Vodafone Omnitel N.V. · PDF fileConfidentiality grade: C1 English Version ABSTRACT OF THE...

Confidentiality grade: C1 English Version

ABSTRACT OF THE PRINCIPLES OF THE

ORGANIZATIONAL MANAGEMENT AND

CONTROL MODEL – Frame of reference

Pursuant to Legislative Decree no. 231 of June, 2001

Vodafone Omnitel N.V. A vodafone Group Plc Company.

Confidentiality grade: C1

___________________ Vodafone Omnitel N.V.

A Vodafone Group Plc company

of 41

Vodafone Omnitel N.V. Member of the Vodafone Group PLC Registered office: Amsterdam (Netherlands) Administrative offices: Via Jervis 13, 10015 Ivrea (TO) Italy Corporate headquarter: via Caboto 15, 20094 Corsico (MI) Italy Legal information: Tax Code and Company Register of Turin No.: 93026890017 VAT Registration No.: 08539010010 REA: 974956 Share capital: e2,305,099,887.30 fully paid up www.vodafone.it




of 41

CONTENTS

ORGANIZATIONAL MANAGEMENT AND CONTROL MODEL – Frame of reference................. 1

BACKGROUND ..................................................................................................................................... 6

CHAPTER 1 – REGULATORY FRAMEWORK .................................................................................. 7

1.1 Criminal Offences.................................................................................................................... 7

1.2 Offenders: parties acting of their own accord and persons under the influence of others....... 9

1.3 Sanctions .................................................................................................................................. 9

1.4 Requirements for the Relief an Entity's Responsibility ......................................................... 10

CHAPTER 2 – ORGANISATIONAL, MANAGEMENT AND CONTROL MODEL....................... 11

2.1 The Vodafone Model ............................................................................................................. 11

2.2 Key Elements of the Model ................................................................................................... 11

CHAPTER 3 – SUPERVISORY BODY............................................................................................... 13

3.1 The Vodafone Supervisory Body........................................................................................... 13

3.2 Appointment .......................................................................................................................... 13

3.3 Duties and Powers of the Supervisory Body ......................................................................... 14

3.4 Required Reporting to the Supervisory Body - Information Flows....................................... 17

3.5 Gathering and Archiving of Information ............................................................................... 19

3.6 Supervisory Body’s Reporting to other Corporate Bodies .................................................... 19




of 41

CHAPTER 4 – DISCIPLINARY SYSTEM.......................................................................................... 20

4.1 Function of the Disciplinary System...................................................................................... 20

4.2 Measures Against Employees................................................................................................ 20

4.3 Infringements of the Model and Related Sanctions............................................................... 22

4.4 Measures against Directors .................................................................................................... 25

4.5 Measures against Statutory Auditors ..................................................................................... 25

4.6 Measures against Commercial Partners, Agents, Consultants and Other External Parties ... 25

CHAPTER 5 – TRAINING AND COMMUNICATIONS ................................................................... 27

5.1 Introduction............................................................................................................................ 27

5.2 Employees.............................................................................................................................. 28

5.3 Other Target Groups .............................................................................................................. 28

SPECIAL PART 1 – SENSITIVE ACTIVITIES HAVING REGARD TO CRIMINAL OFFENCES

RELATING TO THE PUBLIC ADMINISTRATION.......................................................................... 29

SPECIAL PART 2 – SENSITIVE ACTIVITIES RELATING TO CORPORATE CRIMES.............. 33

SPECIAL PART 3 – SENSITIVE ACTIVITIES HAVING REGARD TO CRIMES AGAINST

INDIVIDUALS....................................................................................................................................... 34

SPECIAL PART 4 - SENSITIVE ACTIVITIES HAVING REGARD TO HEALTH AND SAFETY

CRIMES (Involuntary manslaughter and serious involuntary injury at workplaces due to infringement

of Laws and regulations governing workplace health and safety)........................................................ 35




of 41

SPECIAL PART 5 – SENSITIVE ACTIVITIES HAVING REGARD TO RECEIVING STOLEN GOODS,

MONEY LAUNDERING,, USE OF ILLICIT CAPITAL, GOODS AND UTILITIES............................. 37

SPECIAL PART 6 – SENSTIVIE ACTIVITIES HAVING REGARD TO CYBER CRIMES................... 38

SPECIAL PART 7 – SENSITIVE ACTIVITIES HAVING REGARD TO ORGANIZED CRIMINALITY

CRIMES................................................................................................................................................. 39

SPECIAL PART 8 - SENSITIVE ACTIVITIES HAVING REGARD TO CRIMES OF FAKING MONEY,

PUBLIC CREDIT CARDS, REVENUE STAMP AND DISTINGUISHING TOOLS/MARKS,.............. 40

SPECIAL PART 9 – SENSITIVE ACTIVTIES HAVING REGARD TO CRIMES AGAINST INDUSTRY

AND COMMERCE (BREACH OF OTHER PATENTS AND INTELLECTUAL PROPERTY RIGHTS)

................................................................................................................................................................ 40

SPECIAL PART 10 – SENSITIVE ACTIVITIES HAVING REGARD TO COPYRIGHTS CRIMES...... 41

SPECIAL PART 11 - INFLUENCE NOT TO DECLARE OR PROVIDE FALSE DECLARATION

TOWARDS CIVIL COURT.................................................................................................................... 41

English Version 2.0 dated 16 March 2010 Replaces previous version dated 16 February

2006




of 41

BACKGROUND

Legislative Decree no. 231 (also, the “Decree”) was approved on 8 June 2001 and became effective on

4 July of this year. The purpose of the Decree was to modify Italian legislation concerning the

responsibility of legal persons to conform with certain international conventions to which Italy has

been a party for some time.1 The Decree, entitled “Law on the Administrative Responsibility of Legal

Persons, Companies and Associations With or Without Legal Personality", introduced the concept of

an entity’s (e.g., of a company’s, consortium’s, etc.) administrative responsibility (primarily relating to

criminal responsibility) for the consequences of criminal acts.

Pursuant to that law, a company may be held liable for certain criminal offences, which directors or

employees committed or attempted to commit, on behalf of or benefiting that company which could be

subject to fines and, in more serious cases, prohibitory injunctions and the publication of the judgment

(para. 1.3). That responsibility is additional to the responsibility of the natural person who actually

committed the act. Broadening the scope of responsibility is intended also to subject Entities

benefiting from criminal acts to punishment for the relevant criminal offences.

The Decree also provides for the possibility of companies adopting models of organisation,

management and control designed to prevent criminal offences to be relieved of such responsibility. It

is possible for such models to be based on Confindustria’s code of conduct (guidelines).

In its meeting of 15 November 2005, the Board of Directors of Vodafone Omnitel NV approved a

“Code of Ethics” and an “Organisational, Management and Control Model” pursuant to Legislative

Decree no. 231 of 8 June 2001 in conformity with art. 11 of Law no. 300 of 29 September 2000.

