You are free to use this whistleblowing policy template for your own needs. It is forbidden to fully or partially copy and use this template for commercial purposes such as the sale or marketing of a product other than ANON::form.
NOTE! This policy is also included in our E2EE Form BASIC subscription at no extra cost, read more on the Subscription secure web form page.
Feel free to contact us if you need help creating and implementing your whistleblower policy.
[Name of your business] strives for a transparent business climate [and high business ethics]. The ability to whistle is important to reduce risk and to maintain confidence in our business, by enabling us to detect and address suspected wrongdoing at an early stage.
Who can report?
A whistleblowing report can be submitted by anyone who in any way represents or is active in the business in work-related contexts.
This includes all employees (permanent employees, probationary employees, fixed-term employees, full-time and part-time employees), trainees, job seekers, consultants and hired personnel (staffing staff).
Board members and shareholders can also make a report, as can people who are part of the company’s control body, such as auditors.
What can be reported in case of whistleblowing?
The whistleblower service must be used to warn of serious risks of irregularities that may affect people, our organization, society or the environment.
Matters reported may contain information about crime, irregularities and violations or other acts that violate EU or national law in a work-related context, such as the following:
- Corruption and financial irregularities, such as bribery, unfair competition, money laundering, fraud and conflicts of interest.
- Crimes relating to health and safety, such as work environment, product safety, serious discrimination and harassment that are against the law.
- Environmental crime, such as illegal handling of hazardous waste.
- Privacy violations, such as improper use of personal data and other GDPR-related negligence.
- Serious data security flaws that can cause great damage to the business and third parties.
As a whistleblower, you do not need to have proof of your suspicion, but you must have reasonable grounds to believe that the information you provide is true. As a starting point, you must have first-hand information, as reports made solely on the basis of rumors or hearsay are not covered by the protection.
No accusations may be made with malicious intent or with knowledge that the accusation is false. False or malicious allegations are a serious breach of the employment contract, and there is no retaliation protection for false or malicious reports.
We ask employees to raise matters such as workplace dissatisfaction or complaints relating to their own personal circumstances with a supervisor or manager, as these matters cannot be treated as whistleblower matters.
If you are unsure whether what you want to raise falls within the scope of this policy, we advise you to consult with HR or your trade union before reporting.
How is a report made?
If you suspect wrongdoing, there are two ways to report this, see Options A) and B) below. You can choose to report in writing, orally or at a physical meeting. The whistleblower service takes place via the reporting channel ANON::form or directly to the [HR department or other party designated for this].
Both reporting channels lead your case to the Whistleblower Unit Manager at [HR or other designated party] who is an independent party and investigator.
Option A – Report through a web-based reporting channel
You can choose to submit your case to the responsible whistleblower unit via the link to the incident reporting system ANON::form [(click here) link to the web form].
The following questions can be requested when registering:
- Who or who are involved?
- When? How? Where?
- Other relevant.
- Your name (optional)
- Your contact details (optional)
You can also send in relevant digital documents and/or images by collecting them all in a so-called ZIP archive that you upload with the form.
Option B – Report directly to Whistleblower Unit Manager
Reporting can take place via registered letter, telephone or through an booked meeting:
[HR department or other party designated for this purpose]
[name of responsible person(s)]
How is a whistleblowing report handled?
Only those authorized to handle whistleblower matters have access to messages received through the whistleblower channel.
This limited circle includes employees of the [HR department or other party designated for this purpose], who are bound by strict confidentiality. Their actions are logged and handling is confidential.
If necessary, people who provide expertise can be included in the investigation, with the consent of the whistleblower. These individuals gain access to relevant data and commit to confidentiality.
If the report concerns someone within the [HR department or other party designated for this purpose], an alternative whistleblower unit will be assembled that does not include such person concerned.
Within seven (7) days after the report has been submitted, you as the whistleblower will receive a confirmation that it has been received (does not apply if your contact details are missing from the report).
Those responsible for the whistleblower service decide whether the report should be approved or rejected. The Whistleblower Unit will reject reported irregularities if:
- The alleged conduct is not reportable under this Whistleblowing Policy
- The report is malicious or has not been submitted in good faith.
- The matter has already been resolved.
If the report is approved, appropriate measures are taken for investigation.
Regardless of whether your application is approved or rejected, you will receive feedback on the assessment (does not apply if your contact details are missing from the application). If the report is approved, you will also receive feedback regarding the further processing of the case. Feedback will be made available no later than three (3) months after you have submitted your report.
In order for the person receiving the whistleblowing (Whistleblowing Officer) to get a sufficient picture of what has happened and have the opportunity to act, you need to be prepared to answer follow-up questions after your report. The whistleblower responsible also needs to be able to contact you afterwards to give feedback on how the matter has been handled.
Full anonymity vis-à-vis the Whistleblowing Unit cannot therefore be guaranteed. But if you want to be anonymous in front of others in the organization, and in handling and reporting, it is of course possible.
If you want to report something completely anonymously (even to the Whistleblowing Unit), you can always refrain from filling in your contact details in the web-based reporting channel (option A).
The whistleblower responsible will then still investigate the information in your report and to the best of his ability remedy the misconduct that you have reported, but then not as a whistleblower case according to this policy.
Processing of personal data
Personal data submitted via the whistleblower channels is handled in accordance with the provisions of the current data protection regulation and the business’s current personal data policy, which is available via our website; [link to the business’s personal data policy].
Personal data that appears in reports is covered by a statutory duty of confidentiality that prevents unauthorized disclosure. The duty of confidentiality does not prevent the authorized disclosure of personal data, such as when the personal data needs to be passed on to the police or other authorities.
Protection against reprisals and preventive measures
The law contains a prohibition against preventing or attempting to prevent reporting or taking reprisals.
Retaliation means various forms of punishment such as termination, dismissal, suspension, demotion, non-promotion, changed duties, relocation, salary reduction, changed working hours, harassment, unfair treatment and negative slurs.
The whistleblower is entitled to damages from the person who exposes him to reprisals or who has prevented or attempted to prevent reporting. However, the right to damages for reprisals does not apply if the reporting person was guilty of a crime during the collection of information or the reporting.
Protection in the form of exemption from liability in case of whistleblowing
Protection in the form of freedom from liability means that a reporting person may not be held responsible for having breached a duty of confidentiality. The duty of confidentiality may follow from an agreement between the employer and the employee or from a decision that the employer has made with the support of labor management law.
A prerequisite for protection is that the person had reasonable grounds to believe that it was necessary to report the information in order to reveal a misconduct.
The whistleblower may also not be held responsible for having obtained information even if he or she has broken rules set by the employer.
It could be, for example, that the employee copied or took documents with him from the workplace, that the employee has taken his or her documents into places that he or she does not normally have access to, or that the person has photographed the company’s premises in violation of the rules that exist.
This applies on the condition that the whistleblower had reasonable grounds to believe that it was necessary to obtain the information in order to reveal a wrongdoing.
However, exemption from liability is not granted if the person is guilty of a crime by obtaining the information. Examples of crimes that can be committed when collecting information are, for example, theft, illegal intrusion or data breach.
Please contact [email to HR or other person responsible for this policy] with questions about this policy.