Date post: | 15-Mar-2018 |
Category: |
Documents |
Upload: | truongtruc |
View: | 216 times |
Download: | 1 times |
Confidentiality grade: C1 English Version
ABSTRACT OF THE PRINCIPLES OF THE
ORGANIZATIONAL MANAGEMENT AND
CONTROL MODEL – Frame of reference
Pursuant to Legislative Decree no. 231 of June, 2001
Vodafone Omnitel N.V. A vodafone Group Plc Company.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 2 of 41
Vodafone Omnitel N.V. Member of the Vodafone Group PLC Registered office: Amsterdam (Netherlands) Administrative offices: Via Jervis 13, 10015 Ivrea (TO) Italy Corporate headquarter: via Caboto 15, 20094 Corsico (MI) Italy Legal information: Tax Code and Company Register of Turin No.: 93026890017 VAT Registration No.: 08539010010 REA: 974956 Share capital: e2,305,099,887.30 fully paid up www.vodafone.it
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 3 of 41
CONTENTS
ORGANIZATIONAL MANAGEMENT AND CONTROL MODEL – Frame of reference................. 1
BACKGROUND ..................................................................................................................................... 6
CHAPTER 1 – REGULATORY FRAMEWORK .................................................................................. 7
1.1 Criminal Offences.................................................................................................................... 7
1.2 Offenders: parties acting of their own accord and persons under the influence of others....... 9
1.3 Sanctions .................................................................................................................................. 9
1.4 Requirements for the Relief an Entity's Responsibility ......................................................... 10
CHAPTER 2 – ORGANISATIONAL, MANAGEMENT AND CONTROL MODEL....................... 11
2.1 The Vodafone Model ............................................................................................................. 11
2.2 Key Elements of the Model ................................................................................................... 11
CHAPTER 3 – SUPERVISORY BODY............................................................................................... 13
3.1 The Vodafone Supervisory Body........................................................................................... 13
3.2 Appointment .......................................................................................................................... 13
3.3 Duties and Powers of the Supervisory Body ......................................................................... 14
3.4 Required Reporting to the Supervisory Body - Information Flows....................................... 17
3.5 Gathering and Archiving of Information ............................................................................... 19
3.6 Supervisory Body’s Reporting to other Corporate Bodies .................................................... 19
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 4 of 41
CHAPTER 4 – DISCIPLINARY SYSTEM.......................................................................................... 20
4.1 Function of the Disciplinary System...................................................................................... 20
4.2 Measures Against Employees................................................................................................ 20
4.3 Infringements of the Model and Related Sanctions............................................................... 22
4.4 Measures against Directors .................................................................................................... 25
4.5 Measures against Statutory Auditors ..................................................................................... 25
4.6 Measures against Commercial Partners, Agents, Consultants and Other External Parties ... 25
CHAPTER 5 – TRAINING AND COMMUNICATIONS ................................................................... 27
5.1 Introduction............................................................................................................................ 27
5.2 Employees.............................................................................................................................. 28
5.3 Other Target Groups .............................................................................................................. 28
SPECIAL PART 1 – SENSITIVE ACTIVITIES HAVING REGARD TO CRIMINAL OFFENCES
RELATING TO THE PUBLIC ADMINISTRATION.......................................................................... 29
SPECIAL PART 2 – SENSITIVE ACTIVITIES RELATING TO CORPORATE CRIMES.............. 33
SPECIAL PART 3 – SENSITIVE ACTIVITIES HAVING REGARD TO CRIMES AGAINST
INDIVIDUALS....................................................................................................................................... 34
SPECIAL PART 4 - SENSITIVE ACTIVITIES HAVING REGARD TO HEALTH AND SAFETY
CRIMES (Involuntary manslaughter and serious involuntary injury at workplaces due to infringement
of Laws and regulations governing workplace health and safety)........................................................ 35
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 5 of 41
SPECIAL PART 5 – SENSITIVE ACTIVITIES HAVING REGARD TO RECEIVING STOLEN GOODS,
MONEY LAUNDERING,, USE OF ILLICIT CAPITAL, GOODS AND UTILITIES............................. 37
SPECIAL PART 6 – SENSTIVIE ACTIVITIES HAVING REGARD TO CYBER CRIMES................... 38
SPECIAL PART 7 – SENSITIVE ACTIVITIES HAVING REGARD TO ORGANIZED CRIMINALITY
CRIMES................................................................................................................................................. 39
SPECIAL PART 8 - SENSITIVE ACTIVITIES HAVING REGARD TO CRIMES OF FAKING MONEY,
PUBLIC CREDIT CARDS, REVENUE STAMP AND DISTINGUISHING TOOLS/MARKS,.............. 40
SPECIAL PART 9 – SENSITIVE ACTIVTIES HAVING REGARD TO CRIMES AGAINST INDUSTRY
AND COMMERCE (BREACH OF OTHER PATENTS AND INTELLECTUAL PROPERTY RIGHTS)
................................................................................................................................................................ 40
SPECIAL PART 10 – SENSITIVE ACTIVITIES HAVING REGARD TO COPYRIGHTS CRIMES...... 41
SPECIAL PART 11 - INFLUENCE NOT TO DECLARE OR PROVIDE FALSE DECLARATION
TOWARDS CIVIL COURT.................................................................................................................... 41
English Version 2.0 dated 16 March 2010 Replaces previous version dated 16 February
2006
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 6 of 41
BACKGROUND
Legislative Decree no. 231 (also, the “Decree”) was approved on 8 June 2001 and became effective on
4 July of this year. The purpose of the Decree was to modify Italian legislation concerning the
responsibility of legal persons to conform with certain international conventions to which Italy has
been a party for some time.1 The Decree, entitled “Law on the Administrative Responsibility of Legal
Persons, Companies and Associations With or Without Legal Personality", introduced the concept of
an entity’s (e.g., of a company’s, consortium’s, etc.) administrative responsibility (primarily relating to
criminal responsibility) for the consequences of criminal acts.
Pursuant to that law, a company may be held liable for certain criminal offences, which directors or
employees committed or attempted to commit, on behalf of or benefiting that company which could be
subject to fines and, in more serious cases, prohibitory injunctions and the publication of the judgment
(para. 1.3). That responsibility is additional to the responsibility of the natural person who actually
committed the act. Broadening the scope of responsibility is intended also to subject Entities
benefiting from criminal acts to punishment for the relevant criminal offences.
The Decree also provides for the possibility of companies adopting models of organisation,
management and control designed to prevent criminal offences to be relieved of such responsibility. It
is possible for such models to be based on Confindustria’s code of conduct (guidelines).
In its meeting of 15 November 2005, the Board of Directors of Vodafone Omnitel NV approved a
“Code of Ethics” and an “Organisational, Management and Control Model” pursuant to Legislative
Decree no. 231 of 8 June 2001 in conformity with art. 11 of Law no. 300 of 29 September 2000.
