The VKR Holding whistle-blower system

In 1965, the founder of the VKR Group, Villum Kann Rasmussen, formulated the Model Company Objective. It still guides our way of doing business in the VKR Group, and how we want to act:

“It is the Group’s purpose to establish a number of Model Companies which cooperate in an exemplary manner. By Model Company, we mean a company working with products useful to the society which treats its customers, suppliers, employees of all categories and shareholders better than most other companies.

A Model Company makes a profit, which can also finance growth and maintain financial independence.”

Help us in the VKR Group to protect our image as a Model Company. You can do this by reporting cases that may involve financial crime, irregularities in accounting, corruption, or health & safety and environmental violations.

It is important that the VKR Whistle-Blower System is neither used to file false accusations against persons, nor any untrue information – and you may only report instances of criminal offenses.

We encourage you to provide your name in the report so that it is possible to communicate with you if more information is needed to respond to the issue. All reports are handled strictly confidently, so you are guaranteed full anonymity vis-à-vis the person(s) being notified. You can find more information about this in the menu item “Privacy Policy” above.

WHAT CAN BE REPORTED?

In the whistleblower system, you can report serious matters such as, e.g., bribery, extortion, embezzlement, theft, accounting irregularities, etc.

Matters such as bullying, dissatisfaction with wages, violations of the alcohol policy, etc., should not be reported here. They should instead be reported through the normal channels.

ANONYMITY

To ensure your anonymity, you must do the following:

If possible, do not report from a PC provided by your employer.
Do not use a PC that is connected to the company’s network/intranet.
Access the whistleblower system directly by copying or writing the URL address in an internet browser rather than by clicking on a link.
Do not write your own personal details.

OPEN A POST BOX

When you send the report, you have the option to choose whether you remain available for further inquiries by opening a secure post box.

We recommend that you make yourself available because we may not be able to finalise the case without further information from you.

When you create a post box, you will be given a case number, and you will choose a password. You will use the case number and password to log in to the post box in order to see if you have received any questions.

Regardless of whether or not you remain anonymous or you write your name, we ask you to open a post box. This makes it safer and easier for us to communicate.

All communication with us is anonymous if you wish it to be.

Altaterra whistle-blower policy

1. The Purpose of the Whistle-Blower Policy

The Whistle-Blower policy underpins our obligations as a Model Company, and the management of the ALTATERRA Group wishes to encourage an open dialogue on all issues related to illegal business methods, non-compliance with our policies and other issues that may be considered illegal.

The purpose of the whistle-blower system is to ensure that issues or behaviour deriving from employees in ALTATERRA entities, or others with a relation to companies within the ALTATERRA Group, can easily and securely be reported to an external and impartial party under observation of the General Data Protection Regulation. Furthermore, we want to ensure that this can be done at any time and that nobody will be subject to harassment or other discrimination when using the whistle-blower system in good faith.

All employees, and others with a relation to entities within the ALTATERRA Group (including members of ALTATERRA Management Team and the Board of Directors) are covered by the whistle-blower system and can report such matters to the system for investigation.

2. What to report

The whistle-blower system can be used solely to report criminal offences that may affect the company or that may have an impact on the life or well-being of an individual. Examples are:

Financial fraud, for instance embezzlement, fraud and forgery
Violation of corporate governance, for instance bribery, violations of competition law and donations for illegal purposes
Violation of work environment and work safety
Violation of environment legislation and pollution of the environment
Physical violence and sexual offences.

The whistle-blower system cannot be used to report minor offences such as dissatisfaction with salary level, infringements of guidelines on smoking and alcohol, workplace bullying, cooperation difficulties or other HR-related personnel issues. You are recommended to discuss issues that do not concern illegal aspects with the person(s) who in your opinion do(es) not act appropriately before you bring an issue to a higher level. Should you decide to escalate an issue, you should report it to your immediate superior, HR or a relevant person of trust, for instance a trade union safety officer.

The data controller of the whistle-blower system is the HR Manager Ivett Kovacs at ALTATERRA Kft.

If you have any questions about the ALTATERRA Whistle-Blower Policy, please contact Altaterra HR or hr@altaterra.eu

3. Where to report

You can make a report by going here

Privacy Policy

What information will be registered?

The system can only be used to report on significant matters such as, e.g., financial crimes, significant work safety violations, significant violations of environmental regulations, and on environmental pollution, physical violence, sexual assaults, etc.

If reports on less significant matters, such as, e.g., dissatisfaction with wages, difficulties with cooperation and violations of smoking and alcohol policies are received, this information will be deleted immediately.

