The report is accessible only to you and to the Whistleblowing Manager of Terre des Hommes Italia. Through this platform you can report a concern in a secure and confidential manner. You can also choose to report the concern in complete anonymity.
Confidential Report: a confidential report is a report where the whistleblower can be identified. Confidential reports require preliminary registration of the user. Once the account has been created, the user can send the report. It is possible to send a confidential report without creating an account, by filling out the report form in the "Report without registration" section and adding your personal data at the end of the form. The reporting person's data is kept separate from the report and the Manager receives the confidential report as an anonymous report. Only the Manager can then associate the report with the reporting person's data and know their identity.
Anonymous Report: anonymous reports are reports that do not allow the association of the report with the identity of the whistleblower as their personal data are missing. In this case the whistleblower does not register an account in the system and sends the report as unregistered user in the "Report without registration" section.
This platform guarantees the confidentiality and security of information: All the information you enter, including your identity, are encrypted and can only be read by you and the recipient or recipients of the reports (Whistleblowing Manager).
Once the report is sent, you can follow its progress and continue to communicate with the Whistleblowing Manager through the message area associated with the report. Again, all information is encrypted and protected by the platform. If you have indicated an email address (or if you have registered), you will receive a notification via email when the Manager sends you a message. In any case, we recommend that you periodically access the platform to check for any requests for clarification from the Manager.
If you have given your name, or if you send the report as a registered user, your identity will remain hidden from the Manager, who will however have the right to view it if necessary. In this case you will be informed by an alert in the report.
For greater confidentiality we suggest you:
- do not enter personal data that could lead to your identity in the description of the facts;
- do not use a company email address to register or receive notifications from the system;
- do not submit a report from your workstation.
Confidentiality obligations regarding the identity of the whistleblower
Except for cases in which liability for slander and defamation can be considered, the identity of the whistleblower is protected in every context following the report. The identity of the whistleblower can be revealed to the disciplinary authority and to the accused only in cases where:
- There is the express consent of the whistleblower;
- The notification of the disciplinary charge is based, in whole or in part, on the report and knowledge of the identity of the whistleblower is indispensable for the defense of the accused, provided that this circumstance is deduced and proven by the latter during the hearing or through the presentation of defense briefs.
Distinction between anonymous reporting and confidentiality of the identity of the whistleblower
The case management procedure must guarantee the confidentiality of the identity of the whistleblower from the moment the report is received and at every subsequent stage. The guarantee of confidentiality presupposes that the whistleblowers make their identity known. In essence, the rationale of the rule is to ensure the protection of the employee, keeping his identity confidential.
Infrastructure and security
The Whistleblowing management software, in line with regulatory requirements, guarantees very high levels of security both for the whistleblower and at the infrastructure level.
Application security
DigitalPA dedicated servers: maximum data protection and security levels, guaranteed both by the DigitalPA ISO 27001/2014 certification and by the ISO 27001/2014 certified server farm infrastructure.
Integrated hardware and software firewall: each platform has an integrated firewall with very strict rules, which limit access and actions to the exclusive tasks dedicated to the software; firewalls integrate and further enhance security.
SSL Certificate: The whistleblowing software is accessible exclusively via HTTPS (Secure Sockets Layer) access. Dedicated IP and SSL Certificate for each customer.
User input validations: the platform is based on a user input validation approach. Through extremely strict rules the user is verified both at client and server level.
CSRF Prevention: All requests handled by the platform are protected by CSRF tokens.