In order to guarentee compliance with legislation and at the same time monitor and control the risks, the system is divided into a network of protected areas (resources, technologies, instruments and competencies), partially interconnected according to the objectives/risks to be monitored and designed to ensure the achievement of control objectives.
The trend in the competition situation on the markets where the Acea Group operates requires growing attention to the matter of compliance with antitrust law and the regulations concerning consumer protection.
Acea believes that competition and consumer protection is a core value for company business activities and pursues its objectives in obersvance of the rules regulating the market. Consistent with the principles set out in the Code of Ethics, the Group specifically abstains from collusive and abusive practices and, more generally speaking, from any practice that might impede the correct functioning of market mechanisms and imply detriment to consumers.
Acea has, therefore, adopted a specific "Antitrust Compliance Programme", with a view to both enhancing internal controls intended to ensure compliance with market and consumer protection legislation and to promoting the development of a corporate culture, oriented towards respect for free market values and fair competition.
In this connection, on 13 December 2018 the Acea Spa Board of Directors approved:
The Compliance Programme, implemented in every Group company under the responsibility of the Company Antitrust Liaison Officer, provides for a series of activities, including:
In 2021, a project was launched to review and update the compliance programme, aimed at further enhancing the internal control system with regard to Antitrust and Consumer Protection and improving the compliance strategies according to the standards applied at European level, in line with the “Antitrust Compliance Guidelines” issued by the AGCM (Italian competition authority) and with national and European best practices and case law.
Each Company’s Antitrust Contact Person receives specific training and support from the Holding Company Contact Person.
The Group has adopted a Privacy Governance Model, in accordance with the indications set forth by Regulation (EU) 2016/679 on data protection (GDPR), which constitutes the organisational and control framework wherein both roles and responsibilities and the methods for implementation of the basic principles of Privacy discipline are identified, with a preventive risk-based approach supported by constant monitoring and periodic reviews.
In 2021, this Model – after conclusion of the phase of implementation at the subsidiaries – was reviewed based on the application findings that emerged during the previous two years and enhanced with appropriate methodological tools in order to strengthen its application effectiveness (Control Framework).
The year 2021, still characterised by a high level of commitment in managing the Covid-19 pandemic, saw Acea engaged in initiatives with high privacy impact, including the activation of the company’s vaccination HUB, which involved the introduction of specific procedures able of ensure the safe and compliant handling of data (vaccination status, management of absences/replacements, etc.).
Moreover, a programme was initiated for a risk analysis of all treatments included in the Parent Company’s register, in order to allow the associated risk to be constantly and promptly updated. Regarding the treatments considered potentially high risk, according to the case studies, specific analyses are carried out such as DPIA (Data Protection Impact Assessment), LIA (Legitimate Interest Assessment) and TIA (Transfer Impact Assessment). In the event of outsourced activities specific contractual tools are used to regulate the handling of personal information and a constant monitoring of procurement operations is guaranteed.
Lastly, communication initiatives and training sessions were arranged on the privacy impacts of individual processes, as well as an online Workshop dedicated to Digital Marketing and Telemarketing issues, with the participation of industry experts, members of the Authority and Business Associations.
The Data Protection Officer (DPO) at Group level is supported by an ad hoc structure (DPO Office), contactable at the following address: firstname.lastname@example.org. Some "privacy control units" have also been identified to act as internal reference and liaison points with the DPO Office.
For the sustainability of its operations, Acea acknowledges the following core values:
The Integrated Certification Systems Unit within the Parent’s Risk & Compliance Function defines the methods and standards of reference for the implementation of QASE (Quality, Environment, Safety and Energy) certified management systems, as well as for further certifications, accreditations and certifications of interest to the Group, and operates in synergy with the operating companies’ counterpart Units.
Acea Group has implemented the following policies, which set out the company’s principles and commitments:
The Acea Group is also committed to continuously updating its Management Systems and – for this reason – it constantly tracks and analyses the changes in the internal and external context, and the stakeholders’ expectations as well.
Management of quality, environment, safety and energy are central aspects of our corporate policies, as shown by the number of Group companies that have implemented certified integrated management systems.
Certified Management Systems within Acea Group (as at 31/12/2021)
||X||Biosafety Trust certification|
|Acea Ato 2||X||X||X||X|
|Acea Ato 5
|Acea Energia||X||X||X||Biosafety Trust certification|
|Acea Elabori||X||X||X||UNI 17025
Biosafety Trust certification