1 See the Brussels Convention of 26 July 1995 on the Protection of the European Communities’ Financial Interests, the
Brussels Convention of 26 May 1997 on the Fight against Corruption involving Officials of the European Communities or
Officials of Member States or Officials of the Member States of the European Union and the OECD Convention of 17
December 1997 on Combating Bribery of Foreign Public Officials in International Business Transactions.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 7 of 41
Subsequently, at its meetings of 6 November 2007, 13 March 2008, 13 November 2008 and 16 March
2010, the Board of Directors of Vodafone Omnitel N.V. approved the addition of new Special Parts to
the Organisational Model as part of the ongoing monitoring of adequacy and updating of the Model.
This is done to keep pace with changes in legislation over time and to incorporate further criminal
offences to which Vodafone's operations are exposed. The Model now consists of 11 Special Parts.
This document, “Principles of Model 231”, was prepared by the Supervisory Body of Vodafone
Omnitel NV.
CHAPTER 1 – REGULATORY FRAMEWORK
1.1 Criminal Offences
Pursuant to Legislative Decree no. 231/2001, an entity may be held responsible for the criminal
offences cited in sections 24, 25, 25-bis, 25-ter, 25-quater,25-quinquies and 25-sexies of Legislative
Decree no. 231/2001, if committed on its behalf or for its benefit by the parties cited in art. 5 (1) of the
Decree.
For explanatory purposes, it is possible to classify the criminal offences cited in the Decree into the
following categories:
– crimes against the public administration (such as corruption, misappropriation to the detriment of
the State, fraud to the detriment of the State and computer fraud to the detriment of the State
pursuant to arts. 24 and 25 of Legislative Decree no. 231/2001);
– crimes against the public faith (such as counterfeiting currency, government securities and stamps
pursuant to art. 25 bis of the Decree);
– corporate crimes (such as false corporate notices, false information in prospectuses, unlawful
influence on shareholders’ meetings, pursuant to art. 25 ter of the Decree);
– crimes aimed to terrorism acts and democracy subversion (pursuant to art. 25 quater of the
Decree);
– crimes against individuals (such as child prostitution, child pornography, trafficking in human
beings, enslavement and keeping slaves, pursuant to art. 25 quinquies of the Decree)
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 8 of 41
– market abuse pursuant to art. 25 sexies of Legislative Decree 231/2001;
– life and personal safety endangering offences (art. 25-quater.1);
– cross-border crimes;
– negligent violation of health and safety regulations. Art. 25-septies establishes administrative
responsibility for those criminal offences pursuant to article 589 and the third paragraph of article
590 of the Penal Code (culpable homicide, negligent injury and grievous bodily harm) committed
by infringing health and safety at the workplace regulations;
– receiving and handling stolen goods, money laundering,, use of illicit capital, goods and utilities
handling. Art. 25-octies of the Decree has also extended an entity's responsibility to include those
offences pursuant to arts. 648, 648-bis and 648-ter of the Italian Penal Code;
– cyber crimes and unlawful data processing. Art. 24-bis of the Decree has also extended an entity's
responsibility to include certain cyber crimes and unlawful data processing;
– organised criminality crimes pursuant to art. 24-ter of the Decree, as added by Law 94 of 15 July
20092;
– crimes against industry and commerce pursuant to art. 25-bis.1 of the Decree, as added by Law 99
of 15 July 20093;
– infringements of copyright crimes pursuant to art. 25-novies of the Decree, also as added by Law
99 of 15 July 2009;
– influence not to declare or provide false declaration towards civil court pursuant to art. 25-novies,
as added by Law 116 of 3 August 2009 citing art. 377-bis of the Italian Penal Code.
2 Article 24-ter establishes an entity's responsibility for those offences pursuant to articles 416, (criminal conspiracy), 416-bis (Italian and international Mafia-related criminal conspiracy), 416-ter (political-Mafia collusion), art. 630 (kidnapping for the purposes of extortion) of the Italian Penal Code; article 74 of Presidential Decree 309 of 9 October 1990 (conspiracy for trafficking in drugs or hallucinogenics) in addition to the criminal manufacture, sale, transfer, possession or carrying in a public or open place of arms or similar or parts thereof, explosives, concealed arms as well as common guns pursuant to art. 407, paragraph 2, letter a, number 5 of the Italian Code of Penal Procedure and for those criminal offences in the method pursuant to art. 416-bis of the Italian Penal Code, or in order to aid and abet such offences pursuant to the same article.
3 The article extends an entity's responsibility to those offences pursuant to arts. 513 (distortion of free industrial and commercial competition), 513-bis (unlawful competition through threats or violence), 514 (fraud against Italian companies), 515 (fraudulent business activities), 516 (sale of non-genuine food products as genuine), 517 (deceitful sale of industrial products), 517-ter (manufacture and trading in goods belonging to another industrial entity) and 517-quater (counterfeiting certificates and designation of origin for agricultural goods) of the Italian Penal Code.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 9 of 41
Responsibility pursuant to the Decree may also relate to criminal offences committed outside Italy, to
the extent that penal action is not taken in the country in which such offences are committed.
1.2 Offenders: parties acting of their own accord and persons under the influence of others
Pursuant to the Decree, companies are responsible for offences committed on their behalf or to their
benefit:
– by “persons representing, administering or managing the entity or one of its organisational units,
which are financially and functionally autonomous, as well as by persons who exercise de jure or
de facto control of the entity” (“persons in apical positions” or “apicals”; art. 5 (1), letter a) of the
Decree);
– persons under the influence or supervision of a party in an apical position ("persons under the
influence of others"; art. 5 (1), letter b) of the Decree).
The Decree expressly states (art. 5 (2) of the Decree), that companies are not responsible for acts
committed by a person acting exclusively on his or her own behalf or on behalf of third parties.
1.3 Penalties
The Decree provides for the application of the following penalties against companies in consequence
of the commission of or attempt to commit the above-mentioned offences:
– a maximum fine of €1,549,370.69 (and preventive attachment);
– prohibitory injunctions (disciplinary): for a specified period (for a minimum of 3 months up to a
maximum of two years, or permanent in case of multiple offences):
– confiscation/profit forfeiture (and judicial cautionary attachment);
– publication of the conviction (for prohibitory injunctions).
Prohibitory injunctions relating to more serious offences may specifically include:
– disqualification from business activities;
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 10 of 41
– suspension and revocation of authorizations, licenses and concessions relevant to the commission
of the offence;
– prohibition on entering into contracts with the public administration, unless done so in order to
obtain a public service;
– exclusion from benefits, loans, contributions or subsidies and possible cancellation/revocation of
those already granted;
– prohibition to advertise goods or services.
1.4 Necessary conditions to avoid Corporate Criminal Liability
The Decree states that the company will not be indicted if it proves that:
a) prior to the commission of the offence, it preemptively adopted, efficiently implemented and
regularly updated an organizational and management model that is adequate to identify and
prevent crimes of the same type of the type committed;
b) it formally appoints and delegates to an independent Supervisory Body (“Organismo di
Vigilanza”) – vested with powers to act on its own initiative and conduct monitoring and
controls - the task to oversee the compliance of the model adopted and monitor the
implementation, adequacy and effectiveness of the model to ensure it’s regularly update;
c) the persons committed the offence by fraudulently circumventing the organisational and
management model;
d) there has been no omission or insufficient oversight on the part of the organisation referred to
in subparagraph b)..
