Whistleblower Policy


Purpose
Triarca A/S is committed to the highest possible standards of openness, honesty, and accountability. The purpose of this policy is to provide Triarca’s internal and external stakeholders with a  framework for reporting suspected misconduct within the company without fear of retaliation. The purpose is also to encourage all employees and other stakeholders to report suspected or actual violations of company policies, internal routines, or laws so that irregularities can be addressed before any major damage occurs. Triarca aims to achieve and uphold a corporate culture in which reporting wrongdoing is encouraged and appreciated.

The policy has been adopted by Triarca's Board of Directors (hereafter referred to as “Board”) on March 23rd 2022. The Board of Directors is responsible for updating the policy and revising it if  necessary. The policy is in accordance with the Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of  Union law.

Scope
The policy covers the entire of Triarca’s business, regardless of geographical location, including without limitation its subsidiaries and affiliates.

Implementation and communication
This policy shall be implemented, distributed, and made available to all relevant stakeholders. For employees, the policy is available on the company's intranet (sharepoint server). For other  stakeholders, the policy will be made available on the company's website. Triarca’s CEO is responsible for such implementation and communication ensuring that this policy is fully understood and implemented in the business.

External System Provider
The Board of Directors has decided to appoint DLA Piper Denmark as provider of an external whistleblower system. The external system allows for submission of anonymous complaints and is  managed by experienced specialist to ensure confidentiality. For more information about the report procedure, see section “Report a misconduct”.

The Whistleblower Committee
The Whistleblower Committee at Triarca has been established to evaluate and investigate incoming whistleblower reports received from the external system provider and make recommendations on actions to the Board of Directors. 


The Board has decided that the Whistleblower Committee currently consist of:

• Michael Reeslev, CFO, related to compliance, legal & audit
• Jacob Klein, trusted employee, union representative
• Benny Zakrisson, Chairman of the board, Accent Equity representative

The Committee is to be chaired by Benny Zakrisson. The Board has also adopted an instruction for the work of the Committee.

Report a misconduct
Who can submit a report A whistleblower is a person who reports misconduct in the company's operation. A report can be submitted by employees, suppliers, contractors, subcontractors, self-employed persons, volunteers and trainees, 2/3 shareholders and persons who are part of a company's administrative, management or supervisory body that are active in the company. This policy also applies to persons who have previously been employed by Triarca if the misconduct occurred during employment and persons who have not yet started with Triarca where information on misconducts has been acquired during the recruitment process or other negotiations prior to entering into an agreement.

What can be reported
The whistleblower system is for reporting actual or suspected misconducts within Triarca’s group and breaches of laws and regulations. The information reported must be of interest to a wider circle of people, not just the whistleblower and there must also be a legitimate interest in the information coming out. A whistleblower does not need to have firm evidence for expressing a suspicion, but the report must have been made in good faith (i.e., have reasonable grounds to believe that the information on breaches reported was true at the time of reporting).

Examples of misconducts and breaches of laws and regulations:

• Deviations from Triarca’s Code of Conduct or other internal policies and routines
• Suspicions of corruption or conflicts of interest
• Inadequate product safety
• Inadequate handling of personal data
• Environmental violations
• Other violations of EU law or national law

How to make a report
Triarca’s whistleblower system is a confidential reporting channel through which a whistleblower is allowed to anonymously raise concerns about misconducts. The system is provided and managed by the independent external party DLA Piper Denmark. Reporting can be done 24 hours a day, all year round. In addition to the web-based solution, reports can also be submitted through a  physical meeting or orally through a phone line.

The anonymous reporting function is accessed via:
https://whistleblowersoftware.com/secure/952a6836-a224-4bd7-8a16-6f2753bb4a17

Phone line: +45 33 34 08 63 or +45 33 34 00 65 open from 09:00 – 15:00.

When reporting a misconduct, the whistleblower is strongly encouraged to provide as much details as possible, as it will enable a thorough and accurate investigation. 

What happens after a report has been submitted
All concerns and complaints received through the whistleblower system will be promptly investigated by DLA Piper’s experienced specialists. DLA Piper will provide an initial assessment and  recommendation of incoming cases and send the report to the Whistleblower Committee at Triarca. If the reported conduct is qualified as a whistleblower case, the Whistleblower Committee will forward the issue, together with clear recommendations on actions, to the Chairman of the Board. Depending on the nature of the case, the question will be further investigated internally, handed over to the police or other law enforcement authorities or be subject of independent and external investigation. DLA Piper and the Whistleblower Committee ensures that a report is not forwarded to anyone within Triarca who might be subject to the report.


Confirmation that the case has been received
The whistleblower will have the matter confirmed no later than 7 days after the report had been received.

Feedback on measures taken
The whistleblower will receive feedback on measures taken within 3 months.

Reporting to authority
Reporting persons should primarily use Triarca's reporting channel. Reporting persons may also report misconduct to an external reporting channel provided by an authority if it is not considered appropriate to use the Triarca’s reporting channel. It is also possible to report matters to the Danish Data Protection Agency. The Danish Data Protection Agency is a public authority that operates an external whistleblower scheme. It is optional whether you want to report a relationship to DLA Piper or to the Danish Data Protection Agency. However, we encourage you to use the internal reporting channel(s) above if the matter can be addressed quickly and effectively by the Company itself and you assess that there is no risk that you will face obstacles or experience consequences
by making internal reporting. You can read more about the Danish Data Protection Agency's whistleblower scheme and how to use it via the following link 

https://www.datatilsynet.dk/om-datatilsynet/kommende-whistleblowerordning


Protection against retaliation
Triarca applies a zero tolerance to retaliation against anyone who report wrongdoings in good faith. Whistleblowers will not be held liable for breach of confidentiality provided that the person at the time of reporting had reasonable grounds to assume that the reporting of the information was necessary to reveal the reported misconduct, in accordance with applicable laws. People who intentionally report incorrect or misleading information are not protected against retaliation. 

Anonymous and confidential reporting 
The whistleblower system is provided by an external partner to ensure anonymity and confidentiality. Whistleblowers can choose to remain anonymous, and the solution will safeguard their  anonymity, all the way from reporting through dialogue, any follow-up and investigation. All information disclosed during the investigation will remain confidential, except as necessary to conduct the investigation and take any remedial action, in accordance with applicable laws. Personal data will only be processed if it is necessary to follow up on the reported case. Only persons who have been appointed to receive, follow up and provide feedback on reports may have access to the personal data. The personal information in the reports will be deleted when the information is no longer necessary or no later than two years after the case has been closed.