“The management model also includes in its articulated content the drafting, by the company, of a Code of Ethics (generally known as ‘Code of Ethics 231’). This is a document officially adopted by the top management representing the legal entity and therefore binding for all those operating within its organisation chart. By means of the Code of Ethics pursuant to Legislative Decree 231/01, the company essentially identifies the conduct to be kept in order to avoid incurring the criminal liability configured by the regulation.
The Code of Ethics 231 performs the task of preventing the commission of certain offences, for which the company, together with the guilty natural person, is held liable. It lays down a set of rules of conduct that bind the persons operating within the entity, who are required to comply with a conduct marked by transparency of procedures and legality.”
Extract from the Guidelines on the Code of Business Ethics of Confindustria.
INDEX
Article 1 – COMPANY VALUES
Article 2 – TERMINOLOGY AND DEFINITIONS
Article 3 – FIELD OF APPLICATION
Article 4 – RELATIONS WITH THIRD PARTIES
Paragraph 1 – Honesty and Fairness in Work
Paragraph 2 – Unfair Competition
Paragraph 3 – Other behaviour
Article 5 – PRINCIPLES
Paragraph 1 – The Law – Relationship with Legislative Decree 231/2001 and the Civil Code
Paragraph 2 – Image protection of Garanteasy
Paragraph 3 – Rules of conduct – respect, equal opportunities, communication
Paragraph 4 – Corporate responsibility and personal liability
Article 6 – CONFLICT OF INTEREST
Article 7 – BUSINESS SECRETS AND CONFIDENTIAL INFORMATION
Article 8 – COMMUNICATION AND INFORMATION
Paragraph 1 – Internal Communication
Paragraph 2 – External Communication
Paragraph 3 – Reporting
Article 9 – PROTECTION OF PERSONAL DATA
Article 10 – INTELLECTUAL PROPERTY
Article 11 – ENVIRONMENTAL COMMITMENT AND HEALTH – Zero emission
Paragraph 1 – Sustainable development
Paragraph 2 – Exceptional events
Paragraph 3 – Health
Article 12 – SUPERVISORY BODY
Paragraph 1 – Appointment and Powers
Paragraph 2 – Functions
Paragraph 3 – Expected Results
Article 13 – IMPLEMENTING PROVISIONS
GARANTEASY – CORPORATE CODE OF ETHICS
Article 1 – COMPANY VALUES
Garanteasy is an innovative SME, as defined by current Law, operating in the field of services, on the national and international market. The services provided by Garanteasy are IT-based and dedicated to the simple management of any form of Guarantee existing on the market, relating to consumer goods sold by manufacturers and sellers to users/consumers. The services of Garanteasy are provided through a proprietary, self-produced and self-managed technological platform, in accordance with the dictates of this Code and the instructions of the company’s top management.
The Code applies, insofar as established, to internal subjects, as well as indirectly, to anyone involved in the Company’s sphere of interest. Garanteasy acts according to a set of inspiring Values, which the Company promotes through the application of this Code and through its own behaviour and that of its operators. The Values that inspire the Company are:
Honesty;
Loyalty in business;
Respect for work;
Respect for personal dignity;
Social inclusion;
Economic and gender equality;
Promoting environmental sustainability and resilience;
Also through this Code, Garanteasy undertakes to align its conduct and procedures with the aforementioned Values, promoting them internally and externally, through example, image and communication.
Article 2 – TERMINOLOGY AND DEFINITIONS
Expulsion: The only sanction for serious violations of the Code, in addition to recourse to ordinary justice.
Board: Council of Directors and administrators.
Code: this Code of Ethics.
External consultants: External consultants of the Company in various capacities.
Complaint: Report to the ordinary judicial authorities of a relevant fact, made by a delegate of the Supervisory Body.
Addressee: Person subject to the Rules of the Code.
Distributors: Distributors and market representatives of Garanteasy Services.
Exceptional events: Internal and external events with respect to which a Company policy is to be decided in the course of time.
