Please select your own language
Marelli Holdings Co. Ltd. with registered office at 2-1917 Nisshin-cho, Kita-ku, Saitama City, Saitama, 331-8501, Japan, company number [7010001178910] (“Marelli Holdings”) and Marelli Europe S.p.A. with registered office at Viale Aldo Borletti 61/63, 20011 Corbetta (Milano), Italy, company number (tax code) 08082990014 (“Marelli Europe”) - have entered into a Joint Controllership Agreement (a extract is available upon request, using the contact details below) for the purpose of defining, pursuant to Article 26 of GDPR (Marelli Holdings and Marelli Europe jointly referred to as “Joint Controllers”), the processing of personal data in the context of the Marelli Integrity Hotline Procedure.
The processing of personal data by this system operated by NAVEX (“System”), duly appointed by Marelli Holdings as data processor pursuant to art. 28 of the GDPR, will be carried out by the Joint Controllers for managing any report of a breach (a suspected or actual violation of the Code of Conduct, a breach of Marelli policies and procedures and other legal, compliance or ethical concerns including the Organizational Model adopted by Marelli Europe (“Report”) of the reporting person (“Reporting Person”)).
WHICH PERSONAL DATA MAY BE PROCESSED
If a Report is made the Joint Controllers will process the following information including the personal data of the Reporting Person such as, for example, name, surname, contact details and company role as well as any information contained in the Report, including the personal data of the person concerned (“Person Concerned”) and of any other third party, such as, for example, name and surname, company role (“Personal Data”) and the other data connected with the investigation.
The Report must not contain facts that are not relevant for the purposes of the same, nor personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, data concerning health or data concerning a natural person’s sex life or sexual orientation (“Special categories of personal data” pursuant article 9 of the GDPR), except in cases where this is inevitable and necessary for the purposes of the Report itself.
The Personal Data may be supplemented and/or updated on the basis of information that is publicly available and/or collected by third parties and/or directly by you and/or already available to the Joint Controllers, also in order to verify the foundation of the Report.
The Joint Controllers reserve the right to provide information on the processing of personal data to the Person Concerned at a later date, in order to ensure the effectiveness of the Marelli Integrity Hotline Procedure and not to compromise any investigations initiated by the Joint Controllers or the Authorities.
FOR WHAT PURPOSES PERSONAL DATA CAN BE USED FOR AND ACCORDING TO WHICH LEGAL BASIS
Personal Data are processed for one or more of the following purposes and related legal basis.
Personal Data will be processed for purposes related to the checking and management of the Report and to ensure adequate application of the Marelli Integrity Hotline Procedure.
Legal basis for the processing: a legal obligation to which Joint Controllers are subject pursuant to art. 6, par. 1, lett. c) of the GDPR as provided for by the relevant applicable laws which require the Joint Controllers to have an information channel to receive Reports (Marelli Europe is subject to the Italian Law No. 179/2017, Marelli Holding to the Japanese applicable laws.
The provision of the Reporting Person’s Personal Data is optional; in fact, on the basis of the Marelli Integrity Hotline Procedure, the Reporting Person has the option to remain anonymous.
Personal Data will be processed for purposes related to the need to defend rights during judicial, administrative or extrajudicial proceedings and in the context of disputes arising in relation to the Report. In addition, Personal Data may be processed by the Joint Controllers in order to take legal action or make claims.
Legal basis for the processing: the legitimate interest of the Joint Controllers pursuant to Article 6, first paragraph, letter f) of the GDPR to protect their rights.
In this case, you are not obliged to provide Personal Data but Joint Controllers will pursue this additional purpose, where necessary, processing the Personal Data already collected for the above purposes (lett. A), deemed compatible with this one.
As mentioned in the previous paragraph, the Report must not contain Special categories of personal data except in cases where this is inevitable and necessary for the purposes of the Report itself. In this case, the processing is carried out as necessary pursuant to Article 9(2)(b) of the GDPR with regard to the purpose sub A, and on art. 9, second paragraph, letter f) of the GDPR with regard to the purpose sub B.