1 See the Brussels Convention of 26 July 1995 on the Protection of the European Communities’ Financial Interests, the

Brussels Convention of 26 May 1997 on the Fight against Corruption involving Officials of the European Communities or

Officials of Member States or Officials of the Member States of the European Union and the OECD Convention of 17

December 1997 on Combating Bribery of Foreign Public Officials in International Business Transactions.




of 41

Subsequently, at its meetings of 6 November 2007, 13 March 2008, 13 November 2008 and 16 March

2010, the Board of Directors of Vodafone Omnitel N.V. approved the addition of new Special Parts to

the Organisational Model as part of the ongoing monitoring of adequacy and updating of the Model.

This is done to keep pace with changes in legislation over time and to incorporate further criminal

offences to which Vodafone's operations are exposed. The Model now consists of 11 Special Parts.

This document, “Principles of Model 231”, was prepared by the Supervisory Body of Vodafone

Omnitel NV.

CHAPTER 1 – REGULATORY FRAMEWORK

1.1 Criminal Offences

Pursuant to Legislative Decree no. 231/2001, an entity may be held responsible for the criminal

offences cited in sections 24, 25, 25-bis, 25-ter, 25-quater,25-quinquies and 25-sexies of Legislative

Decree no. 231/2001, if committed on its behalf or for its benefit by the parties cited in art. 5 (1) of the

Decree.

For explanatory purposes, it is possible to classify the criminal offences cited in the Decree into the

following categories:

– crimes against the public administration (such as corruption, misappropriation to the detriment of

the State, fraud to the detriment of the State and computer fraud to the detriment of the State

pursuant to arts. 24 and 25 of Legislative Decree no. 231/2001);

– crimes against the public faith (such as counterfeiting currency, government securities and stamps

pursuant to art. 25 bis of the Decree);

– corporate crimes (such as false corporate notices, false information in prospectuses, unlawful

influence on shareholders’ meetings, pursuant to art. 25 ter of the Decree);

– crimes aimed to terrorism acts and democracy subversion (pursuant to art. 25 quater of the

Decree);

– crimes against individuals (such as child prostitution, child pornography, trafficking in human

beings, enslavement and keeping slaves, pursuant to art. 25 quinquies of the Decree)




of 41

– market abuse pursuant to art. 25 sexies of Legislative Decree 231/2001;

– life and personal safety endangering offences (art. 25-quater.1);

– cross-border crimes;

– negligent violation of health and safety regulations. Art. 25-septies establishes administrative

responsibility for those criminal offences pursuant to article 589 and the third paragraph of article

590 of the Penal Code (culpable homicide, negligent injury and grievous bodily harm) committed

by infringing health and safety at the workplace regulations;

– receiving and handling stolen goods, money laundering,, use of illicit capital, goods and utilities

handling. Art. 25-octies of the Decree has also extended an entity's responsibility to include those

offences pursuant to arts. 648, 648-bis and 648-ter of the Italian Penal Code;

– cyber crimes and unlawful data processing. Art. 24-bis of the Decree has also extended an entity's

responsibility to include certain cyber crimes and unlawful data processing;

– organised criminality crimes pursuant to art. 24-ter of the Decree, as added by Law 94 of 15 July

20092;

– crimes against industry and commerce pursuant to art. 25-bis.1 of the Decree, as added by Law 99

of 15 July 20093;

– infringements of copyright crimes pursuant to art. 25-novies of the Decree, also as added by Law

99 of 15 July 2009;

– influence not to declare or provide false declaration towards civil court pursuant to art. 25-novies,

as added by Law 116 of 3 August 2009 citing art. 377-bis of the Italian Penal Code.

2 Article 24-ter establishes an entity's responsibility for those offences pursuant to articles 416, (criminal conspiracy), 416-bis (Italian and international Mafia-related criminal conspiracy), 416-ter (political-Mafia collusion), art. 630 (kidnapping for the purposes of extortion) of the Italian Penal Code; article 74 of Presidential Decree 309 of 9 October 1990 (conspiracy for trafficking in drugs or hallucinogenics) in addition to the criminal manufacture, sale, transfer, possession or carrying in a public or open place of arms or similar or parts thereof, explosives, concealed arms as well as common guns pursuant to art. 407, paragraph 2, letter a, number 5 of the Italian Code of Penal Procedure and for those criminal offences in the method pursuant to art. 416-bis of the Italian Penal Code, or in order to aid and abet such offences pursuant to the same article.

3 The article extends an entity's responsibility to those offences pursuant to arts. 513 (distortion of free industrial and commercial competition), 513-bis (unlawful competition through threats or violence), 514 (fraud against Italian companies), 515 (fraudulent business activities), 516 (sale of non-genuine food products as genuine), 517 (deceitful sale of industrial products), 517-ter (manufacture and trading in goods belonging to another industrial entity) and 517-quater (counterfeiting certificates and designation of origin for agricultural goods) of the Italian Penal Code.




of 41

Responsibility pursuant to the Decree may also relate to criminal offences committed outside Italy, to

the extent that penal action is not taken in the country in which such offences are committed.

1.2 Offenders: parties acting of their own accord and persons under the influence of others

Pursuant to the Decree, companies are responsible for offences committed on their behalf or to their

benefit:

– by “persons representing, administering or managing the entity or one of its organisational units,

which are financially and functionally autonomous, as well as by persons who exercise de jure or

de facto control of the entity” (“persons in apical positions” or “apicals”; art. 5 (1), letter a) of the

Decree);

– persons under the influence or supervision of a party in an apical position ("persons under the

influence of others"; art. 5 (1), letter b) of the Decree).

The Decree expressly states (art. 5 (2) of the Decree), that companies are not responsible for acts

committed by a person acting exclusively on his or her own behalf or on behalf of third parties.

1.3 Penalties

The Decree provides for the application of the following penalties against companies in consequence

of the commission of or attempt to commit the above-mentioned offences:

– a maximum fine of €1,549,370.69 (and preventive attachment);

– prohibitory injunctions (disciplinary): for a specified period (for a minimum of 3 months up to a

maximum of two years, or permanent in case of multiple offences):

– confiscation/profit forfeiture (and judicial cautionary attachment);

– publication of the conviction (for prohibitory injunctions).

Prohibitory injunctions relating to more serious offences may specifically include:

– disqualification from business activities;




of 41

– suspension and revocation of authorizations, licenses and concessions relevant to the commission

of the offence;

– prohibition on entering into contracts with the public administration, unless done so in order to

obtain a public service;

– exclusion from benefits, loans, contributions or subsidies and possible cancellation/revocation of

those already granted;

– prohibition to advertise goods or services.

1.4 Necessary conditions to avoid Corporate Criminal Liability

The Decree states that the company will not be indicted if it proves that:

a) prior to the commission of the offence, it preemptively adopted, efficiently implemented and

regularly updated an organizational and management model that is adequate to identify and

prevent crimes of the same type of the type committed;

b) it formally appoints and delegates to an independent Supervisory Body (“Organismo di

Vigilanza”) – vested with powers to act on its own initiative and conduct monitoring and

controls - the task to oversee the compliance of the model adopted and monitor the

implementation, adequacy and effectiveness of the model to ensure it’s regularly update;

c) the persons committed the offence by fraudulently circumventing the organisational and

management model;

d) there has been no omission or insufficient oversight on the part of the organisation referred to

in subparagraph b)..




of 41

CHAPTER 2 – ORGANISATIONAL, MANAGEMENT AND CONTROL MODEL

2.1 The Vodafone Model

In order to assure the propriety and transparency of sensitive activities, Vodafone Omnitel NV

considers it necessary to adopt an organisational, management and control model (the “Model”) in

accordance with the requirements of the Decree and the contents of this document. For that purpose,

Vodafone Omnitel NV has developed a specific plan divided into the following phases:

1. identification/analysis of the company’s own specific, sensitive activities (“As Is

Analysis”);

2. performance of gap analyses;

3. preparation of a Code of Ethics and the Vodafone Model.