Garanteasy: Garanteasy Ltd. is the company that drafted, approved and adopted this Code
GDPR: The New Privacy Code acting in EU.
Member of the Company: Operational entity at any level, linked to the Company by any form of contract governing its functions and operations
Merchants: Physical or e-commerce merchants, actual or potential customers of Garanteasy
M.O.G. : Internal Organisation and Management Model for the implementation of the Code of Ethics.
Supervisory Board: Internal Supervisory Body for the management of the Code.
Garanteasy Technology platform: Self-produced and self-managed software platform projected and owned by Garanteasy.
Staff: All Garanteasy operational staff consisting of operators and teams.
Recommendation: Reporting behaviour to be corrected to the staff component concerned.
Report: Half-yearly written reports on the application of the Code.
Recourse to Ordinary Justice: Recourse to forms of ordinary jurisdiction to judge corporate conduct contrary to the Code and Law.
Sanction: Application of a fine or disciplinary measures to the person concerned.
Service: Service provided to Customers and Users through the use of the Garanteasy Technological Platform.
Software: a computer program in any form expressed as long as it is original, as a result of the author’s intellectual creation (Art. 64-bis, Italian Law 633/1941).
Interested party: Any external party that is a direct recipient of Garanteasy’s activities.
Garanteasy Team: Historical in-house operational group composed of operational members.
Data processing: Set of data processing activities.
Article 3 – FIELD OF APPLICATION
The Scope of Application of the Company’s activities is the provision of Advanced Services in the digital sector. The Code therefore takes into account the applicable general and sectoral regulations and practices relating to the various phases of the performance of activities.
The implementation of the Code is part of the mandate of the Board of Directors and its observance is included in internal contractual relations.
Two levels of reaction are envisaged with regard to the penalty regime for conduct contrary to the Code:
Internal level – in the event of conduct contrary to the Code’s Rules, carried out with conscience and premeditation, ascertained through an internal investigation by the Supervisory Board. The sanction ranges from the minimum of a Recommendation to the maximum of Expulsion from the Company.
External level – In the event of particularly serious conduct by a member of the Company at any level, the BoD, in approving the Code, has at the same time mandated the CEO to report the author to the Judicial Authority. The seriousness of the conduct must be decided by the Board of Directors, at the request of the Supervisory Board, which will also decide whether or not to refer the matter to the Judicial Authority. In the event of criminal relevance of the conduct, the BoD may decide to file a civil suit.
Article 4 – RELATIONS WITH THIRD PARTIES
Paragraph 1 – Honesty and Fairness in Work
Each internal or external member of Garanteasy, addressee of the rules of the Code, must act with material and intellectual honesty in his or her behaviour at work towards colleagues, stakeholders, customers and third parties in general. His or her personal conduct and that of the Company he or she represents must not discriminate in any way or represent harassment of any of the aforementioned figures.
The addressee shall maintain civilised behaviour also in life outside work.
Paragraph 2 – Unfair Competition
Garanteasy competes fairly in a free market of opportunities, it does not treat other operators as counterparts, but only as competitors with equal rules and opportunities by adopting a fair and equitable approach to the market.
The Company’s staff and Board of Directors are committed to ensuring that the Company’s personal and indirect conduct is characterised by loyalty and cooperation. Garanteasy does not, under any circumstances, engage in unfair competition behaviour, as defined in Article 2598 of the Italian Civil Code of the Sectoral Rules and Jurisprudence, towards third parties. The Company operates within the framework of the recommendations of the AGCM – Regulatory Agency for Competition and Market.
