Whistleblower Policy


The GRAM Group always strives for an open and transparent workplace in which misconduct is uncovered and prevented. It is therefore important that we provide clear information on how irregularities can be reported securely and in confidence. In the event of suspected ongoing or past irregularities, it is therefore vital that resources are available to disclose them. By making it easy to report irregularities, together we can help to ensure that our employees, guests/customers and the public have confidence in us.

To guarantee impartiality, cases are initially handled by the law firm Advokatfirman Lindahl KB. Internal functions may then take over the case. See Section 6.1 “Contact details for case officers” for further information.

This Whistleblower Policy covers the following legal entities: GRAM Group AB (559118-3073), Restaurang & Hotel Skansen i Båstad AB (556599-3515), Torekov Hotell Resort AB (556801-9763), Hotel Riviera Strand AB (556977-5603) and Huset Vid Stranden AB (556795-5868), hereafter referred to collectively as the “GRAM Group”.


GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

Whistleblower Directive: Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law.

Whistleblower Act: Swedish Act on the Protection of Persons Reporting Irregularities (SFS 2021:890).

Visslan: A whistleblower service provided by The Whistle Compliance Solutions AB through which irregularities can be reported digitally.

Irregularities: Acts or omissions in a work-related capacity, the disclosure of which is in the public interest.

Reporting: The oral or written communication of information concerning irregularities.

Internal reporting: The oral or written communication of information concerning irregularities within a legal entity in the private or public sector.

External reporting: The oral or written communication of information concerning irregularities to the competent authority/authorities.

Public disclosure or to publicly disclose: Making information on irregularities available in the public domain.

Reporting person: A natural person who reports or publicly discloses information on irregularities acquired in the context of his or her work-related activities.

Retaliation: Any direct or indirect act or omission which occurs in a work-related context, is prompted by internal or external reporting or by public disclosure, and which causes or may cause unjustified detriment to the reporting person.

Follow-up: Any action taken by the recipient of a report or any competent authority, to assess the accuracy of the allegations made in the report and, where relevant, to address the breach reported, including through actions such as an internal enquiry, an investigation, prosecution, an action for recovery of funds, or the closure of the procedure.

Feedback: The provision to the reporting person (whistleblower) of information on the action envisaged or taken as follow-up and on the grounds for such follow-up.


Who is protected when reporting irregularities?

You are protected pursuant to the Whistleblower Act if you are: an employee; enquiring about or applying for work; applying for or carrying out volunteer work; applying for or completing a traineeship; carrying out or standing ready to carry out work under our supervision and direction; self-employed and applying for or carrying out a service; standing ready to take part in one of our administrative, management or supervisory bodies or who already do so; or a shareholder standing ready to be or already actively involved in the company. Contractors, subcontractors and suppliers who become aware of irregularities within the company can also make a report. The fact that any of the above work-related relationships has ended or not yet started does not preclude the reporting of irregularities.

What can I report?

If you suspect irregularities, including criminal offences and regulatory breaches, we urge you to report the matter via our whistleblower function. It is important that, at the time you report irregularities, you have reasonable cause to assume that the information concerning the irregularities is true. When assessing whether you had reasonable cause to assume that the information concerning the irregularities was true, the circumstances and information available to you at the time of the report will be taken into account. Protection pursuant to the Whistleblower Act requires that the above criteria be met.

Before you report irregularities, read 5 Questions to Determine if you are Protected by the Whistleblower Act.

The public interest

The Whistleblower Act protects people who, in a work-related context, report information concerning irregularities when disclosure is in the public interest. If you have some form of personal complaint for which their is no public interest in the circumstances being disclosed, such as disputes and complaints concerning the workplace or work environment, we urge you to contact your immediate manager, HR or another appropriate manager within the GRAM Group. This will ensure that the matter is dealt with in the best possible way.

Examples of serious irregularities that should be reported:

  • Deliberate errors in accounting or internal auditing, or any other economic crime.
  • Theft, corruption, vandalism, fraud, embezzlement or data breaches.
  • Serious environmental offences or major security flaws in the workplace.
  • Serious forms of discrimination or harassment.
  • Other serious irregularities that may endanger life or health.
  • Other serious irregularities that threaten the company’s vital interests.

Breaches of European Union law

Protection is also available for people who report breaches of EU law in a work-related context. If you suspect any irregularities of this kind, please refer to Section 2 of the Whistleblower Act and Article 2 of Chapter 1 of the Whistleblower Directive for scope of protection and Appendix Part 1 for applicable legislation.

How do I file a report?

Written report

For written reports, we use of digital whistleblower function Visslan. This is always available at https://gramgroup.visslan-report.se. On the website, select File new report. You will then be asked to describe the suspected irregularities. Please describe events in as much detail as possible so we can ensure that adequate measures are taken. You will also be asked if you have any evidence to support your report. If so, you can attach documents, images or audio files. 

Sensitive personal data

Please avoid including any sensitive personal data in your report unless it is absolutely necessary in order to describe the irregularities in question. Sensitive personal data is any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.


You may choose to remain anonymous throughout the process without prejudicing your legal protection. You can also choose to reveal your identity, in which case it will be treated in the strictest confidence. Under certain circumstances, anonymity may make it more difficult to investigate, take measures and follow up the case, in which case we may ask you to reveal your identity at a later stage in the strictest confidence.

Follow-up and login

Once you have filed a report, you will be given a six-digit code so that you can log in to Visslan at https://gramgroup.visslan-report.se. It is important that you save the code, as otherwise you will be unable to access the case again.

If you lose the code, you can submit a new report in which you reference your original report.

