1. PURPOSE

The purpose of this document is to define the reference principles, operational activities, as well as roles and responsibilities within the management of the WHISTLEBLOWING REPORTING process to provide for:

14. the allocation of responsibilities within the process itself;
14. the relevant principles of conduct;
14. organisational, management and control measures aimed at reasonably preventing the offences provided for in the Italian Legislative Decree No. 231 of 8 June 2001 and compliance with the regulations in force.

The Italian Legislative Decree No. 24 of 10 March 2023 implementing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law and laying down provisions regarding the protection of persons who report breaches of national laws, has profoundly reorganised the regulations about the handling of Whistleblowing reports, providing for an organic and uniform regulation.

The recently introduced rules, in particular, require companies/bodies to set up a structured and adequately formalised Whistleblowing system, the essential elements of which include the implementation of internal reporting channels - managed internally by specially trained offices or personnel belonging to the organisation or by external third parties - through which persons who become aware of an offence may make a report (see paragraph 5.2 of this Procedure), as well as a specific internal procedure regulating the organisational and procedural aspects for the proper handling of reports falling within the scope of the new Whistleblowing provisions.

Generally, reports may be sent through the internal Whistleblowing channel either in written form (e.g., using an IT platform) or orally (using a dedicated telephone line). At the request of the Whistleblower, an in-person meeting should also be arranged with the persons in charge of handling the reports.

In addition to internal reporting, and only if the specific conditions set out in Articles 6 and 15 of the Italian Legislative Decree 24/2023 (to which reference should be made) are met, the Whistleblower has the right to use an external reporting channel activated at the ANAC (Italian National Anti-Corruption Authority) or to publicly disclose - i.e., to make public through the press or electronic means that allow for dissemination to several persons - the information concerning the breaches mentioned above.

 

In compliance with the above provisions, the Trevi Group has therefore decided to equip itself with an IT platform for the management of Whistleblowing reports based on the highest standards of security and a dedicated telephone line. The platform allows Whistleblowing reports to be sent to the Company, guaranteeing protection of the confidentiality of the identity of the Whistleblower, as well as of the personal data and content of the report itself, in line with the provisions of the reference regulations on Whistleblowing and personal data protection.

This Procedure, updated to the regulatory framework currently in force, forms an integral part of the Code of Ethics and of the Organisation, Management and Control Model under the Italian Legislative Decree, 231/2001, adopted respectively by Trevi Finanziaria Industriale S.p.A., Trevi S.p.A. and Soilmec S.p.A.

 

2. SCOPE OF APPLICATION AND RECIPIENTS

This document applies to Trevi Finanziaria Industriale S.p.A. and the companies directly and indirectly controlled in Italy and abroad ("Company" or "Group" or "Trevi Group").

1. 1. SUBJECTIVE SCOPE OF APPLICATION

This policy applies to all personnel of TREVI Group, i.e., both workers who work based on relationships that determine their inclusion in the company organisation, also in a form other than employment, as indicated more specifically below. The recipients of the provisions contained in this policy are also external reporting parties, as specified in paragraph 7.1.1. as well as, about the protection measures, the persons indicated in paragraph 7.2.1.

1. 2. OBJECTIVE SCOPE OF APPLICATION

For this Procedure, the following may be reported:

1. the relevant illegal conduct under the Italian Legislative Decree 231/2001 - i.e., the so-called predicate offences - or violations of the Company's OMCM (Organisation, Management and Control Model system);
2. offences concerning European Union or national acts, relating to, but not limited to, the fields of public procurement, services, financial products and markets and the prevention of money laundering and the financing of terrorism, transport safety, consumer protection, public health, etc.;
3. acts or omissions detrimental to the financial interests of the European Union referred to in Article 325 TFEU (Treaty on the Functioning of the European Union);
4. acts or omissions affecting the internal market as referred to in Article 25 TFEU, including violations of EU competition and state aid rules, as well as offences involving the internal market related to acts violating corporate tax rules or violations whose purpose is to obtain a tax advantage to circumvent the application of corporate tax law.

Whistleblowing reports that are not allowed:

1. reports characterised by a manifest lack of interest in the protection of the integrity of the Company or directed towards the exclusive protection of individual interests (e.g., mere claims against colleagues, hierarchical superiors, etc.);
2. reports sent for blatantly emulative purposes (e.g., reporting made in bad faith or to harm or harass the reported person);
3. reports containing unsubstantiated news or mere 'rumours' (information without supporting evidence).

Such reports fall outside the scope of reports to which whistleblowing legislation applies and, therefore, will be filed after it has been ascertained that they are unfounded and specious.

In the cases mentioned above, the Group companies reserve the right to take the actions they deem most appropriate to protect their interests and those of the reported person in the event of any liability on the part of the Whistleblower, on the assumption that the latter's actual identity is known.

