Whistleblower policy

Whistleblowing policy for Holiday Group Invest A/S

v1.0

1. Introduction

The purpose of this whistleblowing policy is to describe the scope of Holiday Group Invest A/S (hereafter ”we/us/our”) whistleblowing scheme, including:

  • How the whistleblowing scheme works (section 2)
  • How whistleblowing reports are handled (section 3)
  • The types of incidents, that can be reported (section 4)
  • Who is able to submit reports within the whistleblowing scheme (section 5)
  • Confidentiality and anonymity (section 6)
  • Erasure of data (section 7)
  • The rights of reported persons (section 8)
  • Protection against retaliation (section 9)

The whistleblowing scheme is established with the purpose of allowing free and anonymous reporting in cases where one has a reasonable suspicion of offenses or serious matters as described in section 4. We believe that it is essential to have the highest level of ethics and integrity in relation to our business. We believe that this is crucial to our continued success and reputation.

If you have reasonable grounds for suspicion of any offenses or serious matters within the organization, as described in section 4, we would sincerely appreciate to be informed accordingly, in order for us to address the specific cases, improve ourselves and prevent recurrence of errors or unwanted behavior.

The whistleblowing scheme must ensure that whistleblowing reports of the above nature are taken seriously. Furthermore, the whistleblowing scheme must provide reassurance that anyone who reports breaches in good faith will be protected against retaliation etc.

2. How does the whistleblowing scheme work?

All whistleblowing reports must be submitted via our online whistleblowing site, which is available here.
You will, step by step, be guided through the reporting site, where you will be asked to provide a factual description of the events, upload documents, images and sound clips if relevant, and you will also be guided through the ability to choose anonymous reporting of breaches.

In addition to reporting breaches via our internal whistleblowing scheme, it is also possible to report serious matters or illegalities to the Danish Data Protection Agency’s external whistleblowing scheme. You can read more about the Danish Data Protection Agency's whistleblowing scheme here.

You are free do decide if you wish to submit a whistleblowing report via our internal whistleblowing site, or if you would like to submit it via the Danish Data Protection Agency's external whistleblower scheme. However, we encourage you, as an employee and in cases where you consider that there is no risk of retaliation, to always report to our internal whistleblowing scheme, if you become aware of matters that constitute violations or matters as described in section 4, seeing as this will allow us to address these matters effectively within our organization.

For the sake of good order, we refer to both sections 6 and 9 below, where you can read more about your options for reporting anonymously, as well as information about how you are protected against retaliation and unfair actions.

3. How are whistleblowing reports handled?

In the Capidea Group we have chosen to establish a joint whistleblowing scheme. Consequently, all whistleblowing reports submitted within the individual portfolio companies are handled in collaboration with Capidea Management ApS. Capidea Management ApS assists the individual portfolio companies with providing confirmations of receipt of the whistleblowing reports, and any investigations and further steps that will carried out as a result of the whistleblowing report in question.

Once you have reported a breach, you will receive confirmation of our receipt of the whistleblowing report through the whistleblowing site.

We will then assess whether the breach in question relates to a matter covered by the whistleblowing scheme.

If the matter in question is covered by the whistleblowing scheme, we will to the relevant extent conduct an internal investigation of the reported matter. Depending on the nature of the matter, the case will be handled in accordance with our relevant internal guidelines.

You will be notified of the processing of the case and, if necessary, of the measures taken and the results of the case, no later than three months after our confirmation of receipt of the whistleblowing report.

4. What types of breaches can be reported?

Our whistleblowing scheme can be used to report breaches of EU law, which are in scope of the European Parliament and the Council of Ministers directive concerning the protection of persons reporting breaches of EU law, as well as other serious breaches or other serious matters, which may include:

  • economic crime (e.g. embezzlement, money laundering, bribery, corruption, fraud, forgery, theft, breach of applicable accounting rules),
  • physical violence and sexual abuse, sexual assault or abuse,
  • practice of unlawful discrimination,
  • human rights violations,
  • harassment or violence,
  • breach of duty of confidentiality,
  • serious breaches of occupational safety,
  • serious threats to the environment, health and safety etc.

In order to report a breach, you are required to have knowledge or reasonable suspicion of a serious matter. Thus, all whistleblowing reports must be made in good faith and you must have reasonable cause to believe that the reported information is correct.

