Whistleblower policy

Last Modified: December 5, 2023

To file a report, visit our internal whistleblower channel. 

1. Introduction 

Leapwork Group is committed to promoting ethical conduct, transparency, and accountability in all aspects of its operations. To support this commitment we established this Whistleblower Policy (“Policy”) to provide confidential and secure means for employees, stakeholders, and others to report concerns about unethical or illegal activities without fear of retaliation. 

2. Scope

This Policy comprises Leapwork ApS and every company that is, directly or indirectly, controlled by Leapwork ApS. 

2.1. Which Reports are covered by the Policy?  

This Policy covers all reports of (i) breaches of EU law, and which are comprised by the scope of Directive (EU) 2019/1937 of 23 October 2019 on the protection of persons who report breaches of EU law (“Whistleblower Directive”) and (ii) other serious breaches of EU law and other serious matters.

Such matters may include:

1. Serious violations or potential serious violations of existing laws concerning financial crime including but not limited to embezzlement, bribery, corruption, theft, violation of competition laws, fraud and forgery as well as any support to third party regarding such behaviour
2. serious breaches of work safety
3. serious concerns about discrimination, violence and harassment
4. serious breaches of environmental regulations.

Less serious issues as well as employee and employment relationship issues cannot be reported under the whistleblower scheme. Such issues must be reported through the usual communication channels, e.g. by direct contact with the immediate manager or the People department. If such issues are reported under the scheme, the report will be deleted, unless it is assessed to be appropriate.

2.2. Who can report to the Channel?

The following persons can file a report according to this Policy:  

1. Workers,
2. self-employed persons,
3. shareholders,
4. members of the executive management,
5. members of the board of directors,
6. volunteers,
7. paid or unpaid trainees,
8. persons working for contractors, subcontractors and suppliers, 
9. persons who report or publicly disclose information acquired in a work-based relationship which has since ended,
10. persons whose work-based relationship is yet to begin in cases where information on breaches has been acquired during the recruitment process or other pre-contractual negotiations. 

The Reporter shall be in a good faith as to the accuracy of the report in order to enjoy the protection under the Whistleblower Act. 

3. Reporting Procedure 

Reports to the whistleblower channel should be made electronically, either:

1. orally, or 
2. by completing and sending an online reporting form. 

The reporting solution is provided by Whistleblower Software A/S that provides full encryption of the reporter’s data. 

Reporting to the whistleblower scheme cannot take place in any other ways. Consequently, reports cannot be submitted by other means, e.g. by sending an e-mail to the person in charge of the whistleblower scheme, as the report might contain confidential information that should not be transmitted unencrypted. If a report is received by e-mail, the report must be submitted again by using the online reporting form. This may be done by yourself or by the person in Leapwork group who has received the report. If Leapwork is in contact with you, or your identity is known by Leapwork, you will be encouraged to submit the report again via the correct channel. 

If you submit a report, you will receive a confirmation receipt, as well as a password that enables you to access and follow up on your case.

4. Anonymity 

You can choose to file the report either  

1. anonymously,  or 
2. confidentially,  by disclosing your identity and personal details. 

Anonymity is an option both in oral and written reports.

Even when you choose to be anonymous, Whistleblower Software A/S give us the possibility to contact you via the platform , to ask for additional information or documentation, using the password you received when filing the report. Your data are still encrypted in that case.

To ensure your anonymity, we suggest you to do the following:

• If possible, do not report from a PC provided by Leapwork.
• Do not use a PC that is connected to Leapwork’s network/intranet.
• Access the reporting system directly by writing the URL address in an internet browser.
• Do not write your own personal details.
• In case you enclose documents to the report, ensure you have removed the metadata from them. 
  
  

5. Confidentiality 

Leapwork’s employees assisting with administration of the whistleblower channel are subject to a duty of confidentiality with regard to the information included in reports to the whistleblower channell. The duty of confidentiality applies correspondingly to other authorised employees, empowered to receive or follow up on reports, and that may become aware of your identity or other details covered by that duty. 

Information about your identity or other information from which your identity can be disclosed directly or indirectly, cannot be disclosed without your express consent to anyone other than the authorised employees of Leapwork, empowered to receive or follow up on reports. You may choose to withdraw your consent at any time. However, withdrawal must be without prejudice to the legality of disclosure based on consent prior to withdrawal. 

Information about your identity can be disclosed to the public authorities without your consent when required to avoid breaches within the scope of the Whistleblower Act, or with regard to ensuring the rights of the persons concerned to a defence. If Leapwork  intends to disclose information from which your identity can be derived directly or indirectly, Leapwork must inform you in advance, unless doing so will compromise related investigations or legal proceedings. 

6. Processing of personal data 

All reports shall be kept strictly confidential according to our Privacy Policy.  

7. How we deal with reports 

All reports will be promptly and thoroughly investigated by an independent and impartial party. Whistleblowers will be kept informed of the progress and outcome of the investigation to the extent possible, given legal and privacy constraints.