 

3. NORMATIVE  REFERENCES AND OTHER RELATED DOCUMENTS
   1. EXTERNAL REFERENCES

Mandatory Legislation

• Civil Code;
• Criminal Code;
• Italian Legislative Decree No. 24 of 10 March 2023 - Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law and laying down provisions regarding the protection of persons who report breaches of national laws;
• Italian Legislative Decree No. 231 of 8 June 2001 regulating the administrative liability of legal persons, companies and associations, including those without legal personality;
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("GDPR");
• Italian Legislative Decree No 196 of 30 June 2003, as amended ('Privacy Code');
• SA 8000:2014 Corporate Social Responsibility;
• PDR 125:2022 Gender equality;
• ISO 30415:2021 Human resource management - Diversity and inclusion;
• ISO 37001:2016 Anti-Corruption System.
  2. INTERNAL REFERENCES
• Organisation, Management and Control Model ex Italian Legislative Decree 231/2001 ("MOG") of Trevi Finanziaria Industriale S.p.A., Trevi S.p.A. and Soilmec S.p.A;
• Code of Ethics of the Trevi Group;
• Data Retention Policy PO-DPR-05-00-GTR.

4. PRINCIPLES OF CONDUCT

The principles set out and referred to in this section govern the conduct of the Recipients to protect the integrity of the companies of the Trevi Group and to prevent conduct contrary to the law or, in any case, contrary to the ethics the Company identifies with.

 

 

 

Without prejudice to their powers under the law, all employees must implement and cooperate in implementing this document within the limits of their competencies and functions.

5. TERMS AND DEFINITIONS

Terms/symbols used and their definitions.

TERMS/ACRONYMS	DESCRIPTION
ODV	Supervisory Board of the respective Group Companies
Organisation, Management and Control Model (or 'MOGC')	The Organisation, Management and Control Model adopted by each Group company under Article 6 of the Italian Legislative Decree 231/2001
Code of Ethics	The document adopted by the Company defines the set of ethical and behavioural principles to be observed by corporate bodies, employees, collaborators and, in general, all third parties that have legal relations with each Group Company.
Violations	Behaviour, acts or omissions that harm the public interest or the integrity of the public administration or the private entity and consist of unlawful conduct relevant under Article 2 of the Italian Legislative Decree 24/2023 (see paragraph 5.2.).
Information on violations (or 'inherent violations' or 'relating to violations'):	Information, including well-founded suspicions concerning violations committed or likely to be committed in the organisation with which the Whistleblower has a legal relationship, and elements relating to conduct to conceal such violations.
Retaliation	Any conduct, act or omission, even if only attempted or threatened, committed because of the report and causing or likely to cause the Whistleblower, directly or indirectly, unjust damage.
Report	The communication (written or oral) of information concerning a breach submitted through the internal reporting channels adopted by the Company.
Whistleblower (or 'Reporting Party')	The natural person who makes a report with information concerning a violation acquired in their work context.
Person involved (or 'Reported person')	The natural or legal person mentioned in the internal report is the person to whom the breach is attributed or a person otherwise involved in the reported breach.
Facilitator	The natural person assisting the Whistleblower in the reporting process, operating within the same work context and whose assistance must be kept confidential.
Platform	The IT tool used by the Company for the acquisition and management of Whistleblowing reports, accessible directly from the Company's website
Group Companies	Companies directly or indirectly controlled in Italy or abroad by the parent company Trevi Finanziaria Industriale S.p.A.
Group or Trevi Group	Trevi Finanziaria Industriale S.p.A. and all its directly or indirectly controlled companies in Italy or abroad
Holding	Trevi Finanziaria Industriale S.p.A.
IAM	Internal Audit Manager
BoD	The Board of Directors of the respective Group Companies
CEO	The Managing Director of the respective Group Companies
BoA	Board of Auditors of the respective Group Companies
Whistleblowing Teams/Managers	The inter-functional team is in charge of managing the whistleblowing report according to the operational procedures of this document. It comprises the Internal Audit Manager of the parent company, the Legal Manager of the parent company to which the report refers, the parent company's HR Manager, and the parent company's Risk Manager.

6. ROLES AND RESPONSIBILITIES
   1. WHISTLEBLOWING TEAM/MANAGER

• This person acts as the manager of the Whistleblowing Report and may appoint internal functions to carry out investigations; it may also appoint third parties and third legal persons to carry out investigations should the nature of the Report make it necessary.
  2. COMPLIANCE FUNCTION

• It must ensure that Whistleblowing Reports received through the platform are handled;

• It must deal with Whistleblowing Reports by replacing the Whistleblowing Team in cases where the Whistleblowing Team as a whole is involved in the Report and may, in these specific situations, appoint internal functions to carry out investigations; it may also appoint third parties and third legal entities to carry out investigations should the nature of the Report make it necessary.
  3. OTHER PARTY RECEIVING A WHISTLEBLOWING REPORT

• Anyone receiving a Whistleblowing Report outside the channels set out in this Policy must forward it to the Whistleblowing Team immediately.
• Persons involved in the process's operational activities must act according to what is indicated.

