Whistleblower policy

1. Purpose

GlobalConnect AB (the “Company”) is strongly committed to act with integrity in all
business commitments, believing that adherence to high standards of ethics and
compliance is not a single event but an important part of our daily business practices.
In line with this commitment, this Whistleblowing Policy (the “Policy”) provides
guidance on how suspected wrongdoing and misconduct within the Company can be
reported.

 

2. Applies to

This Policy applies to the Company and the following categories of individuals:

 

• employees (including temporary personnel);
• hired personnel (such as consultants and other independent contractors);
• trainees and volunteers;
• members of the board of directors of the Company;
• shareholders of the Company; and
• individuals over which the Company exercise control and management.

This Policy also apply to individuals whose work-based relationship with the Company
is yet to begin in cases where information on wrongdoings has been acquired during
the recruitment process or other pre-contractual negotiations. The Policy also apply to
individuals who have acquired information within the context of a work-based
relationship with the Company which has since ended.
It is every employee’s, and other individuals performing work for the Company,
responsibility to acknowledge the importance of complying with this Policy.

 

3. Definition of wrongdoing

Wrongdoing means any serious conduct that could have a negative impact on the
Company’s business, operations or working environment or any other serious conduct
that could be of public interest. Wrongdoing includes, but is not limited to, any actual or
suspected:

 

(i) violation of laws (whether civil or criminal) and regulations;

(ii) bribery and corruption;

(iii) serious risks concerning the life or health of individual persons (such
as environmental crimes or major deficiencies in the security at a
place of work);

(iv) serious and systematic work place deficiencies; and

(v) any other conduct that is in material breach with the Company’s Code
of conduct or other material Company policies.

 

Issues exclusively affecting the relationship between one individual and the Company
do generally not fall within the definition of wrongdoing for the purpose of this Policy.
The Company encourages individuals to raise such concerns with their immediate
manager or the HR department, depending on the circumstances.

 

4. Raising a concern

Reporting of wrongdoings should be made using one of the Company’s reporting
channels:

(a) Reporting to your direct supervisor.
(b) Reporting to anyone in the Investigation Team (either by e-mail, phone or
meeting)
(c) Reporting through the Company’s confidential web-reporting tool WhitsleB at
https://report.whistleb.com/sv/globalconnect

 

Any individual who receives a whistleblowing report should immediately refer the report
to the Investigation Team.

If you submit your report through telephone or at a meeting, your report will either (i) be
recorded, if you consent to such recording, or (ii) written down in a protocol that you will
be given the opportunity to review, rectify and approve by way of signing it.
To facilitate the subsequent investigation, the Company encourages you to provide a
detailed description of the wrongdoing. You may include e.g. documents or images
when you submit your report.

If it is not relevant for the investigation of the reported wrongdoing, no sensitive
personal data (data revealing ethnic origin, political opinions, religious beliefs, trade
union membership or health or sexual life) should be included in the report.
You will be informed that the report has been received within seven days from receipt
of the report, unless (i) you have stated that you do not want to receive such
acknowledgement of receipt or (ii) there is reason to assume that such
acknowledgement cannot be made without disclosing your identity.

The reporting channels mentioned above should be used first hand. However, if you do
not want to report to the Investigation Team because a member of the Investigation Team may be subject to conflict of interest by reason of the information brought
forward, you may instead report directly to the Company’s CEO. If you do not want to
report to the Company’s CEO for similar reasons, you may instead report to the Group
CEO. Please however note that these reporting channels should only be used if
necessary.

As an alternative to or in addition to using the Company’s internal reporting procedure,
you may also report directly to certain Swedish authorities (external reporting) without
the risk of retaliation. These authorities are listed on
https://www.regeringen.se/pressmeddelanden/2021/10/myndigheter-ska-inrattavisselblasarfunktioner/. Which competent authority you shall submit your report to
depends on the nature of the wrongdoing. The reporting should be made using the
relevant authority’s established reporting channels designated for reporting of
wrongdoings.

To file a report, you shall have reasonable grounds for believing that the information
you are in possession of is true. However, it is not necessary to be able to present any
evidence of the wrongdoing in order to file a report. As long as you act in good faith,
you will not face any negative consequences even if the suspicion of a wrongdoing
proves to be incorrect if and when the matter has been further investigated.

 

5. Confidentiality

You are encouraged to voice any concerns openly under this Policy although reports
may also be submitted anonymously. You can specifically request confidentiality when
making your report. Any request for confidentiality will be respected to the extent
possible considering the need to investigate adequately, to comply with the law, to
provide accused individuals their legal rights of defence and to take appropriate
remedial measures.