2.2 Key Elements of the Model

Vodafone Omnitel NV’s Board of Directors, meeting on 15 November 2005, approved an

Organisational, Management and Control Model in conformity with Legislative Decree no. 231/01.

Subsequently, at its meetings of 6 November 2007, 13 March 2008, 13 November 2008 and 16 March

2010, the Board of Directors of Vodafone Omnitel N.V. approved the addition of new Special Parts to

the Organisational Model as part of the on-going revision of the Model. This is done to keep pace with

changes in legislation over time and to incorporate further criminal offences to which Vodafone's

operations are exposed. The Model now consists of 11 Special Parts.

The Model will consist of standards of conduct (as specified in the Code of Ethics), principles/rules,

organisational instructions/notices, procedures/policies, for the implementation and due management




of 41

of the control and monitoring of sensitive activities so as to prevent the commission of or attempts to

commit the criminal offences set out in the Decree.

The Model, in compliance with the provisions of the Decree:

– identifies the activities which could give rise to the commission of offences, see also the Special

Parts;

– provides for specific protocols (controls) for the purposes of formulating and implementing

company decisions relating to the prevention of criminal offences;

– specifies a suitable manner to manage human resources in order to prevent the commission of

offences;

– requires information to be provided to the body supervising the functioning of and compliance

with the Model;

– introduces disciplinary measures with respect to non-compliance with the Model.

The duties of the Supervisory Body shall be the implementation, updating and, where necessary,

amendment of the Model based on principles contained in this document. The organisational

instruments (e.g., procedures/policies, organisational instructions/notices) necessary for the

implementation, updating and amendment of the Model shall be issued by the competent corporate

management bodies.




of 41

CHAPTER 3 – SUPERVISORY BODY

3.1 The Vodafone Supervisory Body

Vodafone’s Board of Directors has created an Internal Supervisory Body (the “Supervisory Body”) as

a multi-member, collective body consisting of the Internal Audit Manager, the Chairman of the Board

of Directors, - non-executive, in that not in possession of operating powers, and independent – and the

Chairman of the Board of Statutory Auditors.

The Supervisory Body shall define and conduct its activities in a collective manner and has been

granted "autonomous powers of initiation and control" in accordance with art. 6 (1) letter b) of

Legislative Decree no. 231/2001. The Supervisory Body shall specifically have:

– the resources needed to conduct its affairs;

– the ability to make enquiries and/or to avail itself of other parties in possession of the necessary,

purely technical skills.

3.2 Appointment

Appointment to Vodafone’s Supervisory Body is by resolution of the Board of Directors. The

members of the Supervisory Body shall be appointed until the dissolution of the Board of Directors

appointing the Supervisory Body or for a period of three years, whichever is shorter, and shall be

eligible for reappointment. The Supervisory Body shall be dissolved on the date of the Shareholders'

Meeting convened to approve the financial statements for the last year of the Supervisory Body’s term

of office, but shall, however, continue to function ad interim until new members are appointed to the

Supervisory Body.

The appointment of members to the Supervisory Body shall be conditional on - in addition to the

requirements relating to the membership of the Internal Audit Manager or Chairman of the Body of

Directors, non-executive and independent, or Chairman of the Body of Statutory Auditors – the

possession of the requirements for eligibility.




of 41

In order to assure the necessary stability of the Supervisory Body, the following procedures are

required to revoke the powers of Body members.

In the event that an individual who has been appointed ceases, for any of the cited reasons, to be

eligible, such appointment shall be automatically terminated.

If, during any one year, one or more vacancies occur on the Supervisory Body, the Board of Directors

shall replace the terminated members by resolution and in consultation with the Board of Statutory

Auditors and make the corresponding amendments to the Model. The term of office of a member of

the Supervisory Body, so appointed, shall be coterminous with the term of office of the member who

has been replaced.

Any revocation of powers relating to the Supervisory Body and the granting of such powers to another

individual may only be for good cause, which shall include organisational restructuring of the

Company, by express resolution of the Board of Directors and with the consent of the Board of

Statutory Auditors, in consultation with the Audit Committee.

In matters of particularly grave concern, the Board of Directors may, however, in consultation with the

Board of Statutory Auditors, suspend the powers of the Supervisory Body and appoint an ad interim

Body.

3.3 Duties and Powers of the Supervisory Body

The activities of the Supervisory Body shall not be subject to review by any other of the Company’s

entities or units, subject, however, to the fact that the Board of Directors, as the entity ultimately

responsible for the Model’s proper implementation and effectiveness, has a continuing obligation to

oversee the proper performance of the Body’s duties.

The powers of initiation and control, required to assure effective and efficient oversight of the proper

implementation of and compliance with the Model pursuant to art. 6 of the Decree, shall be delegated

to the Supervisory Body.




of 41

In order to assure the performance and exercise of its functions, the duties and powers of the

Supervisory Body shall specifically include the following:

– verification that the Model is sufficiently adequate to prevent the commission of the criminal

offences set out in the Decree and the ability of the Model to detect the occurrence of any unlawful

conduct;

– verification of the Model’s efficiency and effectiveness including the compliance of procedures

actually used with the Model's formal requirements;

– verification of the Model’s continuing efficiency and effectiveness over time;

– monitoring, development and facilitation of the regular updating of the Model, formulating, where

necessary, proposals to the management body of any updates and amendments to be made by

modifying or supplementing the Model as may become necessary as a result of: i) serious

infringements of the Model’s requirements; ii) major changes to the Company’s internal structure

and/or operating methods; iii) changes in laws and regulations;

– provision for the periodic updating of the system of identifying, mapping and classifying sensitive

activities;

– staying in continual contact with the firm of auditors, while safeguarding their required level of

independence, and with all other consultants and employees engaged in the effective

implementation of the Model;

– noting any changes in conduct that are discovered in the analysis of information and reports

required to be provided by the managers of the various functions;

– reporting the ascertainment of any infringements of the Model, which could result in the

assumption of responsibility by the Company, to the management body in order for appropriate

action to be taken;

– preparation of reports for and assurance that relevant information is provided to the Board of

Directors and the Board of Statutory Auditors;

– guaranteeing the proper functioning of the Supervisory Body, including the adoption of rules

having regard to its own activities providing for: the timing of activities, the specification of the




of 41

timing of controls, the definition of analytical criteria and procedures, the minuting of meetings,

the regulation of information flows from organisational units within the Company;

– the facilitation and specification of action to assure the dissemination and understanding of the

Model, as well as the training of personnel and development of their awareness of the need for

compliance with the principles contained therein;

