Skip navigation

Italy - Ericsson Telecomunicazioni SPA

Available in English Italiano

Speak up whenever something doesn’t seem right

You are expected to speak up if you see anything that you believe is not right. Remember, you will always be protected and confidentiality will be ensured when you raise concerns in good faith.

Central Reporting Channel

Ericsson has an Allegation Management Process that handles any allegations received through our standardized central reporting channels, which include the Ericsson Compliance Line.

  • The Compliance Line is hosted by an independent third party, allows anonymous reporting, and is available 24/7 in 63 languages.
  • Compliance Line reports are handled promptly by independent and experienced teams in Group Function Legal Affairs & Compliance.
  • Anyone can report a compliance concern through the Ericsson Compliance Line.
  • The Compliance Line allows anonymous reporting when permitted by law. However, by letting us know who you are, we can contact you directly to discuss your concerns which will help us investigate it more quickly and efficiently.

For more information about the Ericsson Compliance Line

Local Reporting Channel

If you have a concern regarding Ericsson Telecomunicazioni SPA (“TEI”) in Italy, you also have the option to report your Compliance concern in a local channel, which will be handled exclusively by a local team appointed by TEI, pursuant to Decree 231/2001 and Decree 24/2023.

Ericsson will not tolerate retaliation against individuals who report compliance concerns in good faith or against relevant third parties. You will always be protected, no matter how you speak up.

Who can use the local channel?

Permitted reporters to the local channel are:

  1. employees;
  2. service providers, contractors, subcontractors and suppliers, as well as any persons acting under their supervision and direction;
  3. shareholders or persons belonging to management bodies or to fiscal or supervisory bodies of legal entities, including non-executive members;
  4. volunteers or interns, regardless of whether compensated.

The above applies to current, former or future relationships with TEI.

What types of reports does the local channel accept?

You can use the local channel if you would like to report a compliance concern. A compliance concern is any employee or third-party behavior that may breach the European or Italian Law, our Code of Business Ethics (CoBE), TEI Model of Organization, Management and Control as per Decree 231/01, and related policies and directives. This includes:

  • Corruption and fraud
  • Questionable accounting or auditing matters
  • Other events that might seriously affect the vital interests of Ericsson

Our local channel accepts any compliance concern that is prescribed by Italian law [link]. Please be aware that any compliance concern you may want to raise in the local channel can also be raised in the  Ericsson Compliance Line.

How to submit a report

To submit a report to the Ericsson Compliance Line, click here.

To submit a report to the local channel, send an email to tei.whistleblower@ericsson.com. The team appointed by TEI will have exclusive access to the mailbox. A reporter may also ask to have the team contact them by phone or ask for a meeting to submit their report.

In order to contribute to the effective handling of the report, it should be clear from the report:

  • the circumstances of time and place in which the fact that is the subject of the report occurred;
  • the description of the fact;
  • the generalities or other elements that make it possible to identify the person to whom the reported facts are attributed.

It is recommended that documents be attached that may provide elements of substantiation of the facts being reported, as well as the indication of other persons potentially aware of such facts.

What happens to a local channel report?

After submitting a report in the local channel, the team appointed by TEI will confirm receipt of the report within 7 days. You will also receive a case number which can be used for future communications with you, including possible questions to clarify your report.

The team will communicate the results of its analysis to you within three months of receiving your report. You may request at any time that the team do so within 15 days of reaching its conclusion.

Reports that cannot be addressed locally

If your report to the local channel reveals a problem that affects two or more Ericsson entities, that cannot be addressed within TEI, or that falls into point 2. lett a. D.Lgs. n. 24/2023[1], we encourage you to report your issue centrally, directly to the Ericsson Compliance Line. If you submit such a report to the local channel, TEI will inform you of its determination that the report cannot be effectively addressed within TEI and request that you report the issues via the Ericsson Compliance Line to ensure the concern is addressed by the appropriate Ericsson entity.

If you have any questions about whether you can submit your compliance concern through the local channel, you should contact the Compliance Consultation Desk or send your question to the local channel.

External reporting

In addition to the Central Reporting Channel and the Local Reporting Channel you may also report via an external reporting channel (the “External Reporting Channel”) managed by Italian Anti-Corruption Authority (ANAC), available on ANAC website (www.anticorruzione.it). To report through the External Reporting Channel one of the three conditions below must apply.

