1. INTRODUCTION

In carrying out its activities, the Company favors a work environment that, inspired by respect, correctness and collaboration, as well as on the basis of the experience gained in the areas of competence, provides for the involvement and making responsible of employees and collaborators, with regard to the specific objectives to be achieved and the methods for pursuing them.

The Company acts in accordance with the principles of honesty, correctness, responsibility, freedom, dignity of the human person and respect for diversity, and rejects any discrimination based on sex, race, language, personal and social conditions, as well as religious and political beliefs.

Palazzo Grassi S.p.A. bases its internal and external activities on compliance with the principles contained in this Code of Ethics, which is a fundamental component of the organizational, management and control models adopted by the Company pursuant to Decree Law no. 231/01 (Organizational Model 231) and the Company's overall internal control system, in the belief that business ethics should be pursued as a condition for the success of the Company. In this perspective, the principles and values expressed in the Code of Ethics also constitute a useful interpretative reference in the concrete application of Models 231 in relation to the Company dynamics. The Code of Ethics has been prepared with the aim of clearly defining the set of values that Palazzo Grassi recognizes, accepts and shares.

The Company ensures the dissemination of and information on the provisions of the Code of Ethics and its application to the persons to whom it refers, so that employees, Directors and all those working for the Company carry out their activities and/or duties in accordance with consistent and strict compliance with the principles and values contained therein.

2. THE COMPANY'S MISSION

Palazzo Grassi S.p.A. aims to promote permanent or temporary exhibitions of public or private collections, exhibitions, events, conferences, congresses, symposiums, performances and representations in general in the exhibition site of Venice in Campo S. Samuele, called "Palazzo Grassi" and in the state property complex of Punta della Dogana, called the "Contemporary Arts Centre”.

The Company’s aims also include the management, maintenance, expansion and possibly the renovation of the Palazzo Grassi and Contemporary Arts Centre property complexes.

The Company may also carry out the renovation and construction of the building in Campo S. Samuele, known as "Teatrino", and provide for its management and possible sale. It is understood that the social purpose will also include the maintenance of the designated use of Palazzo Grassi and the Centre for Contemporary Art for museum exhibition purposes.

The Company also carries out activities related to and complementary to the organization and management of exhibitions, such as the provision of services, including but not limited to: consultancy, advertising of initiatives, ticketing, bookshops, catering, preparation of catalogues and magazines, meetings and conferences.

In carrying out its activities, the Company favors a work environment that, inspired by respect, correctness and collaboration, as well as on the basis of the experience gained in the areas of competence, provides for the involvement and making responsible of employees and collaborators, with regard to the specific objectives to be achieved and the methods for pursuing them.

3. RECIPIENTS

The principles and provisions of the Code of Ethics are binding for Directors and Statutory Auditors, for all persons linked by employment relationships and for all those who, directly or indirectly, permanently or temporarily, establish for any reason relationships and collaborative relations (so-called "collaborators") or operate in the interest of the Company, whether they are also customers and/or suppliers or not.

The Directors, Statutory Auditors, employees, collaborators and suppliers and/or customers are hereinafter referred to as "RECIPIENTS”.

1. GENERAL PRINCIPLES
   1. ETHICAL PRINCIPLES

In pursuing its mission, the Company applies the following ethical principles:

• PRINCIPLE OF LEGALITY

Everyone is required to comply with the laws and regulations in force in Italy, the Code and the Company's internal rules, applying them with rectitude and fairness. In no case does the pursuit of the Company's interest justify and make acceptable conduct contrary to the provisions of the Law.

This commitment is also binding for collaborators, Consultants, Suppliers, Customers and for anyone who has relationships with the Company. The latter shall not initiate or continue any relationship with persons who do not intend to comply with this principle.

• PRINCIPLE OF CORRECTNESS

In its relations with third parties, the Company undertakes to act in a correct and transparent manner, avoiding misleading information and conduct that directly or indirectly takes undue advantage of other people's positions of weakness or ignorance.

• PRINCIPLE OF HONESTY

Relationships with the outside world, relations with its collaborators[1], and those with the latter must be based on the utmost honesty, which consists in fidelity in giving one’s word, to promises and agreements, in acting with a sense of responsibility, in the enhancement and protection of the Company's assets, in compliance with the criteria of correctness, economy, transparency, efficiency and effectiveness, in the application of an attitude of complete good faith in any activity or decision and finally in compliance with the prohibition of competition as specified in Art. 2596 of the Civil Code.

