1. Introduction and purpose
With this whistleblower scheme, the company wishes to provide a distinct, autonomous and independent channel where company employees, customers, and business partners can report suspicions of irregularities, violations, or potential breaches of applicable law or the company’s essential policies and guidelines.
The whistleblower scheme cannot and should not replace direct contact with the company, including your manager and others. Rather, the whistleblower scheme should provide an appropriate space for reporting more serious incidents that are either not suitable for being dealt with through existing communication channels or where you wish to ensure anonymity.
The following sections describe how the whistleblower scheme works in practice, including the matters covered by the scheme and how filed reports are processed as part of the whistleblower scheme.
The whistleblower scheme will be administered by the company's internal whistleblower officer.
2. What incidents and situations can be reported?
The whistleblower scheme can be used to report any suspected irregularities, violations or potential breaches of applicable law or the company’s essential policies and guidelines.
The following matters are generally not covered by the scheme:
- Complaints about poor cooperation, perceived incompetence, remuneration grievances and other day-to-day or routine matters.
- Reports on the work environment, decision-making processes or general management decisions.
Issues not covered by the scheme are not to be neglected but can be addressed in other ways within the company.
Reporting of deliberately false accusations against individuals or incorrect information is not allowed.
3. Who can file a report?
All employees, customers, and business partners can create anonymous reports as part of the scheme.
4. Who can be the subject of the report?
You can report any suspected irregularities or breaches of the law committed by the company’s employees, including members of management, owners or the board of directors.
5. How is a report filed – and to whom?
Reports to the whistleblower scheme are filed electronically on the whistleblower portal via the link published by the company.
Reports may be submitted in Danish or English and the following information will be useful to those processing the reports:
- Name, department and contact details of the person being reported;
- a description of the facts giving rise to the report and
- any documentation or evidence supporting the report.
The report will initially be investigated by the company's internal whistleblower manager, who will conduct a screening of the matters following which the the company's internal whistleblower officer either rejects the matter or notify the relevant person in the company’s management or the whistleblower committee of the report.
6. Anonymity?
The person filing the report chooses whether to do so anonymously.
The whistleblower system does not log IP addresses or machine IDs, and all data transmission and storage are encrypted. Only the external lawyer administering the scheme has access to the report processing part of the system.
When a report has been filed, it is possible to log on to the system anonymously at a later point in time to see whether the company's internal whistleblower manager has asked any further questions about the matter or is requesting any further documentation.
Any subsequent dialogue is always anonymous unless you (the whistleblower) explicitly choose to reveal your identity – and depends solely on your willingness to log on to the system and answer the company's internal whistleblower manager’s questions.
Regardless of whether or not you choose to disclose your identity, please be aware that the investigation into the incident or misconduct reported may compromise your anonymity if, for example, a proper investigation into the matter reported, an employment law case or a lawsuit against the person reported are initiated.
7. The post-reporting process
The company's internal whistleblower officer notifies the company’s management of the report. If the reported incident or misconduct concerns the whistleblower or a member of the company's management or board of directors, an alternative – relevant, appointed and impartial – person in the company will be notified.
When a report is received by the company's internal whistleblower officer, said the company's internal whistleblower officer is obliged to open an initial investigation into the reported matter.
If the report is incorrect or proves to fall outside the scope of the scheme, it will immediately be rejected and deleted from the system, and the person who reported the matter will be notified. If the report was filed anonymously, the whistleblower can be notified by logging into the whistleblower portal using the provided username and password.
If the initial investigation concludes that the report is likely to fall within the scope of the scheme, the report may give rise to further investigation. The matter will be processed by the whistleblower officer or possible by the external lawyer or partner and may have employment law consequences for the individual, including the management or board member, who is the subject of the report. The matter will be deleted from the whistleblower portal once it is no longer necessary to have the information recorded.
If the report concerns specific persons, the company may be obliged to alert the persons reported about the reported facts. In each situation, a specific assessment will be made to ensure that the notification does not impact on the investigation of the reported facts or the gathering of evidence or other material facts.
