We strive to run Koolair (a company within the Systemair Group) in a long-term and sustainable manner. We are therefore commited, in compliance with the (EU) Directive 2019/1937 of the European Parliament and the Council from October 23, 2019, regarding the protection of whistleblowers reporting any breaches of European Union Law, to ensuring that irregularities that might seriously damage the company or our employees should be drawn attention to and investigated as early as possible. Our Swedish parent company, Systemair, has set up a whistleblowing solution to make it easier for those who wish to provide information about irregularities that are in breach of applicable legislation. All reports are received and handled by an external agent.
Please note that only persons directly connected to Systemair Group’s operations are covered by the protections in whistleblowing legislation (the Protections for Persons Reporting Irregularities Act (SFS 2021:890)). Read more HERE.
Instructions
REPORTING VIA INTERNAL WHISTLEBLOWING CHANNELS
Reporting can take place in writing via the website wb.2secure.se or verbally by phone at (+46) 77-177 99 77. You can choose to remain anonymous in both of these reporting channels. If you would like to report via an in-person meeting, this can be requested by registering a report on the website wb.2secure.se. The in-person meeting will be held by agreement either with a representative from Koolair or with Systemair Group companies’ provider of whistleblowing services, the company 2Secure.
When registering a new report on wb.2secure.se, you must state the company-specific code koo353 to identify that the report is being made for Koolair. On the website, you will be asked to answer a number of questions about the matter to which the report relates. You can remain anonymous and are assigned a unique case number and password, which must be saved so that you can actively log in to the website, monitor the report and communicate with the case officer at 2Secure.
Click here to make a report (koo353)
Once a report has been registered, it is processed by experienced case officers at 2Secure, who will contact our Systemair parent company’s primary contact person based on a predetermined contact list with several names. If the primary contact person is the subject of the report, another person on the contact list will be informed. It is always our parent company, Systemair, who ultimately assesses the report and decides what measures are to be taken.
When reporting orally, you have the right to control and correct potential errors in your report. As you report a case by phone you will receive login information to follow your case on wb.2secure.se. If you wish to control and possibly correct your report after registration, this can be requested through the web portal. You can also choose to sign the protocol of your report by requesting this in the web portal. An administrator from 2Secure will coordinate this. If you choose to sign the protocol from your registration, this means that 2Secure becomes aware of your name / identity. 2Secure protects your anonymity and will not disclose this information to the company. You can thus, even if you wish to sign the protocol from your registration, remain anonymous to Systemair.
REPORTING VIA EXTERNAL WHISTLEBLOWING CHANNELS
In addition to reporting to the internal whistleblower channel of our parent company, Systemair, you can report externally to a competent authority within a specific area of responsibility or to one of the EU institutions, bodies and agencies. The following authorities have been appointed as competent authorities and established external reporting channels: Swedish Work Environment Authority, National Board of Housing, Building and Planning, National Electrical Safety Board, Swedish Economic Crime Authority, Swedish Estate Agents Inspectorate, Swedish Financial Supervisory Authority, Public Health Agency of Sweden, Swedish Agency for Marine and Water Management, Swedish Authority for Privacy Protection, Inspectorate of Strategic Products, Health and Social Care Inspectorate, Swedish Chemicals Agency, Swedish Consumer Agency, Swedish Competition Authority, Swedish Food Agency, Medical Products Agency, The county administrative boards, Swedish Civil Contingencies Agency, Swedish Environmental Protection Agency, Swedish Post and Telecom Authority, Government Offices, Swedish Inspectorate of Auditors, Swedish Tax Agency, Swedish Forest Agency, Swedish Gambling Authority, Swedish Energy Agency, Swedish Board of Agriculture, Swedish Board for Accreditation and Conformity Assessment, Swedish Radiation Safety Authority och Swedish Transport Agency.
