+45 7562 7900
CVR: 29205272

Whistleblower scheme

Nordstern’s whistleblower scheme

Nordstern do not accept any breach of the law or our own internal rules. That is why we have a whistleblower scheme to which serious breaches can be reported.

Who can make a report and what can be reported?

Nordstern’s employees, customers and suppliers may make a report to the whistleblower scheme if they suspect that any of the following offences have been committed by employees or board members of Nordstern or others associated with Nordstern:

  • certain breaches of EU law and
  • serious offences and other serious matters in general

With regard to reports on breaches of EU law, reports can be made on e.g.

Violations concerning public procurement rules, transport safety and product safety and conformity. Please refer to the detailed rules in Article 2 of EU Directive 2019/1937 of 23 October 2019 on the protection of persons who report breaches of Union law.

Serious offences and other serious matters in general means:

  1. Economic crime such as bribery, theft, fraud, embezzlement or breach of competition law
  2. Significant breaches of environmental law or occupational safety
  3. Violence, threats, harassment or discrimination

Accordingly, the whistleblower scheme cannot, as a general rule, be used for misconducts such as dissatisfaction with pay levels, violation of smoking and alcohol guidelines, bullying at work, cooperation problems or other HR-related staff matters.

How to make a report

Reports to the whistleblower scheme must be made electronically by completing and submitting the online report form on this page.

If you submit a report, the following information will normally be useful for the further investigation of the matter:

  • Description of the matter, including the date, place and name(s) of the person(s) involved
  • Any documents or evidence relating to the breach or other information which may facilitate an investigation of the matter

It is up to you whether you want to submit the report in your own name or anonymously.

If you want anonymity, it is important that you do not write your name anywhere in the report. Moreover, please be aware that your identity might be inferred from the information you have provided in the report.

How we handle reports

All reports that fall outside Nordstern’s whistleblower scheme will be screened out and should instead be dealt with via the normal communication channels. In this case, you will be asked to send your enquiry to the relevant person, for example your immediate supervisor or his or her manager.

All reports that are not deemed manifestly unfounded are received and considered by Nordstern’s whistleblowing unit, which consists of Nordstern’s Head of Legal, who is responsible for the scheme, and Nordstern’s Quality, Environment and Health & Safety Manager. All information received through the whistleblower scheme will be treated confidentially and with discretion, and any request for anonymity will be respected.

Reports concerning a member of the whistleblowing unit will be dealt with by the other member of the whistleblowing unit, provided that he/she is not disqualified from dealing with the matter in question, together with the chairman of the Board of Directors.

Within 7 days after the report has been received in the whistleblower portal, you will receive a confirmation that the report has been received. You will normally receive a notification that the matter has been closed within 3 months of receiving this confirmation. If the processing of your report will take more than 3 months, you will be notified and given a reason for why additional time for investigation is needed. You will normally be notified of the outcome of the investigations within the limits of the law.

The whistleblowing unit, together with the persons involved in the investigation of a report, is subject to a special statutory obligation of confidentiality with regard to the information which is or has been the subject of the processing under the whistleblowing scheme. Accordingly, if, in the course of investigating the report, it becomes necessary to contact persons inside or outside Nordstern, any such contact will be confidential, and the persons involved may not disclose such information, unless otherwise required by law.

Protection of whistleblowers

Nordstern do not tolerate harassment, retaliation or other forms of sanctions against persons who report a matter to the whistleblower scheme in good faith.

No false or misleading information may knowingly be submitted via the whistleblower scheme. In some circumstances, reports made in bad faith may have negative consequences for the employment of the person making the report. Please also refer to the Danish Whistleblower Act (Act No. 1436 of 29/06/2021 as amended).

Notification of the person to whom the report relates and other persons

If the report concerns one or more specific employees and the report is deemed to fall outside Nordstern’s whistleblower scheme, they will be informed that a report has been made.