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 11 of 41
CHAPTER 2 – ORGANISATIONAL, MANAGEMENT AND CONTROL MODEL
2.1 The Vodafone Model
In order to assure the propriety and transparency of sensitive activities, Vodafone Omnitel NV
considers it necessary to adopt an organisational, management and control model (the “Model”) in
accordance with the requirements of the Decree and the contents of this document. For that purpose,
Vodafone Omnitel NV has developed a specific plan divided into the following phases:
1. identification/analysis of the company’s own specific, sensitive activities (“As Is
Analysis”);
2. performance of gap analyses;
3. preparation of a Code of Ethics and the Vodafone Model.
2.2 Key Elements of the Model
Vodafone Omnitel NV’s Board of Directors, meeting on 15 November 2005, approved an
Organisational, Management and Control Model in conformity with Legislative Decree no. 231/01.
Subsequently, at its meetings of 6 November 2007, 13 March 2008, 13 November 2008 and 16 March
2010, the Board of Directors of Vodafone Omnitel N.V. approved the addition of new Special Parts to
the Organisational Model as part of the on-going revision of the Model. This is done to keep pace with
changes in legislation over time and to incorporate further criminal offences to which Vodafone's
operations are exposed. The Model now consists of 11 Special Parts.
The Model will consist of standards of conduct (as specified in the Code of Ethics), principles/rules,
organisational instructions/notices, procedures/policies, for the implementation and due management
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 12 of 41
of the control and monitoring of sensitive activities so as to prevent the commission of or attempts to
commit the criminal offences set out in the Decree.
The Model, in compliance with the provisions of the Decree:
– identifies the activities which could give rise to the commission of offences, see also the Special
Parts;
– provides for specific protocols (controls) for the purposes of formulating and implementing
company decisions relating to the prevention of criminal offences;
– specifies a suitable manner to manage human resources in order to prevent the commission of
offences;
– requires information to be provided to the body supervising the functioning of and compliance
with the Model;
– introduces disciplinary measures with respect to non-compliance with the Model.
The duties of the Supervisory Body shall be the implementation, updating and, where necessary,
amendment of the Model based on principles contained in this document. The organisational
instruments (e.g., procedures/policies, organisational instructions/notices) necessary for the
implementation, updating and amendment of the Model shall be issued by the competent corporate
management bodies.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 13 of 41
CHAPTER 3 – SUPERVISORY BODY
3.1 The Vodafone Supervisory Body
Vodafone’s Board of Directors has created an Internal Supervisory Body (the “Supervisory Body”) as
a multi-member, collective body consisting of the Internal Audit Manager, the Chairman of the Board
of Directors, - non-executive, in that not in possession of operating powers, and independent – and the
Chairman of the Board of Statutory Auditors.
The Supervisory Body shall define and conduct its activities in a collective manner and has been
granted "autonomous powers of initiation and control" in accordance with art. 6 (1) letter b) of
Legislative Decree no. 231/2001. The Supervisory Body shall specifically have:
– the resources needed to conduct its affairs;
– the ability to make enquiries and/or to avail itself of other parties in possession of the necessary,
purely technical skills.
3.2 Appointment
Appointment to Vodafone’s Supervisory Body is by resolution of the Board of Directors. The
members of the Supervisory Body shall be appointed until the dissolution of the Board of Directors
appointing the Supervisory Body or for a period of three years, whichever is shorter, and shall be
eligible for reappointment. The Supervisory Body shall be dissolved on the date of the Shareholders'
Meeting convened to approve the financial statements for the last year of the Supervisory Body’s term
of office, but shall, however, continue to function ad interim until new members are appointed to the
Supervisory Body.
The appointment of members to the Supervisory Body shall be conditional on - in addition to the
requirements relating to the membership of the Internal Audit Manager or Chairman of the Body of
Directors, non-executive and independent, or Chairman of the Body of Statutory Auditors – the
possession of the requirements for eligibility.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 14 of 41
In order to assure the necessary stability of the Supervisory Body, the following procedures are
required to revoke the powers of Body members.
In the event that an individual who has been appointed ceases, for any of the cited reasons, to be
eligible, such appointment shall be automatically terminated.
If, during any one year, one or more vacancies occur on the Supervisory Body, the Board of Directors
shall replace the terminated members by resolution and in consultation with the Board of Statutory
Auditors and make the corresponding amendments to the Model. The term of office of a member of
the Supervisory Body, so appointed, shall be coterminous with the term of office of the member who
has been replaced.
Any revocation of powers relating to the Supervisory Body and the granting of such powers to another
individual may only be for good cause, which shall include organisational restructuring of the
Company, by express resolution of the Board of Directors and with the consent of the Board of
Statutory Auditors, in consultation with the Audit Committee.
In matters of particularly grave concern, the Board of Directors may, however, in consultation with the
Board of Statutory Auditors, suspend the powers of the Supervisory Body and appoint an ad interim
Body.
3.3 Duties and Powers of the Supervisory Body
The activities of the Supervisory Body shall not be subject to review by any other of the Company’s
entities or units, subject, however, to the fact that the Board of Directors, as the entity ultimately
responsible for the Model’s proper implementation and effectiveness, has a continuing obligation to
oversee the proper performance of the Body’s duties.
The powers of initiation and control, required to assure effective and efficient oversight of the proper
implementation of and compliance with the Model pursuant to art. 6 of the Decree, shall be delegated
to the Supervisory Body.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 15 of 41
In order to assure the performance and exercise of its functions, the duties and powers of the
Supervisory Body shall specifically include the following:
– verification that the Model is sufficiently adequate to prevent the commission of the criminal
offences set out in the Decree and the ability of the Model to detect the occurrence of any unlawful
conduct;
– verification of the Model’s efficiency and effectiveness including the compliance of procedures
actually used with the Model's formal requirements;
– verification of the Model’s continuing efficiency and effectiveness over time;
– monitoring, development and facilitation of the regular updating of the Model, formulating, where
necessary, proposals to the management body of any updates and amendments to be made by
modifying or supplementing the Model as may become necessary as a result of: i) serious
infringements of the Model’s requirements; ii) major changes to the Company’s internal structure
and/or operating methods; iii) changes in laws and regulations;
– provision for the periodic updating of the system of identifying, mapping and classifying sensitive
activities;
– staying in continual contact with the firm of auditors, while safeguarding their required level of
independence, and with all other consultants and employees engaged in the effective
implementation of the Model;
– noting any changes in conduct that are discovered in the analysis of information and reports
required to be provided by the managers of the various functions;
– reporting the ascertainment of any infringements of the Model, which could result in the
assumption of responsibility by the Company, to the management body in order for appropriate
action to be taken;
– preparation of reports for and assurance that relevant information is provided to the Board of
Directors and the Board of Statutory Auditors;
– guaranteeing the proper functioning of the Supervisory Body, including the adoption of rules
having regard to its own activities providing for: the timing of activities, the specification of the
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 16 of 41
timing of controls, the definition of analytical criteria and procedures, the minuting of meetings,
the regulation of information flows from organisational units within the Company;
– the facilitation and specification of action to assure the dissemination and understanding of the
Model, as well as the training of personnel and development of their awareness of the need for
compliance with the principles contained therein;
– the facilitation and preparation of publicity and training sessions having regard to the provisions of
Legislative Decree no. 231/2001, the impact of that law on corporate operations and standards of
conduct;
– provision of clarifications relating to the meaning and application of the Model's requirements;
– establishment of effective internal reporting procedures for information relating to the Decree in
such a manner as to protect and guarantee confidentiality of the identity of the party reporting such
information;
– the estimation and submission to the management body of the estimated costs for the proper
performance of the Supervisory Body’s duties. Such estimated costs shall, in all cases, be the
maximum amount required to assure the full and proper performance of the Supervisory Board's
duties;
– free access to all divisions and units of the Company – with no requirement for prior consent – in
order to request and obtain information, documentation and data, considered necessary for the
performance of the duties required by the Decree, from all employees and directors;
– obtaining information relating to the Company’s external workers, consultants, agents and
representatives;
– the facilitation of the institution of any disciplinary action and the recommendation of sanctions
pursuant to Chapter 5 of the Model;
– verification and assessment of the suitability of disciplinary measures within the meaning and for
the purposes of the Decree;
– in the event of controls, investigations, requests for information by competent authorities for the
purposes of determining compliance of the Model with the requirements of the Decree, the
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 17 of 41
monitoring of contacts with the individuals conducting such activities and providing such
individuals with sufficient information.