  1. You have filed a report through the Local Reporting Channel, but the report was not handled accordingly; i.e. cases where the internal channel has been used, but the subject entrusted with the management of the channel has not undertaken, within the terms established by the decree any activity to verify the conditions of admissibility, of the existence of the facts reported or communication of the outcome of the investigation;
  2. You have a justified reason to assume that report through the Local Reporting Channel will not be effective or will be retaliatory; or
  3. There is a case of imminent or manifest danger to the public interest.

Reports of violations of Legislative Decree 231/01 or inadequacies of the 231 Model could be made only through the internal channel.

Any external report must specify that the reporter wants to keep its identity confidential and benefit from the protections provided in the event of any retaliation.

recipients of retaliation, also undertaken indirectly, due to the role assumed in the process of reporting, public disclosure or denunciation and/or the particular relationship that binds them to the reporter.

[1] Such as: Disputes, claims or demands related to an interest of a personal nature of the reporting person that relates exclusively to the individual relations of work, or pertaining to the relations of work with hierarchically superordinate.

Public disclosure

It is possible to make a public disclosure, i.e. make information on violations public domain through the press or electronic means or in any case through means of dissemination capable of reaching a large number of people, if one or more of the following conditions apply:

  • an internal and an external report have been made - or directly an external report in the cases provided - without receiving timely feedback within the established deadlines;
  • there is reasonable reason to believe that the violation constitutes an imminent or obvious danger to the public interest;
  • there is good reason to believe that the external report may entail the risk of retaliation or not be followed up effectively due to the specific circumstances of the specific case, for example because there is a well-founded fear that the internal manager of the report is colluding with the author of the violation or is involved in the violation itself.

Protection of the reporter

Reports submitted through the local reporting channel will be handled in a way that ensures that the identity of the reporter, the subject of the report and the content of the report is kept confidential in accordance with the relevant legislation. 

Good faith reporters will be protected from any type of retaliation or discrimination. This protection also extends to:

  • those who have assisted the reporter in the reporting process;
  • co-workers with whom the reporter has a personal relationship or who are related to the reporter up to the fourth degree;
  • co-workers of the reporter who have a regular and ongoing relationship with the reporter; and
  • entities owned by the reporter or where the reporter works, as well as entities operating in the same work environment as the reporter.

Information gathered as a result of the report shall be processed and retained for as long as strictly necessary in accordance with the relevant regulations.

This protection operates only where the reporter has acted in good faith. Protection is excluded in case of malice or gross negligence or where the report was made with the intent to unjustifiably damage the reputation of TEI or others. Any report made having well-founded reason to believe that the reported violation is true is considered to be in good faith.

Any violation of TEI’s provisions on the handling of reports and/or of Legislative Decree 24/2023 will result in disciplinary actions, including: (i) unfounded reports made with malice or gross negligence; (ii) any conduct aimed at obstructing a report; (iii) any type of retaliation, including conduct prohibited under Article 17 of Legislative Decree 24/2023; (iv) breach of confidentiality of the reporter and other persons protected under Legislative Decree 24/2023; (v) failure to adequately handle reports; and (vi) any other violation of the applicable regulations or TEI’s steering documents.

Protection concerns not only the name of the whistleblower but also all the elements of the report from which the identification of the whistleblower can be derived, even indirectly.

Data protection

For detailed information on your privacy rights, the collection and processing of your personal data please see below:

Privacy Notice for Ericsson Employees and Non-Employed Workforce (For Ericsson employees, search in the intranet).

Privacy notice (English)

Privacy – Ericsson (for the public)

TEI is the data controller for personal data processed in the local channel.

Read more:

PRIVACY INFORMATION NOTICE PURSUANT TO REGULATION (EU) 2016/679 - GENERAL DATA PROTECTION REGULATION, HEREAFTER, “GDPR” - FOR WHISTLEBLOWERS

Pursuant to Regulation (EU) 2016/679 (hereafter, “GDPR”), Ericsson Telecomunicazioni S.p.A. (hereafter, referred to as “Company” or “Controller”) has adopted a system for handling internal whistleblowing reports as described in the document called “TEI Internal Channel”, available at the following link: https://www.ericsson.com/en/about-us/corporate-governance/code-of-ethics/reporting-compliance-concerns/eu-local-reporting-channel/italy-tei-local-reporting also available in the section Corporate Governance/Code of Ethics of the Company website,  and provides this information regarding the processing of your personal data for the management of the whistleblowing report you submitted to the attention of the Company.