 

• PRINCIPLE OF INTEGRITY

The Company and its collaborators undertake to act in such a way as not to compromise the integrity, image and reputation of the Company and of the collaborators themselves. Collaborators must also let their actions be governed according to the requirements of honesty imposed by law, regulations and the Code.

• PRINCIPLE OF TRANSPARENCY

All the Company's actions and relations with its shareholders must be carried out guaranteeing correctness, completeness, uniformity and timeliness of information, in accordance with the guidelines dictated by the law, by best market practice, and within the limits of the protection of the Company's know-how and assets.

• RESPECT FOR HUMAN DIGNITY

The Company respects the fundamental rights of individuals, protecting their moral integrity and guaranteeing equal opportunities and promoting their professional growth, as well as offering working conditions that respect individual dignity and safe and healthy working environments, in compliance with current regulations and the rights of workers. In both internal and external relations, conduct that is discriminatory in content based on political, trade union and religious opinions, or on race, nationality, age, gender, sexual orientation, state of health, economic conditions and in general any intimate characteristic of the human person is not permitted. The Company shall ensure that, within the scope of its activities, the rights provided for in the "Universal Declaration of Human Rights" are valid as a standard and are guaranteed during the performance of the corporate MISSION.

• Tackling xenophobia and racism

In this regard, the Company has as an essential value the fight against any form and expression of racism and xenophobia and repudiates any activity that may involve the propagation of ideas based on superiority or racial or ethnic hatred and the commission of acts of discrimination and violence, or even just incitement to such acts, for racial, ethnic, national or religious reasons.

1. 2. RESPONSIBILITIES

Each RECIPIENT carries out their work and their job with professional commitment, diligence, efficiency and correctness, making the best use of the tools and time available to them and assuming the responsibilities related to their respective commitments.

Compliance with the Code must also be considered an essential part of the contractual obligations assumed by each RECIPIENT having business relations with the Company. Violation of the rules of the Code may constitute breach of the relevant contractual obligations.

 

1. 3. DISSEMINATION OF THE CODE

The Company undertakes to disseminate the Code of Ethics as widely as possible among all RECIPIENTS, recommending its observance and ensuring its periodic revision and updating in order to adapt it to changes in sensitivities, environmental conditions and regulations.

In particular, the Company shall commit to:

• the dissemination of the Code of Ethics to the Recipients, through the distribution of copies of the same;
• interpretation and clarification of the provisions contained in the Code of Ethics;
• verification of effective compliance with the Code of Ethics;
• any future updates and implementation of the provisions of the Code of Ethics, according to the needs that arise from time to time.

The Code of Ethics is also published on the website www.palazzograssi.it.

1. 4. PENALTIES:

Disciplinary measures for violations of the Code of Ethics are adopted by the Company in line with the laws in force and with the relevant national or Company employment contracts. Such measures may also include the removal of those responsible from the Company.

In order to protect its image and its resources, the Company will not enter into any type of relationship with persons who do not intend to operate in strict compliance with current legislation, and/or who refuse to behave in accordance with the values and principles set out in the Code of Ethics.

The penalties must, in any event, be appropriate and proportionate to the importance of the infringement and the serious nature of the facts and must take account of repetition of the conduct and the specific subjective and objective circumstances which contributed to the infringement.

The behavior of the person who committed the violation of the rules of the Code of Ethics must be assessed as a whole.

Where several charges are raised in the context of the same proceedings, there shall be a single penalty.

Failure to comply with the provisions of the Code of Ethics shall result in the application:

• for employees, of disciplinary-type sanctions provided for in the current contractual regulations by the Company Management;
• for consultants, of what is provided for in their assignments and contracts;
• for members of the corporate bodies, of the measures deemed appropriate by the Board of Directors.

2. RELATIONS WITH THIRD PARTIES

The Company conducts its business by applying the ethical principles identified in this Code and requires its collaborators to comply with this approach regardless of the importance of the matter or market conditions.

1. 1. RELATIONS WITH COMPETITORS

Palazzo Grassi recognizes that fair, free and honest competition is a decisive factor in the growth and constant improvement of the Company.

1. 2. CORRECTNESS IN BUSINESS

The Company manages its business by applying the ethical principles identified in this Code and requires the RECIPIENTS to comply with this approach regardless of the importance of the business or market conditions.

In carrying out all their actions and operations and in their conduct in the performance of their duties or functions, the RECIPIENTS shall be inspired by transparency, correctness and mutual respect, as well as legitimacy in both form and substance, in accordance with current regulations and internal procedures, also in order to protect the Company's assets and image.