By “organisation” is referred to the organisation that receives the report.

Logging

The registration of reports takes place anonymously in the system. The only thing that is registered is the report itself. There is no log made as to the IP address or machine ID of the computer on which the report is made.

Correction of registered information

If you realise that you have provided incomplete or incorrect information, just make a new report in the system in which you refer to the previous report and describe what should be corrected.

If you, in connection with the creation of a report, have decided to create a secure post box, you can make the correction by logging in to the system using your case number and the password you had created.

Transfers of registered information

The information registered in the system is generally not transferred to a third party outside of the organisation. However, in the following circumstances, the information may be transferred onward:

Transfer to an external attorney or auditor in connection with the case processing of the report.
If the report results in a lawsuit.
If the law so requires.

Your personal Information (name, email and telephone number)

If you provide your personal information, be aware that the organisation can use your personal information when investigating the case, and also during any subsequent lawsuit.

The organisation guarantees that your personal data protection rights will be respected without limitations and will only be used as described above.

The organisation will not share your personal information with third parties outside of the organisation except for the cases as described above in the section ”Transfer of registered information.”

Deletion of registered data

Registered data may only be retained for as long as there is a need for it. When there no longer is a need for retaining the registered information, the information is deleted.

IT Security

The reporting system is hosted by Got Ethics A/S, an independent party guaranteeing the system’s security and anonymity.

Got Ethics A/S has taken the necessary technical and organisational measures to prevent personal data from being accidentally or unlawfully destroyed, lost or damaged and to prevent any unauthorised disclosure or misuse of the personal data. The processing of personal data is subject to strict controls and procedures and is in compliance with good practices in the field.

All data is transmitted and stored encrypted. No unencrypted information is sent over the open Internet.

Anonymity

The system does not log IP addresses and machine IDs, and does not use cookies.

If a report is made from a computer on the organisation’s network, there is a risk that the visited webpages will be logged in the browser’s history and/or the organisation’s log. This risk can be eliminated by submitting the report from a computer which is not connected to the organisation’s network.

If you upload documents, you should be aware that the documents can contain metadata which can compromise your identity. Therefore, you should ensure that any identifying metadata is removed from a document before it is uploaded.

It is optional to make either an anonymous report or a report containing personal data. If a reporter chooses not to remain anonymous, the reporter’s identity will be known to the persons that handle the case. In this case the reporter risks being called as a witness in any lawsuit, and the reporter’s anonymity thus can be lost.

Be aware that if you choose to give further information when submitting the report from which you can directly or indirectly be identified, the organization will also process this information when handling the case. This also apply if you have chosen to remain anonymous.

What is the legal basis for the organisation’s processing of information in the system?

The legal basis for the processing of your information is as follows:

The processing is necessary for the purpose of pursuing a legitimate interest of handling illegalities and this interest clearly exceeds the interests of the registered person, cf. the European Data Protection Regulation article 6, number 1, letter f.
The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. cf. the European Data Protection Regulation article 9, number 2, letter f.
The processing is necessary for compliance with a legal obligation to which the organisation is subject. cf. the European Data Protection Regulation article 6, number 1, letter c.
Any specific legislation on mandatory whistleblower solutions.

Your rights

According to the European Data Protection Regulation you have a number of rights. If you want to exercise these rights, you must contact the organisation.

The right to see information
You have the right to see what personal data the organisation process about you and a number of other information. However, this right may never violate other persons’ rights or freedom rights.
The right of correction
You have the right to have false personal data about you corrected.
The right of deletion
In special cases you have the right to have information about you deleted before the time of the ordinary general deletion occurs.
The right of restriction
In special cases you have the right to have the processing of your personal data restricted. If you have the right to have the processing restricted, the organisation is only allowed to process the information – except from storage – with your consent or to establish, exercise or defend legal claims or to protect a person or a vital public interest.
The right of objection
In special cases you have the right to object to the organisation’s otherwise legitimate processing.

You can read more about your rights HERE

Questions

If you have any questions regarding personal data protection, you may contact Jesper Dannemann from Got Ethics A/S by e-mail: jda@gotethics.com.
The organisation is data controller for the processing of the personal data that you report and can be contacted through the ordinary communication channels. Likewise, the organisation’s data protection officer can be contacted through the ordinary communication channels (if they have appointed a data protection officer) if you have questions about the processing of the information.

Complaint

If you want to complaint about the processing of your personal data, you are entitled to submit a complaint to the competent supervisory authority.
You can download a list of the European supervisory authorities HERE