1. Identity and contact details of the Controller

The Controller is the Company to which the whistleblowing report is submitted, namely Ericsson Telecomunicazioni S.p.A. with registered office in Roma (00118) at Via Anagnina 203.

2. Contact details of the Data Protection Officer (DPO)

The Company has designated a Data Protection Officer, who can be contacted at the following email address: dpo-italy@ericsson.com .

3. Purposes and legal basis of data processing

The Controller will process (i) your identifying data as the reporting party, where the whistleblowing report is not submitted anonymously, as well as (ii) information relating to the alleged conduct and any other data that you may have provided in the whistleblowing report and depending on the type of whistleblowing report made and the complained conduct or that are relevant based on the reported event; and (iii) information that may have been acquired over the course of the necessary investigative activities in order to verify and solve the whistleblowing report; for:

a. Purposes of management of the whistleblowing report on the basis of the whistleblower's complaint

The Controller will process the data for purposes strictly and objectively necessary for the application and management of the whistleblowing reporting procedure, including the verification of the facts that are alleged in the whistleblowing report, the resolution of the whistleblowing report, the preparation of the response, the adoption of any measures of relief or support for the whistleblowers and the establishment of proceedings including disciplinary proceedings, as well as to provide feedback to questions and queries you have raised regarding corporate compliance, pursuant to the provisions of the document called “TEI Internal Channel”, mentioned above, to the extent required by applicable laws.

In no cases, your whistleblowing reports will be used against you for discriminatory or retaliatory purposes by the Controller.

b. Purposes of compliance with regulatory obligations, laws and provisions of Authorities legitimated by law.

The Controller will process the data in order to fulfill obligations under the law, regulations or legislation, national and/or EU, including the provisions of the Italian Legislative Decree No. 24/2023 implementing the Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law and providing rules on the protection of persons who report breaches of national regulatory provisions (so-called "Whistleblowing Decree"), as well as effectively prevent and combat fraudulent, illegal or irregular conduct and support the effective application and implementation of the Organization, Management and Control Model pursuant to Legislative Decree no. 231/2001 (so-called “231 Model”), within the limits of what is required by applicable regulations.

Data may also be processed to execute requests from the competent administrative or judicial authorities or public entities in general, compliantly with legal formalities.

For the purposes described above, personal data may be processed for the fulfilment of legal obligations to which the Controller is subject. The disclosure of personal data is not compulsory, as permitted by law (for example, in the case of a whistleblowing report in anonymous form).

c. Further processing based on the Legitimate Interest of the Controller or a third party

In addition, the Controller will process personal data:

  • for its own internal control and business risk monitoring needs, as well as in order to optimize and streamline the internal business and administrative processes also provided centrally by the Ericsson Group, which imply and require that whistleblowing reports be retained for longer than the time required for the mere management and resolution of the whistleblowing report in question;
  • in order to ascertain, exercise or defend a right or a legitimate interest of the Controller or third party (including other companies of the Ericsson Group) before any appropriate authority.

The legal basis for the processing is represented by the pursuit of the legitimate interest of the Controller or third parties, represented by the right of defence and by the interest in guaranteeing the effectiveness and efficiency of the Company’s Internal Control and Risk Management System, also in order to prevent and effectively combat fraudulent, illegal or irregular conduct. This legitimate interest has been appropriately assessed by the Controller.

Processing for purposes based on the Controller’s legitimate interest is not mandatory and you may object to such processing trough the modalities indicated in this privacy information notice. However, if you object to such processing, your personal data will not be used for such purposes, unless the Controller demonstrates the existence of prevailing compelling legitimate grounds or personal data is necessary for the exercise or defense of a Controller’s right pursuant to Article 21 of the GDPR.

In addition to the above, and where strictly necessary to verify the reported conduct and to follow up on the whistleblowing report received, the Controller may also process special categories of personal data as per Article 9 of the GDPR or data relating to criminal convictions and offenses as per Article 10 of the GDPR for reasons of relevant public interest referred to in the Whistleblowing Decree and in any case within the limits set forth the applicable laws, including Articles 9 and 10 of the GDPR.

In any case, the Controller processes personal data that are strictly and objectively necessary to verify the merits of the whistleblowing report and proceed to its resolution only. Should the Controller, even accidentally, collect any unnecessary personal data, such personal data will be promptly deleted.

