Privacy policy Internal Whistleblower Scheme


Kim Johansen Transport Group A/S (CVR. Nr. 21 84 08 90) is data controller for the data we process in this Internal Whistleblower Scheme. We have taken the necessary steps to ensure that your data are being processed in accordance with the regulations.

Contact information for the data protection adviser

If you have any questions about our processing of your personal information, you are always welcome to contact KJTG.

You can contact our data protection adviser in the following ways:

By e-mail: GDPR@kim-johansen.com

By phone: + 45 43 95 93 00


Processing of your personal data

The processing of your personal data is based on Article 6 (1) of the Data Protection Regulation. 1, letter e - see below:

  • If you have sent us sensitive information, it will be processed in accordance with Article 9 (1) of the Data Protection Regulation. 2, letter f.
  • If you have sent us information about criminal offenses, our processing is based on the Data Protection Act, section 8, subsection. 1 and para. 2, No. 3.
  • Processing of personal identity number information takes place with a view to unambiguous identification, cf. the Data Protection Act, section 11, subsection. 1.
  • The processing of your information in the Internal Market Information System (IMI) takes place with a view to regulatory cooperation with other data protection authorities in the EU, cf. Art. IMI Regulation. Article 56, Articles 60 to 66, and Article 70 (13) of the Data Protection Regulation. 1. This is for the purposes of the rules for posting of employee abroad.


Disclosure of information

We share your information with the following:

  • PersondataSupport ApS (Hosters of our whistleblower solution)
  • The Police if we are obligated by relevant legislation
  • Public authorities if we are obligated by relevant legislation


Duration of processing

We  process if it’s necessary for the purposes stated above:

  • Personal  data  is  processed, if an investigation is ongoing. The storing period depends on the outcome of the investigation.
  • If  we   report  to  the  police  or  another  public  authority, the data will be stored while the  investigation is ongoing.
  • If, based on the report, we implement a disciplinary sanction to an employee, or, if in other ways there are valid reasons to keep the data from the report for future investigation, we store the information in the employee’s personal file.
  • If the report falls outside of the scope of the Whistleblower Scheme, or the report is concluded to be unfounded, the personal data will be deleted no later than 1 month after the reporter has been notified.


IT-security and anonymity 

Our whistleblower solution is hosted by GapSolutions A/S who is ISO 27001 and ISAE3000 certified and ensures the necessary security and anonymity in the solution.

GapSolutions A/S has taken the necessary technical and organizational measures to ensure that personal data is not a subject to accidental or unlawful destruction, is lost or compromised, and that no unauthorised personnel is given access or can misuse personal data.

All data transmissions and storage of data are encrypted. The platform does not log IP addresses or machine IDs and only uses technical cookies.

If a report is made from a device on the company’s network, there is a risk that visited  websites  are logged in your browser history and/or in the company’s own logs. This risk can be eliminated by making your report on a device, that  is not connected to the company’s network.

If you upload documents, you should pay attention to, whether these contains metadata or other information that can compromise your own identify.

If you choose to upload or in any other way disclose personal data about yourself in the report or the following correspondence with us, we will process these data in addition.



Registration of reports is done anonymously in the system. The only thing which is registered is the report itself. There is no log of the used IP-address or machine-ID on the device used to make the report.


Your rights

  • At any time, you have the right to be informed of which data we process concerning you, from where we have collected it, and what we use it for. You may also be informed about how long we store your data, who receives data concerning you, and to what extent we pass on the data in Denmark and  foreign countries.

  • Upon request, we can inform you about what data we process concerning you. The access might be limited with respect to privacy protection, business secrets, and immaterial rights.

  • If you think that the personal data, we process concerning you is incorrect, you have the right to have it corrected. In that case you must contact us and inform us what the correct information is. Make sure to be as precise as possible with your corrections, otherwise it may make it difficult or even impossible to comply with your request.

  •  In some cases, we will have an obligation to delete your personal data. This is for instance the case if you withdraw your consent. If you think that your data is no longer necessary for the purpose for which we collected it, you can request for it to be deleted. You can also contact us if you believe that your data is processed in contravention of the law or other legal obligations. When you contact us with a request to have your personal data corrected or deleted, we examine whether the requirements are fulfilled, and if that is the case, we make the changes or delete your data as soon as possible.

  • You can lodge a complaint with a supervisory authority (Datatilsynet, Denmark).

  • You have the right to object to the processing of your personal data. You can make use of the contact information at the top to object. If your objection is justified, we shall stop the processing or passing of your personal data.

  • You can make use of data portability if you want your data transferred to another data controller or data processor.

  • On our own initiative, we delete your personal data, when it is no longer needed for the purpose for which we collected it.

  • When you contact us with a request to have your personal data changed or deleted, we check whether the requirements are fulfilled, and if so, change or delete the data as fast as possible.


You can make use of your rights by contacting us. You can find our contact information at the top.



This policy is made by GapSolutions A/S, Uraniavej 6, 8700 Horsens, (+45) 2199 0808