You will receive confirmation within seven days that the case officer has received your report. The case officer is the independent and impartial party who receives your report via the reporting channel. You can find contact details in Section 6.1 “Contact details for case officers”. If you have any questions or concerns, you can communicate with the case officer using the platform’s anonymous chat function. You will receive feedback within three months to let you know any measures that are planned or have been taken based on your report.

It is important that you log in regularly using your six-digit code in order to answer any follow-up questions that the case officer may have. It may not always be possible to proceed with the case unless you as the reporting person answer follow-up questions.

Oral reporting

It is also possible to submit an oral report by uploading an audio file as an attachment when you create a case at https://gramgroup.visslan-report.se. Select Yes when asked if you have any evidence to support your report. You will then have the option to upload files. In the audio file, describe the facts and details just as you would in a written report. You can also request an in-person meeting with the case officer via Visslan. The easiest way to do so is to log in to an existing case, or to create a new report.

External reporting

We urge you to always report irregularities internally. If this proves difficult or is inappropriate for some reason, you are within your rights to report externally instead, in which case we refer you to the competent Swedish authorities or, where appropriate, EU institutions, bodies or agencies. You can find contact details for Swedish public authorities on the following website: External reporting channels for whistleblowing 

What are my rights?

Duty of confidentiality

When dealing with the case, we are subject to a duty of confidentiality and will ensure that the identity of the reporting person remains confidential and that no unauthorised staff have access to the case. We will not disclose your identity without your consent, unless under a legal obligation to do so, and we will ensure that you are not subjected to any retaliation.

Protection against retaliation

Both the Whistleblowing Act and the Whistleblowing Directive prohibit retaliation against reporting persons. Where relevant, such protection extends to other people in the workplace who assist the reporting person, including your colleagues, health and safety representatives, elected officials, any relatives who are involved with the company is some way and any legal entities you may own, work for or are otherwise associated with.

This also means that threats of retaliation and attempts to retaliate are prohibited. For example, it is prohibited to dismiss you, change your duties, take disciplinary measures, threaten you, discriminate against you, blacklist you within your industry or take similar action because you reported irregularities.

Were you to be identified and subjected to retaliation, you would be protected as long as you had reasonable cause to assume that the information concerning the irregularities was true and that disclosure was in the public interest, i.e., that your report is within the scope of the Whistleblower Act. It should however be noted that person who commits an offence by reporting or collecting information is not protected against retaliation.

Protection against retaliation extends to legal proceedings including defamation, copyright infringement, breach of duty of confidentiality, breaches of data protection regulations, disclosure of trade secrets or in respect of claims for damages under civil law, public law or collective labour law. Nor may reporting person be held liable for breaches of provisions concerning the gathering of information if, when the information was gathered, the person had reasonable cause to assume that such gathering was necessary to expose an irregularity.

Public disclosure of information

The protection also applies to public disclosure of information, provided that you have reported the matter internally and externally to a public authority, or reported directly externally, and no appropriate measures have been taken within three months or, if there are special grounds, six months. The protection also applies if you have reasonable cause to assume that the irregularity constitutes an imminent or obvious danger to life, health or safety, or entails a risk of extensive damage to the environment, or, for other reasons, have justifiable cause to publicly disclose the information. The same applies if you have reasonable cause to assume that reporting externally would entail a risk of retaliation or result in the irregularity not being effectively addressed, for example, because evidence might be suppressed or destroyed.

Please note that this protection does not apply if you disclose information directly to the media pursuant to the provisions of the Freedom of the Press Act and Fundamental Law on Freedom of Expression on the freedom to communicate and procure information.

The right to review documentation of meetings with the case officer

In the event that you request a meeting with the case officer, with your consent, she or he will ensure that complete and accurate documentation of the meeting is stored in lasting and accessible form, such as recording of the conversation or by taking minutes. You will be offered the opportunity to check, correct and approve any minutes by signing.

If the meeting is not recorded, the case officer retains the right to document the meeting by taking minutes. You will be offered the opportunity to check, correct and approve any transcription by signing.

We recommend that this documentation is uploaded to the Visslan platform in a case created by the reporting person, so that the information can be stored in a secure manner.

GDPR and the processing of personal data

We always do our utmost to protect you and any personal data concerning you. To this end, we always process personal data in accordance with the General Data Protection Regulation (GDPR).

We will also erase any personal data that is irrelevant to the case and only save the case for as long as it is necessary and proportional to do so. Data relating to a case may be processed for a maximum of two years after the case is closed. For further information on how we process personal data, please refer to our Privacy Policy.

Further contacts

If you have any further questions concerning how we deal with whistleblower cases, please do not hesitate to contact the case officer.

If you have any technical questions about the Visslan platform, please create a case at https://gramgroup.visslan-report.se. If it is not possible to do so, contact The Whistle Compliance Solutions AB, the developer of the Visslan platform. You will find their contact details below.

Contact details for case officers

The law firm Advokatfirman Lindahl KB has been engaged to receive whistleblower reports on behalf of the GRAM Group. To ensure privacy, the simplest way to contact Advokatfirman Lindahl KB anonymously is to file your report at https://gramgroup.visslan-report.se. 

The following internal contact persons may take over the case from the case officer, regardless of whether the case is deemed to be whistleblowing or, for example, an HR matter.

Internal contact persons

Marcus Thuresson, CEO, GRAM Group, marcus.thuresson@gramgroup.se
Malin Jönsson, Human Resource Manager, GRAM Group, malin.jonsson@gramgroup.se

Contact details for The Whistle Compliance Solutions AB

Email: clientsupport@visslan.com
Switchboard: +46 10-750 08 10
Daniel Vaknine, CEO, direct number: +46 73 540 10 19
Visit the Visslan website.

What will you book>?