4. Modalities to process personal data

The data - when provided and collected - will also be processed by electronic means, recorded in special databases, and used strictly and exclusively for the purposes specified. These means are suitable to guarantee the security of the processing and confidentiality of the personal data collected, as well as to prevent unauthorized access, dissemination, modification and exfiltration of the personal data, thanks to the adoption of appropriate technical and organizational security measures, in compliance with the above-mentioned laws and related confidentiality obligations and, in any case, according to the purposes and methods set forth in this privacy information notice. Data will be processed in aggregate/anonymous form when this is appropriate in view of the purposes declared.

5. Personal data recipients

For the pursuit of the purposes indicated in paragraph 3, the Controller, the subjects authorized by the Controller to process data, who are in charge of handling the whistleblowing report, as specifically indicated in the document called “TEI Internal Channel”, mentioned above, as well as any data processors pursuant to Article 28 of the GDPR, may get to know your personal data. Data processors shall be specifically identified by the Controller, who shall also specifically instruct them on the methods and purposes of processing whilst ensuring that they are subject to adequate confidentiality and privacy obligations.

The Controller may also disclose the personal data collected to third parties belonging to the following categories, provided that this is necessary for the pursuit of the purposes of processing and on the basis of the same requirements of lawfulness set out in paragraph 3:

  • police, appropriate authorities and other public authorities. These parties shall act as independent controllers;
  • within the limits permitted by the applicable legislation, companies, entities or associations, or parent companies, subsidiaries or associated companies pursuant to Article 2359 of the Italian Civil Code, or among these companies, companies subject to joint control, as well as consortia, business networks and groups and temporary business associations and their members, with exclusive reference to the aspects falling within their responsibility (for example, in the case in which the whistleblowing report also regards their employees). Unless otherwise specified, such parties shall act as independent controllers;
  • auditing firms and other companies contractually linked to the Controller (including those belonging to the same group) that perform, by way of example, consultancy activities, activities in support for the provision of services, etc., which shall act, as the case may be, as independent data controllers, or as data processors on the basis of a specific agreement on the processing of personal data concluded pursuant to Article 28 of the GDPR. Ericsson is one of these parties, which has been charged, in particular, with the task of setting up and managing the communication channels made available to submit and manage Whistleblowing Reports.

In any case, the Controller communicates your personal data to the aforementioned recipients only data that are necessary to achieve the specific purposes for which they are intended.

Your data shall not be disseminated.

6. Transfer of personal data outside the European Economic Area

As part of the management of whistleblowing reports, for some of the purposes indicated in paragraph 3, your personal data may be transferred outside the European Economic Area, also by entering them in databases shared with and/or managed by third party companies, which may even not be part of the Ericsson Group (like the Controller). The management of the database and the processing of such data shall be subject to the purposes for which they have been collected and carried out with the utmost respect for the standards of confidentiality and security set out in the applicable data protection laws.

Whenever your personal data is transferred outside the European Economic Area and, in particular, to Countries that according to the European Commission do not offer adequate security measures, the Controller shall sign the standard contractual clauses adopted by the European Commission whilst taking any other technical and organizational measures that are appropriate and necessary to ensure an adequate level of protection of your personal data and, in any case, at least equal to that guaranteed within the European Economic Area, in accordance with what is indicated in this Privacy Policy, including, among others, the Standard Contractual Clauses approved by the European Commission.

7. Data storage period

Data shall be processed in the paper and computer archives of the Controller and protected by suitable security measures for a period of time not exceeding that necessary to achieve the purposes for which they are collected and for the longer period of time possibly necessary to comply with legal provisions and/or for judicial protection, subject to ordinary statutes of limitation. In detail, your personal data shall be retained for 2 years if the report has been found to be inadmissible and is therefore not classified as a whistleblowing report, or for 5 years if it is classified as a whistleblowing report, starting from the communication of the final outcome of the whistleblowing procedure, unless retention of personal data for a longer period is required for claim or litigation purposes, as a consequence of requests by competent authorities, or under applicable laws. At the end of the storage period, your personal data shall be erased or irreversibly anonymized.