Paragraph 3 – Other behaviour
Garanteasy, its BoD and all staff are also obliged to:
a – apply the procedures of this Code at every stage of operations
b – establish fair and transparent relations with customers and suppliers
c – drafting and becoming party to contracts based on the principles of this Code
d – refrain from statements that may be offensive to customers, partners and users of the Service
e – invite customers, partners and users of the Service to take note of this Code
f – comply with the confidentiality obligations assumed in respect of data relating to customers, partners and users of the Service and strictly apply the GDPR regulations, as set out in the company’s Privacy Management System
Article 5 – PRINCIPLES
Paragraph 1 – The Law – Relationship with Legislative Decree 231/2001 and the Civil Code
Garanteasy, as a legal entity, its Board of Directors and the company staff, as natural persons, are subject to the Criminal and Civil Laws of the Italian State, and to any other regulations from applicable sources, such as: EU Directives and related Regulations, Ordinary Laws, Regional Laws, Sector Regulations, and where necessary, the Uses.
When Garanteasy operates abroad, to the extent necessary, it undertakes to operate in compliance with the law of the host country, through accurate knowledge of the local regulatory system.
Garanteasy and its personnel at all levels, through the application of this Code, are required to act in good faith and to behave towards the Law in accordance with the provisions of this Section by refraining from committing any violation.
Paragraph 2 – Image protection of Garanteasy
The Service provided by Garanteasy through the concession of use of the technological platform represents the Company’s core business. It is managed and presented by the reference persons for the various functions at different levels; the behaviour of these persons represents the public image of the Company and for this reason it must always be characterised by fairness, loyalty and efficiency.
Personnel are therefore obliged to behave in line with this Code in order to maintain the high name of Garanteasy and in any case not to cause material damage due to the deterioration of the company’s image.
Paragraph 3 – Rules of conduct – respect, equal opportunities, communication
All Garanteasy staff and all the Company’s contracts must respect the personal dignity of individuals without discrimination on the grounds of race, ideological, political, religious and sexual orientation, personal conditions and any other family, or voluntary or elective affiliation.
All forms of harassment, offence and hostile and offensive behaviour, inside and outside the company, are prohibited.
Garanteasy promotes equal opportunities between different genders and different economic and social conditions.
The Company undertakes to organise internal and external communication that conveys compliance with the behavioural principles set out in this Section.
Paragraph 4 – Corporate responsibility and personal liability
CDA and the two components of the company staff, Team and Operational Staff have the following functions:
a – CDA – Command, Control, Strategy. The BoD acts as the guarantor of the Company’s conduct, always taking into account the Principles and Prescriptions of this Code. The strategies identified in favour of corporate development must in no way conflict with the provisions of the Code. Individual Board members are accountable to the Supervisory Board for their personal conduct within the company.
Team – Implementation, Supervision, Organisation, Design, Management, Contracts, Reporting, Data Control and Privacy, System Changes, Quality, Communication.
Each function head, who is a member of the team, is the guarantor of the behaviour of the personnel under his or her coordination. He shall behave fairly, without preconceptions towards colleagues and operational staff, promoting the fair division of labour, taking into account the aptitudes and preferences of the staff under his co-ordination. He is also the person to whom staff turn to report anomalies and seek clarification and advice on operational problems. Each Team member must apply the strategic indications of the CDA, obey the Law and act within the indications and prescriptions of this Code. In particular, individual Team members have the following duties:
(a) valorise the professional skills present under its coordination
b) apply the Code to their own activities and those of their staff
c) communicate to colleagues and staff the need to follow the Law and this Code and monitor their behaviour
d) report its findings and opinions on the state of management and application of the Code to the Supervisory Board;
e) act in accordance with the Code also in external relations;
f) dealing with reporting to the BoD in relation to the management of the Code
(g) managing personal data according to the GDPR standard
h) produce and use contracts that make explicit reference to the ethical principles promoted by this Code
i) if called upon to be a member, perform in good faith the functions of a member of the Supervisory Board.
Operating Personnel – Production and Fault Reporting.
Garanteasy’s operational staff, regardless of the type of contractual relationship that binds them to the company, must behave in a manner compatible with the Code, report any anomalies to the team, perform their work with intellectual honesty, fairness, loyalty and good faith, and provide their opinions and advice for the best functioning of their operational area.
