You have important information that we handle confidentially

Each organisation has its own whistleblowing policy, whistleblowing guideline or similar governing document, which regulates who is allowed to report a whistleblowing case, what is allowed to be reported and what a report should contain. For terms and conditions of reporting, you are referred to the organization's whistleblowing policy, which can be found on the organization's website and/or intranet.

Whitepaper Advisors is the company behind the service Trumpet — a whistleblowing solution for all types of organizations (everything from associations to companies, corporations, municipalities and authorities). Trumpet offers a secure reporting channel for those who have something they want to tell.
Whitepaper Advisors is a company where high integrity and credibility are prerequisites for our business to exist. We have extensive experience in investigating and helping organizations deal with irregularities.

The whole purpose of Trumpet is to offer organizations a function that corresponds to current laws, where potential whistleblowers can safely report misconduct. The system is a technically secure solution where the whistleblower is basically completely anonymous and where we who manage the system cannot see who the whistleblower is, unless the person actively chooses to be open with their contact information.
We who deliver this service must relate to the laws that apply. Based on how the system and function are designed and written in contracts, we are not allowed — and we cannot — collect personal data about the whistleblower if the whistleblower wants to remain anonymous.

In the whistleblower system, you will always start off by being anonymous. When you are anonymous, your personal data is not saved. If you wish to disclose your identity, this is something you can choose to do at a later stage — when you create your report.

Yes, you will always start off as anonymous in the system. You will then later make an active choice as to whether you wish to submit your contact details.

If you do not print your name in the report yourself, it is not possible to see who submitted the case in the system. Trumpet is developed based on the highest standards of confidentiality and security:

• All information provided is encrypted according to a method that allows only the whistleblower and authorized persons to access your personal data or read the full report. The encryption algorithms we use (AES-256) are always up-to-date, secure and evaluated methods that follow the highest security standards.
• All communication with the service, i.e. between the visitor's computer and the service's servers, takes place encrypted according to the most secure internet standard, SSL OV. "SSL" means encryption of the information that effectively protects against eavesdropping. "OV" means an add-on that, in addition to encryption, also secures the identity of the server with which the visitor communicates, which protects against fraudsters.
• The system is designed not to store any information about either those who visit the web service or submit reports. Traceable information is not stored in visitor statistics or system logs.

There can always be a risk that you leave traces behind on the device and networks you use. If you want to exclude your employer from being able to track your activity, you should choose a private computer or private phone and visit the service from a network you trust, such as your home network.

“Incognito mode” is a way to reduce the number of traces that your visit to the service leaves on the computer or phone you are using. The web browser will not save information, such as website history and the temporarily downloaded files that the computer receives every time you visit a website (web pages, images, cookies, etc.).
However, if you want to be completely sure that you are not leaving any traces in your employer’s IT environment, you should use your own private computer or phone, and visit the service from a network you trust, such as your home network.

Start by identifying the problem, and think through what occurred. Describe all the facts you are aware of. Develop your statement carefully, as well as anything else that is relevant to the report. The information you provide must be as accurate and detailed as possible. Omit private opinions or speculations.
Use the questions below to provide as clear a picture as possible:

• What type of event the complaint concerns?
• Who is/are involved?
• When it happened?
• Where it happened?
• If it was a one-off event, or if the problem is ongoing or recurring?

Include contact information of potential witnesses, or state where to find any evidence (e.g. in paper or electronic format).

You can report whatever you want that you consider to be a problem, provided that it is covered by the requirements set out in your organisation's whistleblower policy, e.g. that it constitutes violations of legislation in specifically designated areas. A problem often consists of one or more events that are linked to time and person. By event, we mean an observable action or event, i.e. some type of course of events that has happened, is happening or is about to happen. It helps if you highlight who or who is involved, but it is not something you have to do to be able to submit a report.

The report is always received by an independent case worker. (The case worker is independent of the organisation that your report concerns). We will provide you with feedback about the case’s status via this channel. The case worker raises the issue to the organisation’s committee that handles whistleblower cases. It is ultimately the organisation’s committee that decides whether an investigation should take place. What happens depends on the scope and significance of your report.

The system is owned and operated by Whitepaper Advisors and it is an agent working for Whitepaper Advisors who first receives and handles the case with your report. All contact via the system is made with the administrator.
All organisations that use our service have a committee where the administrator reports incoming cases. Finally, it is the organisation's committee that decides how each case should be handled. Before the committee has access to the matter, it is examined to ensure that no one is involved, according to the report in the committee. In these cases, the person(s) will be excluded from further handling of the case. A description of how the committee works can be read on your organisation's website (where you received login information to the system).
The system is technically constructed in such a way that no one without authorised access is given access to your report and according to the choice you made when the report was created.

The event you report means that a case is directly created in the system with a unique case number. The content will be saved as long as the case is open. (You will receive feedback on the status of the case through the system. When a case is closed, all content saved in the system, i.e. all information you have provided in your report, is deleted. No personal data provided in your report remains in the system after the content of a case has been deleted).