7. OPERATING MODES
   1. REPORTING SYSTEM
      1. Whistleblowers

Reports may be made both by internal Trevi Group personnel and by external parties.

In particular, under the Italian Legislative Decree No. 23/2024, workers who work based on relationships that lead to their inclusion in the company organisation, even in a form other than a subordinate employment relationship, including intermittent workers, apprentices, temporary workers and casual workers, are included among the Whistleblowers.

The provisions contained in this Procedure also apply to the following persons:

• self-employed workers, as well as workers holding a collaboration relationship, referred to in Article 409 of the Code of Civil Procedure and Article 2, Italian Legislative Decree No. 81/2015;
• freelancers and consultants;
• volunteers and trainees (paid and unpaid);
• shareholders, directors (also de facto), general managers, proxies, members of the Board of Auditors and the Supervisory Board.
• candidates for a job who become aware of a violation during the selection process or other pre-contractual stages;
• probationary workers;
• former employees if the information concerning the violation was acquired during the employment relationship.
  1. 2. Reported Persons

The conduct that is the subject of the Report may concern members of the Board of Directors, the Board of Statutory Auditors, the Supervisory Board, employees (including managers), external collaborators of the Company or third parties (e.g., agents, suppliers, consultants, customers, etc.) to which contractual relations bind the Company.

1. 1. 3. Whistleblowing Channels

Trevi Finanziaria Industriale S.p.A., Trevi S.p.A., and Soilmec S.p.A. have respectively activated internal reporting channels by the provisions of Article 4 of the Italian Legislative Decree 24/2023, which guarantee the confidentiality of the Reporting Party, the Reporting Person, the persons mentioned in the Report, as well as the content of the Report and any attached documents.

All Group companies controlled by Trevi Finanziaria Industriale S.p.A. may use the Parent Company's reporting channels.

The Whistleblowing Team manages the internal Whistleblowing channel.

Reports can be sent in written form via:

 

• COMPUTER PLATFORM (preferred channel) accessible through the "Whistleblowing" section on the home page of each company's website and the company intranet.

It should be noted that the platform is indicated as the main channel for sending Reports, as the software is equipped with end-to-end encryption tools and high-security standards aimed at guaranteeing the confidentiality of the identity of the Whistleblower as well as the content of the Report.

 

Within the platform, you can select a company from among Trevi Finanziaria Industriale S.p.A., Trevi S.p.A. and Soilmec S.p.A.

For all subsidiaries of Trevi Finanziaria Industriale S.p.A., the reporting channels of the Parent Company may be used.

 

• ORAL CHANNEL through a voice mailbox accessible via the platform mentioned above.

Within the platform, you can select a company from among Trevi Finanziaria Industriale S.p.A., Trevi S.p.A. and Soilmec S.p.A.

For all subsidiaries of Trevi Finanziaria Industriale S.p.A., the reporting channels of the Parent Company may be used.

 

• BY MAIL, to the respective company, to the following address:

 

Trevi Finanziaria Industriale S.p.A.

Via Larga di Sant'Andrea, 201 - 47522 Cesena (FC), Italy

To the attention of the 'Whistleblowing Office/Internal Audit Manager

----------------------------------------------------------------------------------------------------

TREVI S.p.A.

Via Dismano, 5819 - 47522 Cesena (FC), Italy

To the attention of the 'Whistleblowing Office/Internal Audit Manager

----------------------------------------------------------------------------------------------------

SOILMEC S.p.A.

Via Dismano, 5819 - 47522 Cesena (FC), Italy

To the attention of the 'Whistleblowing Office/Internal Audit Manager

----------------------------------------------------------------------------------------------------

For all subsidiaries of Trevi Finanziaria Industriale S.p.A., the reporting channels of the Parent Company must be used.

 

Should the Managers be involved in the reporting, it is advisable to prefer the use of the Reporting Platform since it is also supervised by the Compliance Function, which has the task of overseeing the actual handling of the Report as well as handling it directly in the case provided for in the second paragraph of Section 6.2.

 

Anyone wishing to make a Whistleblowing report must specify that it is a Whistleblowing report for which they intend to keep their identity confidential and benefit from the protections provided in the event of retaliation. This specification allows, where the Whistleblowing report is mistakenly received by a non-competent person, timely transmission by the latter to the person authorised to receive and handle Whistleblowing reports. The Whistleblower is also requested to place the report in two sealed envelopes: the first with the identification data of the Whistleblower together with a photocopy of the identification document; the second with the report to separate the identification data of the Whistleblower from the report. Both should be placed in a third sealed envelope marked 'WHISTLEBLOWING REPORT' on the outside.

 

The channels set up by each Group company protect the confidentiality of the Whistleblower, ensuring that the identity of the Whistleblower themselves and third parties, as well as the content of the Report, cannot be accessed by persons who have not been formally authorised to handle Reports by this Procedure.