Vodafone’s Board of Directors shall provide sufficient notice to corporate units with respect to the
duties and powers of the Supervisory Body.
3.4 Required Reporting to the Supervisory Body - Information Flows
The Supervisory Body shall be promptly informed, through special internal reporting procedures, of
such acts, conduct or events that could cause an infringement of the Model or which, more generally,
are relevant for the purposes of the Decree.
The obligation to report any conduct contrary to the Model’s requirements are a part of the broader
duty of diligence and obligation of loyalty pursuant to arts. 2140 and 2105 of the Italian Civil Code.
The due fulfilment of the reporting obligation by the employee may not result in disciplinary action.
The following provisions of a general nature shall be applicable in this regard:
– information regarding the following shall be obtained:
– i) the commission, or reasonable risk thereof, of criminal offences cited in the Decree; ii)
“practices” which are not in accordance with standards of conduct required by the Company; iii)
any conduct that could cause an infringement of the Model;
– an employee intending to report an infringement (or suspected infringement) of the Model may
contact his or her direct superior or, if action is not taken with respect to such reports or the
employee does not feel it appropriate to give such information to his or her direct superior, the
report may be made directly to the Supervisory Body;
– in order for the above reports to be handled in the most efficient manner, a detailed procedure has
been specified and described in the Code of Ethics, which will be made known to all Company
employees;
– the Supervisory Body shall have discretionary powers relating to reports in its possession, the
assessment thereof and instances for which it is necessary to take action.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 18 of 41
It shall be guaranteed to those persons making reports in good faith, that they will not be subject to any
form of retaliation, discrimination or punishment and it is in all cases assured that the identity of the
person making the report shall be kept confidential subject to legal requirements and the rights of the
Company or of persons accused in error or in bad faith.
In addition to reports of infringements of a general nature as described above, Company employees
working in sensitive areas shall report to the Supervisory Body on: i) the results of periodic controls
made by such employees in implementation of the Model (summary reports of the performance of
controls, monitoring, indications, etc.); ii) unusual or atypical items (action which is irrelevant on its
own, may become relevant if repeated or the area in which it is committed is broadened).
Purely by way of example, such information may relate to:
– matters perceived to be “at risk” (e.g., decisions relating to the application for, disbursement of and
use of public funds; summarized information relating to government contracts obtained in
connection with Italian or international tenders; information relating to orders from government
entities; etc.);
– any actions by and/or information received from criminal investigation units or from any other
authority inferring that an investigation is underway, including investigations of unknown persons,
for the criminal offences set out in the Decree and which could involve the Company;
– requests for legal assistance made by employees in the event of the institution of legal proceedings
against such employees and relating to the criminal offences set out in the Decree, unless expressly
prohibited by the judicial authorities;
– reports prepared by the managers of other corporate units in connection with their own controls
which reveal facts, acts, events or omissions of a critical nature with respect to compliance with
the standards and requirements of the Model;
– information relating to any disciplinary action and any sanctions applied (including proceedings
against employees) or of any dismissal of such proceedings together with the relevant reasons;
– any other information which, although not included in the above list, could be relevant to proper
and full oversight and updating of the Model.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 19 of 41
3.5 Gathering and Archiving of Information
All information and reports required by the Model shall be kept by the Supervisory Body in special
files (electronic or paper).
3.6 Supervisory Body’s Reporting to other Corporate Bodies
Functionally, the Supervisory Body shall report to the Audit Committee.
The Supervisory Body shall report matters relating to the Model’s implementation, findings of a
critical nature and the need for modifications.
There are two distinct reporting lines:
– the first, on a continuing basis, is to the Audit Committee and the Chief Executive Officer;
– the second, on a periodic basis of at least every six months, is to the Board of Directors in the
presence of the Board of Statutory Auditors.
Any meetings of the Supervisory Body with corporate bodies shall be documented.
The Supervisory Body shall be responsible for keeping records of such meetings on file.
The Supervisory Body shall prepare:
i) a quarterly report to the Audit Committee containing information relating to its activities;
ii) an annual report to be presented to the Board of Directors, Audit Committee and Board of
Statutory Auditors, summarizing activities during the past year and a plan for the activities for
the following year;
iii) immediate notification to the Board of Directors and the Audit Committee of the occurrence of
any extraordinary matters (e.g., serious infringements of the Model’s principles, new legislation
relating to the administrative responsibility of entities, material modifications to the Company’s
organisational structure, etc.) and, in the event that reports of an urgent nature are received.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 20 of 41
CHAPTER 4 – DISCIPLINARY SYSTEM
4.1 Function of the Disciplinary System
Art. 6 (2), letter e) and art. 7 (4) letter b) of Legislative Decree no. 231/2001 recommend that the
effective implementation of an organisational, management and control model requires the
establishment of a system suitable to discipline non-compliance with the model. The creation of an
adequate disciplinary system is, therefore, a necessary condition for the organisational, management
and control model, pursuant to Legislative Decree no. 231/2001 to relieve entities of administrative
responsibility.
The sanctions entailed in the disciplinary system shall be applied to each instance of an infringement
of the Model’s requirements regardless of the institution and findings of any penal proceedings by the
judicial authorities for censured conduct entailing elements of those criminal offences set out in the
Decree.
4.2 Measures Against Employees
The obligation of Vodafone employees to comply with the Model's provisions and rules of conduct is
established by art. 2104 (2) of the Italian Civil Code of which the Model is a substantive and integral
part.
All infringements of the Model’s provisions and rules of conduct by Vodafone employees, who are
parties to the National Collective Employment Contract for employees of enterprises providing
telecommunications services (Contratto Collettivo Nazionale di Lavoro per il personale dipendente da
imprese esercenti servizi di telecomunicazione or "CCNL”), shall be subject to disciplinary action.