– the facilitation and preparation of publicity and training sessions having regard to the provisions of

Legislative Decree no. 231/2001, the impact of that law on corporate operations and standards of

conduct;

– provision of clarifications relating to the meaning and application of the Model's requirements;

– establishment of effective internal reporting procedures for information relating to the Decree in

such a manner as to protect and guarantee confidentiality of the identity of the party reporting such

information;

– the estimation and submission to the management body of the estimated costs for the proper

performance of the Supervisory Body’s duties. Such estimated costs shall, in all cases, be the

maximum amount required to assure the full and proper performance of the Supervisory Board's

duties;

– free access to all divisions and units of the Company – with no requirement for prior consent – in

order to request and obtain information, documentation and data, considered necessary for the

performance of the duties required by the Decree, from all employees and directors;

– obtaining information relating to the Company’s external workers, consultants, agents and

representatives;

– the facilitation of the institution of any disciplinary action and the recommendation of sanctions

pursuant to Chapter 5 of the Model;

– verification and assessment of the suitability of disciplinary measures within the meaning and for

the purposes of the Decree;

– in the event of controls, investigations, requests for information by competent authorities for the

purposes of determining compliance of the Model with the requirements of the Decree, the




of 41

monitoring of contacts with the individuals conducting such activities and providing such

individuals with sufficient information.

Vodafone’s Board of Directors shall provide sufficient notice to corporate units with respect to the

duties and powers of the Supervisory Body.

3.4 Required Reporting to the Supervisory Body - Information Flows

The Supervisory Body shall be promptly informed, through special internal reporting procedures, of

such acts, conduct or events that could cause an infringement of the Model or which, more generally,

are relevant for the purposes of the Decree.

The obligation to report any conduct contrary to the Model’s requirements are a part of the broader

duty of diligence and obligation of loyalty pursuant to arts. 2140 and 2105 of the Italian Civil Code.

The due fulfilment of the reporting obligation by the employee may not result in disciplinary action.

The following provisions of a general nature shall be applicable in this regard:

– information regarding the following shall be obtained:

– i) the commission, or reasonable risk thereof, of criminal offences cited in the Decree; ii)

“practices” which are not in accordance with standards of conduct required by the Company; iii)

any conduct that could cause an infringement of the Model;

– an employee intending to report an infringement (or suspected infringement) of the Model may

contact his or her direct superior or, if action is not taken with respect to such reports or the

employee does not feel it appropriate to give such information to his or her direct superior, the

report may be made directly to the Supervisory Body;

– in order for the above reports to be handled in the most efficient manner, a detailed procedure has

been specified and described in the Code of Ethics, which will be made known to all Company

employees;

– the Supervisory Body shall have discretionary powers relating to reports in its possession, the

assessment thereof and instances for which it is necessary to take action.




of 41

It shall be guaranteed to those persons making reports in good faith, that they will not be subject to any

form of retaliation, discrimination or punishment and it is in all cases assured that the identity of the

person making the report shall be kept confidential subject to legal requirements and the rights of the

Company or of persons accused in error or in bad faith.

In addition to reports of infringements of a general nature as described above, Company employees

working in sensitive areas shall report to the Supervisory Body on: i) the results of periodic controls

made by such employees in implementation of the Model (summary reports of the performance of

controls, monitoring, indications, etc.); ii) unusual or atypical items (action which is irrelevant on its

own, may become relevant if repeated or the area in which it is committed is broadened).

Purely by way of example, such information may relate to:

– matters perceived to be “at risk” (e.g., decisions relating to the application for, disbursement of and

use of public funds; summarized information relating to government contracts obtained in

connection with Italian or international tenders; information relating to orders from government

entities; etc.);

– any actions by and/or information received from criminal investigation units or from any other

authority inferring that an investigation is underway, including investigations of unknown persons,

for the criminal offences set out in the Decree and which could involve the Company;

– requests for legal assistance made by employees in the event of the institution of legal proceedings

against such employees and relating to the criminal offences set out in the Decree, unless expressly

prohibited by the judicial authorities;

– reports prepared by the managers of other corporate units in connection with their own controls

which reveal facts, acts, events or omissions of a critical nature with respect to compliance with

the standards and requirements of the Model;

– information relating to any disciplinary action and any sanctions applied (including proceedings

against employees) or of any dismissal of such proceedings together with the relevant reasons;

– any other information which, although not included in the above list, could be relevant to proper

and full oversight and updating of the Model.




of 41

3.5 Gathering and Archiving of Information

All information and reports required by the Model shall be kept by the Supervisory Body in special

files (electronic or paper).

3.6 Supervisory Body’s Reporting to other Corporate Bodies

Functionally, the Supervisory Body shall report to the Audit Committee.

The Supervisory Body shall report matters relating to the Model’s implementation, findings of a

critical nature and the need for modifications.

There are two distinct reporting lines:

– the first, on a continuing basis, is to the Audit Committee and the Chief Executive Officer;

– the second, on a periodic basis of at least every six months, is to the Board of Directors in the

presence of the Board of Statutory Auditors.

Any meetings of the Supervisory Body with corporate bodies shall be documented.

The Supervisory Body shall be responsible for keeping records of such meetings on file.

The Supervisory Body shall prepare:

i) a quarterly report to the Audit Committee containing information relating to its activities;

ii) an annual report to be presented to the Board of Directors, Audit Committee and Board of

Statutory Auditors, summarizing activities during the past year and a plan for the activities for

the following year;

iii) immediate notification to the Board of Directors and the Audit Committee of the occurrence of

any extraordinary matters (e.g., serious infringements of the Model’s principles, new legislation

relating to the administrative responsibility of entities, material modifications to the Company’s

organisational structure, etc.) and, in the event that reports of an urgent nature are received.




of 41

CHAPTER 4 – DISCIPLINARY SYSTEM

4.1 Function of the Disciplinary System

Art. 6 (2), letter e) and art. 7 (4) letter b) of Legislative Decree no. 231/2001 recommend that the

effective implementation of an organisational, management and control model requires the

establishment of a system suitable to discipline non-compliance with the model. The creation of an

adequate disciplinary system is, therefore, a necessary condition for the organisational, management

and control model, pursuant to Legislative Decree no. 231/2001 to relieve entities of administrative

responsibility.

The sanctions entailed in the disciplinary system shall be applied to each instance of an infringement

of the Model’s requirements regardless of the institution and findings of any penal proceedings by the

judicial authorities for censured conduct entailing elements of those criminal offences set out in the

Decree.

4.2 Measures Against Employees

The obligation of Vodafone employees to comply with the Model's provisions and rules of conduct is

established by art. 2104 (2) of the Italian Civil Code of which the Model is a substantive and integral

part.

All infringements of the Model’s provisions and rules of conduct by Vodafone employees, who are

parties to the National Collective Employment Contract for employees of enterprises providing

telecommunications services (Contratto Collettivo Nazionale di Lavoro per il personale dipendente da

imprese esercenti servizi di telecomunicazione or "CCNL”), shall be subject to disciplinary action.

