Menu opener
Country and language
Country
Other countries
Language
English
Currency
EUR
  1. B&B HOTELS
  2. WHISTLEBLOWING
BackYour staySelect your dates to see availabilitiesChange datesSelect rooms and travelersClose
Select your dates to see availabilities
Please fill in the destination field
There are no suggestions
Allow geolocation in your browser settings, or type the destination
Please select period of 20 days max
Start date cannot be set in the past.

Please select period of 20 days maxStart date cannot be set in the past.

From
To
Rooms
-+
+ Add another roomValidate
Corporate code
For travelers with corporate contract
  • Destination
  • FromTo
    FromTo
  • 1 room, 1 adult
  • 1 room, 1 guest

WHISTLEBLOWING

PDF version

Last update 21/06/2024

B&B Hotels Italia S.p.A., in carrying out its business activities, aspires to create and maintain a corporate culture marked by ethics, transparency and fairness. For this reason, in sharing the inspiring principles of Legislative Decree. 24/2023, the same has incorporated the indications of the supranational and national legislature, thus guaranteeing the possibility of reporting wrongdoing while respecting the confidentiality of the reporter.

 

SUPPORTING LEGISLATION

Legislative Decree No. 24 of March 10, 2023, "Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019, on the protection of persons who report breaches of Union law and laying down provisions regarding the protection of persons who report violations of national laws," entered into force on March 30 2023 and the provisions therein are effective as of July 15, 2023.

 

Following the entry into force of the aforementioned Legislative Decree No. 24 of 2023, the National Anti-Corruption Authority (ANAC) adopted, in Resolution No. 311 of July 12 2023, special "guidelines on the protection of persons who report violations of Union law and protection of persons who report violations of national regulatory provisions. Procedures for the submission and handling of external reports."

 

MAKING A REPORT

As indicated by Legislative Decree No. 24/2023 "the protection of persons who report violations of Union law and laying down provisions regarding the protection of persons who report violations of national regulatory provisions," B&B Hotels Italia S.p.A. has equipped itself with a reporting channel that fully respects the identity of the reporting person: the computer platform www.bb-alert.me

This channel with which the Company is equipped, which complies with the regulatory provisions contained in Article 4 of Legislative Decree No. 24 of 2023, guarantees the confidentiality of the identity of the reporting person, the person involved and the person in any case mentioned in the report, as well as the content of the report and the related documentation.

 

WHO CAN REPORT?

Individuals who can submit a report through the platform are:

- an employee currently working for B&B HOTELS, regardless of the nature of his or her employment contract;

- a partner of B&B HOTELS (franchisee or mandated person);

- any supplier of the franchisee or principal and/or the staff of the supplier of the franchisee/mandate's manager;

- casual partners, including temporary staff, interns and volunteers, and anyone working under the supervision and management of B&B HOTELS' contractors or subcontractors;

- external partners of B&B HOTELS (suppliers, subcontractors, service providers, associations, etc.).

- self-employed workers who provide services to the Company;

- the shareholder, directors, managers, auditors, the Supervisory Board, as well as anyone who performs functions of administration, management, control, supervision or representation, even on a mere de facto basis, at the Company.

Reports may also be submitted during the selection process, during the probationary period, or even after the termination of employment. In the latter case, information on violations must have been acquired prior to the termination of employment with the Company.

 

DATA PROTECTION GUARANTEES

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 (General Data Protection Regulation - "GDPR") and Legislative Decree 196/2003 and ss.mm.ii. ("Privacy Code", together with the GDPR "Privacy Regulation"), the Company, with registered office in Milan, via G. Leopardi 1, 20123 tax code, P. VAT and registration number with the Milan Companies Registry: 06291950969; SAS Financière B&B HOTELS - registered office at 29 bld Romain Rolland - 92120 Montrouge (France) and Casper BidCo, with registered office at 29 Boulevard Romain Rolland, 92120 - Montrouge (France), registration number 850 790 908 ("Casper BidCo") as co-owners of the processing of personal data in the context of reporting under the Decree ("Co-Processors"), hereby inform you of the following.

The responsibilities of the Co-Processors with respect to the processing of personal data under this Policy have been governed by special agreement in compliance with the Privacy Regulations.

 

In the event that the reporting party expressly objects to the sharing among the Co-owners of information from which his or her identity can be inferred directly or indirectly, the report will be handled exclusively by the Company's local contact person, who will not share the relevant information with any of the other contact persons of SAS Financière B&B HOTELS and Casper BidCo. In such a case, only the Company will process the personal data related to the referral as an autonomous data controller, and the term "Contact Person" in the following provisions shall be understood as "Data Controller" and referring only to the Company.

 

PERSONAL DATA PROCESSED AND THEIR SOURCE

The Co-Processors process personal data that the reporter provides in the report, as well as those included in the related documentation and information collected during the performance of activities related to the management of the report. Such personal data could include, depending on the information necessary for the management of the report actually contained in the report itself and/or emerged in the subsequent activities, also special categories of data referred to in Articles 9 and 10 of the GDPR.

Therefore, the Contact Persons become aware of such personal data directly from the whistleblower through the report, as well as in the management of the report (e.g., through the individuals involved in the course of the related activities) in compliance with the Privacy Regulations and the provisions governing the processing of personal data in whistleblowing procedures, such as the Decree.

The personal data processed concern the whistleblower, the facilitator (if any), the whistleblower, as well as any person involved or otherwise mentioned in the whistleblowing and in the activities related to the whistleblowing.