Article 6 – CONFLICT OF INTEREST
Each member of the Board of Directors and the company staff must pursue in their activities the objectives and interests of Garanteasy, avoiding situations of conflict of interest, in which they act to satisfy personal interests different from those pursued by Garanteasy, in order to gain a personal advantage. Anyone who believes that they are in a situation of conflict between their personal interest, on their own behalf or on behalf of third parties, and that of Garanteasy, must inform the Supervisory Board.
Article 7 – BUSINESS SECRETS AND CONFIDENTIAL INFORMATION
Company secrets consist of that information and knowledge of which members of the company staff become aware for service reasons, but which are of potential interest to the company’s competitors and which are in any case considered by the company as confidential information as they are part of its core business, and which therefore have their own commercial value and the possibility of creating damage should they be revealed.
Confidential information is information that personnel become aware of in the course of business operations, which may concern ideas, strategies, management intentions, development policies, etc.
In order to ensure the safest possible management of Company Secrets and Confidential Information, Garanteasy has a Confidentiality Contract with all company personnel, within which the protected cases are described. The Supervisory Board has the task of verifying compliance with the contract.
Article 8 – COMMUNICATION AND INFORMATION
Communication for Garanteasy is a fundamental element of the policies for disseminating the brand and the functionality of the Service, but also of the sustainability policies and ethical foundations on which the company is founded. Communication takes place externally, i.e. to stakeholders, and internally, i.e. between the CDA and operational staff.
Paragraph 1 – Internal Communication
The purpose of communication within the Company itself is to align awareness among the Company’s personnel of this Code of Ethics and its consequences on the Company’s operations, as well as of the common action strategy, the functions of each, the objectives, the progress of activities, the indications of the Board of Directors and any other information that management deems to be of common interest.
The means used for internal communication are:
a- Weekly conference calls with staff.
b- Company chat for each sector in which all personnel dedicated to the sector, or potentially interested, participate.
c- Use of the common Google Drive platform for sharing documentation produced and in production;
d- Internal training and information courses on the themes of the Code and the main initiatives to which the Company is committed, at least one per year.
Paragraph 2 – External Communication
The objective of external communication, in relation to the issues defined in this Code, is to communicate to stakeholders and third parties in general that Garanteasy operates according to principles of fairness, correctness and sustainability in business, that it operates codified internal procedures, and that staff and management are aware of the above aims and act accordingly.
Communication to the outside world takes place through the inclusion in the Company’s contracts and notices of the minimum information sufficient to inform third parties of the presence of a corporate Code of Ethics, of the principles that Garanteasy promotes and that all members in various capacities of the Company are committed to applying it.
The means and media through which external communication is carried out are the institutional website, social media, direct participation in conferences and presentations of the Company and through the use of contracts integrated with the principles promoted by the Code.
Paragraph 3 – Reporting
Reporting is carried out to the Supervisory Board every six months. At this frequency, a specially appointed member of the Supervisory Board acts as a collector of any requests from personnel concerning the application of this Code. On a quarterly basis, if no serious and urgent violations are reported, such as to require an immediate report, the person in charge of reporting shall submit to the SB a report on the status of implementation of the Code, the principles it promotes, and any suggestions made by members of staff or the Board of Directors.
Should non-serious violations of this Code occur among personnel reports, it will be one of the members of the Supervisory Board who will recommend to the author of the violation the need to act within the limits of the Company’s guiding principles and, if appropriate, establish an internal administrative sanction, among those provided for in this Code.
In the event that the violation is serious, or repeated and may have criminal, or civil profiles, the Supervisory Board, by a decision that must be taken unanimously, has the power to inform the Public Prosecutor’s Office in the event of a criminal offence, or to support the defence of the injured party or parties in any way, even in civil court.
To any initiative of the Supervisory Board in terms of external reports, the Board must give its prior consent.
Article 9 – PROTECTION OF PERSONAL DATA
The personal data protection system of the Garanteasy Technology Platform was built at the same time as the Platform was constructed in order to facilitate a complete integration of the disciplines.