The Model’s requirements and the sanctions that become applicable in the event of non-compliance,

shall, in accordance with the disciplinary code, be communicated to all employees by internal notices

posted in places accessible to all persons and shall be binding on all of the Company's employees.




of 41

In conformity with art. 7 of Law No. 300 of 20 May 1970 (the “Employees' Charter") and any specific

applicable legislation, disciplinary action against Vodafone employees is equivalent to the disciplinary

action set out in arts. 46 ff. of the CCNL and, which, depending on the seriousness of such

infringements, are:

– verbal reprimands;

– written warnings;

– fine of a maximum of three hours;

– suspension (from service and of pay) for a maximum of three days unless such suspension is

precautionary rather than disciplinary;

– dismissal.

Disciplinary proceedings shall be instituted for each reported infringement of the Model in order to

ascertain the actual occurrence of such infringement. The enquiry phase of such proceedings shall

specifically include a statement to the employee of the infringements, which the employee has

reportedly committed, with sufficient time given to the employee to prepare a response in his or her

defence. If it is ascertained that there has been an infringement, disciplinary action shall be taken

against the relevant employee proportionate to the gravity of the infringement.

Such proceedings shall be in compliance with the procedures, provisions and guarantees pursuant to

art. 7 of the Employees' Charter and art. 46 of the CCNL having regard to disciplinary action.

Specifically:

– disciplinary action shall not be taken against an employee without prior statement of the relevant

infringement and without having provided such employee an opportunity to present arguments in

his or her own defence;

– a written notification of the relevant infringements setting out the facts of the details of such

infringements shall be provided to employees for disciplinary action more severe than verbal

warnings or reprimands;

– disciplinary action shall not be taken prior to five calendar days following such notice to the

employee during which the employee may present his or her own arguments in defence. In the




of 41

event that disciplinary action is not taken within ten calendar days from the date of the receipt of

such arguments (i.e., within sixteen days from the date of the notice), the arguments shall be

deemed to have been accepted;

– action shall not be taken prior to five days following the issuance of the notice, even in those cases

in which the employee does not present arguments;

– in the event that the alleged infringement is sufficiently serious to result in dismissal, the employee

shall, as a precautionary measure, be suspended from work until such time as a decision regarding

disciplinary action has been taken without, however, prejudice to the employee’s right to continued

remuneration for such period of suspension;

– the reasons for any decision to take disciplinary action shall be notified in writing;

– employees may present their own arguments either in writing or verbally;

– pursuant to art. 46 CCNL, disciplinary action other than dismissal may be appealed to the trade

union by employees, in accordance with the contractual provisions regarding the resolution of

disputes with individuals (see art. 7 CCNL – Claims and Disputes).

Vodafone management’s existing powers shall be sufficient to ascertain the commitment of an

infringement, decide on any disciplinary action and to impose sanctions.

4.3 Infringements of the Model and Related Sanctions

In conformity with relevant regulations and in compliance with the principles of the forms of

infringements and sanctions, Vodafone intends to make its employees aware of the requirements and

rules of conduct contained in the Model, the infringement of which would be subject to disciplinary

action and the respective applicable sanctions as determined with reference to the gravity of such

infringements.

Subject to Vodafone’s obligations in connection with the Employees' Charter, conduct constituting an

infringement of the Model and the respective disciplinary actions are set out below:

1. “Verbal reprimand ” shall be made to employees, who do not observe any one of the internal

procedures required by the Model (e.g., non-compliance with required procedures, omitting to




of 41

report required information to the Supervisory Body, omitting to apply controls, etc.) or whose

conduct in the performance of sensitive activities is not in conformity with the Model. Such

conduct shall constitute non-compliance with instructions issued by the Company.

2. “Written warning ” shall be issued to employees who repeatedly infringe procedures required

by the Model or whose conduct in the performance of sensitive activities is not in conformity

with the requirements of the Model. Such conduct shall constitute repeated non-compliance

with instructions issued by the Company.

3. A "fine" not exceeding three hours normal pay shall be imposed on an employee who

exposes corporate assets to risk by ignoring internal procedures required by the Model or by

performing sensitive activities in a manner which is not in conformity with the requirements of

the Model. Such conduct, which is the result of non-compliance with instructions issued by the

Company, results in risk to the Company's assets and/or constitutes acts which are detrimental

to the interests of the Company.

4. “Suspension” from service and of pay not exceeding three days, unless such suspension is

precautionary in nature rather than disciplinary , shall be imposed on employees who,

through non-compliance with internal procedures required by the Model or whose conduct in

the performance of sensitive activities is not in conformity with the requirements of the Model,

causes damage to the Company through acts detrimental to the Company’s interests or

employees who repeat the acts set out in points 1, 2 and 3, above, more than three times in any

one calendar year. Such conduct, which is the result of non-compliance with instructions issued

by the Company, results in damage to the Company's assets and/or constitutes acts detrimental

to the interests of the Company.

5. “Dismissal with notice” shall be imposed on an employee whose conduct in the performance

of sensitive activities is not in conformity with the requirements of the Model and is

unequivocally intended to perform an act defined as sanctionable by Legislative Decree no.

231/2001. Such conduct shall constitute grave non-compliance with instructions issued by the

Company and/or a grave violation of employees’ obligations to promote the interests of the

Company.




of 41

6. “Dismissal without notice” shall be imposed on an employee whose conduct in the

performance of sensitive activities infringes the requirements of the Model so as to result in the

application to the Company such action as provided by Legislative Decree no. 231/2001 and to

an employee who repeats the act set out in point 4, above, more than three times in any one

calendar year. Such conduct is a severe breach of the Company’s trust in the employee thus

causing grave moral and tangible harm to the company.

The nature and extent of each of the above-listed disciplinary measures shall be applied after giving

due consideration to:

– the intent of such conduct or the degree of negligence, imprudence or incapacity in addition to the

extent to the predictability of the event;

– the general conduct of the employee particularly with respect to the existence of any prior

disciplinary action taken against the relevant employee, within the limits permitted by law;

– the employee’s duties;

– the functional positions of persons involved in the acts constituting the infringement;

– the circumstances relating to the misconduct.

Any such disciplinary action shall be without prejudice to Vodafone's right to claim damages arising

from the infringement of the Model by an employee. The amount of such claims for damages shall be

proportionate to:

– the degree of responsibility and autonomy of the employee committing the infringement;

– the existence of any prior disciplinary action taken against the relevant employee;

– the extent to which such conduct was intentional;

– the seriousness of the effects of such conduct meaning the degree of risk to which the Company

can reasonably be believed to have been exposed – for the intents and purposes of Legislative

Decree no. 231/2001 – as a result of such infringement.

The Human Resources and Organisation Manager shall be ultimately responsible for the disciplinary

action described above who, personally, or through his delegates (Functional Human Resources




of 41

Managers), shall impose sanctions based on reports of the Supervisory Body, also in consultation with

the superior of the employee having committed the infringement. It shall also be the responsibility of

the Supervisory Body, together with the Human Resources and Organisation Manager, to verify and

assess the suitability of the disciplinary system for the intents and purposes of the Decree.

In the event of an infringement by managers of the requirements and rules of conduct contained in the

Model, Vodafone shall apply the most suitable form of disciplinary action to such managers. If the

infringement of the Model results in a breach of trust, the sanction shall entail dismissal for good

cause.