 

PURPOSE AND LEGAL BASIS

The Co-Processors process the personal data contained in the report, or otherwise collected in the context of the activities related to the whistleblowing procedure in order to follow up on whistleblowing reports received from the same by carrying out the necessary activities aimed at verifying the merits of the fact being reported, as well as taking the consequent actions.

The legal basis for the processing is the fulfillment of obligations under the Decree to which the Company is subject.

Should it also be necessary to process personal data belonging to special categories for the management of the report, the legal basis will be the fulfillment of the legal obligations incumbent on the Company under the Decree in the field of labor law or for reasons of public interest, as the case may be.

The collection and processing of personal data for this purpose is necessary to follow up on reports in compliance with the provisions of the Decree. Therefore, if the data is not provided, the Reporting Parties will not be able to follow up on the report in accordance with the protections provided by the same. However, if the reporting party intends to submit an anonymous report, i.e., from which the identity of the reporting party cannot be derived, the Data Holders will still follow up the report, but the reporting party will not be able to benefit from the protections provided by the applicable legislation.

 

RETENTION PERIOD

Personal data will be kept for as long as necessary for the processing of the report and in any case no longer than five years from the date of the communication of the final outcome of the reporting procedure.

 

RECIPIENTS

The Co-Processors will process personal data using paper and/or computer and/or telematic media, with logics strictly related to the above purpose, by the Co-Processors through subjects duly authorized by the same pursuant to Article 29 of the GDPR and 2-quaterdecies of the Privacy Code. In addition, the Joint Data Controllers make use of third parties who are in charge of managing the activities related to the procedure on behalf of the Joint Data Controllers, as data controllers pursuant to Article 28 of the GDPR. Data subjects may contact the Joint Data Controllers should they wish to obtain more information in this regard.

In addition, the Joint Holders will disclose personal data to the relevant authorities where required by specific legal obligations.

 

TRANSFER TO A COUNTRY OUTSIDE THE EUROPEAN UNION.

The Co-Processors process personal data within the European Economic Area. In the event that the Co-Processors intend to transfer personal data to countries outside the European Economic Area, prior to the transfer, the Company will carefully verify that the transfer is carried out in accordance with the limits and requirements set forth in the GDPR and will provide appropriate information in this regard.

 

EXERCISE OF RIGHTS AND LIMITATION TO THE EXERCISE OF RIGHTS AND COMPLAINT.

Any data subject whose personal data are collected and processed in the context of reporting under the Decree has the following rights:

  • the right to access his or her personal data, i.e., the right to know whether personal data are being processed and, if so, to access them by receiving information on certain features of the processing (pursuant to current legislation);
  • the right to request rectification of inaccurate personal data and updating of incomplete personal data;
  • the right to the deletion of one's personal data in certain cases, without prejudice to any legal obligations of preservation on the part of the Data Controllers;
  • The right to restriction of the processing of one's personal data (including, in certain cases, the right to obtain suspension of the processing);
  • the right to lodge a complaint with the Italian Data Protection Authority ("Garante"), Piazza Venezia n. 11, 00187, Rome (RM), tel: (+39) 06.696771, fax: (+39) 06.69677.3785, e-mail: protocollo@gpdp.it.

In order to obtain further information and to exercise their rights, the data subject should use the whistleblowing channels made available by the Contact Persons. The exercise of data subjects' rights, as well as any communication with them regarding processing activities related to whistleblowing reports, should preferably be done using the whistleblowing channels. This is to avoid the use of means of communication by data subjects that do not guarantee an adequate level of confidentiality and security.

However, pursuant to the Decree and Article 2-undecies of the Privacy Code, the rights listed above may not be exercised by request to the Contact Persons nor by complaint to the Guarantor, if actual and concrete prejudice to the confidentiality of the identity of the person reporting violations of which he or she has become aware by reason of his or her employment relationship or duties performed may result from the exercise of such rights.

In any case, the Contractors may delay, limit or exclude the exercise of these rights by providing the person concerned with a reasoned communication.

This disclosure is not required if it would compromise the reasons for the delay, limitation or exclusion. The Contractors may do so for such time and to the extent that this constitutes a necessary and proportionate measure, taking into account the fundamental rights and legitimate interests of the data subject, in order to safeguard the confidentiality of the identity of the reporter. In such cases, the rights of the data subject may also be exercised through the Guarantor in the manner set forth in Article 160 of the Privacy Code. In such cases, the Garante will inform the data subject that it has carried out all the necessary verifications or conducted a review, as well as his or her right to seek judicial redress.

Information on the reporting channels (internal and external), procedures and prerequisites for making reports, and data processing are available in the dedicated section of the Company's website at the following link: [LINK] and are also posted on Company premises.

 

WHAT CAN BE REPORTED?

- Suspected, actual or proven violations (or attempts to conceal such violations) of the Code of Ethics or any compliance policy or procedure;

- criminal activity;

- a violation of a national law or regulation, a European Union law, or a unilateral act by an international organization;

- a situation that may pose a threat to or harm the public interest;

- a violation or a risk of violation of human rights and fundamental freedoms;

- a violation or risk of violation of the health and safety of people or the environment;

- deliberate concealment of any of the above matters;

- retaliation for making a whistleblowing report or being involved in its handling.

A whistleblowing report must relate to facts about B&B HOTELS' activities that have already occurred or may occur. Matters not covered by the above definitions should not be considered whistleblowing alerts under this Policy. Such alerts may be shared through the whistleblower's usual contacts (e.g. B&B HOTELS Management, Human Resources, etc.).

ACCESS THE PLATFORM

www.bb-alert.me

 

  1. B&B HOTELS
  2. WHISTLEBLOWING