POLYTEKNIK AS whistleblower policy

1: Purpose of the whistleblower scheme POLYTEKNIK A/S want an open corporate culture where everyone can come forward freely and report suspected irregularities or illegalities concerning the employees, management, board of directors and other stakeholders relating to POLYTEKNIK A/S.

The employees of POLYTEKNIK A/S will often be the first to detect irregularities or fraudulent behavior. However, it often turns out that most people are reluctant to go ahead with their suspicions. Recognizing this, POLYTEKNIK A/S has chosen to set up a whistleblower scheme where all employees can report violations or omissions in relation to legislation as well as other serious and sensitive matters.

The whistleblower scheme aims to increase the ability of POLYTEKNIK A/S employees to

  • to express an opinion on illegal or objectionable facts.
  • to protect those who report information to the whistleblower scheme.
  • detecting maladministration.

The whistleblower scheme is a supplement to the direct and daily communication of POLYTEKNIK A/S about errors and unsatisfactory conditions, etc. Problems should therefore be addressed in the first instance by contacting, for example, the employee’s immediate manager, union representative or directly to management.

2: Scope of the whistleblower scheme POLYTEKNIK A/S whistleblower scheme allows employees to make anonymous reports if there is a reasonable suspicion of serious and objectionable facts or illegalities that could cause punitive, financial loss or serious damage to the reputation of POLYTEKNIK A/S.

3: Reporting via the whistleblower portal All employees and board members can contact anonymously or with information about identity and contact information. Both current and former employees can make an alert.

Likewise, the whistleblower portal allows external stakeholders to report, e.g., customers, suppliers, business partners, etc.

4: Content of the alert Only persons associated with POLYTEKNIK A/S may be reported.

The notification may relate to the following categories:

  • Employees in POLYTEKNIK A/S, i.e., where an employment relationship has been established between POLYTEKNIK A/S as an employer and the employee as an employee. The form of employment is not relevant (permanent, part-time, hourly, temporary, temporary)
  • Directors • Business partners and suppliers
  • Basic system errors that cannot be attributed to a specific person or persons.

5: Facts that can be reported via the whistleblower portal. The report shall relate to serious offences, offences or other serious circumstances or suspicions thereof. Only:

  • Serious and/or criminal offences such as theft, embezzlement, fraud, fraud, bribery, corruption, accounting fraud/manipulation, improper use of assets, misuse of financial resources, etc.
  • Serious issues relating to discrimination, violence, assault, and harassment.
  • Serious violation of internal guidelines (serious infringement is understood to be a systematic, repeated and material violation of internal guidelines of internal procedures and guidelines)

Knowledge or reasonable suspicion of such facts is assumed.

Inquiries related to the employment relationship, e.g., absence, difficulties with cooperation, smoking, alcohol, clothing, salary conditions, etc., as well as matters that are not serious, should not be reported through the whistleblower portal, but handled via, for example, the nearest manager, human resources department, union representative, etc.

To the extent possible, the alert shall be documented by attaching relevant documents in digital form.

6: Reporting procedure Alerts can only be made electronically by completing and sending an online questionnaire, which can be accessed via the following link: https://polyteknik.whistleportal.net which is also referred to on the intranet of POLYTEKNIK A/S.

No other report can be reported, as an alert typically contains confidential information that may not be sent over the open Internet without encryption. Only Danish must be reported.

7: Confidentiality and anonymity All information is treated confidentially and with discretion.

If an alert is requested anonymously, it is essential that no contact information (name, email address, telephone number, etc.) is provided and that the reporter is aware of removing metadata from files by attaching documentation, and that the reporter does not provide information that can be traced directly back to him or her.

Should an investigation be subject to an external body, e.g. the police, POLYTEKNIK A/S may be forced to disclose the identity of the reporter if POLYTEKNIK A/S is aware of it.

If information is reported from the network of POLYTEKNIK A/S or other monitored network, there may be a risk that visits to the whistleblower portal will be logged internally as part of the regular logging of user activities. This risk can be avoided by entering the web address itself in a browser on a private or public computer that is not connected to a monitored network.