HOW WE KEEP PERSONAL DATA SECURE AND FOR HOW LONG
The Personal Data could be processed in hardcopy, automated or electronic format and, in particular, via post or electronic mail and telephone, telefax and any other electronic channel. Appropriate security measures are adopted in order to prevent any loss, any unlawful or unfair use or unauthorized access to the Personal Data.
The Personal Data shall be processed as long as is necessary to open, investigate and archive the Report and related alleged violation communicated via the System according to the following principles:
After the above retention periods, Reports may only be retained in anonymized form.
WHO CAN WE SHARE PERSONAL DATA WITH
With the exception of the completion of any investigations that may be initiated following your Report, as well as the compliance with obligations arising from the law, Personal Data provided by you will not be disclosed.
Access to the Personal Data will be allowed exclusively to persons expressly authorized by the Joint Controllers: General Counsel and Chief Compliance Officer and Ethics & Compliance Designees. Please, consider that some selected data, in the form of inferred data, may be transferred to other corporate functions, depending on the selection’s content and on the roles of the persons involved, which process them for purposes other than those of the whistleblowing procedure as described in the Employees’ Privacy Notice.
In addition, Personal Data may be shared, if necessary, with Judicial Authorities or external consultants.
It should be noted that the Joint Controllers' employees, duly authorized, who need to process them in adherence to the above-mentioned purposes, as well as external parties designated by the Marelli Holdings, where necessary, as data processors pursuant to art. 28 GDPR, may also have access to Personal Data.
Please contact us at the following email address: privacy@marelli.com if you would like to request to view the list of data processors and other recipients of the Personal Data.
INTERNATIONAL DATA TRANSFERS
The processing activities carried out by the Joint Controllers for the purposes indicated in this notice imply a transfer of Personal Data outside the EU or the EEA (“Third Countries”), since Marelli Holdings is established in Japan. However, the EU Commission, with the decision 2019/419 of 23 January 2019 has established that the level of protection for personal data transferred from the EU to business operators in Japan is adequate.
In order to carry out some of the activities related to the processing of your Personal Data, the Joint Controllers may also communicate the same to external parties located in other Third Countries. The lawfulness of such transfer is, in this case, guaranteed by the safeguards provided for by Art. 46 of the GDPR having the Standard Contractual Clauses approved by the European Commission (supplemented by additional technical/organizational/legal measures where necessary) been entered into with the data importer.
You can write to the Joint Controllers at any time, using the contact details listed below, asking who are the subjects to whom the Personal Data are transferred, as well as to receive a copy of the safeguards adopted for the transfer.
PERSONAL DATA PROTECTION RIGHTS AND RIGHT TO FILE COMPLAINTS BEFORE THE SUPERVISORY AUTHORITIES
Under certain conditions, you have the right to request to the Joint Controllers:
Right to object: in addition to the rights listed above, you have the right to object, at any time, on grounds relating to your particular situation, to the processing of Personal Data relating to you by the Joint Controllers for their legitimate interests.
These rights may be restricted for Marelli Europe pursuant to and for the purposes of Article 2-undecies, first paragraph, letter f) of the Italian Legislative Decree No. 196/2003, as amended by the Italian Legislative Decree No. 101/2018 (“Italian Privacy Code”), if the exercise of the aforementioned rights may result in a concrete and effective prejudice to the confidentiality of the identity of the person reporting the crime.
In order to exercise your rights, your request must be sent to the following address: privacy@marelli.com.
If you believe that the processing of your Personal Data is in violation of the provisions of the GDPR, you have the right to lodge a complaint to the Supervisory Authority or to bring the matter before a judicial court.
CONTACTS:
Joint Controllers can be contacted using the following details:
Marelli Holdings Co. Ltd. with registered office at 2-1917 Nisshin-cho, Kita-ku, Saitama City, Saitama, 331-8501, Japan
Email: privacy@marelli.com
Marelli Europe S.p.A. with registered office at Viale Aldo Borletti 61/63, 20011 Corbetta (Milano), Italy
Email: privacy@marelli.com
Last update: May 2022