In particular, the following are not allowed:

• the pursuit of personal or third party interests to the detriment of corporate interests;
• the abusive exploitation, from personal interest or that of third parties, of the name and reputation of the Company as well as of information acquired and business opportunities learned about in the performance of one's duties or functions;
• the use of goods and equipment available to the Recipients in the performance of their duties or functions for purposes other than those for which they are intended.

Each RECIPIENT shall not accept nor make, for themself or for others, pressure, recommendations or warnings that could cause prejudice to the Company or undue advantages for themself, for the Company or for third parties. Each RECIPIENT shall also reject and not make promises and/or undue offers of money or other benefits, unless the latter are of modest value and not related to requests of any kind.

If the RECIPIENT receives an offer or a request for benefits from a third party, except for gifts of commercial use or of modest value, they shall immediately inform their superior or, where appropriate, the person to whom they are required, as the case may be, to report the relevant initiatives.

The prohibition on offering and receiving gifts also extends to family members or partners (understood as persons who have a contractual or associative relationship of a business nature with the RECIPIENTS).

Under no circumstances may gifts be offered or accepted in the form of money or goods easily convertible into money.

 

1. 3. IMPARTIALITY

In its relations with third parties (on all occasions, including appointments, contracts, litigation proceedings, etc.) the Company shall avoid any discrimination based on age, gender, sexuality, health, race or nationality, political opinions and religious beliefs, nor does it take into account recommendations or suggestions from external or internal sources and ensures impartiality and fairness in compliance with the legal or contractual rules and principles set out in this Code of Ethics.

1. 4. RELATIONS WITH SUPPLIERS

Suppliers play a key role in improving the Company's overall competitiveness. Suppliers are therefore selected which possess the best characteristics in terms of quality, innovation, cost, service, continuity and ethics.

In particular, collaborators, and principally those involved in these processes, must:

• observe the internal procedures for the selection and management of relations with suppliers;
• not discriminate between suppliers, allowing all eligible parties to compete for the award of contracts based on objective, declared, transparent and documentable criteria;
• require suppliers, when required by the procedures, to abide by the principles of the Code and include in the contracts, when required by the procedures, the express obligation to abide by them;
• promptly report any behavior of a supplier that appears to be contrary to the ethical principles of the Code to their hierarchical superior or to Company Management.

RECIPIENTS are required to select suppliers on the basis of the ethical principles of the Code and are encouraged to create and maintain stable, transparent, collaborative relationships with suppliers, as well as to always act in the best interest of the Company.

1. 5. INTELLECTUAL PROPERTY

The Company is concerned both to protect its own intellectual property assets, and not to violate the rights of others.

Each RECIPIENT of this Code is required to operate in this sense, providing their cooperation in the handling of any cases of violation of the rights of the Company.

1. 6. RELATIONS WITH PUBLIC OFFICIALS, POLITICAL REPRESENTATIVES AND REPRESENTATIVES OF ASSOCIATIONS

Relations between Palazzo Grassi and national, European Union (EU) and international public institutions, as well as public officials or parties in charge of a public service, i.e. bodies, representatives, agents, spokespersons, members, employees, consultants, parties in charge of public functions or services, public institutions, public administrations, public bodies, including economic bodies, public bodies or companies of a local, national or international nature (“Public Officials") are entertained by each Director and each employee, whatever their function or position, or, if necessary, by each collaborator, in compliance with current legislation, the principles defined in this Code of Ethics as well as Company procedures, on the basis of the general criteria of correctness and honesty.

Palazzo Grassi, if it deems it appropriate, may support programs of public bodies intended to achieve benefits for the community as well as the activities of foundations and associations, always in compliance with current legislation, the principles defined in this Code of Ethics and corporate procedures.

1. 7. ANTI-MONEY LAUNDERING

The administration of financial resources, the planning of investments, the purchase of goods and services and the management of cash liquidity are inspired by the principles of correctness, transparency and traceability.

The Company and its collaborators must never be implicated or involved in operations that may involve the purchase, receipt, concealment, dissimulation, use in financial activities of any kind, conversion, replacement, transfer, in any form or manner of operation, of money, assets, proceeds or other benefits from receiving stolen goods, money laundering, in any case from criminal or illegal operations, or other conduct with the purpose of hindering the identification of the illegal origin of the same, nor should they ever be implicated or involved in operations or situations that may involve the participation, in any form or manner, of the Company or its collaborators in such activities, even if such conduct or the activities that generated the goods the subject of such conduct are carried out in whole or in part in Italy or in another member state of the European Union or in any other State.