4.4 Measures against Directors

In the event of an infringement of the requirements and rules of conduct of the Model by members of

the Board of Directors, the Supervisory Body shall promptly notify the Board of Statutory Auditors

and all members of the Board of Directors of such occurrence. The recipients of such notice from the

Supervisory Body, shall be entitled to take such action as provided by the Articles of Association

which may, for example, include convening a shareholders’ meeting in order to take the most

appropriate action provided by law.

4.5 Measures against Statutory Auditors

In the event of an infringement of the requirements and rules of conduct of the Model by one or more

members of the Board of Statutory Auditors, the Supervisory Board shall promptly notify all members

of the Board of Statutory Auditors and the Board of Directors of such occurrence. The recipients of

such notice from the Supervisory Board, shall be entitled to take such action as provided by the

Articles of Association which may, for example, include convening a shareholders’ meeting in order

to take the most appropriate action provided by law.

4.6 Measures against Commercial Partners, Agents, Consultants and Other External Parties




of 41

Infringements of the requirements and rules of conduct of the Model by commercial partners, agents,

consultants, external or other parties bound by contract to the Company and which are also applicable

to such persons or any commission of a criminal offence pursuant to the Decree by such persons shall

be disciplined in accordance with the relevant contractual clauses that shall be included in the

respective contracts.

Such clauses may, for instance, require those third parties to apply and implement corporate

procedures in an effective manner and/or to conduct themselves in such a manner as to prevent the

commission of or attempts to commit criminal offences to which the sanctions provided by Legislative

Decree no. 231/2001 apply. In the event of either full or partial non-compliance with such obligation,

the Company shall have the right to suspend performance of the contract and/or to unilaterally rescind

the contract, even in the course of execution, or to determine the contract without prejudice to the right

to compensation for any damage suffered.

Such action shall obviously be without prejudice to Vodafone’s right to claim compensation for

damages arising from the infringement of the requirements and rules of conduct of the Model by such

external parties.




of 41

CHAPTER 5 – TRAINING AND COMMUNICATIONS

5.1 Introduction

In order to implement the model in an effective manner, Vodafone plans to assure the proper

communication of the Model's contents and principles both inside and outside of its organisation.

Vodafone’s objective specifically includes the communication of the Model’s contents and objectives

not only to its employees but also to parties that, although not formally employees, are bound by

contract to Vodafone for either the full-time or occasional provision of services for the achievement of

Vodafone’s objectives.

Although communication and training will be differentiated with respect to the relevant target group,

they should, in all cases, be complete, clear, accessible and consistent in order to make the various

target groups fully aware of corporate practices with which they are required to comply and the ethical

standards which should dictate their conduct.

The communication of and training in the Model’s principles and contents shall be arranged by heads

of the individual departments, units and functions and, in accordance with the Supervisory Body’s

indications and plans, shall be in such a form so as to make the best use of such services (e.g., training

programmes, staff meetings, etc.).

Communications and training shall be overseen and supplemented by the Supervisory Body, the duties

of which include "the facilitation and specification of action to assure the spread of awareness and

understanding of the Model, as well as the training of personnel and development of their awareness of

the need for compliance with the principles contained therein” and “the facilitation and preparation of

publicity and training sessions having regard to the provisions of Legislative Decree no. 231/2001, the

impact of that law on the Company’s operations and on the standards of conduct”.




of 41

5.2 Employees

All employees are required to: i) make themselves aware of the Model’s principles and contents; ii)

know how to implement the Model in the performance of their duties; iii) actively contribute, with

respect to their own duties and responsibilities, to the effective implementation of the Model, reporting

any problems encountered.

In order for communication to be effective and rational, Vodafone intends to promote and facilitate

varying levels of employees’ knowledge of the Model’s contents and principles depending on the

position and duties of various employees.

On joining, new employees shall be informed of the main principles of the Model and Code of Ethics.

Suitable methods of communications shall be used to provide information to employees regarding any

significant modifications to the Model in addition to all relevant procedural, regulatory or

organisational changes.

5.3 Other Target Groups

The communication of the Model's contents and principles shall also be addressed to external parties

bound by contract to Vodafone for the provision of services or who, although not Company

employees, represent the Company (e.g., commercial partners, agents and consultants, distributors,

business agents and other freelance providers of services).

For that purpose, Vodafone shall provide an extract of the Model's main principles and the Code of

Ethics to the most important external parties together with examples of the practices required.

Vodafone shall, with reference to the purpose of the Model, determine any need to communicate the

Model’s contents and principles to external parties, other than those listed above, as examples, and

more in general to the market.




of 41

SPECIAL PART 1 – SENSITIVE ACTIVITIES HAVING REGARD TO CRIMINAL

OFFENCES RELATING TO THE PUBLIC ADMINISTRATION

All those activities that could involve any type of contact with officials of the Public Administration,

are classified as sensitive activities in relation to criminal offences against the Public Administration.

Due to the differentiation of certain specific standards of control constituting integral parts of the

Model, all sensitive activities have been classified by the following types of contacts with government

entities:

1. Contacts with government entities in connection with the

negotiation/conclusion/performance of contracts awarded on a negotiated basis (direct award

or private negotiation) for the sale of goods and/or services. These activities relate to the sale of

mobile telephony goods and services to government entities by private negotiation and the

subsequent activation of the service/billings/collections/past due debt collection.

2. Contacts with government entities in connection with the

negotiation/conclusion/performance of contracts and/or sales agreements awarded by tender

for the sale of goods/services. These activities relate to the sale of mobile telephony goods and

services to government entities by participating in public tenders and the subsequent activation of

the service/billings/collections/past due debt collection.

3. Contacts with the Public Administration to obtain consents and licences for the development

and maintenance of the network. This primarily relates to activities having regard to contacts

with local authorities to obtain the consents required for the development/maintenance of network

infrastructure (e.g., base radio stations, core network technical sites, transmission sites) and any

relevant inspections.

4. Court and out-of-court settlements. These activities relate to court and out-of-court settlements

involving the Company in addition to the selection, evaluation and remuneration of external legal

consultants.




of 41

5. Contacts with the Public Administration relating to waste products or smoke emissions or

noise/electromagnetic pollution. These activities relate to environmental surveys/inspections

conducted by competent authorities to assure regulatory compliance.

6. Contacts with the Public Administration having regard to employee safety and health

standards (Legislative Decree no. 626/1994 and Legislative Decree no. 624/1996) and

compliance with statutory precautions and regulations having regard to employees with

certain specific duties. These activities relate to environmental surveys/inspections regarding

employee safety and health standards conducted by competent authorities to assure regulatory

compliance.

7. Employee social security contributions and/or related audits. These activities relate to social

security inspections/audits conducted by competent authorities to assure regulatory compliance.

8. Activities of a public/institutional nature. These activities primarily relate to i) contacts of a

political nature with national institutions and local authorities; ii) contacts with the principal

regulatory and/or supervisory bodies (e.g., technical reports of a regulatory nature in connection

with consultative proceedings or surveys undertaken by government supervisory authorities); iii)

contacts with the Revenue Authorities with respect to enquiries.

