The purpose of the Speak Up reporting system is to provide a central, secure and confidential reporting system for violations of Sandvik’s code of conduct, policies and law in order for Sandvik to pursue its legitimate interests to be able to conduct its business with honesty, integrity, high ethical standards, and compliant with all applicable laws. You may ask questions and report your concerns. In certain countries, there are limitations on what and who you may report through Speak Up. For example, in some countries we may only accept reports that relate to financial, accounting, auditing or bribery matters. If your concern pertains to a matter that, under local law, may not be accepted by the Sandvik Group through the Speak Up system, you will need to contact your manager or the Ethics Office to report the matter.
Please be aware that the information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that, to the best of your knowledge, is correct and factual. You will not be subject to retaliation from the Sandvik group for any report of concerns or suspected breaches that are made in good faith, even if it later turns out to be incorrect. Please be aware, however, that knowingly providing false or misleading information will not be tolerated. The information you submit will be treated confidentially and we encourage you to identify yourself in order for us to follow up with questions we may have. Please note that in a few countries, laws prevent the reporter from being anonymous. It is always voluntary to use the Speak Up system.
The following information provides transparency into how we use your personal data and what your rights are concerning your data pursuant to the General Data Protection Regulation (GDPR) and other applicable privacy laws.
Who is the Controller of my data? Sandvik AB, the parent company of the Sandvik group and the company within the Sandvik group in which you and/or the reported individual(s) is employed are normally regarded as joint or separate Controllers of your personal data, depending on who is deciding how and why to use the personal data pursuant to the above purposes (hereinafter referred to as the “Controller”). If you are not an employee, but an external stakeholder, the Controller will be Sandvik AB and the company related to your report. The Controller will process all personal data in accordance with the GDPR, as applicable, and according to any other applicable privacy legislation where the Sandvik group has business operations. If you have any questions about who the Controller is, please submit your question in Speak Up.
What information is collected? Your name and contact details (if you do not report anonymously), any question you may have, the name and title of all witnesses and individuals you may be reporting, and a description of the concern or suspected breach of our code of conduct, policies and laws, including all relevant facts and details.
How will the information be used? Unless otherwise required by law, the information may only be reviewed and used by those individuals pursuant to the purposes described above and who need to access the data to fulfill their job duties. This includes internal investigators and the Ethics Office.
The Controller will evaluate the information you provide and may conduct an investigation. Your cooperation and assistance in that investigation is necessary. If an investigation indicates that a breach of the Sandvik code of conduct, policies or applicable laws has occurred, the Controller will take such action as it determines to be appropriate under the circumstances.
Please note that because of applicable laws, individuals you identify through the system may be informed about the fact that a report has been made. However, to the extent reasonably possible, the Controller will not reveal your name or identity. All individuals you identify will have the right to respond to or correct information you report.
Once a case has been closed, all personal data you submitted will be deleted or archived as required by local law. The Controller will take appropriate technical and organizational measures to secure the information you provide.
How long do we keep your personal data? The Controller will store the personal data for the period necessary to fulfill the purposes described above and in compliance with local legislation. We will further store the personal data as long as necessary to exercise, establish or defend claims, litigation or investigations. To see what retention periods apply to your country, contact the Ethics Office through the “ask a question” function in Speak Up.
Where may data be transferred? The Controller may disclose the personal data to other companies within the Sandvik group in order to fulfill the purposes and legitimate interest described above. Such Sandvik companies may be located in countries outside the European Economic Area (EEA). To ensure adequate protection of your personal data when transferred within the Sandvik group, regardless to which country your personal data is transferred, both the transferring Sandvik company and the receiving Sandvik company have entered into the Sandvik group's intra-group data transfer agreement. This agreement obligates the receiving Sandvik company to safeguard the personal data, for example, by including the European Commission's Standard Contractual Clauses (SCC) in relation to the data transfer.
The Controller may also disclose the personal data to external suppliers and advisors retained to assist in investigating the report. Where such disclosure entails transfers outside the EEA, the Controller will ensure that the SCC have been entered into with the receiving external party or ensure that adequate safeguards have otherwise been taken prior to such transfer. If you want to know whether any transfers outside the EEA were made in your particular case, please submit the question through Speak Up.
If relevant under applicable privacy law, you may request and receive a copy of documentation demonstrating that appropriate safeguards have been taken in order to protect your personal data for transfers occurring outside the EEA.
What are my personal data rights under the GDPR and other applicable laws? You have certain rights under the GDPR and other applicable data privacy legislation, such as the right to: (a) receive access to your personal data, be informed of how your data is being used, have your data kept up-to-date; and (b) in certain circumstances, require erasure, data portability; and (c) object and/or restrict processing of your personal data. To learn more about these rights and how to exercise them, please see the Employee Privacy Notice, if you are an employee, at https://intranet.sandvik.com/supportservices/legal/data-privacy/Pages/default.aspx or the Sandvik Privacy Statement at https://www.home.sandvik/en/about-this-site/privacy/ if you are an external stakeholder. You also have the right to make a complaint to your data privacy regulator if you believe we have not treated your personal data appropriately.
Who should I contact if I have further questions? Please use the “ask a question” function in Speak Up for any questions you may have.