The Model’s requirements and the sanctions that become applicable in the event of non-compliance,
shall, in accordance with the disciplinary code, be communicated to all employees by internal notices
posted in places accessible to all persons and shall be binding on all of the Company's employees.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 21 of 41
In conformity with art. 7 of Law No. 300 of 20 May 1970 (the “Employees' Charter") and any specific
applicable legislation, disciplinary action against Vodafone employees is equivalent to the disciplinary
action set out in arts. 46 ff. of the CCNL and, which, depending on the seriousness of such
infringements, are:
– verbal reprimands;
– written warnings;
– fine of a maximum of three hours;
– suspension (from service and of pay) for a maximum of three days unless such suspension is
precautionary rather than disciplinary;
– dismissal.
Disciplinary proceedings shall be instituted for each reported infringement of the Model in order to
ascertain the actual occurrence of such infringement. The enquiry phase of such proceedings shall
specifically include a statement to the employee of the infringements, which the employee has
reportedly committed, with sufficient time given to the employee to prepare a response in his or her
defence. If it is ascertained that there has been an infringement, disciplinary action shall be taken
against the relevant employee proportionate to the gravity of the infringement.
Such proceedings shall be in compliance with the procedures, provisions and guarantees pursuant to
art. 7 of the Employees' Charter and art. 46 of the CCNL having regard to disciplinary action.
Specifically:
– disciplinary action shall not be taken against an employee without prior statement of the relevant
infringement and without having provided such employee an opportunity to present arguments in
his or her own defence;
– a written notification of the relevant infringements setting out the facts of the details of such
infringements shall be provided to employees for disciplinary action more severe than verbal
warnings or reprimands;
– disciplinary action shall not be taken prior to five calendar days following such notice to the
employee during which the employee may present his or her own arguments in defence. In the
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 22 of 41
event that disciplinary action is not taken within ten calendar days from the date of the receipt of
such arguments (i.e., within sixteen days from the date of the notice), the arguments shall be
deemed to have been accepted;
– action shall not be taken prior to five days following the issuance of the notice, even in those cases
in which the employee does not present arguments;
– in the event that the alleged infringement is sufficiently serious to result in dismissal, the employee
shall, as a precautionary measure, be suspended from work until such time as a decision regarding
disciplinary action has been taken without, however, prejudice to the employee’s right to continued
remuneration for such period of suspension;
– the reasons for any decision to take disciplinary action shall be notified in writing;
– employees may present their own arguments either in writing or verbally;
– pursuant to art. 46 CCNL, disciplinary action other than dismissal may be appealed to the trade
union by employees, in accordance with the contractual provisions regarding the resolution of
disputes with individuals (see art. 7 CCNL – Claims and Disputes).
Vodafone management’s existing powers shall be sufficient to ascertain the commitment of an
infringement, decide on any disciplinary action and to impose sanctions.
4.3 Infringements of the Model and Related Sanctions
In conformity with relevant regulations and in compliance with the principles of the forms of
infringements and sanctions, Vodafone intends to make its employees aware of the requirements and
rules of conduct contained in the Model, the infringement of which would be subject to disciplinary
action and the respective applicable sanctions as determined with reference to the gravity of such
infringements.
Subject to Vodafone’s obligations in connection with the Employees' Charter, conduct constituting an
infringement of the Model and the respective disciplinary actions are set out below:
1. “Verbal reprimand ” shall be made to employees, who do not observe any one of the internal
procedures required by the Model (e.g., non-compliance with required procedures, omitting to
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 23 of 41
report required information to the Supervisory Body, omitting to apply controls, etc.) or whose
conduct in the performance of sensitive activities is not in conformity with the Model. Such
conduct shall constitute non-compliance with instructions issued by the Company.
2. “Written warning ” shall be issued to employees who repeatedly infringe procedures required
by the Model or whose conduct in the performance of sensitive activities is not in conformity
with the requirements of the Model. Such conduct shall constitute repeated non-compliance
with instructions issued by the Company.
3. A "fine" not exceeding three hours normal pay shall be imposed on an employee who
exposes corporate assets to risk by ignoring internal procedures required by the Model or by
performing sensitive activities in a manner which is not in conformity with the requirements of
the Model. Such conduct, which is the result of non-compliance with instructions issued by the
Company, results in risk to the Company's assets and/or constitutes acts which are detrimental
to the interests of the Company.
4. “Suspension” from service and of pay not exceeding three days, unless such suspension is
precautionary in nature rather than disciplinary , shall be imposed on employees who,
through non-compliance with internal procedures required by the Model or whose conduct in
the performance of sensitive activities is not in conformity with the requirements of the Model,
causes damage to the Company through acts detrimental to the Company’s interests or
employees who repeat the acts set out in points 1, 2 and 3, above, more than three times in any
one calendar year. Such conduct, which is the result of non-compliance with instructions issued
by the Company, results in damage to the Company's assets and/or constitutes acts detrimental
to the interests of the Company.
5. “Dismissal with notice” shall be imposed on an employee whose conduct in the performance
of sensitive activities is not in conformity with the requirements of the Model and is
unequivocally intended to perform an act defined as sanctionable by Legislative Decree no.
231/2001. Such conduct shall constitute grave non-compliance with instructions issued by the
Company and/or a grave violation of employees’ obligations to promote the interests of the
Company.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 24 of 41
6. “Dismissal without notice” shall be imposed on an employee whose conduct in the
performance of sensitive activities infringes the requirements of the Model so as to result in the
application to the Company such action as provided by Legislative Decree no. 231/2001 and to
an employee who repeats the act set out in point 4, above, more than three times in any one
calendar year. Such conduct is a severe breach of the Company’s trust in the employee thus
causing grave moral and tangible harm to the company.
The nature and extent of each of the above-listed disciplinary measures shall be applied after giving
due consideration to:
– the intent of such conduct or the degree of negligence, imprudence or incapacity in addition to the
extent to the predictability of the event;
– the general conduct of the employee particularly with respect to the existence of any prior
disciplinary action taken against the relevant employee, within the limits permitted by law;
– the employee’s duties;
– the functional positions of persons involved in the acts constituting the infringement;
– the circumstances relating to the misconduct.
Any such disciplinary action shall be without prejudice to Vodafone's right to claim damages arising
from the infringement of the Model by an employee. The amount of such claims for damages shall be
proportionate to:
– the degree of responsibility and autonomy of the employee committing the infringement;
– the existence of any prior disciplinary action taken against the relevant employee;
– the extent to which such conduct was intentional;
– the seriousness of the effects of such conduct meaning the degree of risk to which the Company
can reasonably be believed to have been exposed – for the intents and purposes of Legislative
Decree no. 231/2001 – as a result of such infringement.
The Human Resources and Organisation Manager shall be ultimately responsible for the disciplinary
action described above who, personally, or through his delegates (Functional Human Resources
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 25 of 41
Managers), shall impose sanctions based on reports of the Supervisory Body, also in consultation with
the superior of the employee having committed the infringement. It shall also be the responsibility of
the Supervisory Body, together with the Human Resources and Organisation Manager, to verify and
assess the suitability of the disciplinary system for the intents and purposes of the Decree.
In the event of an infringement by managers of the requirements and rules of conduct contained in the
Model, Vodafone shall apply the most suitable form of disciplinary action to such managers. If the
infringement of the Model results in a breach of trust, the sanction shall entail dismissal for good
cause.