9. Obtaining and/or managing the receipt of grants/subsidies/financing granted by government

entities. These activities relate to the application, management and reporting of financings, grants

or other assistance granted by the Government, European Union or other public entity (e.g.,

financing pursuant to Law no. 488/1992).

10. Negotiation and conclusion with government entities of agreements required for the

development/operation of the network and the performance of such contracts. These activities

primarily relate to the negotiation and conclusion of contracts/agreements with government entities

for the acquisition of sites required for the development of the network (e.g., base radio stations,

technical core network sites, transmission sites).




of 41

11. Management of Audits conducted by the Public Finance Authorities dealing with Customs,

Excise and Tax Crimes (e.g., Guardia di Finanza, Revenue Agency, Customs and Excise

Agency). These activities relate to contacts with the tax authorities in connection with

checks/inspections/audits.

12. Management of Occasional Contacts with the Public Administration. These are non-

routine/occasional activities primarily relating to i) building permits and consents for civil works

other than the network (e.g., buildings, sales outlets, customer care); ii) contacts with the Ministry

of Communications for the notification of the progress of network sections, frequencies employed,

applications for new frequencies for new “fixed radio links”; iii) negotiation and conclusion of

agreements with the Public Administration (e.g., provincial) having regard to the employment of

personnel belonging to protected categories or for which there are subsidised employment

arrangements; iv) negotiation and purchase of contents from government entities; v) negotiation

and conclusion of contracts with government entities for the purchase of rights/leasing agreements

for leased or optic fibre lines; vi) negotiation/conclusion of roaming and interconnection contracts

with non-Italian operators classified as government entities; vii) contacts with the Public

Administration to obtain licenses/consents needed for the development of core businesses (e.g.,

WI-FI, UMTS).

13. Projects with “High-level interaction" with governm ent entities (e.g., partnerships for the

development of the Public Administration’s network/services, project financing, joint

ventures). These activities primarily relate to "exceptional" projects entailing high-level

interaction with government entities and relating to i) contacts with local authorities for the joint

development of public services (e.g., teleparking); ii) negotiation of/participation in tenders (e.g.,

project financing) with government entities for the development of the wireless network through

the creation of “proprietary” Hot Spots.

14. Provision of mandatory services pursuant to art. 96 of Legislative Decree no. 259/2003 (Code

of Electronic Communications) and related invoicing/collections – Provision of information

to the Ministry of Communications for the determination of rates for mandatory services




of 41

pursuant to art. 96 of Legislative Decree no. 259/2003 (Code of Electronic Communications).

These activities relate to the provision by the Company of mandatory services ordered by

competent judicial authorities for the interception of telephone communications and data, the

related invoicing/collections and the provision of data to the Ministry of Communications based on

the rates for mandatory services approved by the Ministry, together with the Ministry of Justice.




of 41

SPECIAL PART 2 – SENSITIVE ACTIVITIES RELATING TO C ORPORATE CRIMES

The sensitive activities that have been identified regarding corporate crimes pursuant to art. 25 ter of

Legislative Decree no. 231/2001 are the following:

1. Bookkeeping, annual reports, consolidated accounts, interim accounts, company reports

and notices in general in addition to relevant statutory disclosures. These activities relate to

accounting in general, annual reports, consolidated accounts, interim reports and notes on the

accounts in addition to any other information or disclosures required by statute.

2. Relationships with the Board of Statutory Auditors, audit firms and other corporate

bodies; preparing, keeping and archiving documents which could be under the control of

such parties. These activities relate to contacts with the Board of Statutory Auditors, audit firms

and shareholders relating to controls exercised by these parties.

3. Corporate obligations relating to the share capital and shareholdings. These activities are in

connection with safeguarding the company's assets (capital increases and reductions;

management of investments; interim dividends; de-mergers, mergers and spin-offs; distributions

of profits and reserves).

4. Shareholders’ Meetings. These activities relate to requirements in connection with

shareholders' meetings.

5. Disclosures to supervisory authorities and contacts with those authorities. These activities

relate to contacts with supervisory authorities having regard to the performance of obligations in

connection with the disclosure of company information.

6. Disclosures to external parties of news/information relating to the Vodafone Plc Group.

These activities relate to the release of price sensitive information (having regard, for instance, to

financial or operating information) regarding the Vodafone Plc Group.




of 41

SPECIAL PART 3 – SENSITIVE ACTIVITIES HAVING REGARD TO CRIMES AGAINST

INDIVIDUALS

The following aspects of the Company's business could be considered sensitive in relation to the child

pedo-pornography, also through the use of internet, which are punishable under arts. 600 ter and 600

quater of the Italian Penal Code.

1. Provision of virtual community/chat services through the Vodafone Live platform: the

Company's use of the Vodafone Live platform to provide Vodafone Customers with the ability to

upload content which they have produced themselves.

2. Provision of electronic messaging services: electronic messaging services entailing the provision

to Vodafone Customers of contents services and/or types of services through various types of

technologies such as SMS and MMS, in case of request of the recipient customer to be expressed

by an SMS and/or MMS. Such content is produced by external companies.

3. Provision of Internet connections: the Company provides access to the Internet from the mobile

and fixed telephone networks.

In order to implement and ensure compliance with local and international legal and regulatory

requirements and best practices associated with internet connections, Vodafone Italy has implemented

and adopted an adequate internal control system , also constantly updated with the industry

innovations.




of 41

SPECIAL PART 4 - SENSITIVE ACTIVITIES HAVING REGARD TO HEALTH AND SAFETY

CRIMES (Involuntary manslaughter and serious involuntary injury at workplaces due to

infringement of Laws and regulations governing workplace health and safety)

The sensitive activities that have been identified regarding corporate crimes pursuant to art. 25-septies

of Legislative Decree 231/2001 (culpable homicide, and negligent personal injury or grievous bodily

harm, caused by infringement through negligence of laws and regulations regarding accident

prevention, and health and safety at the workplace) are the following:

1. Activities at risk of accidents and occupational illness (activities at risk of accidents as determined

with reference to the Company Risk Assessment Document), including, for example, safety risks

(mechanical, electrical, thermal, falling on the ground, falling from heights, falling, or being hit by,

materials, insufficient emergency exits, fire or explosion, inadequate lighting, shifting cargoes, road

accidents), health risks (noise, vibrations, thermal micro-climates, ionised radiation, dust

explosions, cancer, biological, lighting, air quality, workstations) and ergonomic risks (work

location, unhealthy positions, excessively high or low mental activity, individual safety protection

devices);

2. Activities at risk of criminal offences (any activity the omission or incorrect performance of which

could be deemed the Company's criminal negligence) such as, for example:

a. with reference to directors' responsibility: the preliminary assessment of all risks,

identification of mitigating action and resources, and the determination of responsibility;

b. with reference to resources/staff management: staff training, job descriptions, purchase and

maintenance of equipment, working environment and emergency procedures;

c. with reference to products/services design and constructions: procedures and work

instructions, personal safety and the staff engagement.




of 41

In order to implement and ensure compliance with local legal requirements and internationally

accepted safety standards, Vodafone Italy has identified and implemented two important control and

management systems:

d. The Assessment of risks pertinent to health and safety in accordance with laws and

regulations as may be in force from time to time (Risk Assessment Document);

e. The Health & Safety Management system BS OHSAS 18001:2007 standard to ensure

production processes/activities are controlled and comply with health and safety

requirements pursuant to law, standards, local, Italian and European regulations, and to

organize of the entire structure.

