Homepage
Login/Register

Whistleblowing

In accordance with Article 6 of Legislative Decree 231/2001, Live Nation Italia S.r.l., Live Nation 2 S.r.l., and Live Nation 3 S.r.l. (hereinafter referred to as the “Companies”) have established clear and identifiable internal reporting channels for the receipt, analysis, and handling of reports — including anonymous reports — concerning violations relevant under Legislative Decree 231/2001, or breaches of the Organizational Model, Code of Ethics, or any other procedures adopted by the Companies or the Group (so-called “whistleblowing”).

These reporting channels allow relevant individuals to report violations, including anonymous reports, to the appropriate Company. Reports may concern breaches of laws and regulations, unlawful conduct relevant under Legislative Decree 231/2001, or violations of the Organization, Management and Control Model that have come to their attention in the context of their working relationship.

Please note that the whistleblowing channel is not intended for general complaints.

You can download the Whistleblowing Procedure at this link.

Submit a report

Data Controller

The Data Controller is LIVE NATION ITALIA S.r.l., with registered office at Via Pietrasanta 14, Tax Code and VAT number 03320430964, and can be contacted via the following channels:

The Data Controller has appointed a Designated Data Protection Officer (DPO), who can be contacted at the same email address.

Categories of Data Processed

The categories of personal data processed in relation to the reporting person and, where applicable, the facilitator, include:

  • Identifying personal data;

  • Contact details;

  • Common or special categories of personal data voluntarily provided in the report.

Purpose, Legal Basis, and Data Retention

The processing of personal data is necessary for the following purposes:

  1. To allow the reporting person to submit a report concerning any of the offenses covered by Legislative Decree No. 24/2023;

  2. To follow up on the report, including the evaluation of the facts, investigation outcomes, and any measures adopted;

  3. To inform the reporting person of the status or outcome of the report;

  4. To inform the reporting person if it is necessary to disclose confidential data and/or their identity, including when essential for the defense of the person involved;

  5. To share the personal data of the reporting person, with their consent, to ensure proper handling of the report.

Legal Basis:

  • For purposes 1 to 4: Article 6(1)(c) GDPR — processing is necessary to comply with a legal obligation to which the Data Controller is subject;

  • For purpose 5: Article 6(1)(a) GDPR — processing is based on the data subject’s consent.

Retention Period:
Personal data will be retained only for the time necessary to process the report and in any case no longer than 5 yearsfrom the date the final outcome of the procedure is communicated.

Consequences of Failing to Provide Data

Providing the personal data marked as mandatory is necessary to pursue the purposes described. Failure to provide such data will make it impossible to proceed with the processing. Providing other personal data is optional.

Categories of Entities That May Process or Receive Personal Data

Within the limits of the obligations, duties, and purposes set out above:

  • Personal data will be processed exclusively by employees and collaborators of the Data Controller and by third parties appointed as Data Processors under Article 28 of the GDPR, in accordance with applicable laws and data protection measures;

  • Data will not be disclosed in any way without the data subject’s consent.

A list of Data Processors is available upon request from the Data Controller.

The Data Controller may also communicate personal data to independent third-party data controllers strictly for compliance with legal obligations.

Data Subject Rights

At any time, the data subject may exercise the rights provided by EU Regulation 2016/679, including the right:

  • To access their personal data;

  • To request rectification or erasure of the data, or restriction of processing;

  • To object to processing where it is based on the Data Controller’s legitimate interest;

  • To data portability, where applicable;

  • To withdraw consent, where applicable (without affecting the lawfulness of processing based on consent before its withdrawal);

  • To lodge a complaint with a supervisory authority.

In Italy, the relevant supervisory authority is the Garante per la protezione dei dati personali (www.gpdp.it).

Requests to exercise these rights may be sent by email to the address provided above.

Data controller
The data controller is LIVE NATION ITALIA S.r.l., with registered office at Via Pietrasanta 14, Tax Code and VAT no. 03320430964, and can be contacted as follows:

  • By email at: privacy@livenation.it

  • By regular mail at the address indicated above.
    The controller has appointed a Designated Data Protection Officer (DPO), who can be contacted at the email address provided above.

Categories of data processed
The categories of personal data processed are the following:

  • Identifying and contact data of the person involved*

  • Personal data, including common, special categories, or data relating to criminal convictions of the person involved, that may emerge during the report

  • Additional personal data, including common, special categories, or data relating to criminal convictions, voluntarily shared by the person involved
    (*) The data marked with an asterisk are mandatory for processing.

Purpose, legal basis, and data retention
The processing of personal data is necessary in order to:

  • Follow up on the report, particularly to assess the validity of the facts reported, the outcome of investigations, and any actions taken

  • Hear the person involved, including upon their request, possibly through a written procedure by collecting written observations and documents
    For each of the purposes above, the legal basis is Article 6(1)(c) GDPR, as the processing is necessary to comply with a legal obligation to which the data controller is subject.
    Personal data will be retained for the time necessary to process the report and in any case no longer than 5 years from the date the final outcome of the reporting procedure is communicated.

Consequences of failure to provide data
Providing personal data directly by the person involved is optional. Failure to provide such additional data does not prevent the evaluation of the report from proceeding.

Categories of parties who may process or receive personal data
Within the scope of the obligations, duties, or purposes set out above:

  • Personal data will be processed exclusively by employees and collaborators of the data controller, as well as by third parties appointed as data processors under Article 28 of the GDPR, in compliance with applicable laws and data protection measures

  • Data will not be disclosed in any way without the data subject’s consent
    A list of data processors can be requested from the controller. The controller may disclose personal data to third parties acting as independent data controllers solely to comply with legal obligations.

Data subject rights
The data subject may, at any time, exercise the rights provided for by EU Regulation 2016/679, including the right to:

  • Access their personal data

  • Obtain rectification or erasure of the data, or restriction of the processing

  • Object to processing where the controller relies on legitimate interest

  • Obtain data portability, where applicable

  • Withdraw consent, where applicable (the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal)

  • Lodge a complaint with the supervisory authority. In Italy, the competent authority is the Garante per la protezione dei dati personali (www.gpdp.it)
    These rights may be exercised by sending a request via email to the address indicated above.