The recipients of the Report shall handle the Report by the general principles set out in this document. They shall verify its validity in the manner set out in the following paragraphs.

 

Anyone receiving a Whistleblowing Report outside the prescribed channels must immediately forward it to the Whistleblowing Team.

1. 1. 4. Subject and Form of the Report

Whistleblowers may communicate information on violations as further specified in section 5.2 ('Objective scope').

Whistleblowing reports must have the following essential elements:

Subject matter: a precise and detailed description of the facts and conduct deemed to constitute an infringement, with an indication - if known - of all factual elements and the circumstances of time and place in which the reported facts were committed.

Reported person and other persons involved: any element (e.g., personal details, function/company role, etc.) enabling easy identification of the alleged perpetrator(s) of the unlawful conduct that is the subject of the Report.

The Whistleblower must also indicate the following additional elements:

• generalities and type of Whistleblower (e.g., employee, collaborator, agent, consultant, etc.), unless the report is anonymous;
• any additional persons who can relate useful circumstances about the reported facts;
• any appropriate documents to support the validity of the facts reported and to better substantiate the Report;
• any other information that may facilitate gathering evidence on what has been reported.

If, during the investigation, the Whistleblower becomes aware of further information relating to the reported facts, they may supplement the information provided even after the Report has been sent. The lack of one or more of those mentioned above mandatory minimum contents may represent grounds for filing the Report. The requirement of the truthfulness of the reported facts is also to protect the Whistleblower and the reported person.

In the reporting process, the Whistleblower may be assisted by a facilitator, i.e., someone who provides advice and support to the Whistleblower and operates in the same work context. By way of example, the facilitator may be a work colleague belonging to a different office from that of the Whistleblower or a trade union representative, provided that, in this case, they assist the Whistleblower in their name and on their behalf, without involving the trade union they represent.

The sending of the Report is preceded by the Whistleblower's confirmation that it has read a privacy policy by Article 13 of the GDPR.

In all phases of Whistleblowing management, the Company guarantees the protection of the confidentiality of the Whistleblower and of the persons involved in the Whistleblowing, as well as the security of personal data protection by the use of a reporting channel equipped with secure transmission protocols and encryption tools for sending and managing Whistleblowing Reports.

1. 1. 5. Prohibited Whistleblowing Reports

Reports may not be characterised by insulting expressions or moral judgments aimed at offending or harming the honour, personal decorum, and professional dignity of the person to whom the reported facts refer.

By way of example but not limited to, it is prohibited to:

• use insulting or defamatory expressions;
• send Reports for purely slanderous purposes;
• send Reports that concern aspects of the Reported Person's private life without any direct or indirect relation or connection with the work/professional activity carried out within the Company or third-party entities/companies;
• send Reports of a discriminatory nature insofar as they refer to sexual, religious or political orientation or the racial or ethnic origin of the reported person;
• send Reports that are manifestly unfounded and in bad faith, based solely on personal claims and motives, which aim to harm the reported person.

Suppose it is established that the above requirements have been violated. In that case, a disciplinary sanction may be imposed on the Whistleblower if the Whistleblower is a Group employee, or all appropriate legal action may be taken to protect the injured party if the Whistleblower is not a Group employee. The above, unless there are reasonable grounds for believing that the disclosure or dissemination of information relating to a violation that offends the reputation of the Whistleblower is truthful and necessary for knowledge of the violation.

1. 1. 6. Anonymous Whistleblowing Reports

Reports from which it is impossible to trace the Whistleblower's identity are considered anonymous.

Generally, if an anonymous report is received through the internal reporting channel, it should be treated as an ordinary report, provided it is sufficiently substantiated.

In any case, the anonymous Whistleblower, subsequently identified, who discloses that they have suffered retaliation on account of the Whistleblowing, may benefit from the protection afforded by the Italian Legislative Decree 24/2023 against retaliatory measures.

1. 2. GENERAL PRINCIPLES
      1. Protection of the Whistleblower

To ensure the effectiveness of the internal Whistleblowing channel and its proper use, the Company guarantees the protection of the confidentiality of the identity of the Whistleblower, also by the provisions of the legislation on the protection of personal data set out in Regulation (EU) 2016/679 and the Italian Legislative Decree 196/2003 and subsequent modifications and additions ("Privacy Code"), and implements all necessary measures to avoid any form of retaliation that is directly or indirectly connected to the Reporting.

In particular, but not limited to, the following may constitute retaliation:

• • dismissal, suspension or equivalent measures;
  • non-promotion or demotion;
  • change of duties, change of workplace, reduction of salary, change of working hours;
  • negative merit notes or negative references;
  • suspension of training or any restriction of access to it;
  • the adoption of disciplinary measures or other sanctions, including fines;
  • coercion, intimidation, harassment or ostracism;
  • discrimination or otherwise unfavourable treatment;
  • failure to convert a fixed-term employment contract into an employment contract of indefinite duration, where the employee has a legitimate expectation of such conversion;
  • non-renewal or early termination of a fixed-term employment contract;
  • damage, including to a person's reputation, particularly on social media, or economic or financial harm, including loss of economic opportunities and loss of income;
  • inclusion on improper lists based on a formal or informal sectoral or industry agreement, which may result in the person being unable to find employment in the sector or industry in the future;
  • early termination or cancellation of contracts for the supply of goods or services;
  • cancellation of a licence or permit;
  • the request to undergo psychiatric or medical examinations.

