclosure

The Reporter may make a Public Disclosure, making violations of EU legislation, as defined above, publicly known through the press or electronic means or in any case through mass media capable of reaching a large number of people (including social networks), only and exclusively in the following cases:

  • The Reporter has previously made an Internal Report and an External Report or has directly made an External Report (under the conditions provided in sub § 9) and there has been no response within the established terms regarding the measures planned or taken to follow up on the Reports.
  • The Reporter has reasonable grounds to believe that the Violation may constitute an imminent or manifest danger to the public interest.
  • The Reporter has reasonable grounds to believe that the External Report may entail the risk of Retaliation or may not be effectively followed up due to the specific circumstances of the case, such as those where evidence may be concealed or destroyed, or where there is a reasonable fear that the recipient of the Report may be colluding with the perpetrator of the Violation or involved in the Violation itself.

11. Protections and Protective Measures

Jobrapido undertakes to offer Whistleblowers and other Protected Persons the protections and Protective Measures provided for in the Whistleblowing Decree and described below.

Any waivers and transactions, in whole or in part, concerning the rights and protections provided for in the Whistleblowing Decree and incorporated into this Policy are not valid unless they are made in protected venues (judicial, administrative, union) in accordance with applicable laws.

11.1 Confidentiality Protection

Jobrapido protects the confidentiality of the identity of Whistleblowers, Facilitators, Persons Involved or mentioned in the Reports, as well as the content of the Reports and attached documents, in accordance with the Whistleblowing Decree, the Privacy Code, the GDPR, and other relevant laws regarding the protection of personal data.

In particular, the Committee cannot disclose the identity of the Whistleblower or any other information from which such identity can be directly or indirectly inferred, except with their express written consent. The duty of confidentiality does not preclude or limit any reporting obligations that may arise following the Report, towards the Judicial Authority.

The duty to protect confidentiality also extends to other internal company functions or external consultants possibly involved in the investigations by the Committee, especially if they become aware of the Whistleblower’s identity with their consent.

Confidentiality protection will also be ensured in judicial and disciplinary contexts, in accordance with applicable laws.

 

11.2. Protective Measures

In order for the Whistleblower and other Protected Persons to benefit from the Protective Measures described below, the following conditions (cumulative) must be met:

a) The Whistleblower has submitted the Report based on a reasonable belief that the reported Violations were true and fell within the objective scope of the Whistleblowing Decree.

b) The Report has been made in accordance with the conditions prescribed by the Whistleblowing Decree and this Policy.

The Protective Measures also apply to anonymous Whistleblowers, where subsequently identified and subject to Retaliation.

When the Whistleblower’s criminal liability is established, even by first-instance judgment, for the offenses of defamation or slander, or their civil liability, for the same reason, in cases of willful misconduct or gross negligence, the Protective Measures are not guaranteed, and the Whistleblower will also be subject to disciplinary action.

11.2.1. Prohibition of Retaliation

Jobrapido prohibits any Retaliation – even attempted or threatened – against Whistleblowers and other Protected Persons, carried out as a result of a Report, Internal or External, or a Public Disclosure based on and allowed, which causes or may cause unjust harm.

Anyone who believes they have suffered Retaliation as a result of a Report or Public Disclosure based on and allowed may report it to the Committee through the Internal Reporting Channels or communicate it to the ANAC through the External Reporting Channels.

11.2.2. Limitation of Liability

Whistleblowers are guaranteed a limitation of liability regarding the disclosure and dissemination of certain categories of Information.

The limitation of liability applies provided that:

a) At the time of disclosure or dissemination, there were reasonable grounds to believe that the Information was necessary to uncover the Violation.

b) The Information was acquired lawfully.

c)The Report or Public Disclosure was made in accordance with the conditions prescribed by the Whistleblowing Decree and this Policy.

 

11.2.3. Support Measures Provided by Third Sector Organizations

Whistleblowers can benefit from support measures offered by Third Sector organizations listed in the register established by the ANAC (https://www.anticorruzione.it/-/whistleblowing).

Specifically, Third Sector organizations provide free assistance and advice on Reporting procedures, protection against Retaliation, the rights of the Involved Person, and the methods and conditions for accessing state-funded legal representation in judicial proceedings.

 

11.3. Rights and Protections of Individuals Involved in Reporting

Jobrapido applies the same confidentiality protection measures provided for the Whistleblower to individuals involved in the Reporting, unless the Company is legally obliged to disclose their identity (for example, upon request by the Judicial Authority).

Furthermore, Jobrapido ensures that individuals involved have the right to:

  • Be informed within a reasonable period of time about the accusations made against them.
  • Be heard by the Committee to safeguard their right to defense, also through a written procedure, in accordance with applicable labor law regulations.
  • Be informed about any disciplinary sanctions.

12. Processing of Personal Data

Every processing of personal data, including communication among competent authorities, will be carried out in compliance with the Privacy Code, the GDPR, and other applicable laws regarding the protection of personal data.

The management of Reports and the related processing of data are conducted by Jobrapido as the data controller, in accordance with the principles of necessity, proportionality, and lawfulness of processing as provided by the GDPR.

For more details regarding the processing of data, please refer to the privacy policy published on the Jobrapido website and the company intranet.

Individuals involved in the Reporting may not immediately receive specific privacy information regarding the processing of their data if there is a risk that providing such information could compromise the ability to effectively verify the validity of the Report or gather necessary corroborating evidence.

13. Disciplinary or Contractual Sanctions

Without prejudice to further liability aspects, Jobrapido may apply disciplinary or contractual sanctions against those who violate the provisions of this Policy or the Whistleblowing Decree, deemed appropriate (e.g., contract termination, compensation actions, liability actions, or revocation for just cause), tailored in relation to the severity and within the limits of the current regulatory framework.

14. Adoption and Dissemination of Jobrapido’s Whistleblowing Policy

This Policy has been adopted by the administrative body of Jobrapido, which promotes its dissemination, also with the support of the Whistleblowing Committee, on 15/04/24.