Whistleblowing
We strive to run SCANDINAVIAN ASTOR GROUP AB in a long-term and sustainable manner. We are therefore dedicated to ensuring that irregularities that might seriously damage the company or our employees should be drawn attention to and investigated as early as possible. We have set up a whistleblowing solution to make it easier for those who wish to provide information about irregularities that are in breach of applicable legislation. All reports are received and handled by an external agent.
Please note that only persons directly connected to SCANDINAVIAN ASTOR GROUP AB’s operations are covered by the protections in whistleblowing legislation (the Protections for Persons Reporting Irregularities Act (SFS 2021:890)). Read more HERE.
Instructions
Reporting via internal whistleblowing channels
Reporting can take place in writing via the website wb.2secure.se or verbally by phone at +46 77 177 99 77. You can choose to remain anonymous in both of these reporting channels. If you would like to report via an in-person meeting, this can be requested by registering a report on the website wb.2secure.se. The in-person meeting will be held by agreement either with a representative from SCANDINAVIAN ASTOR GROUP AB or with SCANDINAVIAN ASTOR GROUP AB’s provider of whistleblowing services, 2Secure.
When registering a new report on wb.2secure.se, you must state the company-specific code to identify that the report is being made for SCANDINAVIAN ASTOR GROUP AB. If you belong to MARSTROM COMPOSITE AB, please use the code MCG120. All other companies within SCANDINAVIAN ASTOR GROUP, please report to SAG360. On the website, you will be asked to answer a number of questions about the matter to which the report relates. You can remain anonymous and will be assigned a unique case number and password, which must be saved so that you can actively log in to the website, monitor the report and communicate with the case officer at 2Secure.
Once a report has been registered, it is processed by experienced case officers at 2Secure, who will contact SCANDINAVIAN ASTOR GROUP AB’s primary contact person based on a predetermined contact list with several names. If the primary contact person is the subject of the report, another person on the contact list will be informed. It is always SCANDINAVIAN ASTOR GROUP AB who ultimately assesses the report and decides what measures are to be taken.
When reporting orally, you have the right to control and correct potential errors in your report. As you report a case by phone you will receive login information to follow your case on wb.2secure.se. If you wish to control and possibly correct your report after registration, this can be requested through the web portal. You can also choose to sign the protocol of your report by requesting this in the web portal. An administrator from 2Secure will coordinate this. If you choose to sign the protocol from your registration, this means that 2Secure becomes aware of your name / identity. 2Secure protects your anonymity and will not disclose this information to the company. You can thus, even if you wish to sign the protocol from your registration, remain anonymous to SCANDINAVIAN ASTOR GROUP AB.
Reporting via external whistleblowing channels
In addition to reporting to SCANDINAVIAN ASTOR GROUP AB ‘s internal whistleblower channel, you can report externally to a competent authority within a specific area of responsibility or to one of the EU institutions, bodies and agencies. Go to the website of the Swedish Work Environment Authority for a summary of each Swedish authority’s area of responsibility and contact details: https://www.av.se/om-oss/visselblasarlagen/extern-rapporteringskanal/lista-over-myndigheter-med-ansvar-enligt-ansvarsomrade-enligt-forordning-2021949/
About statutory informant protection
In addition to the ability to report suspected irregularities in accordance with whistleblowing legislation, there is also a right to freedom of disclosure and acquisition in accordance with the Swedish Freedom of the Press Act and the Swedish Fundamental Law on Freedom of Expression. This means that it is possible for an employee (with certain exceptions) in both private and public sectors to submit with impunity otherwise confidential information for publication to mass media covered by the Swedish Freedom of the Press Act and the Swedish Fundamental Law on Freedom of Expression.
There is also extended protection for employees in public sector organisations or other operations where informant protection applies in accordance with the Swedish Informant Protection in Certain Sectors of Economic Activity Act (SFS 2017:151) or the Swedish Public Access to Information and Secrecy Act (SFS 2009:400). This extended protection relates to a prohibition against investigation and a prohibition against retaliation.