For additional information on anti-corruption profiles, please refer to the Trevi Group Anti-Corruption Policy.

Suppose the Whistleblower believes they have been subjected to an act of retaliation in connection with the Whistleblowing. In that case, they may also send, through the trade union to which they belong, a communication to the National Labour Inspectorate or the ANAC so that the most appropriate measures can be taken within their competence.

The retaliatory or discriminatory measures that find their cause in the Reporting (including dismissal and change of duties under Article 2103 of the Civil Code) are null and void under Article 6, paragraph 2-quater of the Italian Legislative Decree 231/2001 and Article 19, paragraph 3 of the Italian Legislative Decree 24/2023, and, in the event of dismissal, the person who made the Report has the right to be reinstated in the workplace under Article 18 of Law no. 300/1970 ("Workers' Statute") or Article 2, Italian Legislative Decree No. 23/2015, because of the specific rules applicable to the worker.

The protective measures provided for in the Italian Legislative Decree 24/2023 also apply:

• • to facilitators;
  • persons in the same work environment as the Whistleblower and who are linked to the Whistleblower by a stable emotional or family relationship up to the fourth degree;
  • co-workers of the Whistleblower who work in the same work environment and who have a habitual and current relationship with the Whistleblower, i.e., not sporadic, occasional or episodic, but present, systematic and protracted;
  • legal entities that the Whistleblower owns, works for, or is otherwise connected to in a business context (e.g., business partnerships).
    2. Protection of the Reported Person

To prevent any abuse of the Whistleblowing system and to prevent slanderous or defamatory conduct that could harm the reputation of the person who is involved in a Whistleblowing Report or cause them discrimination, retaliation or other disadvantages, this Procedure provides measures to protect the Whistleblower.

In particular, Reports characterised by wilful misconduct or gross negligence, manifestly unfounded, made in bad faith, or made for personal reasons or with the sole purpose of obtaining advantages or causing damage to the Reported Person and the Company are prohibited.

In the event of a malicious Whistleblowing report under the terms specified above, the disciplinary sanctions provided for in the Disciplinary System set out in the OMCM of each Company and in the applicable NCLA (National Collective Labour Agreement, if an employee) as well as the administrative pecuniary sanctions falling within the competence of the ANAC may be imposed on the Whistleblower.

The person to whom the violation is attributed may always ask the Whistleblowing Team to hear them or produce written statements or other documentation in their defence. Minutes of the meeting with the Whistleblower shall be drawn up, dated and signed by the Whistleblower and kept in the offices of the Internal Audit Manager.

1. 1. 3. Confidentiality and Privacy

In the management of Whistleblowing Reports, each Group company guarantees the protection of the confidentiality of the Whistleblower's identity and any other information from which that identity may be inferred, directly or indirectly.

The identity of the Whistleblower cannot be revealed without the express consent of the Whistleblower themselves to persons other than those competent to receive or follow up the Reports (i.e., the Whistleblowing Team). Similarly, the identity of the Reported Persons and the persons mentioned in the Report is protected until the conclusion of the proceedings initiated as a result of the Report and in compliance with the same guarantees granted to the Whistleblower.

The obligation of confidentiality on the identity of the Whistleblower and the information from which that identity can be deduced does not apply:

• • when the Whistleblowing Reporting Party gives its express consent to disclose its identity to persons other than those authorised to receive and handle Reports;
  • within the framework of criminal proceedings, beyond the closure of the preliminary investigation, unless the public prosecutor, by reasoned decree, orders the preservation of the investigation secrecy for individual acts in the cases provided for in Article 329 of the Code of Criminal Procedure;
  • within the framework of proceedings before the Court of Auditors after the pre-trial phase is closed;
  • within the framework of a disciplinary procedure, only with the explicit consent of the Whistleblower to the disclosure of their identity, when the knowledge of such identity is indispensable for the Whistleblower's defence and the charge is based, in whole or in part, on the Whistleblowing Report. In these cases, without express consent, the information in the Report cannot be used for disciplinary proceedings.

The reporting person shall, in any case, be informed, by written communication, of the reasons for the disclosure of confidential data.

1. 1. 4. Personal Data Processing

The personal data of Whistleblowers, the Reported Persons and all persons involved in the Whistleblowing Reporting are processed by the applicable data protection legislation (Regulation (EU) 2016/679 and the Italian Legislative Decree 196/2003, as amended by the Italian Legislative Decree 101/2018).

The Company refrains from processing personal data that is not useful for handling a Report. If such personal data are accidentally collected, they are immediately deleted.