The Company applies in all cases the anti-money laundering regulations in all the jurisdictions in which it operates, establishing appropriate control procedures for this purpose.

1. 8. ASSOCIATION OFFENCES

The Company recognizes the high priority of legality and public order, censoring any form of commingling of funds, collusion or closeness with criminal associations both national and transnational; to this end, particular attention is paid to the identification of business partners and external consultants.

In no case may threats or pressures from such associations justify attitudes of acquiescence or connivance on the part of the Company or its representatives, who shall instead promptly file a complaint with the competent authorities.

1. 9. PROTECTION OF PUBLIC SAFETY 

The Company is actively committed, through the prevention and control activities carried out by its own Supervisory Body set up pursuant to Decree Law no. 231/2001, if appropriate also in combination with the competent authorities, to the application of the provisions of Art. 3 of Law no. 7 of 14.01.2003 "Ratification and implementation of the international convention for the suppression of the financing of terrorism and rules for the adaptation of the internal organization”.

3. RELATIONS WITH STAFF

The Company recognizes the centrality of human resources, committing itself to adequately and regularly assess, and to develop, the skills and competences of each employee through a training system and offering all workers the same opportunities without any discrimination in respect of specific skills.

No form of irregular work shall be tolerated.

The Company expects employees at all levels to work together to maintain a climate of mutual respect for the dignity, honor and reputation of each other.

The Company undertakes to provide its collaborators with suitable tools and opportunities for professional growth.

1. 1. STAFF SELECTION AND EMPLOYMENT RELATIONSHIP

Personnel are selected in accordance with the principle of equal opportunities and without discrimination with regard to the private life or opinions of candidates.  The selections are conducted in such a way that candidates are identified who correspond to the profiles necessary for the Company's needs, avoiding favoritism and preferential treatment of all kinds. Searching, selection, recruitment and career development depend only on objective assessments of the quality of work, without any discrimination.

The Company does not allow the conduct of non-contractual working relationships. Staff are hired under a regular employment contract and no form of irregular work or exploitation of child labor is tolerated. Staff are included in the Company structure exclusively on the basis of a regular employment or collaboration contract. No form of employment relationship which does not comply with or in any way circumvents the provisions in force is permitted.

The Company undertakes, in compliance with the provisions of the law in force on the subject, not to establish any employment relationship with persons without a residence permit and not to carry out any activity to facilitate the entrance or residence in Italy of illegal immigrants.

1. 2. DIVERSITY

The Company undertakes not to implement any form of discrimination, direct or indirect, of any kind in employment relationships and to promote positive action for equal opportunities, valuing the strength of diversity.

All RECIPIENTS, at all levels, are expected to work together to maintain a climate of mutual respect in the face of personal differences.

1. 3. HARASSMENT AT WORK

The Company endeavors to create a work environment that respects human dignity, in which the personal characteristics, beliefs or preferences of individuals cannot give rise to discrimination, undue constraints or acts detrimental to the person.

The Company requires that in internal and external work relations no one be placed in a state of subjection through violence, threat, deception, abuse of authority, prohibiting any situation used for one’s own advantage of a situation of physical or mental inferiority, or of a situation of need.

No harassment should occur in any working relationship.

The Company is required to prevent and if necessary to prosecute bullying and personal harassment of any type and therefore including sexual harassment.

1. 4. CONFLICT OF INTEREST

The RECIPIENTS ensure that every business decision is taken in the interest of the Company and must therefore avoid any situation of conflict of interest between personal and family financial activities and the jobs held in the Company that could affect their independence of judgment and choice.

If a RECIPIENT finds themself in a situation which, even potentially, may constitute or cause a conflict of interest, they must promptly report it to their hierarchical superior or where appropriate to the appropriate party, as the case may be, which may take further action.

1. 5. CORRECT USE OF COMPANY ASSETS

Each collaborator is responsible for the protection of the resources entrusted to them and has the duty to promptly inform the functions in charge of any threats or events harmful to the Company.

In particular, the collaborator must:

• operate with diligence to protect the integrity of the Company's assets, through responsible conduct and in line with the operating procedures established to regulate the use of the same.
• avoid improper use of Company assets for aims and purposes unrelated to one's duties and work, which may damage the image of the Company and cause damage or reduction in efficiency, or in any case be in conflict with the interests of the Company.
• obtain the necessary authorizations in case of use of the asset outside the Company environment.