The whistleblower portal is designed to remove or restrict the storage of information when visiting and using the portal. The whistleblower portal supports the use of a TOR browser, which can be used to visit the whistleblower portal, and ensure anonymity to the highest possible extent.

8: Processing of reports BDO Chartered Audit Company is assumed by POLYTEKNIK A/S as a data processor. BDO Chartered Audit Company provides and manages the technical solution of the whistleblower scheme (whistleblower portal).

The submitted reports via the whistleblower portal are accessed by a few trusted employees of BDO Chartered Audit Company, who receive and record the reports and forward them to the management of POLYTEKNIK A/S. If the report concerns the management of the POLYTEKNIK A/S, the report shall be forwarded to the Chairman of the board of the POLYTEKNIK A/S.

An initial review of the report is carried out to assess whether it falls within the scope of the whistleblower scheme, whether there is a need for a proper case management of the relationship, or whether the report can be dismissed as obviously baseless (e.g., if the report deals with matters or is reported by a person not covered by the whistleblower scheme).

If there are grounds for admissibility of the alert, a closer examination of the facts shall be initiated. As needed, assistance with the treatment is obtained, e.g., from legal or other external advisors.

9: Processing of personal data The processing of personal data provided, including collection, storage and, where appropriate, disclosure, is subject to applicable data protection law rules.

Processing of personal data is carried out based on § 22 of the Danish ‘Act on the Protection of Whistleblowers’, which allows the processing of personal data when necessary to handle reports received as part of a whistleblower program. This processing is done in accordance with the requirements of data protection legislation.

10: Handling of reported cases It is possible to report anonymously – and at the same time follow the case via a 16-digit key code, which is displayed after the submission of the report via the whistleblower portal.

It is possible to subsequently communicate anonymously with BDO Chartered Audit Stock Company using the 16-digit key code. The communication channel is used to acknowledge receipt of the alert and it allows any additional questions to be put to the reporter without knowing his or her identity. This may be a way of ensuring that the alert is adequately reported for it to be processed.

The communication channel will also be used to communicate any conclusion of the case to the reporter if he or she is anonymous. In cases where the reporter is anonymous, the following deadlines apply in the whistleblower portal:

  • Before seven days, receipt of the report shall be signed.
  • The procedure is carried out as soon as possible and it is sought that the procedure does not exceed three months.
  • A conclusion of the case is communicated to the reporter via the anonymous communication channel.
  • As a rule, all cases are deleted from the whistleblower portal within 90 days of the reporting date, unless the deadline is manually extended by the recipient.
  • The reporter has access to the case via the whistleblower portal and the 16-digit key code until the case is deleted from here. However, the reporter has maximum access to the case for one year from the time of reporting.

11: The person reported shall deal with: Unless specific and justified investigative considerations apply, the person concerned shall be notified of the handling of the case once the report has been received and an investigation has been launched.

12: Rights Reports submitted in good faith will not have adverse consequences for the reporter. Reports filed in bad faith or filed to harass or harm the person covered by the reported information may have consequences for the reporter (e.g., lead to police reporting or have employment law consequences).

Persons submitting information to the whistleblower scheme will, as a rule, be informed of the handling of the case and, where appropriate, of the outcome.

13: Deleting data If the report does not fall within the scope of the whistleblower scheme, or if the report is baseless, the personal data will be deleted immediately. Personal data is also deleted when it is no longer necessary to keep, including when the investigations have been completed. Reports are generally deleted after 90 days in the whistleblower portal, unless the deadline is manually extended by the recipient.

The general deletion rules also apply. If, based on the information collected, disciplinary action is taken against a staff member, or if there are otherwise reasons why it is objective and necessary to keep information about a staff member, the information will be kept in his HR records.

14: Question All questions relating to the whistleblower scheme can be directed in writing or by telephone, to the CEO of POLYTEKNIK A/S.

Webbureau ITTP