This store requires javascript to be enabled for some features to work correctly.

FREE DELIVERY ON ORDERS OVER €50!

About Us

Products

Recipes

Blog

Whistleblowing

This page is dedicated to reporting unlawful conduct relevant under whistleblowing legislation, as set out in Legislative Decree 24/2023. Specifically, by using the platform at https://colavita.whistlelink.com/, employees of Colavita S.p.A., collaborators, suppliers, and other parties mentioned in Legislative Decree 24/2023 can report:

Administrative, accounting, civil, or criminal offenses;
Offenses committed in violation of European Union law in the following areas: public procurement; financial services, products, and markets, and the prevention of money laundering and terrorist financing; product safety and compliance; transport safety; environmental protection; radiological protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; privacy and personal data protection; and network and information system security;
Acts or omissions that harm the financial interests of the European Union or relate to the internal market (for example, violations regarding competition and state aid);
Acts or behaviors that undermine the purpose or objectives of EU regulations;
Offenses covered by the Company’s 231 Model and/or Code of Ethics.

By reporting through the platform, whistleblowers are entitled to the protections against retaliation provided under Legislative Decree 24/2023.

Privacy Information for Whistleblowing under Articles 13 and 14 of EU Regulation 2016/679

Privacy Notice
In compliance with Articles 13 and 14 of EU Regulation 2016/679, the Company must provide the following information to data subjects (whistleblowers, reported persons, facilitators, and other individuals involved) regarding reports of violations of national or EU laws that affect public or Company interests and/or constitute offenses relevant under the 231 Model and Code of Ethics, pursuant to Legislative Decree 24/2023.

Data Controller: COLAVITA S.P.A., represented by its pro tempore legal representative, located at via Laurentina km 23, Pomezia (RM), email: info@colavita.it.

Source of Personal Data: Personal data are collected via whistleblowing channels, either directly from the reporting individual or from third parties if additional documentation or information is obtained during the investigation concerning the whistleblower, the reported person, or other involved parties. Providing personal data is not mandatory but is necessary to submit a report and access legal protections.

Categories of Personal Data:

Identifying data (e.g., residence, contact details, and other information included in the report);
Special categories of data (e.g., political opinions, union membership, health);
Judicial data (e.g., information related to legal disputes).

Principles of Processing: Personal data will be processed lawfully, fairly, and transparently, collected for specific, explicit, and legitimate purposes, and will be adequate, relevant, and limited to those purposes. Data will be kept accurate and up to date and retained only as long as necessary (maximum five years after the final outcome of the report) before being deleted. Adequate security measures are applied to ensure data integrity and prevent unauthorized access.

Purpose and Legal Basis of Processing: Data are processed to carry out necessary investigations into the reported conduct, including interviews with the whistleblower and other relevant parties, to verify the report’s credibility and ensure access to statutory protections. The processing is based on Legislative Decree 24/2023. The identity of the whistleblower cannot be disclosed without their explicit consent, except to authorized personnel responsible for handling reports.

Processing Methods: The Company ensures confidentiality of the whistleblower, the reported person, facilitators, and the content of the report and documentation, implementing security measures to protect the data. Data are handled by authorized personnel responsible for receiving and processing reports, including the manager of the internal reporting channel.

Data Recipients: Depending on the report, data may be shared with judicial authorities, ANAC, the Supervisory Board, the Board of Statutory Auditors, or the Company’s auditing firm. If the report is submitted via the digital platform, the software provider may also process the data as a data processor under Article 28 of EU Regulation 2016/679.

Transfers Outside the EU: Data are stored on servers within the EU and are not transferred outside the European Union.

Data Retention Period: Data will be deleted as soon as no longer necessary, and in any case no later than five years from the communication of the final outcome of the report.

Rights of Data Subjects:

The reported person and any individuals mentioned in the report cannot exercise rights under Articles 15-22 of EU Regulation 2016/679 (access, correction, erasure, restriction, portability, objection) if doing so would compromise the confidentiality of the whistleblower.
The whistleblower retains full rights under Article 15 to access their personal data, obtain copies, and know the purposes of processing, categories of data, third parties involved, and any transfers outside the EU. They may also request corrections, deletions, restrictions, portability, or object to processing where relevant. Requests can be sent by email to info@colavita.it or by post to the Company’s address. Responses are provided without delay, and in any case within one month.

Complaints to a Supervisory Authority: If the whistleblower believes that their data protection rights have been violated, they may lodge a complaint with the Italian Data Protection Authority in Rome, pursuant to Article 77 of EU Regulation 2016/679, and/or seek judicial remedies.