4.4 Measures against Directors
In the event of an infringement of the requirements and rules of conduct of the Model by members of
the Board of Directors, the Supervisory Body shall promptly notify the Board of Statutory Auditors
and all members of the Board of Directors of such occurrence. The recipients of such notice from the
Supervisory Body, shall be entitled to take such action as provided by the Articles of Association
which may, for example, include convening a shareholders’ meeting in order to take the most
appropriate action provided by law.
4.5 Measures against Statutory Auditors
In the event of an infringement of the requirements and rules of conduct of the Model by one or more
members of the Board of Statutory Auditors, the Supervisory Board shall promptly notify all members
of the Board of Statutory Auditors and the Board of Directors of such occurrence. The recipients of
such notice from the Supervisory Board, shall be entitled to take such action as provided by the
Articles of Association which may, for example, include convening a shareholders’ meeting in order
to take the most appropriate action provided by law.
4.6 Measures against Commercial Partners, Agents, Consultants and Other External Parties
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 26 of 41
Infringements of the requirements and rules of conduct of the Model by commercial partners, agents,
consultants, external or other parties bound by contract to the Company and which are also applicable
to such persons or any commission of a criminal offence pursuant to the Decree by such persons shall
be disciplined in accordance with the relevant contractual clauses that shall be included in the
respective contracts.
Such clauses may, for instance, require those third parties to apply and implement corporate
procedures in an effective manner and/or to conduct themselves in such a manner as to prevent the
commission of or attempts to commit criminal offences to which the sanctions provided by Legislative
Decree no. 231/2001 apply. In the event of either full or partial non-compliance with such obligation,
the Company shall have the right to suspend performance of the contract and/or to unilaterally rescind
the contract, even in the course of execution, or to determine the contract without prejudice to the right
to compensation for any damage suffered.
Such action shall obviously be without prejudice to Vodafone’s right to claim compensation for
damages arising from the infringement of the requirements and rules of conduct of the Model by such
external parties.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 27 of 41
CHAPTER 5 – TRAINING AND COMMUNICATIONS
5.1 Introduction
In order to implement the model in an effective manner, Vodafone plans to assure the proper
communication of the Model's contents and principles both inside and outside of its organisation.
Vodafone’s objective specifically includes the communication of the Model’s contents and objectives
not only to its employees but also to parties that, although not formally employees, are bound by
contract to Vodafone for either the full-time or occasional provision of services for the achievement of
Vodafone’s objectives.
Although communication and training will be differentiated with respect to the relevant target group,
they should, in all cases, be complete, clear, accessible and consistent in order to make the various
target groups fully aware of corporate practices with which they are required to comply and the ethical
standards which should dictate their conduct.
The communication of and training in the Model’s principles and contents shall be arranged by heads
of the individual departments, units and functions and, in accordance with the Supervisory Body’s
indications and plans, shall be in such a form so as to make the best use of such services (e.g., training
programmes, staff meetings, etc.).
Communications and training shall be overseen and supplemented by the Supervisory Body, the duties
of which include "the facilitation and specification of action to assure the spread of awareness and
understanding of the Model, as well as the training of personnel and development of their awareness of
the need for compliance with the principles contained therein” and “the facilitation and preparation of
publicity and training sessions having regard to the provisions of Legislative Decree no. 231/2001, the
impact of that law on the Company’s operations and on the standards of conduct”.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 28 of 41
5.2 Employees
All employees are required to: i) make themselves aware of the Model’s principles and contents; ii)
know how to implement the Model in the performance of their duties; iii) actively contribute, with
respect to their own duties and responsibilities, to the effective implementation of the Model, reporting
any problems encountered.
In order for communication to be effective and rational, Vodafone intends to promote and facilitate
varying levels of employees’ knowledge of the Model’s contents and principles depending on the
position and duties of various employees.
On joining, new employees shall be informed of the main principles of the Model and Code of Ethics.
Suitable methods of communications shall be used to provide information to employees regarding any
significant modifications to the Model in addition to all relevant procedural, regulatory or
organisational changes.
5.3 Other Target Groups
The communication of the Model's contents and principles shall also be addressed to external parties
bound by contract to Vodafone for the provision of services or who, although not Company
employees, represent the Company (e.g., commercial partners, agents and consultants, distributors,
business agents and other freelance providers of services).
For that purpose, Vodafone shall provide an extract of the Model's main principles and the Code of
Ethics to the most important external parties together with examples of the practices required.
Vodafone shall, with reference to the purpose of the Model, determine any need to communicate the
Model’s contents and principles to external parties, other than those listed above, as examples, and
more in general to the market.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 29 of 41
SPECIAL PART 1 – SENSITIVE ACTIVITIES HAVING REGARD TO CRIMINAL
OFFENCES RELATING TO THE PUBLIC ADMINISTRATION
All those activities that could involve any type of contact with officials of the Public Administration,
are classified as sensitive activities in relation to criminal offences against the Public Administration.
Due to the differentiation of certain specific standards of control constituting integral parts of the
Model, all sensitive activities have been classified by the following types of contacts with government
entities:
1. Contacts with government entities in connection with the
negotiation/conclusion/performance of contracts awarded on a negotiated basis (direct award
or private negotiation) for the sale of goods and/or services. These activities relate to the sale of
mobile telephony goods and services to government entities by private negotiation and the
subsequent activation of the service/billings/collections/past due debt collection.
2. Contacts with government entities in connection with the
negotiation/conclusion/performance of contracts and/or sales agreements awarded by tender
for the sale of goods/services. These activities relate to the sale of mobile telephony goods and
services to government entities by participating in public tenders and the subsequent activation of
the service/billings/collections/past due debt collection.
3. Contacts with the Public Administration to obtain consents and licences for the development
and maintenance of the network. This primarily relates to activities having regard to contacts
with local authorities to obtain the consents required for the development/maintenance of network
infrastructure (e.g., base radio stations, core network technical sites, transmission sites) and any
relevant inspections.
4. Court and out-of-court settlements. These activities relate to court and out-of-court settlements
involving the Company in addition to the selection, evaluation and remuneration of external legal
consultants.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 30 of 41
5. Contacts with the Public Administration relating to waste products or smoke emissions or
noise/electromagnetic pollution. These activities relate to environmental surveys/inspections
conducted by competent authorities to assure regulatory compliance.
6. Contacts with the Public Administration having regard to employee safety and health
standards (Legislative Decree no. 626/1994 and Legislative Decree no. 624/1996) and
compliance with statutory precautions and regulations having regard to employees with
certain specific duties. These activities relate to environmental surveys/inspections regarding
employee safety and health standards conducted by competent authorities to assure regulatory
compliance.
7. Employee social security contributions and/or related audits. These activities relate to social
security inspections/audits conducted by competent authorities to assure regulatory compliance.
8. Activities of a public/institutional nature. These activities primarily relate to i) contacts of a
political nature with national institutions and local authorities; ii) contacts with the principal
regulatory and/or supervisory bodies (e.g., technical reports of a regulatory nature in connection
with consultative proceedings or surveys undertaken by government supervisory authorities); iii)
contacts with the Revenue Authorities with respect to enquiries.
9. Obtaining and/or managing the receipt of grants/subsidies/financing granted by government
entities. These activities relate to the application, management and reporting of financings, grants
or other assistance granted by the Government, European Union or other public entity (e.g.,
financing pursuant to Law no. 488/1992).