In addition, the employees concerned will be informed of:

  • the purpose of processing the report
  • who has access to the report
  • any access to the report and the right to comment on the information contained therein
  • that the report can be passed on to the police and other public authorities

However, if a report is deemed to fall within Nordstern’s whistleblower scheme, any identifiable persons named in the report will not, as a general rule, receive a notification thereof due to the special statutory obligation of confidentiality.

Information reported is deleted as soon as it is no longer necessary to keep the information, including when investigations or any police proceedings have been concluded or if the report falls outside the scope of the whistleblower scheme.

Questions regarding Nordstern’s whistleblower scheme can be directed to the person responsible for the scheme, Head of Legal, Mikael Skjoldager,, +45 2118 5461. If you do not feel comfortable using Nordstern’s whistleblower scheme, or for some other reason prefer to use an external whistleblower scheme, you may use the Danish Data Protection Agency's external whistleblower scheme, where it is possible to make written and oral reports. The Danish Data Protection Agency's whistleblower scheme can be accessed via the Agency's website.

Fill in all (mandatory) fields and click on submit

If you wish to remain anonymous, please do NOT provide any information about your identity. If you choose to provide your personal data to the responsible person at Nordstern, please fill in the fields below:

Personal data

Nordstern are the controller of the whistleblower scheme.

Legal basis
The processing of personal data in connection with a report is subject to Section 22 of the Danish Whistleblower Act, according to which the processing of personal data covered by Articles 6, 9 and 10 of the General Data Protection Regulation (GDRP) may take place if it is necessary to process a specific report received in a whistleblower scheme established under the Danish Whistleblower Act.

The GDPR and the Danish Data Protection Act also apply to other processing of personal data in relation to the whistleblower scheme.

Transfer of personal data
If your personal data is transferred to controllers or processors located in countries outside the EU/EEA, including entities under the Nordstern group, which do not provide an adequate level of protection, such transfer will be protected by the EU Commission's Standard Contractual Clauses.

Rights of data subjects in terms of reports
Persons in respect of whom information has been recorded in connection with the whistleblower scheme, including the person reported, and where the report is considered to fall outside the scope of the whistleblower scheme, may request access to the personal data recorded in order to verify their accuracy and rectify inaccurate, incomplete or outdated data.

Where a data subject submits a request for access and where the report is considered to fall outside the scope of the whistleblower scheme, information will generally be provided about (i) the personal data processed about the person, (ii) the purposes of the processing, (iii) the categories of recipients of the data, (iv) the expected period the data will be stored and (v) any information available about the source of the data.

However, the right of access does not apply in cases where the interest of the person concerned in obtaining the information is deemed to override any considerations of private or public interest. The person reported is not entitled to receive information on the identity of a person who has in good faith submitted a report or other factual information other than that relating to him/her, unless otherwise expressly provided by law.

In addition, data subjects may object to the processing and request that the processing of their personal data be restricted. In addition, data subjects may request rectification or erasure of the their data, if necessary. In certain circumstances, the data subject may also request that Nordstern provide a copy of his or her personal data in a structured, commonly used and machine-readable format and request that we transfer the data to another controller.

If a report is deemed to fall within the whistleblower scheme, the rights of data subjects, including whistleblowers, will be limited or eliminated due to the special obligation of confidentiality, as described above and which follows from Section 25 of the Danish Whistleblower Act. Specifically, this entails that:

  • the obligation to provide information is eliminated, cf. Article 14(5)(a) of the General Data Protection Regulation.
  • the right of access in relation to information in whistleblower schemes may be restricted, cf. Section 22(2)(v) or (ix) of the Danish Data Protection Act
  • the duty of notification in the event of a security breach may be limited, cf. Article 22(2)(v) or (ix) of the Danish Data Protection Act

Finally, you may submit a complaint to the Danish Data Protection Authority, Carl Jacobsens Vej 35, 2500 Valby, Denmark or contact the Danish Data Protection Authority at