The SMI Group has adopted a corporate governance structure that is aimed at sustainable and long-lasting development and is based on control processes optimization and on risk prevention and management, by paying particular attention to transparency and protection of the stakeholders' rights and interests.
The institutions and subjects that are involved in the control system and are looking for continuous improvements of the system efficiency can be divided into:
Institutional bodies: include the addressing institutions (Board of Directors, President and CEO) that define the guidelines of the control system and the supervisory bodies (Board of Auditors, Auditor and supervisory bodies) that deal with the control system monitoring and assessment
Subjects operating on the second level: these subjects ensure the compliance with specific procedures and define rules applied to all staff members of the SMI Group (managers, persons in charge, privacy controller, etc)
Subjects operating on the first level: include all those who manage the risks of their own work activities and implement the established procedures, that is all employees of the SMI Group
The definition of the procedures of the control system and the risk management is based on the principles contained in the following documents:
SMI Group's code of ethics: identifies the moral and social responsibilities (both outwards and inwards) and the values embraced by the company, thus representing a full-fledged tool that manages the ethical conduct of the SMI Group's employees, as well as of those who have relations of all kinds with the companies
231 organization model: it is a management system put in place by the company which includes all procedures and activities aimed at preventing the commission of crimes against the public administration, cybercrimes, organized crimes, crimes against industry and trade, corporate crimes, crimes on market abuse, crimes on safety and health on the working environment, crimes on fencing, laundering and use of money, goods and benefits from an unlawful origin and self-laundering, crimes on copyright violation, on inducement not to make statements or to make false statements to the judicial authorities, crimes on environment, on illegal employment of illegally staying third-country nationals and crimes against individual personality. Dubious situations can be notified at the email address ODV@smigroup.net
Corporate social responsibility: is based on the defense of human rights, protection of labour standards, environmental protection and fight against corruption, as stated in the ten principles of the United Nations' Global Compact
Quality-Environment-Safety integrated management system in compliance with ISO9001, ISO14001 and ISO45001 regulations
European Regulation 679/2016 (GDPR), regarding the protection of personal data that has recently been applied to the whistleblowing regulation, for the protection of subjects who report unlawful conduct
The European Regulation 679/2016 (GDPR) on the protection of personal data has been fully applicable since May 25th, 2018. This is an important goal, because it lays down rules relating to the processing of personal data for all Countries within the Union. Every company of the SMI Group planned a series of activities, assets or operational modes to comply with the regulation and put into practice the protection of personal data. Here is a list of actions taken to comply with the European Regulation and our policy on personal data processing.
Lawfulness of processing
All activities relating to personal data processing shall be lawful (consent, contract obligations, vital interests of the data subject or of third parties, compliance with legal obligations to which the controller is subject, public interest or exercise of official authority, legitimate interest pursued by the controller or by third parties).
Information document
The information statement has been improved and updated to the new regulations (art. 13 and 14 GDPR).
Rights of the data subjects (right of access, right to erasure-right to be forgotten, right to restriction of processing, right to object, right to data portability)
Technical and organization measures have been adopted to ensure the data subject's exercise of his rights and to meet the data subject requirements.
Controllers, processors
Based on the new principle of “accountability”, SMI Group organization was re-defined, in order to proactively ensure integral compliance with the Regulation.
Redefinition of the role of data processors and service suppliers whose activity implies personal data processing.
Risk of data processing; accountability measures taken by controllers and processors (Impact assessment, record of processing activities, security of processing, data breach)
The “Conformity document”, including records of data processing activity, plans, adopts and demonstrates all technical and organizational measures taken to adequately perform the data processing activities and specifies the necessary procedures to be adopted to notify data breach.
Transfer of personal data to international organizations
Smi Group adheres to the general principles and guarantees concerning the transfer of personal data to third Countries.
The Controller is:
SMI S.p.A.
Head office: Via Carlo Ceresa, 10 - 24015 San Giovanni Bianco (BG) - ITALIA
P.I.: 04471940165 - C.F.: 03942700166 - R.E.A.: 421708
For further information, write to: privacy@smigroup.net
According to the European Regulation 679/2016, the data subject is entitled to exercise the rights set forth in the Regulation.
The integral version of art. 15; 16; 17; 18; 20; 21; 77 of the European Regulation is attached to this document.
In order to exercise your rights, please send the application form duly filled in to the Controller's address.
SMI S.p.A.
IVA SMI INDUSTRIES Group
Headquarters: Via Carlo Ceresa, 10 - 24015 San Giovanni Bianco (BG) - ITALIA
Registered office: Via Monte Grappa, 7 - 24121 Bergamo (BG) - ITALIA
VAT: 04471940165 - TAX code: 03942700166 - R.E.A.: 421708
Share capital: Euro 5.000.000 i.v.