The importance of information technology requires ensuring the availability, security, integrity and maximum efficiency of this particular category of goods.

Considering that the use of the Company's IT and telematic resources must always be inspired by the principles of diligence and correctness, attitudes which are intended to underlie any act or behavior carried out in the context of the employment relationship, it is considered useful to adopt further internal rules of conduct in the IT field, aimed at avoiding unwitting and/or incorrect behavior.

This in order to prevent Palazzo Grassi S.p.A. from being exposed to the risks of both financial and criminal involvement, while at the same time creating negative repercussions from the point of view of image and security, in the event that the IT tools supplied are used incorrectly or for illicit purposes. Among the objectives of determining a policy on the management of access to an IT system, there is also that of defining measures to prevent the dissemination of confidential data from which civil and criminal liability could arise.

The following indications and instructions are provided to all those "Company users" who, working with IT tools, are affected by the aforementioned measures. It should be noted that the Company Management is to be understood as the Financial Director and the Operations Director.

1. Management of Company IT systems
   1. All IT equipment, related programs and/or applications entrusted to corporate users are considered to be work tools and must therefore be:

1. properly guarded;
2. used only for professional purposes (obviously in relation to the tasks assigned) and not also for personal purposes, let alone for illegal purposes.
   2. It is not permitted to lend or transfer any IT equipment to third parties without the prior authorization of the Company Management.
   3. It is not allowed to remove the identification marks on the computer equipment.
   4. The obligation to promptly report the theft, damage or loss of such instruments to the Company Management is clearly established. In addition, in the event of theft or loss of any type of IT equipment, the user concerned, or whoever has received it, must report the fact to the Public Security Authority within 24 hours of the event and send the original of the report to the Information Systems Manager.
   5. It is absolutely forbidden to introduce and/or store in the Company (in paper or digital form and through the use of Company tools), for any purpose and for any reason, with any computer tool, in paper or digital form, documentation and/or computer material owned by third parties, whether or not confidential, without the express consent of the Company Management. It is understood that, in case of violation, personal civil and criminal liability of the employee shall be applicable and disciplinary sanctions by the Company shall be applied.
   6. It is absolutely forbidden to transfer outside the Company and/or transmit files, documents, or any other documentation, be it confidential or, in any case, owned by the Company, using any IT tool, in paper or digital form, except for purposes strictly related to the performance of one’s duties and, in any case, with the prior authorization of one’s Manager.
   7. It is absolutely forbidden to share on common areas (such as, but not limited to, network folders) or in any case to circulate internally, through any computer tool, in paper or digital form, documents and information not relevant to the duties/professional activities of both the RECIPIENT and the sender.
   8. It is not permitted to store on the Company IT System documents of an outrageous and/or discriminatory nature on the grounds of sex, language, religion, race, ethnic origin, opinion and trade union and/or political affiliation.
   9. Business documents may not be stored on unauthorized media (such as, but not limited to, portable memory and USB sticks).
   10. In the event of termination of the employment relationship for any reason, corporate users must return to the Corporate Management all IT equipment and work tools assigned to them in working order.
   11. At any time, the Company reserves the right to reorganize the IT equipment assigned to corporate users, to request its immediate return and/or to carry out checks on it in order to ensure its correct use.

2. Use of computer equipment

In compliance with the above and for the purposes set out in the introduction, acts or behaviors that conflict with the aforesaid indications are therefore to be avoided, such as, for example, those referred to below as an indication:

2. 1. In order to avoid significant damage caused by the introduction of computer viruses and altering the stability of the applications of the computer, it is permitted to install programs from outside only if expressly authorized by the Company Management.
   2. The installation and use of programs that are not authorized by the Company Management are not permitted, which will assess compliance with the obligations imposed by current regulations on the legal protection of software and copyright.
   3. It is not permitted to modify the configurations set up on the IT equipment without the prior authorization of the Company Management.
   4. The installation and/or connection to IT equipment of additional peripherals not authorized by Company Management is not permitted.
   5. It is not allowed to leave the assigned IT equipment unattended and/or accessible to others. During long absences, the PC/equipment lock function must be activated.
   6. It is not allowed to leave unattended and/or accessible to others any portable IT equipment (laptops, PDAs, mobile phones, etc..) during travel, transfers (e.g. airports, stations, etc.), or during absence from the Company (holidays, weekends, ...).
3. Passwords
   1. The passwords that allow access to the Company Network must be, with reference to the Security Measures imposed by Decree Law 196/2003, confidential; everyone therefore has the duty to ensure their secrecy.
   2. Passwords must not be disclosed to others, nor must labels and/or stickers with user-ids and/or passwords be displayed on the PC.
   3. Passwords must be at least 8 characters long, must not contain references easily traceable to the user, must be set on first access and changed at least every 6 months.
   4. The use of passwords of other corporate users is in no way permitted, not even for access to protected areas in the name and on behalf of the same, unless expressly authorized by the Company User Manager and the Privacy Controller.
4. Use of the corporate network
   1. The network units and the Workspace work area are strictly professional information sharing areas and cannot, in any way, be used for any other purpose. The Company reserves the right to modify the authorizations for access to the Company's network and related applications if the integrity of the Company's IT/information assets could be jeopardized, even if only potentially.
   2. Any file that is not related to the work activity cannot be located, even for short periods, on the Company's Information System and on the Information Technology Equipment.
   3. The access of each employee to any resource of the Company Information System (folders present in the Company network, shared areas, etc.) must be authorized by the relevant Manager according to the tasks assigned to each employee; each Company user must therefore use the Company network for purposes strictly related to the performance of his/her duties, in accordance with the content of the authorization.
   4. Each corporate user is required to safeguard the confidentiality of the data he or she processes, paying particular attention to shared data and any paper copies of electronic data, immediately removing the data once the operational need ceases; in particular, it is strongly recommended to password protect any document temporarily stored in transit areas accessible to all corporate users.
   5. At any time, the Company reserves the right to proceed with the removal of any file or application that it deems dangerous for the security of the system, or that was acquired and/or installed in violation of this Code of Ethics for Information Technology, in particular the Company reserves the right to delete data saved in transit areas common to all corporate users.
   6. It is not permitted to install and use software and/or hardware tools capable of intercepting conversations (in any form, telephone, text message, e-mail, etc.) and to falsify, alter or suppress the content of communications and/or Company IT documents.
   7. It is not permitted to connect PCs or other computer equipment not owned by the Company to the Company network, unless expressly authorized by the Company Management.
5. Use of the Internet and related services
   1. The Company provides access to the Internet through its own workstations, limited to corporate users who need it. The Internet connection must only be maintained for the time strictly necessary to carry out the activities that made the connection necessary. Therefore:

• it is not allowed to navigate on sites not related to the performance of the assigned tasks;
• it is not allowed to download and store unauthorized documents and in any case of an outrageous and/or discriminatory nature by reason of sex, language, religion, race, ethnic origin, opinion and union and/or political membership;
• it is not permitted to carry out any type of financial transaction, including remote banking operations, online purchases and the like, except in the cases provided for by the Company's purchasing procedures;
• it is not allowed to download any kind of software taken from Internet sites, unless expressly authorized by the Information Systems Manager;
• any form of registration to sites whose contents are not related to work is prohibited;
• the use and consultation of services such as forums, social networks, chatlines, newsgroups, bulletin boards or similar and guest book registrations, even using pseudonyms (nicknames), for non-professional reasons, is not permitted;
• it is not allowed to subscribe to forums, chatlines, blogs, newsletters or websites related to work with a Company e-mail address without specific and prior authorization of one’s Manager.
  2. In any case, everyone is directly responsible for the correct and lawful use of Company e-mail, as well as for the content of the statements and information transmitted.
  3. The only type of Internet connection allowed is via the Company network; therefore, different connections such as those using the telephone lines supplied are not authorized in the Company;
  4. At any time, the Company reserves the right to activate Internet surfing filters, preventing access to sites that are not relevant to work, considered dangerous or that could potentially lead to a violation of the Organization, Management and Control Model ("Model 231/2001") adopted by the Company.

6. Use of e-mail
   1. The Company provides, limited to corporate users who need it, a named and unique e-mail address. E-mail is also a working tool provided to carry out the activities related to the tasks assigned, so the address given to corporate users is personal but not private. Each person is directly responsible, disciplinarily and legally, for the content of his or her mailbox and the messages, from a disciplinary and legal point of view. However, it should be noted that:

• it is not permitted to use electronic mail, both internal and external, for reasons not related to the performance of the tasks assigned;
• it is not permitted to send or store messages, internal or external, of an outrageous and/or discriminatory nature on grounds of sex, language, religion, race, ethnic origin, opinion and trade union and/or political affiliation;
• any external communication, sent or received, may be shared and viewed within the Company;
• it is not allowed to use the e-mail of other corporate users to send communications in their own name or in the name of others, unless expressly authorized by the same; in the absence of the corporate user he/she has the obligation to activate, from the office or remotely, an automatic response message specifying "Out of Office", indicating the person to be contacted in case of emergency and their digital and/or telephone details. The "Out of Office” message must be activated for both internal senders and those external to the Company;
• each Department, in its capacity as a "Fiduciary”, may access the e-mail address of absent corporate users and view the necessary messages in accordance with the guarantees provided by the legislation on the protection of privacy.
  2. Individual mailboxes are created and assigned without any sharing and/or rules configured. Each corporate user is therefore responsible for any sharing and/or rules applied to their e-mail account.
  3. It is not allowed to create, consult or use private mailboxes.

 

 

7. Controls
   1. The Company reserves the right to periodically check, in accordance with the guarantees provided by the legislation on the protection of privacy and labor law, the Company's IT equipment assigned (including mobile phones), its use and the related programs and/or applications, in order to detect the presence of computer viruses and to ensure the integrity and security of the system, as well as its correct use and to counteract any conduct that could jeopardize the integrity of the Company's assets.
   2. The Company reserves the right to have specific, non-systematic controls on the use of electronic mail and the Internet, in accordance with the guarantees provided for by the legislation on the protection of privacy and labor law, through the analysis of aggregate data, in order to verify the correct use of services and to counter any conduct that could put the integrity of the Company's assets at risk.
   3. If an employee has been authorized to access certain information in the Company's IT system, this authorization must be considered strictly limited to the exercise of his or her duties in accordance with what is indicated in the authorization previously issued. The Company may carry out periodic, but not systematic, controls on the profiles of corporate users, in order to verify the methods of access to and management of corporate data, as well as the consistency between the tasks assigned, the profile assigned and the authorizations, identifying any conduct that could jeopardize the integrity of corporate assets.
   4. The data analyzed during these controls is not automatically or systematically associated with identified corporate users, but by its very nature could, through processing and association with other data, allow the identification of corporate users.
   5. If violations of the authorization profiles for access to Company data are discovered, the Company shall be entitled to take the appropriate measures to protect itself, such violations being a serious breach of the law and of the employment contract.
   6. The Internet data is used only to obtain statistical information on the use of the sites and to check periodically their correct use and is kept for a limited period of time.
   7. All the data in question could be used to ascertain responsibility in the event of computer crimes against the Company, as well as in the event of legal disputes.
   8. Any reports of violations of this IT Code of Ethics can be sent in accordance with the "Reporting Procedure" available on the website, using the forms prepared for reports of violations of the Organizational and Management Model pursuant to Decree Law no. 231/2001.

4. DATA PROCESSING AND CONFIDENTIALITY

Confidentiality is one of the fundamental values to be respected in the actual operations of the Company, as it contributes to the reputation of the Company itself.

Without prejudice to the relevant regulations, RECIPIENTS shall ensure the confidentiality of information to which they have had access or which they have processed in the performance of their work activities, even if such information is not specifically classified as confidential.

With reference to the protection of personal data, the RECIPIENTS are required to comply with the following criteria and principles:

• lawfulness and correctness of the treatment;
• limitation of the purpose of the processing, including the obligation to ensure that any further processing is not incompatible with the purposes of data collection;
• data minimization: i.e. data must be appropriate, relevant and limited to what is necessary for the purposes of the processing;
• transparency towards the parties to which the data refers, guaranteeing the Data Subject to whom the data refers easy access and comprehensibility of the information and communications relating to the purposes and methods of collecting, processing and using the data, including the mandatory or optional nature of providing the data;
• the adoption of appropriate technical and organizational security measures to ensure adequate security of the data from unauthorized or unlawful processing, as well as to ensure accurate custody and timely checks so as not to run the risk of its loss, destruction or accidental damage;
• accuracy, completeness, relevance and updating of data, including the timely deletion of data that is inaccurate with respect to the purposes of processing;
• relevance of the processing to the purposes declared and pursued, in the sense that the personal data will not be used for other purposes without the consent of the Data Subject, except in cases where the law does not require such consent;
• limitation of storage for no longer than is necessary for the purposes for which the processing was carried out;
• consultation allowed only to persons authorized to access and use the data and in accordance with their duties of office. It is therefore forbidden to gain unauthorized access to the data and to process it unlawfully or for purposes other than those for which it was collected;
• destruction of data where the reasons for its storage and use no longer apply, or where authorization for its processing is withdrawn.
• the disclosure of personal data to third parties may not be carried out without the consent of the person concerned, except in cases where the law does not require such consent;
• the right of the Data Subject to view the personal data and to request its correction.