 

6. Retaliation

If you acquire information of a wrongdoing, as defined above in section 3 (definition of
wrongdoing) in a work-related context, you shall not be subject to any form of
retaliation for reporting such information in good faith by way of using the Company’s
internal reporting channels. Such protection is offered through the Swedish law Lag om
skydd för personer som rapporterar om missförhållanden. The protection against
retaliation applies to individuals mentioned under Section 2 above (Applies to) who file
a report in accordance with this Policy. If you feel that retaliatory behavior of any kind is
occurring towards you, you should immediately report those concerns to the Head of
Legal Sweden. For the purpose of this Policy, “retaliation” means any direct or indirect
act or omission which occurs in a work-related context, is prompted by reporting
information on wrongdoings, and which causes or may cause unjustified detriment to
the reporting person. However, it should be noted that the protection against retaliation
does not apply if it can be established that the report was made maliciously in bad faith
or that a criminal offence has been made when gathering the information for the report
or if the report itself constitutes a criminal offence.

 

7. Investigation

The Company’s investigation team consists of the Legal department in Sweden (the
“Investigation Team”).

Reports of wrongdoings filed according to this Policy will be investigated by the
Investigation Team. The Investigation Team will evaluate and assess the information
received, ensure that the matter is investigated and conclude the appropriate course of
action. The Investigation Team shall act independently and with integrity. The members
are authorized by the Company to undertake the investigation measures they deem
necessary and appropriate in each specific case.

The Investigation Team shall consider whether the responsibility for the next steps in
the investigation should be assigned to relevant internal resources, for example IT,
Legal, HR, Finance or a specific business area, as well as a potential need to engage
external advisors. The investigation shall however always include an individual from a
department/function outside the department/function which is the subject of the report.
The Investigation Team shall at all times conduct investigations discreetly, in the
strictest confidence and with priority.

In conjunction with the investigation, or after the investigation has been completed, it
may be necessary to disclose information which could identify you to functions within
the Company in order to, e.g., initiate proceedings relating to termination of
employment. Disclosure may also be made to competent authorities. You will be
informed of any such disclosure, provided however that informing you will not impede
or complicate the purpose of the disclosure.

If you have filed a report, using the Company’s internal reporting procedures, you will
receive information on actions taken as follow-up to the report and the grounds for such
follow-up within a reasonable timeframe but not later than three months from when you
have received confirmation of receipt of the report, insofar as such information would
not prejudice the internal enquiry or the investigation or affect the rights of any person
concerned. If appropriate and attainable, you will be informed of the status of the
investigation and any measures taken to address the issue raised on a continuous
basis.

If a report concerns or relates to any member of the Investigation Team or concerns an
issue or a business department in relation to which a member of the Investigation
Team may have a conflict of interest, then such member shall not participate in the
investigation of the report. If a conflict of interest situation may not be avoided by
excluding member(s) of the Investigation Team from participating in the review of a
report, the Company’s CEO shall be in charge of the investigation of such report.

 

8. Course of action

When an investigation has been concluded, the Investigation Team shall conclude the
appropriate course of action.

Actions shall be relevant, proportional and fair in relation to the interests of the
Company as well as the individuals and organizations involved and shall take into
consideration the relevant regulatory framework, corporate policies, culture and values.
Actions can include measures such as a written warning or dismissal, or referrals to
competent authorities for further investigation.

 

9. Personal data

All information received in connection with a report will be treated as strictly confidential
and the privacy of the reporting individual and the subject(s) of the report will be
protected to the fullest extent deemed possible. Any processing of personal data of the
reporting individual and of any accused person(s) will be made in accordance with the
General Data Protection Regulation (GDPR) and all complementary Swedish data
protection legislation, including the Swedish Authority for Privacy Protection’s
regulations. The personal data submitted in a whistleblowing report will only be
processed in order to investigate the claim made by the reporting individual.
Reports received through the Company’s internal reporting channels shall be stored for
no longer than necessary and proportionate in order to investigate the reported
wrongdoing and undertake appropriate actions, however no longer than two years after
a follow-up case or an investigation has been concluded.

Processed personal data will be deleted within two years after the conclusion of an
investigation, if an investigation is initiated as a result of a report of a wrongdoing. You
will find more information regarding the Company’s processing of personal data in the
Company’s Privacy Policy.

To the extent possible, information received in connection with a report will be treated
as confidential and the privacy of the reporting individual and the subject of the report
will be protected. However, please see the comments regarding potential disclosure
under section 7 (The investigation).

 

10. Roles and responsibilities

The Company’s CEO is accountable for the implementation of this Policy. The
executives reporting to the Group CEO are responsible for ensuring that the Policy is
communicated, implemented and followed within his/her area of responsibility.

 

11. Violation of Policy

Non-compliance with this Policy shall be reported in accordance with this Policy.
Received reports of violations of this Policy should be forwarded to Head of Group
Legal who is responsible for reporting incidents to the Group Audit Committee.
Violations against this Policy may be subject to corrective, legal and/or disciplinary
actions, including termination of employment.

 

12. Related documents

This instruction is part of the Company’s Corporate Compliance Framework, which
includes related Group Policies, manuals, instructions and guidelines issued on group
and/or local level.

 

13. Exemptions

Any deviations or exemptions deemed necessary from this Policy shall be escalated to
the Head of Legal Sweden. No deviation or exception can be made without approval by
the Country CEO.

 

14. Contact Information

Contact the Head of Legal Sweden should you have any questions or need further
assistance regarding this policy.