Go to the website of the Swedish Work Environment Authority for a summary of each authority’s area of responsibility and contact details: https://www.av.se/om-oss/visselblasarlagen/extern-rapporteringskanal/lista-over-myndigheter-med-ansvar-enligt-ansvarsomrade-enligt-forordning-2021949/
ABOUT STATUTORY INFORMANT PROTECTION
In addition to the ability to report suspected irregularities in accordance with whistleblowing legislation, there is also a right to freedom of disclosure and acquisition in accordance with the Swedish Freedom of the Press Act and the Swedish Fundamental Law on Freedom of Expression. This means that it is possible for an employee (with certain exceptions) in both private and public sectors to submit with impunity otherwise confidential information for publication to mass media covered by the Swedish Freedom of the Press Act and the Swedish Fundamental Law on Freedom of Expression.
There is also extended protection for employees in public sector organisations or other operations where informant protection applies in accordance with the Swedish Informant Protection in Certain Sectors of Economic Activity Act (SFS 2017:151)
or the Swedish Public Access to Information and Secrecy Act (SFS 2009:400). This extended protection relates to a prohibition against investigation and a prohibition against retaliation.
The prohibition against investigation means that a government agency or other public body may not, as a general rule, investigate who has submitted a notification for publication.
The prohibition against retaliation means that the general public may not take measures that have negative consequences for an individual because he or she has exercised his or her freedom of expression and disclosure.
DATA PROTECTION
KOOLAIR, in compliance with current regulations on Personal Data Protection, in particular Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation or GDPR) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPD), informs you that the personal data you provide when submitting a complaint or query, as well as any other information of a personal nature that KOOLAIR may collect in processes of investigation, will be incorporated into a file for which it will be responsible.
Data Controller
Data Controller contact details: KOOLAIR, S.L.
Address: C/ URANO, 26 – POLIGONO INDUSTRIAL Nº 2 «LA FUENSANTA», 28936 MÓSTOLES (MADRID).
For more information on data processing, please refer to the official KOOLAIR website and the company’s privacy policy.
Purposes of Processing
The data provided via this Complaints and Communication Channel will be processed by KOOLAIR for the sole and exclusive purpose of managing notifications, investigating complaints, and taking the appropriate corrective measures. Personal information may only be collected when strictly necessary for the fulfilment of the purposes set out above.
Legitimisation
The legal basis that legitimises the processing of data via the Complaints Channel is the need to provide a public interest service, for example, the prevention of criminal offences or a legal obligation, such as when KOOLAIR has knowledge of facts that involve an offence of a criminal nature or crime and/or regulatory compliance applicable to the Entity.
When users provide their personal data voluntarily, their consent forms the legal basis that legitimises the processing of this data.
Data communications
The Complaints Channel has been established by the parent company, Systemair, for all the companies in the group and will be managed by an external company, 2Secure, who will inform KOOLAIR of any irregularities or legal breaches affecting the organisation.
Data may also be shared with judges or courts in compliance with the legislation in force.
Criteria for Data Retention, Management and Storage
Once received, communications received via the Complaints Channel are kept in a secure environment to guarantee the information is kept confidential at all times: access is restricted to those responsible for regulatory compliance. Information relating to the communication will be held in the Complaints Channel for 3 months. Once the origin of the complaint has been determined, the information will be transferred to another complaint management system, in which case the retention period may be extended depending on the retention requirements established by the applicable regulations in each case, and/or because the investigation/analysis is on-going, and/or to accredit KOOLAIR’s diligence in its actions.
Confidentiality
KOOLAIR undertakes to maintain confidentiality with respect to the data and information processed in the Complaints Channel as well as any additional information provided during the investigation, and with respect to data and information of any other persons involved whose data have been provided when notifying and/or processing the complaint or communication through this Complaints Channel.
Rights
The user may contact KOOLAIR at any time to exercise their rights of access, rectification, deletion, opposition, limitation of processing and portability, where such rights are applicable, by writing to the above address and providing a copy of their ID or equivalent document, identifying themselves as a user of the Complaints Channel service and specifying their request. Furthermore, if they believe their protection of personal data rights has been violated, they can file a claim with the Spanish Data Protection Agency (www.aepd.es)