The control of the effective implementation of the Health and Safety Management System at the

Workplace is also ensured through the implementation of a reporting / information flows from the

relevant parties within the organization (the Employer, the Health & Safety Director, the Head of

Safety department, Line Managers with responsibility regarding Health & Safety risks and employees)

to the Supervisory Body which is empowered to request the assistance of persons appointed by the

Company or competent external consultants.




of 41

SPECIAL PART 5 – SENSITIVE ACTIVITIES HAVING REGARD TO RECEIVING AND

HANDLING STOLEN GOODS, MONEY LAUNDERING,, USE OF ILLICIT CAPITAL, GOODS

AND UTILITIES

Given the changes in legislation and the Company's business, the following activities may be

considered as sensitive with respect to criminal offences under art. 25-octies of Legislative Decree

231/2001.

1. Qualifying, evaluating and negotiating with suppliers of goods and services. These are a series of

separate activities to determine a trustworthiness assessment of potential suppliers (and the goods they supply) in relation to the risk of committing receiving stolebn goods / money laundering crimes.

2. Management of Financial Flows (receipts and payments). Management of receipts, payments and

the Company's obligations. 3. Customer evaluation. Evaluation of customers and the management of data relating to Business

customer relationships. 4. Acquisition and disposal of Companies/divisions; signature and performance of agreements/joint

ventures, etc. A series of separate activities for the purpose of identifying and evaluating new investment opportunities for the Company.

5. Intercompany trading. Management of intercompany trading of a commercial nature in connection

with service and financial contracts.




of 41

SPECIAL PART 6 – SENSTIVIE ACTIVITIES HAVING REGARD TO CYBER CRIMES


considered as sensitive with respect to criminal offences under art. 25-octies of Legislative Decree

231/2001.

1. Management of access, accounts and profiles. A series of separate activities for the purposes of

regulating types of access to critical or sensitive data, systems and applications in order to prevent

access by unauthorised personnel.

2. Management of telecommunications networks. Activities relating to the operation and maintenance

of telecommunications networks, the use of security precautions to assure the confidentiality of

information, the monitoring of networks to identify unusual access and/or use, and the prompt

determination of corrective actions.

3. Management of hardware systems. A series of activities for the identification, implementation,

maintenance and monitoring of the Company's hardware.

4. Management of software systems. Activities relating to the identification, development,

maintenance and monitoring of the Company's software.

5. Management of physical access to IT equipment. A series of separate activities relating to the

determination of physical security measures to avoid access by unauthorised persons to systems and

to locations where IT systems and equipment are kept.

6. Management and security of digital documentation. Activities relating to the encryption of digital

documentation and the methodology, frequency of archiving, and conservation of digital

documentation.




of 41

SPECIAL PART 7 – SENSITIVE ACTIVITIES HAVING REGARD TO ORGANIZED

CRIMINALITY CRIMES


considered as sensitive with respect to criminal offences under art. 24-ter of Legislative Decree

231/2001.

1. Management of procurement: activities relating to the procurement of goods and professional

services by each of the Company's organisational units for its operations particularly with respect to the selection and qualification of suppliers.

2. Management of sales including tenders and the management of business relationships

particularly with distributors (dealers / sales agents): sales of goods and telephone services,

including tenders, and the management of contractual relationships with parties acting on behalf of

the Company such as, for instance, agents and distributors.

3. Management of personnel recruiting: activities relating to the recruitment of staff suitable for the Company's business and its management.

4. Management of financial resources: management of receipts and disbursements/payments. 5. Management of activities relating to taxation: all activities relating to bookkeeping, invoicing, and

their effect on taxation.

6. Provision of mandatory services pursuant to art. 96 of Legislative Decree 259/2003 (Code of Electronic Communications): Activities relating to the mandatory provision of services ordered by courts having jurisdiction for the interception of telephone communications and data.




of 41

SPECIAL PART 8 - SENSITIVE ACTIVITIES HAVING REGARD TO CRIMES OF FAKING

MONEY, PUBLIC CREDIT CARDS, REVENUE STAMP AND DISTINGUISHING

TOOLS/MARKS.

Sensitive activities relating to the faking of money, credit cards, stamps and faking, or use of faked

Brands, Trademarks, Patents documents, industrial design and other distinguishing tools/marks

pursuant to art. 25 - bis of Legislative Decree 231/2001 are the following.

1. Management of regulatory procedures regarding proprietary trademarks and patents: activities relating to the procedures required by the relevant Authority for the registration of trademarks and patents;

2. Management of procurement: activities relating to the procurement of goods bearing trade or other distinctive marks;

3. Management of sales: activities relating to the sales of goods bearing trade or other distinctive marks.

SPECIAL PART 9 – SENSITIVE ACTIVTIES HAVING REGARD TO CRIMES AGAINST

INDUSTRY AND COMMERCE (BREACH OF OTHER PATENTS AND INTELLECTUAL

PROPERTY RIGHTS)


considered as sensitive with respect to criminal offences under art. 25-bis.1 of Legislative Decree

231/2001.

1. Research and development: activities relating to the use of new inventions of products or

components thereof, including those for the improvement of the Company's production processes.




of 41

SPECIAL PART 10 – SENSITIVE ACTIVITIES HAVING REGARD TO COPYRIGHTS CRIMES


considered as sensitive with respect to criminal offences under art. 25-novies of Legislative Decree

231/2001.

1. Management of information systems and software licences: Activities relating to the

management of the Company's information systems and software systems used by the Company

.

2. Management of the procurement of copyrighted materials: Activities relating to the procurement

and use of copyrighted materials to be used as content for handsets/terminals to be sold in the

future or for advertising and promotions (e.g., software or music to be installed in terminals or

music reproduced and disseminated in connection with advertising);

3. Management of sales: Activities relating to the sales of products containing copyrighted materials

such as terminals containing music or film.

SPECIAL PART 11 - INFLUENCE NOT TO DECLARE OR PROVIDE FALSE DECLARATION

TOWARDS CIVIL COURT

Art. 25-novies of the Decree cites "Inducements not to make statements or to make false statements to

the courts " pursuant to art. 377 of the Italian Civil Code as an offence and punishes those persons

who, unless accused of a more serious crime, cause, by violence or threats or the offering or promise

of monies or other benefits, persons subpoenaed as witnesses in criminal proceedings to withhold or

commit perjury where such witnesses have the right to remain silent.

Prevention: Analyses have shown that this offence is applicable to the Company. In order to avoid

conduct of this nature, all recipients of the Model are required to comply with the Code of Ethics and,

in particular, the Company's ethical principles relating to relationships with other parties, whether

employed by the Company or not.

Vodafone Omnitel N.V. · PDF fileConfidentiality grade: C1 English Version ABSTRACT OF THE...

Documents

Transcript of Vodafone Omnitel N.V. · PDF fileConfidentiality grade: C1 English Version ABSTRACT OF THE...