8. Rights of data subjects

In your capacity as data subject, you shall have the following rights, as summarised below, where applicable and within the limits specified in the relevant legal provisions and, in particular, in Article 2-undecies of Legislative Decree no. 196 of 30 June 2003, as lastly amended (the “Italian Privacy Code”).

a. Right of access

You shall have the right to obtain from the Controller confirmation as to whether or not the personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if such recipients are from third countries or international organizations; (iv) when possible, the prescribed storage period of the data or, when this is not possible, the criteria used to determine this period; (v) the right to lodge a complaint with a supervisory authority; (vi) if the data are not collected from you, all available information on their origin.

It is understood that your confidentiality shall be protected to the maximum extent permitted, especially with reference to your identity, which shall not be disclosed either to the reported person or third parties, unless this is necessary to seek protection in court, fulfil legal obligations and otherwise within the limits provided for by law, in order to avoid cases of direct or indirect retaliation, threats, violence, discrimination, etc. against you for reasons directly or indirectly connected with the whistleblowing report. The confidentiality of your identity cannot be guaranteed in the event of an Illicit whistleblowing report (i.e., any whistleblowing report that is revealed unfounded based on objective elements and for which the concrete circumstances that were ascertained during the investigation phase lead to believe that it was presented in bad faith or with extreme negligence).

b. Right of rectification and erasure

In the cases provided for by the applicable legal provisions, you may exercise the right to obtain the rectification of the inaccurate personal data regarding you without unjustified delay and, taking into account the purposes of processing, the right to obtain the integration of incomplete personal data, even through a supplementary declaration.

You shall have the right to request the erasure of the personal data concerning you for any of the following reasons: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data are being processed unlawfully; (iii) you have objected to the processing activity and there is no overriding legitimate reason; (iv) the personal data must be erased in order to comply with a legal obligation.

However, the Controller shall have the right to reject the request for erasure if the right to freedom of expression and information prevails or to allow the fulfilment of a legal obligation, defend any of its own rights in court or for its legitimate interest.

c. Right to restriction of processing

You shall have the right to obtain the restriction of processing from the Company in the following cases: (i) for the amount of time necessary for the Controller to verify the accuracy of the data whose accuracy has been contested by the data subject; (ii) in case of unlawful processing of personal data; (iii) even if your personal data are not necessary for the purposes of the processing, you need them to be processed so that a claim can be established, exercised or defended in court; (iv) for the amount of time necessary to verify whether or not the legitimate interests of the Controller override your request to object to the processing.

d. Right to object

You shall have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data regarding you on the basis of the legitimate interest pursuant to Article 6(1)(f) GDPR. However, the Controller shall be entitled to continue processing by demonstrating that there are compelling legitimate reasons overriding your interests, rights and freedoms.

e. Right to lodge a complaint and/or application

You have the right to lodge a complaint with the Italian Data Protection Authority (“Garante”) and/or an application with the judicial authority.

According to Article 2-terdecies of the Italian Privacy Code, in case of death, the abovementioned rights may be exercised by another person entitled who has its own interest or acts as your mandatory or family reasons that need to be protected exist. You can expressly avoid the exercise of some of the abovementioned rights by your successors submitting a written request to the Controller o to the e-mail address of the DPO. Such declaration may be, at any time, withdrawn or modified with the same modalities.

The Controller reserves the right to restrict or delay the exercise of the said rights, within the limits provided for by the applicable legal provisions, especially where there is a risk of actual, concrete and otherwise unjustified prejudice to the confidentiality of the Whistleblower’s identity and when the capacity to effectively ascertain the grounds for the Whistleblowing Report or gather necessary evidence may be compromised (see Articles 2-undecies and 2-duodecies of the Italian Privacy Code and Article 23 of the GDPR). In particular, such rights may also be exercised:

  • in compliance with the legal or regulatory provisions governing the sector (including the Italian Legislative Decree no. 231/2001 as amended by Law no. 179/2017, as well as the Whistleblowing Decree);
  • and may be delayed or restricted or excluded with a motivated notice to be sent to the data subject without delay, unless the notice may compromise the purposes of restriction, for the time and within the limits that this constitutes a necessary and proportionate measure, taking into account the fundamental rights and legitimate interests of the data subject, in order to protect the confidentiality of the Whistleblower’s identity.

You may exercise the rights listed above by writing to the Controller to which you submitted the whistleblowing report (tei.whistleblower@ericsson.com),  or by writing to the DPO at the e-mail address:  dpo-italy@ericsson.com.