Leapwork has appointed the Legal Department to handle the impartial administration of the whistleblower channel.

7.1. Receiving reports 

Legal receives all the reports through the whistleblower platform, provided by Whistleblower Software A/S.  
The reports are automatically registered and documented in the channel, and kept for 5 years from the date of submission. 

7.2. Obtaining documentation 

We may contact you via the platform used for reporting for additional question and/or documentation. The documentation may consist of correspondence, documents, photos, minutes from meetings, recordings of telephone conversations, e-mails, expense sheets, internet logs etc.

7.3. Feedback to the whistleblower 

Leapwork will give you feedback on your report as soon as possible and no later than three months from confirmation of receipt.

If in compliance with the law, including relevant rules on the duty of confidentiality, you will be informed of what measures have been taken or are envisaged in response to the report, along with reasons for the choice of such a response. Such feedback could be that the matter has been passed to the police, an internal investigation has been launched, or a report made to the relevant supervisory authority.

If Leapwork has not yet determined the appropriate follow-up within three months from confirmation of receipt, you will be informed accordingly, including whether you can expect further feedback. 

7.4. Information of persons concerned  

In accordance with the General Data Protection Regulation, information must be provided to the persons concerned, and they must be informed about the report within one month. If there is an actual risk that such notification would jeopardise the related investigations, the notification may be postponed for as long as the risk exists. 

8. Protecting whistleblowers  

8.1. Conditions of protection 

The Whistleblower Act comprises special provisions on protection of whistleblowers against reprisals etc.

Whistleblowers are only covered by the protection of the Whistleblower Act if they have reasonable grounds to believe that the information reported was correct at the time the report was made, and that the information reported comes under the scope of the whistleblower scheme as described above. If you report incorrect information about breaches in good faith, you will also be covered by the protection.

No protection will be given according to the Whistleblower Act if you knowingly report incorrect information, or information on breaches which are groundless, including unsubstantiated rumours and gossip.

You cannot waive the rights you have under the Whistleblower Act.

8.2. Scope of protection 

8.2.1. Exemption from liability for breach of the duty of confidentiality and gathering information

If you meet the conditions for protection, you will not be considered to have breached a statutory duty of confidentiality and will not be liable for doing so, provided you had reasonable grounds to believe that the report was necessary to disclose a breach falling within the scope of the Whistleblower Act. Also, you will not be liable for accessing the information reported, provided that such an act does not constitute an independent criminal offence.

8.2.2. No retaliation

We prohibit retaliation against, harassment of, or other adverse action against you because you reported a suspected violation or assisted in an investigation. Any instances of retaliation should be reported as a violation as defined in this Policy. Examples of prohibited retaliation include:

1. Suspension, lay-off, dismissal, or equivalent measures
2. Coercion, intimidation, or discrimination
3. Negative performance assessment or employment reference
4. Early termination or cancellation of contracts for goods or services

8.2.3. Application for rejection of legal proceedings

You have the right to invoke a report made to apply for rejection of legal proceedings provided that you had reasonable grounds to believe that the report was necessary to reveal a breach within the scope of the Whistleblower Act. 

9. Possible outcomes of reporting  

9.1. Consequences for whistleblowers

If you submit a report in good faith, you are protected against any form of adverse consequences.

It may, however, have consequences for you as an employee if incorrect information is knowingly reported, e.g. with the intention of harassing or in some other manner causing harm to other employees or members of the board of directors.

Anyone making a report in bad faith can be subject to disciplinary, civil law (including contract law), criminal law, administrative or employment law sanctions.

9.2. Consequences for persons concerned

Depending on the circumstances, a report may result in the following consequences for the persons concerned:

• disciplinary proceedings against employees concerned which may lead to a warning or termination of employment
• a case brought against board members concerned that can lead to loss of their seat on the board
• the persons concerned can be reported to the police, resulting in criminal charges
• contractual consequences for business partners, e.g. cancellation of a contract.

In principle, a report will not lead to consequences for the persons concerned if the claims in the report are not supported by evidence or by further investigation of the report. 

10. External whistleblower schemes  

You can choose whether you wish to submit your report to Leapwork’s internal whistleblower channel or to a relevant external whistleblower scheme, or both.

Under the Whistleblower Act, an external whistleblower scheme has been established at the Danish Data Protection Agency, where the entire protected group of persons of the Whistleblower Act (and not only employees) can report anything that can also be reported in the Aarsleff Group’s internal whistleblower scheme, including reports of breaches of EU law, reports that otherwise relate to serious breaches of the law or other serious matters.

In addition, a number of public authorities have set up external whistleblower schemes for reporting breaches of specific legislation. These include the Danish Financial Services Authority, the Danish Working Environment Authority, the Danish Environmental Protection Agency and the Danish Business Authority. 
 
Approved and adopted on December 5, 2023