In particular, about the processing of personal data in the management of Whistleblowing Reports, it should be noted that:

• • The Whistleblower and the person involved in the report will receive, at the time of the report or the first useful contact, information on the processing of personal data under Articles 13 and 14 of Regulation (EU) 2016/679;
  • the procedure for handling Reports provides for the processing only of personal data that are strictly necessary and relevant to the purposes for which they were collected;
  • the Company, as data controller, has put in place appropriate technical and organisational measures to ensure a level of security appropriate to the specific risks arising from the processing of personal data carried out, in compliance with the applicable data protection legislation;
  • the Company has identified the persons competent to receive and handle Reports, authorising them in writing under Articles 29 and 32(4) of the GDPR and 2-quaterdecies of the Privacy Code;
  • the exercise of the rights provided for in Articles 15 to 22 of the GDPR by the Reported Person ('data subject' within the meaning of the data protection legislation) concerning the processing of personal data carried out within the framework of the management of Reports may be restricted if the confidentiality of the Reported Person's identity may be prejudiced thereby.
    5. Absence of Conflict of Interest

The Whistleblowing Team and all persons involved in the Whistleblowing process must refrain from dealing with the Whistleblowing Report in case of possible conflicts of interest.

1. 3. MANAGEMENT OF WHISTLEBLOWING REPORTS

WHISTLEBLOWING REPORTS VIA PLATFORM

The Whistleblowing management process, which is the responsibility of the Whistleblowing Team, is described below, with particular reference to the following phases:

• • accessing the Platform, sending and receiving a Report;
  • preliminary assessment of the Report;
  • internal audits and investigations;
  • conclusion of the process and reporting to senior management;
  • relevant reports to the Corporate Bodies, the Control Bodies and the Supervisory Board;
  • filing and storage of the documentation relating to the Reports.

All reports must be duly documented using a special register held by the Whistleblowing Team.

1. 1. 1. Sending and Receiving a Whistleblowing Report
         1. Sending and Receiving Whistleblowing Reports via Platform

Whistleblowing Reports can be sent via the Platform, which can be reached from the 'Whistleblowing' section on the company website.  In the case of a first report, the Whistleblower must select the "Register" button of the Platform.

 

 

After registering, you must follow the instructions on the platform to submit your Report.

The Whistleblowing Team takes charge of the Report via the Platform within 7 (seven) days from its receipt.

1. 1. 1. 2. Receiving Oral Whistleblowing Reports

Those wishing to make an oral report to the whistleblowing team may do so through the dedicated voicemail box as indicated in the 'Reporting Channels' section.

The Whistleblowing Team is required to record the statements received through the voicemail.

1. 1. 1. 3. Sending and Receiving Paper Whistleblowing Reports

Those who wish to submit a paper report must specify on the envelope that it is a Whistleblowing report, thereby implicitly requesting to keep their identity confidential and benefit from the protections provided in case of possible retaliation.

This specification allows, where the report is mistakenly received by a non-competent person, for timely transmission by the latter to the person authorised to receive and handle Whistleblowing reports. (Internal Audit Manager).

 

The Whistleblower is also requested to place the report in two sealed envelopes: the first with the Whistleblower's identification data together with a photocopy of the identification document; the second with the report to separate the Whistleblower's identification data from the report. Both should be placed in a third sealed envelope marked 'WHISTLEBLOWING REPORT' on the outside.

 

Reports, about the company of reference may be sent respectively to

 

Trevi Finanziaria Industriale S.p.A.

Via Larga di Sant'Andrea, 201 - 47522 Cesena (FC), Italy

To the Whistleblowing Team

----------------------------------------------------------------------------------------------------

TREVI S.p.A.

Via Dismano, 5819 - 47522 Cesena (FC), Italy

To the Whistleblowing Team

----------------------------------------------------------------------------------------------------

SOILMEC S.p.A.

Via Dismano, 5819 - 47522 Cesena (FC), Italy

To the Whistleblowing Team

 

For all subsidiaries of Trevi Finanziaria Industriale S.p.A., the reporting channels of the Parent Company may be used.

 

The Whistleblowing Team takes charge of the Report within 7 (seven) days from receipt.

1. 1. 2. Preliminary Evaluation of the Whistleblowing Report

The Whistleblowing Team conducts a preliminary analysis of the report received to assess its grounds and subject matter. If the report proves significant, i.e., worthy of a formal investigation, further inquiries regarding corruption risk profiles are commenced.

If necessary, the Whistleblowing Team may request further information or documentation supporting the Report from the Whistleblower to assess the reported facts fully.

The Whistleblowing Team ensures the monitoring of the Whistleblowing management process at all stages.

Reports are processed according to the chronological order in which they are received, without prejudice to any specific assessment of the need to prioritise the handling of a particular Report where particular seriousness or urgency is evident (e.g., the seriousness of the conduct reported, current and potential consequences of specific relevance for the Company, risk of repetition of the offence, etc.).

