Whistleblowing

Purpose and background

Sambla Group strives to maintain a transparent corporate climate, to observe a standard of business ethics and to always see opportunities for improvement.

Anyone who suspects an irregularity that is in breach of the law or that the disclosure of which may be in the public interest has the opportunity to speak out with protection against retaliation. You can choose to provide your information anonymously. The right to protection is regulated in the law “Protections for Persons Reporting Irregularities Act” (SFS 2021:890).

What can be reported?

·   The law applies when reporting a misconduct in a work-related context that there is a public interest in them coming to light.

·   The law also applies to the reporting of misconduct in a work-related context in accordance with Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law.

If the report does not fall within the framework of the above, the case must be reported in accordance with Sambla Group’s internal guidelines, policies or procedures.

Who can submit a report?

All persons who, through their work, have come into contact with a suspected misconduct can submit a report, for example:

·   employees

·   volunteers and trainees

·   persons who are performing work under the control and management of a business operator (e.g. hired consultants)

·   shareholders who are actively involved in the company

·   self-employed persons

·   persons who are members of a company’s administrative, management or supervisory body

How can a report be made?

Option 1: Report to a manager within Sambla Group’s organisation or to the corporate group’s management

Option 2: Report anonymously through the reporting tool for whistleblowing in accordance with the instructions below

Reporting tool

To guarantee a whistleblower’s anonymity, a reporting tool is provided from an independent, external agent. The reporting channel is encrypted and password-protected. The whistleblower never needs to state their identity if they do not want to.

·    The whistleblower does not need to have evidence for their suspicions, but no accusations may be made with malicious intent or in the knowledge that the accusation is false.

·   It is important that the whistleblower describes all the facts in the report, including any circumstances that are believed to be less important. Statements should be carefully considered and all documentation that may be relevant should be attached.

Reporting via internal Whistleblowing channels

Reporting can take place in writing via the website wb.2secure.se or verbally by phone at +46 (0)771-77 99 77. You can choose to remain anonymous in both of these reporting channels. If you would like to report via an in-person meeting, this can be requested by registering a report on the website wb.2secure.se. The in-person meeting will be held by agreement either with a representative from Sambla Group or with Sambla Group’s provider of whistleblowing services, 2Secure.

When registering a new report on wb.2secure.se, you must state the company-specific code MAP686 to identify that the report is being made for Sambla Group. On the website, you will be asked to answer a number of questions about the matter to which the report relates. You can remain anonymous and are assigned a unique case number and password, which must be saved so that you can actively log in to the website, monitor the report and communicate with the case officer at 2Secure.

Once a report has been registered, it is processed by experienced case officers at 2Secure, who will contact Sambla Group’s primary contact person based on a predetermined contact list with several names. If the primary contact person is the subject of the report, another person on the contact list will be informed. It is always Sambla Group who ultimately assesses the report and decides what measures are to be taken.

When reporting orally, you have the right to control and correct potential errors in your report. As you report a case by phone you will receive login information to follow your case on wb.2secure.se. If you wish to control and possibly correct your report after registration, this can be requested through the web portal. You can also choose to sign the protocol of your report by requesting this in the web portal. An administrator from 2Secure will coordinate this. If you choose to sign the protocol from your registration, this means that 2Secure becomes aware of your name / identity. 2Secure protects your anonymity and will not disclose this information to the company. You can thus, even if you wish to sign the protocol from your registration, remain anonymous to Sambla Group.

Reporting via external whistleblowing channels

In addition to reporting to Sambla Group's internal whistleblower channel, you can report externally to a competent authority within a specific area of ​​responsibility or to one of the EU institutions, bodies and agencies. The following authorities have been appointed as competent authorities and established external reporting channels: Swedish Work Environment Authority, National Board of Housing, Building and Planning, National Electrical Safety Board, Swedish Economic Crime Authority, Swedish Estate Agents Inspectorate, Swedish Financial Supervisory Authority, Public Health Agency of Sweden, Swedish Agency for Marine and Water Management, Swedish Authority for Privacy Protection, Inspectorate of Strategic Products, Health and Social Care Inspectorate, Swedish Chemicals Agency, Swedish Consumer Agency, Swedish Competition Authority, Swedish Food Agency, Medical Products Agency, The county administrative boards, Swedish Civil Contingencies Agency, Swedish Environmental Protection Agency, Swedish Post and Telecom Authority, Government Offices, Swedish Inspectorate of Auditors, Swedish Tax Agency, Swedish Forest Agency, Swedish Gambling Authority, Swedish Energy Agency, Swedish Board of Agriculture, Swedish Board for Accreditation and Conformity Assessment, Swedish Radiation Safety Authority and Swedish Transport Agency. Go to the website of the Swedish Work Environment Authority for a summary of each authority's area of ​​responsibility and contact details: https://www.av.se/om-oss/visselblasarlagen/extern-rapporteringskanal/lista-over-myndigheter-med-ansvar-enligt-ansvarsomrade-enligt-forordning-2021949/

About statutory informant protection

In addition to the ability to report suspected irregularities in accordance with whistleblowing legislation, there is also a right to freedom of disclosure and acquisition in accordance with the Swedish Freedom of the Press Act and the Swedish Fundamental Law on Freedom of Expression. This means that it is possible for an employee (with certain exceptions) in both private and public sectors to submit with impunity otherwise confidential information for publication to mass media covered by the Swedish Freedom of the Press Act and the Swedish Fundamental Law on Freedom of Expression.

There is also extended protection for employees in public sector organisations or other operations where informant protection applies

in accordance with the Swedish Informant Protection in Certain Sectors of Economic Activity Act (SFS 2017:151)

or the Swedish Public Access to Information and Secrecy Act (SFS 2009:400). This extended protection relates to a prohibition against investigation and a prohibition against retaliation.

The prohibition against investigation means that a government agency or other public body may not, as a general rule, investigate who has submitted a notification for publication.

The prohibition against retaliation means that the general public may not take measures that have negative consequences for an individual because he or she has exercised his or her freedom of expression and disclosure.

Violations of the prohibitions against investigation and retaliation are punishable by fines or imprisonment for a maximum of one year (Chapter 3, Section 4 of the Swedish freedom of the Press Act and Chapter 2, Section 4 of the Swedish Fundamental Law on Freedom of Expression).

In organization’s where the Public Access to Information and Confidentiality Act (2009:400) is applicable, qualified confidentiality obligations may not be breached. Qualified confidentiality obligations usually relate to sensitive information regarding for example health and medical care or national security. An enumeration of the qualified confidentiality obligations and the meaning of each of these may be found in the Public Access to Information and Confidentiality Act. The freedom from liability is neither applicable in cases of disclosure of information regarding defence inventions. 

Who receives the report?

In whistleblowing matters, Sambla Group collaborates with 2Secure, which is an independent, external agent. All reports are received and handled by case officers at 2Secure. They have extensive experience of investigations and global capacity if necessary. 2Secure works in consultation with Sambla Group’s whistleblowing committee. All assessments and decisions on measures are made by Sambla Group’s whistleblowing committee.

Feedback

After registering a report, the whistleblower can log in again using their login details to see any follow-on questions/comments from the case officer at 2Secure. The report can be followed up on via wb.2secure.se if the whistleblower has saved the case number and the password generated when the report was submitted.