The system has been designed in accordance with the provisions of the New European Data Protection Regulation (GDPR), number 679/2016, better known as the New Privacy Code and its transposing regulation, Legislative Decree 101/2018.
The principles and requirements set out in the New Code at art. 5 et seq. are assumed by Garanteasy as the minimum set of measures for the protection of the Data in its possession and the protection of the Users/Buyers who entrust them to the Company. Garanteasy must always be able to guarantee that the Data in its possession have been obtained with the User’s Informed Consent, in accordance with the requirements of the New Code, and that the rights of the data subject owner will be guaranteed at all times during the period of Processing.
The company staff and the CDA undertake to respect the requirements of the GDPR and the rights of data subjects, as defined in the Standard and published in the Garanteasy Privacy Policy.
In order to improve security in data processing, Garanteasy has drawn up a Data Processing Register in which the types of processing carried out, the methods and self-defined limits are indicated, as well as the internal staff assigned to such processing. Any processing not provided for in the Register shall be considered contrary to the Code, and no member of staff not listed in the Register may process, know or hold the personal data being processed.
As indicated by the GDPR, Garanteasy has appointed an internal data protection officer – DPO – whose name must be the same as that indicated for the role within the registry.
The Register must be updated to the actual state of affairs at least once a year, and on it must be noted and justified any measures taken by the Board of Directors that in fact change the manner, functionality and purpose of processing.
The Register has a digital format.
Article 10 – INTELLECTUAL PROPERTY
Garanteasy retains sole and exclusive ownership of all intellectual and industrial property rights in the Technology Platform, including any models, processes, methodologies, algorithms, or other intellectual property that Garanteasy has previously developed or developed for the performance of the Service, including without limitation: all data, source code, and collaboration panels owned by Garanteasy, including, without limitation, any code written by Garanteasy that supports the operation of collaboration panels, associated with technical infrastructure, all programs related to the Technology Platform, and all derivative works based on an enhancement for any of the foregoing.
All of the above makes up the Company’s intellectual property, to which is added the Business Model, which, like intellectual property, is contractually defended by the Company through the inclusion of special clauses. The Board of Directors and the Personnel are required to protect the Company’s tangible and intangible property from external attacks and third parties in general and to behave loyally. The unauthorised use and/or misappropriation of the company’s intellectual property may constitute a breach of contract and a disciplinary offence and, where applicable, may lead to the civil law consequence of compensation for damages on the part of the person responsible for the violation. The definition of the applicable discipline lies with the Supervisory Board.
Article 11 – ENVIRONMENTAL COMMITMENT AND HEALTH – Zero emission
Paragraph 1 – Sustainable development
Garanteasy is a company that does not have a physical location, except for its registered office. This conformation was also chosen to minimise the environmental footprint of the company, which neither produces materials nor consumes raw materials to any significant extent. The production of documents is entrusted solely to digital mode, just as the services offered have only this form.
The only working method used is smart working, which prevents employees from having to use public or private transport for service purposes. Garanteasy is a zero-emission operating facility, and this characteristic will be maintained in the future by preparing appropriate mitigation actions in the event of activities that create a minimally significant environmental load.
Paragraph 2 – Exceptional events
In the event of exceptional events, such as environmental disasters, natural catastrophes, epidemics, or socio-political events of particular gravity and importance, Garanteasy will do its utmost to make a positive contribution to the resolution of the problem, acting within its own sector and sphere of influence in order to mitigate the damage to the community. The social responsibility that the company assumes also concerns the mitigation of the negative effects of the crisis on its staff in case they are affected by it.
At the same time, members of the Board of Directors and staff must undertake to behave in line with that of the Company and loyally support its initiatives.
Paragraph 3 – Health
Garanteasy considers Occupational Health and Safety a priority, even in view of the widespread location and pervasive use of smart working. The company promotes a culture of corporate health and environmental protection, developing internal training and promoting responsible behaviour among its staff. Staff training, by means of specific courses, is aimed at developing the individual’s knowledge of health in his or her chosen workplace and the correct use of the technologies at his or her disposal, so as to safeguard the worker and promote his or her well-being, as well as that of third parties involved.
