Legal terms

The website www.surgital.it (hereinafter the “Site”) has been designed and is managed by Surgital S.p.A. with registered office in Lavezzola (RA), via Bastia 16/1. These Terms of Use apply to any user who uses the services on the Site.

1. Registration and use of the Services

1.1. The user’s registration on the Site allows the latter, after authentication using the login credentials provided to them (“Username or email address” and “password”), to use the services on the Site, such as but not limited to the use of chat at the times indicated (hereinafter “Services”).
Registration on the Site implies acceptance by the user of these Terms of Use of the Services.
Use of the Services is permitted to the user for personal and non-commercial purposes only.

1.2. The user who registers to the Site grants to Surgital:
– the right to publish and use, without limitation and free of charge, the comments communicated or made available by the user through the Site;
– the right to publish and use, without limitation and free of charge, the content made available by the user through the Site;
– the right to reproduce, modify, adapt or develop the contents without any limitation and without any consideration being due to the user;

1.3. Notwithstanding the provisions of the Privacy Policy, the contents published by the users will be treated by Surgital as non-confidential and may therefore be subject to any publication, disclosure or use by Surgital in any manner.

1.4. Surgital does not undertake any commitment to the user with regard to the publication of the content on the Site. Surgital is also in no way bound to consider or develop user content, which may be discarded at its sole discretion and without any reason whatsoever.

2. Liability and warranties

2.1. The user warrants that any comment or content provided by the same is legitimately available to them, does not conflict with mandatory rules and does not violate any copyright, trademark, distinctive sign, patent or other rights of third parties. And it is in all cases expressly forbidden to use the Services to infringe directly or indirectly the applicable laws of the Italian State or any other State. The user shall remain solely responsible for any claim made by third parties regarding the proposed recipe and for the violation of any industrial property right, intellectual property as well as for the violation of any other applicable provision in force and in any case of any infringement of the rights of third parties.

2.2. Surgital shall not in any way be responsible for any damage or prejudice that users may suffer from access, interconnection, downloading material and computer programs from the Site.
Therefore, Surgital will not be liable for any damages, losses, prejudices of any kind that users may suffer due to contact with the Site, or as a result of the use of anything published on the same, as well as the software used.

3. Copyright

The contents (texts, images, sounds, movies, graphics, trademarks, logos, audiovisual, etc.) of this website are the exclusive property of Surgital S.p.A., and/or third parties and are protected by current legislation on copyright protection, Italian Law No. 633/1941 and subsequent amendments and additions (hereinafter referred to as the “LdA”). Reproduction, communication to the public, making available to the public, rental and lending, public performance, even in part, and dissemination without the permission of the copyright owner is prohibited. The penalties provided for in Art. 171, 171-bis, 171-ter, 174-bis and 174-ter of the aforementioned Act apply to infringements.

Dear Whistleblower,

We hereby inform you that Surgital S.p.a. (Tax Code and VAT number 01066170398), headquartered at Via Bastia n.16/1 – (48017) Lavezzola (RA), email: surgital@surgital.it – PEC: amministrazione@pec.surgital.it (hereinafter “Surgital”), in its capacity as the Data Controller and Processor designated by Ca’ Pelletti Retail S.r.l. (a company fully owned by Surgital S.p.a.), will process your personal data in compliance with the provisions of Legislative Decree 231/2001, as amended by Law 179/2017, as well as Legislative Decree 24/2023 governing whistleblowing reports, and the following information.

1) Nature of the Data Processed
Pursuant to Article 4 of Legislative Decree 24/2023, the reporting channel ensures “the confidentiality of the identity of the whistleblower, the person involved, and any person mentioned in the report, as well as the content of the report and related documentation.” Additionally, under Article 12, paragraph 2 of Legislative Decree 24/2023, “The identity of the whistleblower and any other information from which such identity may be inferred, directly or indirectly, may not be disclosed without the express consent of the whistleblower, to persons other than those authorized to receive or follow up on reports, as explicitly authorized to process such data in accordance with Articles 29 and 32, paragraph 4, of Regulation (EU) 2016/679 and Article 2-quaterdecies of the Personal Data Protection Code under Legislative Decree No. 196 of 30 June 2003.”
Therefore, only the designated Verifiers, the sole entities authorized to access the information in your report, will be able to process the personal data and information you voluntarily provide in the report, as necessary to take charge of your report and send you the receipt notice, any requests for additional information, and appropriate feedback as required by Article 5 of Legislative Decree 24/2023.

2) Purposes and Legal Basis of Processing
Surgital S.p.a. and Ca’ Pelletti Retail S.r.l. have adopted the Whistlelink reporting platform to comply with the obligations under Legislative Decree 24/2023. Therefore, the legal basis for processing is found in Article 6, paragraph 1, letter c) of Regulation (EU) 2016/679. In the event that your report necessitates disclosing the whistleblower’s identity to persons other than the designated Verifiers, the Verifiers will request explicit consent. Without this consent, or if you freely decide to refuse such consent, the whistleblower’s identity will not be disclosed to anyone other than the Verifiers, as provided by Article 12, paragraph 2 of the above-mentioned Legislative Decree 24/2023.

3) Processing Methods and Data Retention Period
Processing will be carried out through the “whistleblowing” reporting platform available at https://surgitalspa.whistlelink.com/. Pursuant to Article 14 of Legislative Decree 24/2023, reports “and related documentation will be kept for the time necessary for the processing of the report, and in any case no longer than five years from the date of communication of the final outcome of the reporting procedure, in compliance with the confidentiality obligations under Article 12 of this decree and the principle set out in Articles 5, paragraph 1, letter e), of Regulation (EU) 2016/679 and 3, paragraph 1, letter e), of Legislative Decree No. 51 of 2018.” Additionally, under Article 13, paragraph 2, “personal data that are manifestly irrelevant to the specific report will not be collected or, if accidentally collected, will be immediately deleted.”

4) Data Communication
The data and information in your report will not be transferred, disclosed, or shared with entities outside the EU. These data may only be disclosed to the designated Verifiers and to entities where communication of data is necessary to comply with legal obligations (e.g., competent authorities as defined in Legislative Decree 24/2023). Furthermore, the communication of information in the report and possibly the identity of the whistleblower will occur in compliance with the provisions of Article 12 of Legislative Decree 24/2023.

5) Nature of Data Provision
Providing data is optional; however, failure to provide the necessary information required by the platform will prevent your report from being processed.

6) Rights of the Data Subject
Under Article 13, paragraph 3 of Legislative Decree 24/2023, “the rights under Articles 15 to 22 of Regulation (EU) 2016/679 may be exercised within the limits provided by Article 2-undecies of Legislative Decree 30 June 2003, No. 196.” Therefore, subject to the above limitations, you are guaranteed the right of access and, where applicable, the right to rectification, deletion, and data portability. You also have the right to request restriction of processing of the data you have provided and to object to processing. You are further entitled to file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

7) Methods for Exercising Rights
The data subject may exercise their rights, within the limits set out above, by contacting Surgital S.p.a. or the designated Data Protection Officer at the email address dpo@surgital.it.
Ca’ Pelletti Retail S.r.l. has also designated a Data Protection Officer, who can be contacted at the email address dpo@ca-pelletti.it.