Less significant matters cannot be reported within the whistleblowing scheme. Therefore, you cannot use the whistleblowing scheme to report incidents regarding the following e.g.:

  • dissatisfaction with remuneration conditions,
  • incompetence,
  • cooperation difficulties or bullying,
  • absence and illness,
  • private use of office supplies,
  • violation of internal policies for smoking, alcohol, drugs, etc.

Such matters must be submitted to your immediate manager or our HR department.

5. Who can submit report to the whistleblowing site?

We have determined that our whistleblowing site shall be as accessible as possible. This means that not only our employees are able to submit reports using the whistleblowing site.

All other persons mentioned in section 3 (7) of the Danish Whistleblower Protection Act (Lov om beskyttelse af whistleblowere), including e.g. our volunteers, trainees, shareholders, members of the executive board and the board of directors, employees of our contractors, suppliers and subcontractors, former employees etc., will also be able to submit reports using our whistleblowing site.

Our whistleblowing site is publicly available here and thus anyone connected to us can submit a whistleblowing report.

6. Confidentiality and anonymity

Our whistleblowing site allows you to be anonymous when submitting your whistleblowing report.

Therefore, use of the whistleblowing site does not presuppose that you disclose your identity. You are free to choose whether you wish to report a breach anonymously or whether you wish to disclose your identity.

If you wish to submit your whistleblowing report anonymously, we recommend that you do not do so while using our network, IT equipment, telephones, email accounts or other communication equipment belonging to us.

This is merely a recommendation, as we are not allowed to make any attempts to trace anonymous submissions back to certain persons, even though this may be technically possible.

If you chose to submit anonymously, you can choose to still assist us in any potential investigations or the further handling of the case. You can do so by creating a secure and anonymous mailbox within the whistleblowing site itself. The secure mailbox allows you to communicate with us and our external partners without us or our external partners knowing your identity.

As it can be difficult to handle anonymous whistleblowing reports without being able to get in touch with the whistleblower, we recommend that you create a secure mailbox. This way we can hopefully avoid that whistleblowing reports must be dismissed, because we do not have the opportunity to uncover the entire course of the case.

If you choose to disclose your identity when submitting a report we will, during the subsequent handling of the report, keep this confidential to the greatest extent possible. As a result, we will only pass on information about your identity in cases where:

  • the handling of the case is carried out by an external partner and the information is disclosed to the external partner in question,
  • the whistleblowing report results in a police investigation and the information will be disclosed to the police,
  • the disclosure of information is required by applicable legislation or
  • you provide us with your explicit consent for us to disclose information about your identity.

As described above we have established a group and companywide whistleblowing scheme, and thus the whistleblowing report will be processed in collaboration with Capidea Management ApS. Furthermore, we may engage external partners (data processors) to process whistleblowing reports on behalf of us and in accordance with our instruction.

If you would like to know more about the processing of your personal data in connection with reporting to our whistleblower scheme, you can read more about this in our privacy policy under the tab “Privacy Policy” on the whistleblowing site.

7. Erasure of data

Whistleblowing reports received via the whistleblowing site are stored for as long as this is necessary and proportionate for the processing of the report and in order to comply with the requirements set out in the Whistleblower Protection Act (Lov om beskyttelse af whistleblowere) and other relevant special legislation applicable to the whistleblowing report in question.

8. Reported persons’ rights

If the whistleblowing report relates to a person within our organization, e.g. an employee, a manager, a partner, etc., the reported person in question will as a main rule be notified hereof.

However, the reported person will not be notified about the whistleblowing report, if his/her private interests are considered to jeopardize our ability to process the report, including e.g. if

  • the notification should be postponed for the sake of investigating the reported matter or a substantial legitimate interest on our part or the whistleblower that exceeds the interests of the reported person in question or
  • it is impossible e.g. if the notice cannot be given without revealing the identity of the whistleblower.

The notice will be accompanied with a privacy policy in which the reported person in question is informed about how we process his/her personal data.

9. Protection against retaliation and unfair action

If you submit a whistleblowing report via our whistleblowing scheme, you are protected from any negative implications arising from this incident. This means, that if you as an employee report a breach, you are protected against e.g. reprimands, retaliation, change of job responsibilities, employee benefits and career opportunities due to the whistleblowing report. You are similarly protected against threats or deliberate omissions that may lead to the same results.

However, if you knowingly and in bad faith submit a false report about another person, you are not covered by this protection. If you submit a false report, you may be subject to civil, criminal or administrative or disciplinary sanctions. Furthermore, you may be subject to disciplinary sanctions.