Article 12 – SUPERVISORY BODY
The SB, as defined by Legislative Decree 231/2001, must have the characteristics of autonomy and independence, professionalism and continuity of action. This statement is supported by the case law of the sector, which for companies of limited size provides that the SB may be simplified in its composition and procedures.
Garanteasy has equipped itself with an organisational model – M.O.G. – taking into account these indications in order to adapt the model to the size of the company, but safeguarding as much as possible its decision-making autonomy, third party status and absence of conflict of interest. Any member of the Board of Directors or Personnel, who becomes aware of violations of the Law or of this Code, occurring in the course of Garanteasy’s activities, either internally or externally, is obliged to promptly report the fact to the Supervisory Board. The report is made through the urgent report or through the six-monthly report which, at the request of the reporter, may be anonymous. The Supervisory Board decides by majority vote.
Paragraph 1 – Appointment and Powers
The Supervisory Board consists of three internal members, is appointed by the Board of Directors and remains in office for three years. It includes a Board member, the company’s DPO and a team member. The choice of the members is the responsibility of the CEO in office, who, to avoid conflicts of interest as far as possible, may not be part of the SB and retains a decision-making function of autonomy and guarantee.
The decision-making and sanctioning powers of the Supervisory Board are:
a) the Recommendation, if the conduct is not of particular gravity or due to misunderstanding of the rule. The Recommendation provides for the correction of the violation in a documented manner within the next reporting period.
b) the Sanction, in the event that the Supervisory Board detects the commission of a fraudulent act and the need to obtain compensation from the perpetrator of the violation. Type and extent of the sanction are at the discretion of the Supervisory Board.
c) Expulsion, in the event that the Supervisory Board assesses that the perpetrator of the breach is no longer compatible within the Company, due to the particular seriousness of the breach.
d) the Complaint, in the event that the Supervisory Board deems it necessary for the ordinary justice system to intervene. In this case, the BoD may decide to support the injured party in the civil trial, or constitute itself as a civil party in the criminal trial against the author of the violation.
Paragraph 2 – Functions
The Supervisory Body, as defined in the preceding paragraph, has the task of verifying that the company’s activities are carried out correctly, within the framework of the Law and the inspiring principles and values that the Company has summarised in this Code. The Body has the following functions:
a) Implementing the Code and keeping it up-to-date
b) Promoting the dissemination of the Code within and outside the Company
c) Supervise and investigate violations where necessary
d) Decide on reports received, applying the Code’s guidelines in good faith and acting loyally
e) Where necessary, apply the remedies and sanctions provided for in the Code
f) Carrying out, through quarterly reports, the management of the corporate Code of Ethics.
Paragraph 3 – Expected Results
Garanteasy and the Board of Directors are convinced that the adoption of the Code of Ethics, despite the relative size of the company, is a necessary step in relation to the development objectives and business model adopted. By adopting it, Garanteasy expects to systemise the efforts made in terms of sustainability of the organisational model, corporate social responsibility, internal organisation, data management, respect for labour and operators at all levels, as well as full compliance with the law in force.
The Company promotes the internal application and external dissemination of the Code in the belief that it is a plus with respect to the company’s positioning and image and at the same time with respect to its business objectives.
Article 13 – IMPLEMENTING PROVISIONS
This Code and the set of internal procedures adopted, represent the basis for the drafting of the M.O.G. – Organisation and Management Model pursuant to Article 6 of Legislative Decree 231/2001, which will be adopted by the Company with the aim of preventing offences that may be committed internally and/or with external consequences and to avoid the administrative liability of the Entity when violations and offences are committed by its collaborators at any level, voluntarily, fraudulently and for personal interest.
The SB is entrusted with the task of applying the procedures set out therein, implementing the Organisational Management Model and updating it. The SB is an internal body, specifically constituted and endowed with decision-making, initiative and control autonomy, with powers commensurate with the requirements.