The prohibition against investigation means that a government agency or other public body may not, as a general rule, investigate who has submitted a notification for publication. The prohibition against retaliation means that the general public may not take measures that have negative consequences for an individual because he or she has exercised his or her freedom of expression and disclosure.
In organisations where the Public Access to Information and Confidentiality Act (2009:400) is applicable, qualified confidentiality obligations may not be breached. Qualified confidentiality obligations usually relate to sensitive information regarding for example health and medical care or national security. An enumeration of the qualified confidentiality obligations and the meaning of each of these may be found in the Public Access to Information and Confidentiality Act. The freedom from liability is neither applicable in cases of disclosure of information regarding defence inventions.
Personal data – in depth
You can remain anonymous when you use the whistleblowing service. SCANDINAVIAN ASTOR GROUP AB takes the protection of personal privacy extremely seriously. Below is a summary of some important points regarding the General Data Protection Regulation.
Personal data
In all cases, SCANDINAVIAN ASTOR GROUP AB is obliged to comply with legislation regarding the processing of personal data. It is important that you feel secure when you provide information about yourself and others in the whistleblowing system. We take the protection of personal privacy extremely seriously.
Anonymity
As a whistleblower, you can choose either to provide your contact details or to remain anonymous. All reports are taken seriously regardless. It can facilitate the continued work of our external case officers if we can contact you to obtain supplementary information. Your contact details will therefore be requested. But providing these details is always completely voluntary.
No IP addresses are registered and the system does not use cookies. If you are using a computer that is connected to SCANDINAVIAN ASTOR GROUP AB, however, it may be recorded in the Internet log that you visited the website where reports are submitted. If you do not wish this information to be visible, use a computer that is not connected to SCANDINAVIAN ASTOR GROUP AB’s network, or a personal smartphone or tablet.
Responsibility for personal data
SCANDINAVIAN ASTOR GROUP AB and its respective subsidiaries where the person who is reported is employed are responsible by law for processing personal data.
Purpose of registration
The personal data will only be used to conduct an investigation into what has been reported to the whistleblowing system. You can read about which types of irregularities can be reported in the whistleblowing guidelines. The Swedish Privacy Protection Authority regulates when anyone other than government agencies may process personal data involving breaches of the law. If a report is received that cannot be processed in the whistleblowing service because of this, or if the irregularity is not sufficiently serious to be handled within the framework of whistleblowing, the case will be closed and all personal data will be erased. You will receive a message in the whistleblowing system stating that this assessment has been made, as well as information about where you can turn instead with your case.
Who has access to the personal data?
Personal data will only be used by the investigating function of SCANDINAVIAN ASTOR GROUP AB’s whistleblowing committee/ethics committee and by the external company that has been assigned to deal with the report. The data are only accessible to people who are working on the report in question. The investigation may be handed over to the police or other authority such as the Swedish Economic Crime Authority.
What personal data are registered?
Initially, the data that you provide as whistleblower are registered. In an investigation, the information that is needed to investigate the case will be registered, which primarily includes name, position and the suspected irregularity that forms the basis of the report. Information will then be obtained from sources that are deemed necessary for investigating the irregularity.
For how long are personal data kept?
The personal data are usually erased three weeks after the case has been closed, but no more than two years after closure if there are special reasons.
Information for the reported party
A person who is reported in the whistleblowing service will receive special information about this. If there is a risk that this may jeopardise the continued investigation, the information will not be provided until it is no longer deemed to be a risk. In addition, no register extracts are provided during this period.
Register extracts
As a whistleblower, you have the right to receive information about the personal data that is registered about you in the whistleblowing service. Such a request for register extract must be made in writing and signed. Please send it to 2Secure, Dataskyddsombud, Box 34037, 10026 Stockholm. If any of the details are incorrect, incomplete or misleading you have the right to request that they be corrected. A register extract sent to a reported person will not contain any information identifying you as the whistleblower. The information may therefore be provided in summarised form.