RECIPIENTS are required to comply with these principles even after termination of employment.

The obligation of confidentiality of information is also imposed on persons with whom the Company has contractual or other relations, by means of specific contractual clauses or by requesting the signing of confidentiality agreements.

Similarly, the Company is committed to protecting information relating to its employees and third parties, avoiding any misuse of this information, to protect the privacy of those concerned.

Failure to comply with the obligation of confidentiality constitutes a serious breach if it involves disclosure or provides an opportunity for disclosure of confidential information relating to the Company's decision-making processes and activities.

Violation of the provisions contained in this Article may result, in addition to the application of disciplinary penalties, in further legal action against the collaborators involved.

5. ENVIRONMENTAL PROTECTION AND OCCUPATIONAL SAFETY

The Company recognizes occupational safety, the health of staff and third parties and the protection and safeguarding of the environment as being of fundamental importance in ensuring consistent and balanced growth.

Consequently, the Company undertakes to ensure safety and hygiene in the workplace as well as the protection of the environment, and to contribute to the sustainable development of the local area, including through the use of the best available technologies and the constant monitoring of Company processes. In this context, the Company also pursues excellence through staff training and the identification of industrial solutions with a lower environmental impact that are suitable for ensuring the efficiency and optimization of the use of plant and equipment, as well as preventing the risk of accidents.

The RECIPIENTS of the rules of this Code of Ethics participate, within the scope of their jobs, in the process of preventing risks and protecting the environment, as well as the health and safety of themselves, their colleagues and third parties.

4. DISCIPLINARY SYSTEM

The principles expressed in this Code of Ethics are an integral part of the conditions governing employment relationships within the Company. Any violations of the Code of Ethics will give rise to the application of sanctions against the employees, Directors and Statutory Auditors of the Company, including the application of the disciplinary system specifically adopted by the Company in accordance with Decree Law 231/01.

For collaborators, consultants and suppliers, failure to comply with the precepts contained in this Code may result in termination of the contract.

Any violation of the principles and provisions contained in this Code of Ethics by the Recipients must be promptly reported to the hierarchical superior, who must promptly inform the Supervisory Body.

The procedure for the application and imposition of disciplinary sanctions is defined in the Organization, Management and Control Model and in the framework of the principles established by Law no. 300/1970 (Workers’ Charter).

5. OBSERVANCE OF THE CODE OF ETHICS

Compliance with the provisions of the Code of Ethics must be considered an essential part of the contractual obligations of employees and of those assumed by non-employee collaborators and/or persons having business relations with the Company.

1. 1. REPORTING BREACHES

In order to ensure the effective application of the Code of Ethics, the Company requires all those who become aware of any cases of non-compliance with the Code within the Company to make a report on such.

Employees must report any violations or suspected violations to their direct superior, or, in cases where the employee's report to their superior is not effective or appropriate, they must contact the CEO, and in any case the Supervisory Board.

The Supervisory Board is required to promptly check the information transmitted in a timely and careful manner and, once it has ascertained that the report is well-founded, to submit the case to the competent Company department for the application of any disciplinary penalties or for the activation of contractual termination mechanisms. The Supervisory Board may convene and hear the person making the report and any other persons involved, if necessary consulting the top management of the Company (Chairman).

For persons outside the Company, reports must be sent directly to the Supervisory Board.

Reports to the Supervisory Board must be made in writing through the following channels:

• dedicated PEC (certified e-mail) mailbox (preferred channel), at the address of the Supervisory Board of Palazzo Grassi S.p.A. odv.palazzograssi@legalmail.it;
• confidential letter addressed to the Supervisory Board of Palazzo Grassi S.p.A. based at "San Samuele, 3231 - 30124 Venezia".

With reference to the notification of a violation or attempted violation of the rules contained in the Code of Ethics, the Company will ensure that no one in the workplace can suffer retaliation, unlawful constraints, inconvenience and discrimination for having reported the violation of the contents of the Code of Ethics or the internal procedures.

Any form of retaliation against anyone who has reported possible violations of the Code in good faith is also a violation of the Code of Ethics. In addition, the conduct of those who accuse other employees of violating the Code of Ethics, with the knowledge that such violation does not exist, shall be considered a violation of the Code of Ethics.