10. Negotiation and conclusion with government entities of agreements required for the
development/operation of the network and the performance of such contracts. These activities
primarily relate to the negotiation and conclusion of contracts/agreements with government entities
for the acquisition of sites required for the development of the network (e.g., base radio stations,
technical core network sites, transmission sites).
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 31 of 41
11. Management of Audits conducted by the Public Finance Authorities dealing with Customs,
Excise and Tax Crimes (e.g., Guardia di Finanza, Revenue Agency, Customs and Excise
Agency). These activities relate to contacts with the tax authorities in connection with
checks/inspections/audits.
12. Management of Occasional Contacts with the Public Administration. These are non-
routine/occasional activities primarily relating to i) building permits and consents for civil works
other than the network (e.g., buildings, sales outlets, customer care); ii) contacts with the Ministry
of Communications for the notification of the progress of network sections, frequencies employed,
applications for new frequencies for new “fixed radio links”; iii) negotiation and conclusion of
agreements with the Public Administration (e.g., provincial) having regard to the employment of
personnel belonging to protected categories or for which there are subsidised employment
arrangements; iv) negotiation and purchase of contents from government entities; v) negotiation
and conclusion of contracts with government entities for the purchase of rights/leasing agreements
for leased or optic fibre lines; vi) negotiation/conclusion of roaming and interconnection contracts
with non-Italian operators classified as government entities; vii) contacts with the Public
Administration to obtain licenses/consents needed for the development of core businesses (e.g.,
WI-FI, UMTS).
13. Projects with “High-level interaction" with governm ent entities (e.g., partnerships for the
development of the Public Administration’s network/services, project financing, joint
ventures). These activities primarily relate to "exceptional" projects entailing high-level
interaction with government entities and relating to i) contacts with local authorities for the joint
development of public services (e.g., teleparking); ii) negotiation of/participation in tenders (e.g.,
project financing) with government entities for the development of the wireless network through
the creation of “proprietary” Hot Spots.
14. Provision of mandatory services pursuant to art. 96 of Legislative Decree no. 259/2003 (Code
of Electronic Communications) and related invoicing/collections – Provision of information
to the Ministry of Communications for the determination of rates for mandatory services
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 32 of 41
pursuant to art. 96 of Legislative Decree no. 259/2003 (Code of Electronic Communications).
These activities relate to the provision by the Company of mandatory services ordered by
competent judicial authorities for the interception of telephone communications and data, the
related invoicing/collections and the provision of data to the Ministry of Communications based on
the rates for mandatory services approved by the Ministry, together with the Ministry of Justice.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 33 of 41
SPECIAL PART 2 – SENSITIVE ACTIVITIES RELATING TO C ORPORATE CRIMES
The sensitive activities that have been identified regarding corporate crimes pursuant to art. 25 ter of
Legislative Decree no. 231/2001 are the following:
1. Bookkeeping, annual reports, consolidated accounts, interim accounts, company reports
and notices in general in addition to relevant statutory disclosures. These activities relate to
accounting in general, annual reports, consolidated accounts, interim reports and notes on the
accounts in addition to any other information or disclosures required by statute.
2. Relationships with the Board of Statutory Auditors, audit firms and other corporate
bodies; preparing, keeping and archiving documents which could be under the control of
such parties. These activities relate to contacts with the Board of Statutory Auditors, audit firms
and shareholders relating to controls exercised by these parties.
3. Corporate obligations relating to the share capital and shareholdings. These activities are in
connection with safeguarding the company's assets (capital increases and reductions;
management of investments; interim dividends; de-mergers, mergers and spin-offs; distributions
of profits and reserves).
4. Shareholders’ Meetings. These activities relate to requirements in connection with
shareholders' meetings.
5. Disclosures to supervisory authorities and contacts with those authorities. These activities
relate to contacts with supervisory authorities having regard to the performance of obligations in
connection with the disclosure of company information.
6. Disclosures to external parties of news/information relating to the Vodafone Plc Group.
These activities relate to the release of price sensitive information (having regard, for instance, to
financial or operating information) regarding the Vodafone Plc Group.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 34 of 41
SPECIAL PART 3 – SENSITIVE ACTIVITIES HAVING REGARD TO CRIMES AGAINST
INDIVIDUALS
The following aspects of the Company's business could be considered sensitive in relation to the child
pedo-pornography, also through the use of internet, which are punishable under arts. 600 ter and 600
quater of the Italian Penal Code.
1. Provision of virtual community/chat services through the Vodafone Live platform: the
Company's use of the Vodafone Live platform to provide Vodafone Customers with the ability to
upload content which they have produced themselves.
2. Provision of electronic messaging services: electronic messaging services entailing the provision
to Vodafone Customers of contents services and/or types of services through various types of
technologies such as SMS and MMS, in case of request of the recipient customer to be expressed
by an SMS and/or MMS. Such content is produced by external companies.
3. Provision of Internet connections: the Company provides access to the Internet from the mobile
and fixed telephone networks.
In order to implement and ensure compliance with local and international legal and regulatory
requirements and best practices associated with internet connections, Vodafone Italy has implemented
and adopted an adequate internal control system , also constantly updated with the industry
innovations.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 35 of 41
SPECIAL PART 4 - SENSITIVE ACTIVITIES HAVING REGARD TO HEALTH AND SAFETY
CRIMES (Involuntary manslaughter and serious involuntary injury at workplaces due to
infringement of Laws and regulations governing workplace health and safety)
The sensitive activities that have been identified regarding corporate crimes pursuant to art. 25-septies
of Legislative Decree 231/2001 (culpable homicide, and negligent personal injury or grievous bodily
harm, caused by infringement through negligence of laws and regulations regarding accident
prevention, and health and safety at the workplace) are the following:
1. Activities at risk of accidents and occupational illness (activities at risk of accidents as determined
with reference to the Company Risk Assessment Document), including, for example, safety risks
(mechanical, electrical, thermal, falling on the ground, falling from heights, falling, or being hit by,
materials, insufficient emergency exits, fire or explosion, inadequate lighting, shifting cargoes, road
accidents), health risks (noise, vibrations, thermal micro-climates, ionised radiation, dust
explosions, cancer, biological, lighting, air quality, workstations) and ergonomic risks (work
location, unhealthy positions, excessively high or low mental activity, individual safety protection
devices);
2. Activities at risk of criminal offences (any activity the omission or incorrect performance of which
could be deemed the Company's criminal negligence) such as, for example:
a. with reference to directors' responsibility: the preliminary assessment of all risks,
identification of mitigating action and resources, and the determination of responsibility;
b. with reference to resources/staff management: staff training, job descriptions, purchase and
maintenance of equipment, working environment and emergency procedures;
c. with reference to products/services design and constructions: procedures and work
instructions, personal safety and the staff engagement.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 36 of 41
In order to implement and ensure compliance with local legal requirements and internationally
accepted safety standards, Vodafone Italy has identified and implemented two important control and
management systems:
d. The Assessment of risks pertinent to health and safety in accordance with laws and
regulations as may be in force from time to time (Risk Assessment Document);
e. The Health & Safety Management system BS OHSAS 18001:2007 standard to ensure
production processes/activities are controlled and comply with health and safety
requirements pursuant to law, standards, local, Italian and European regulations, and to
organize of the entire structure.