In the management of the Reports received, the members of the Whistleblowing Team act with the professionalism and diligence required by the tasks entrusted to them, carrying out any activity deemed appropriate in compliance with this procedure and the reference legislation.

Within the scope of the autonomy of its powers of initiative and control, the Whistleblowing Team, if necessary for the investigation, may also avail itself of the support of other corporate functions or external consultants, paid for by the company, provided that the protection of the confidentiality of the Whistleblower and the persons involved in the Whistleblowing is always guaranteed and that no information not essential to the ascertainment of the facts reported is disclosed.

Following the preliminary assessment, the Whistleblowing Team proceeds to classify the Whistleblowing into one of the following categories, which will entail a different and specific workflow for handling them:

1. Unfounded/Not Relevant Whistleblowing Report: the Report refers to conduct, acts, or facts that do not constitute a predicate offence provided for by the Italian Legislative Decree No. 231/2001 or a breach of the control mechanisms of the OMCM or the principles of the Code of Ethics, or a breach of national or European Union rules referred to in the Italian Legislative Decree No. 24/2023.

Should the Whistleblowing Team consider that the Report, although not relevant to the application of this Procedure and, therefore, not falling within the scope of the so-called Whistleblowing Reports, nevertheless contains circumstantial elements from which irregularities, breaches or omissions concerning other sectors may emerge - e.g., breach of the corporate quality system, labour law, etc. - it shall forward the Report to the competent Company Department so that it may carry out the relevant checks.

The Whistleblowing Team is, in any case, obliged to send the Whistleblower, if not anonymous, a reasoned closure notice within 3 (3) months after receipt of the Report.

 

2. Relevant But Unprocessable Whistleblowing Report: this is when the Report received is relevant concerning the application of this Procedure. Still, at the end of the preliminary analysis phase and of the possible request for further information, no sufficient elements have been collected to proceed with further investigations and verify the validity of the facts reported.

In this case, a reasoned closure of the proceedings is ordered, notifying the Whistleblower within 3 (months) after receiving the Report.

 

3. Prohibited Whistleblowing Reports: in the event of receipt of Reports falling within the cases set out in paragraph 6.5 "Prohibited Reports", the Whistleblowing Team shall communicate this circumstance to the CEO and the Human Resources Department for the possible initiation of disciplinary proceedings against the Whistleblower (if the Report comes from an employee/collaborator of the Company), as well as assess the need to communicate the facts of the Report in question to the Whistleblower, to allow them to exercise their rights of defence.

If, on the other hand, the Whistleblowing Report is made by third parties with whom the Company has contractual relations (such as, for example, suppliers, external consultants/collaborators, business partners, etc.), the Whistleblowing Team shall inform the CEO and the Legal Department without delay to apply the remedies provided for by the specific contractual clauses included in the relevant contracts (e.g., termination of the contract, in addition to any compensation for damages).

This shall always be without prejudice to recourse to the Judicial Authorities to ascertain any criminal liability deriving from the defamatory or slanderous nature (or, in any case, of criminal relevance) of the contents of the Report, as well as any other liability, including civil and administrative liability, which may arise from the facts reported in the prohibited Report.

 

4. Relevant Whistleblowing Report: in the case of sufficiently circumstantiated Whistleblowing Reports falling within the scope of the Whistleblowing rules, the Whistleblowing Team initiates the preliminary investigation phase, described in the next paragraph.

Except in justified exceptional cases, the Whistleblowing Team concludes the assessment process of the Whistleblowing Report within 3 (three) months after its receipt, providing the Whistleblower with adequate feedback on the status of the Report.

1. 1. 3. Audits and internal investigations

At the end of the preliminary assessment phase, where the Report received has been classified as "relevant", the Whistleblowing Team initiates internal checks and investigations to gather further information to ascertain the merits of the reported facts.

The Whistleblowing Team has the right to request, if necessary, further information or documentation from the Whistleblower to continue the investigation. In any case, the Whistleblowing Team maintains contact with the Whistleblower, providing feedback on processing the Report.

Within the framework of the investigative activity, depending on the specific subject of the Report, the Whistleblowing Team may rely on the support of internal company structures/departments or external consultants (e.g., lawyers, accountants, etc.).

In such a case, the persons involved in the investigative activity must comply with the provisions contained in this document and are consequently called upon to observe, among other things, the obligations of confidentiality towards the Whistleblower, the persons involved and the facts being investigated. In the event of violations by such persons of the principles set out in this document, the Company may apply the measures indicated in the disciplinary/sanctions system of the OMCM.

1. 1. 4. Conclusion of the Process and Reporting to Senior Management

Once the preliminary investigation phase of the relevant reports has been completed, the Whistleblowing Team is required to draw up a specific report indicating in detail the facts reported; the verification activities carried out, the elements acquired (e.g., documents, testimonies, etc.) in support of the Report, as well as the results of the investigation and the observations on the existence or non-existence of the reported breaches. The final report also indicates the appropriate actions regarding the reported facts.