No information will be disclosed on the whistleblower’s identity, even if the whistleblower has chosen to disclose his or her identity. However, it should be noted that a non-anonymous whistleblower risks being called as a witness in the event of a trial. Also, anonymous whistleblowers are reminded that the company’s investigation into the incident or misconduct reported and the subsequent handling of a potential case may compromise your anonymity.
The nature of the reported matter may be so serious that it is passed to the police for further investigation. Once the police (and possibly the courts) have finalised the matter and any appeal period has expired, the report will be deleted from the whistleblower portal.
Depending on the nature of the matter, the case may end up in court and the person subject of the report may, again depending on the severity, risk a fine and/or imprisonment.
It is important that the whistleblower portal is not used for making false accusations where innocent people are suspected. All reports must therefore be submitted in good faith. If a report is filed in bad faith and it turns out to be the result of personal negative feelings, vengeance, etc., such an unfounded report may have employment law consequences for the whistleblower, if the person is identified.
8. Employee protection
Persons who submit reports to the whistleblower scheme are protected from negative consequences related to the report itself, including dismissal and unfavorable treatment, provided that the reports are filed in good faith.
If the report involves critical matters concerning the whistleblower, or if the company becomes aware of such critical matters concerning the whistleblower in the course of making the report, the whistleblower will not be exempt from any adverse consequences regarding those matters.
If the whistleblower deliberately or in bad faith files a false accusation against a person, the whistleblower is not protected from negative consequences.
9. Confidentiality
All reports submitted to the whistleblower scheme are treated in strict confidence by the company and the lawyer or partner administering the scheme. The same applies to the whistleblower officer(s) within the company.
If the whistleblower so wishes, he or she may at any time request the whistleblower officer(s) of the company to delete the personal data entered into the report.
10. IT security
The whistleblower system is operated by Legalsys ApS, which is an independent party ensuring system security and anonymity. A data processing agreement has been entered into with Legalsys ApS.
You can read more about system security on the whistleblower portal.
11. Personal data
The processing of personal data provided within the confines of the whistleblower scheme is subject to the applicable data protection rules.
As the whistleblower scheme is administered by Legalsys ApS, he or she acts as the data processor for the company, which is the data controller.
A data processing agreement has been entered into between Legalsys ApS and the company, which, among other things, instructs the lawyer not to disclose any personal data on the whistleblower to the company, unless the whistleblower has explicitly consented to this.
Unless the report is filed anonymously, the whistleblower officer will process personal data about the reporter. In any event, the company and the lawyer or partner will process personal data about the person subject of the report and any other persons mentioned in the report. These personal data will usually include the person’s name and a description of the reported incident, which may concern one or more criminal offenses and/or employment law offences.
General personal data are processed under Article 6(e) of the General Data Protection Regulation (GDPR), according to which the personal data may be processed where necessary for the performance of a task in the public’s interest or in the exercise of the public authority vested in the data controller. For example, the company may process personal data within the confines of the filed reports to ensure that potential breaches of applicable law cease to restore confidence in the company.
Sensitive personal data may be processed under Article 9(2)(f) of the General Data Protection Regulation (GDPR), according to which data processing is necessary for the establishment, enforcement and defence of legal claims or when courts are acting in their judicial capacity.
Personal data provided in or associated with a report will be kept for as long as this is deemed necessary for the purpose of which the data are collected and the specific retention period will depend on the content of the report.
The whistleblower and the subject of the report, have the right to complain about the personal data processing within the context of the whistleblower scheme. Such a complaint can be submitted to Datatilsynet, (the Danish Data Protection Agency), Carl Jacobsens Vej 356, 2500 Valby, tel. +45 33193200, or by e-mail: dt@datatilsynet.dk.
12. Commencement
The whistleblower policy enters into force as soon as it has been made public in the company and is reviewed at least once a year.
13. Questions
Questions about this whistleblower scheme may be directed to the relevant persons listed on the whistleblower portal.
Whistleblower policy, version 2-2021, English Translation
Updated, 01-12-2023