The control of the effective implementation of the Health and Safety Management System at the
Workplace is also ensured through the implementation of a reporting / information flows from the
relevant parties within the organization (the Employer, the Health & Safety Director, the Head of
Safety department, Line Managers with responsibility regarding Health & Safety risks and employees)
to the Supervisory Body which is empowered to request the assistance of persons appointed by the
Company or competent external consultants.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 37 of 41
SPECIAL PART 5 – SENSITIVE ACTIVITIES HAVING REGARD TO RECEIVING AND
HANDLING STOLEN GOODS, MONEY LAUNDERING,, USE OF ILLICIT CAPITAL, GOODS
AND UTILITIES
Given the changes in legislation and the Company's business, the following activities may be
considered as sensitive with respect to criminal offences under art. 25-octies of Legislative Decree
231/2001.
1. Qualifying, evaluating and negotiating with suppliers of goods and services. These are a series of
separate activities to determine a trustworthiness assessment of potential suppliers (and the goods they supply) in relation to the risk of committing receiving stolebn goods / money laundering crimes.
2. Management of Financial Flows (receipts and payments). Management of receipts, payments and
the Company's obligations. 3. Customer evaluation. Evaluation of customers and the management of data relating to Business
customer relationships. 4. Acquisition and disposal of Companies/divisions; signature and performance of agreements/joint
ventures, etc. A series of separate activities for the purpose of identifying and evaluating new investment opportunities for the Company.
5. Intercompany trading. Management of intercompany trading of a commercial nature in connection
with service and financial contracts.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 38 of 41
SPECIAL PART 6 – SENSTIVIE ACTIVITIES HAVING REGARD TO CYBER CRIMES
Given the changes in legislation and the Company's business, the following activities may be
considered as sensitive with respect to criminal offences under art. 25-octies of Legislative Decree
231/2001.
1. Management of access, accounts and profiles. A series of separate activities for the purposes of
regulating types of access to critical or sensitive data, systems and applications in order to prevent
access by unauthorised personnel.
2. Management of telecommunications networks. Activities relating to the operation and maintenance
of telecommunications networks, the use of security precautions to assure the confidentiality of
information, the monitoring of networks to identify unusual access and/or use, and the prompt
determination of corrective actions.
3. Management of hardware systems. A series of activities for the identification, implementation,
maintenance and monitoring of the Company's hardware.
4. Management of software systems. Activities relating to the identification, development,
maintenance and monitoring of the Company's software.
5. Management of physical access to IT equipment. A series of separate activities relating to the
determination of physical security measures to avoid access by unauthorised persons to systems and
to locations where IT systems and equipment are kept.
6. Management and security of digital documentation. Activities relating to the encryption of digital
documentation and the methodology, frequency of archiving, and conservation of digital
documentation.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 39 of 41
SPECIAL PART 7 – SENSITIVE ACTIVITIES HAVING REGARD TO ORGANIZED
CRIMINALITY CRIMES
Given the changes in legislation and the Company's business, the following activities may be
considered as sensitive with respect to criminal offences under art. 24-ter of Legislative Decree
231/2001.
1. Management of procurement: activities relating to the procurement of goods and professional
services by each of the Company's organisational units for its operations particularly with respect to the selection and qualification of suppliers.
2. Management of sales including tenders and the management of business relationships
particularly with distributors (dealers / sales agents): sales of goods and telephone services,
including tenders, and the management of contractual relationships with parties acting on behalf of
the Company such as, for instance, agents and distributors.
3. Management of personnel recruiting: activities relating to the recruitment of staff suitable for the Company's business and its management.
4. Management of financial resources: management of receipts and disbursements/payments. 5. Management of activities relating to taxation: all activities relating to bookkeeping, invoicing, and
their effect on taxation.
6. Provision of mandatory services pursuant to art. 96 of Legislative Decree 259/2003 (Code of Electronic Communications): Activities relating to the mandatory provision of services ordered by courts having jurisdiction for the interception of telephone communications and data.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 40 of 41
SPECIAL PART 8 - SENSITIVE ACTIVITIES HAVING REGARD TO CRIMES OF FAKING
MONEY, PUBLIC CREDIT CARDS, REVENUE STAMP AND DISTINGUISHING
TOOLS/MARKS.
Sensitive activities relating to the faking of money, credit cards, stamps and faking, or use of faked
Brands, Trademarks, Patents documents, industrial design and other distinguishing tools/marks
pursuant to art. 25 - bis of Legislative Decree 231/2001 are the following.
1. Management of regulatory procedures regarding proprietary trademarks and patents: activities relating to the procedures required by the relevant Authority for the registration of trademarks and patents;
2. Management of procurement: activities relating to the procurement of goods bearing trade or other distinctive marks;
3. Management of sales: activities relating to the sales of goods bearing trade or other distinctive marks.
SPECIAL PART 9 – SENSITIVE ACTIVTIES HAVING REGARD TO CRIMES AGAINST
INDUSTRY AND COMMERCE (BREACH OF OTHER PATENTS AND INTELLECTUAL
PROPERTY RIGHTS)
Given the changes in legislation and the Company's business, the following activities may be
considered as sensitive with respect to criminal offences under art. 25-bis.1 of Legislative Decree
231/2001.
1. Research and development: activities relating to the use of new inventions of products or
components thereof, including those for the improvement of the Company's production processes.
Confidentiality grade: C1
___________________ Vodafone Omnitel N.V.
A Vodafone Group Plc company
Page 41 of 41
SPECIAL PART 10 – SENSITIVE ACTIVITIES HAVING REGARD TO COPYRIGHTS CRIMES
Given the changes in legislation and the Company's business, the following activities may be
considered as sensitive with respect to criminal offences under art. 25-novies of Legislative Decree
231/2001.
1. Management of information systems and software licences: Activities relating to the
management of the Company's information systems and software systems used by the Company
.
2. Management of the procurement of copyrighted materials: Activities relating to the procurement
and use of copyrighted materials to be used as content for handsets/terminals to be sold in the
future or for advertising and promotions (e.g., software or music to be installed in terminals or
music reproduced and disseminated in connection with advertising);
3. Management of sales: Activities relating to the sales of products containing copyrighted materials
such as terminals containing music or film.
SPECIAL PART 11 - INFLUENCE NOT TO DECLARE OR PROVIDE FALSE DECLARATION
TOWARDS CIVIL COURT
Art. 25-novies of the Decree cites "Inducements not to make statements or to make false statements to
the courts " pursuant to art. 377 of the Italian Civil Code as an offence and punishes those persons
who, unless accused of a more serious crime, cause, by violence or threats or the offering or promise
of monies or other benefits, persons subpoenaed as witnesses in criminal proceedings to withhold or
commit perjury where such witnesses have the right to remain silent.
Prevention: Analyses have shown that this offence is applicable to the Company. In order to avoid
conduct of this nature, all recipients of the Model are required to comply with the Code of Ethics and,
in particular, the Company's ethical principles relating to relationships with other parties, whether
employed by the Company or not.