Suppose the outcome of the investigations and checks does not establish the grounds for the unlawful conduct described in the Report or any breach relevant under the OMCM. In that case, the Whistleblowing Team will close the Report and notify the Whistleblower.

If the Whistleblowing Report is deemed well-founded and concerns employees/collaborators of a Group company, the Whistleblowing Team shall promptly inform the Company's CEO to assess the possible initiation of disciplinary proceedings and to make the necessary communications to the competent Authorities (judicial, administrative, etc.). At the same time, the Whistleblowing Team transmits the final report of the investigation to the Board of Directors.

The Personnel Department informs the Whistleblowing Team of the outcome of any disciplinary proceedings instituted against the employee to whom the violation is attributed.

If the Report proves to be well-founded and concerns third parties with whom the Company has contractual relations (e.g., contractors/suppliers, external consultants, business partners, etc.), the Whistleblowing Team shall inform the CEO without delay for the possible application of the measures (e.g., termination of the contract) provided for by the specific clauses included in the contracts entered into with the counterparty to whom the violation is attributed, as well as for any communications to the competent Authorities.

At the same time, the Whistleblowing Team forwards the final report of the investigation to the Board of Directors on the relevant Whistleblowing reports.

Subsequently, the HR Management informs the Whistleblowing Team of the decisions taken by the company against the Reported Person.

For further details on the regulation of the disciplinary procedure and any sanctions that may be imposed, please refer to the General Part of the OMCM dedicated to the 'Disciplinary/sanctions system'.

On a six-monthly basis, the Whistleblowing Team transmits to the Board of Directors a summary report indicating the Reports received and managed, specifying for each of them the progress made and the measures taken about those concluded.

In the Whistleblowing Team's communications addressed to the Corporate Bodies and Departments, the identity of the Whistleblower must always be kept confidential, and information that need not be disclosed must be omitted.

 

1. 1. 5. (Relevant) Whistleblowing Reports to Corporate Bodies, Control Bodies and the Supervisory Board

If the Report is relevant and well-founded and concerns:

• The Chairman of the Board of Directors:

The Whistleblowing Team informs the other members of the Board of Directors of the outcome of the investigation to coordinate and define the measures to be taken.

 

• A member of the Board of Directors other than the Chairman:

The Whistleblowing Team informs the Chairman of the Board of Directors of the outcome of the investigation to coordinate and define the measures to be taken.

 

• A member of the Board of Auditors, a member of the SB (Supervisory Body), the Internal Audit Manager, or one of the statutory auditors:

The Whistleblowing Team notifies the Board of Directors.

 

1. 1. 6. Filing and Storage of Documents Related to Whistleblowing Reports

The IAM stores reports and related documents in digital and hard copy format in a dedicated folder in such a way as to prevent access by unauthorised persons.

Reports must be segregated and kept available for future investigation. If such a record is kept in electronic format, its protection is ensured through access control with authentication, password protection and a backup copy located on the cloud server. Reports and related documents are kept for as long as necessary for the processing of the Report itself, and in any case, for no longer than 5 (five) years from the date of the communication of the outcome of the reporting procedure, in compliance with the confidentiality obligations referred to in this Procedure.

The same retention period (no longer than five years from receipt) also applies to documents relating to anonymous reports. This enables the Whistleblowing Team to trace them if the Whistleblower, subsequently identified, has suffered retaliation due to the Report.

When, at the request of the Whistleblower, the Report is made orally during a meeting with the Whistleblowing Team and subject to the Whistleblower's consent, said Report is documented by the Internal Audit Manager using a recording on a device suitable for storage and listening, or using minutes. In the event of minutes, the Whistleblower shall verify and, if necessary, correct the statements contained therein and confirm them by signing the minutes.

8. DISCIPLINARY SYSTEM

Should a corporate entity engage in conduct in breach of this document, they shall incur the disciplinary measures provided for in the Sanctions System, as indicated in the 231 Organisation, Management and Control Model, by the provisions of Article 7 of Law 300/70, where applicable, and the NCLA applicable to the employment relationship.

In addition, appropriate disciplinary measures are taken against those who violate the Whistleblower protection measures, those who take retaliatory or discriminatory measures against the Whistleblower, and those who make unlawful reports.

Disciplinary measures, as provided for by law and by the applicable collective bargaining agreement, shall be proportionate to the extent and gravity of the unlawful conduct ascertained and may go as far as the termination of the employment or collaboration relationship and the request for compensation for any damages deriving from the violations affirmed against the Company or the Group.

9. TRACEABILITY

All the functions involved in the activities governed by this document ensure, each to the extent of its competence, also using the Whistleblowing platform, the traceability of data and information and provide the storage and filing of the documentation produced in such a way as to enable the reconstruction of the various stages of the process itself.

The Compliance Department ensures that the Whistleblowing Platform and this Policy are updated.