Reporting platform

Your report is transmitted via .LOUPE’s secure server infrastructure to the designated APG personnel.

Depending on the subject matter:

• The Compliance Officer (with an additional staff member) 
• The Complaints Office (for harassment and bullying cases) 
• Diversity Officers within Human Resources (for discrimination-related cases) 

These responsible parties review reports, determine next steps, and communicate with you via the platform when you enter your incident code or QR code.

The reporting platform is available for reporting violations and misconduct that you have identified or observed in relation to our company. Your vigilance helps us minimize risks within our company.

You can submit your information digitally (anonymously, directly, and in writing via the reporting platform), by phone (anonymously using our dedicated phone number), or in person. You are free to submit the report anonymously or by providing your contact information.

No. Reporting does not require registration. Our reporting platform also enables ongoing communication with the relevant contact persons for each subject area, even after you submit your report. The system generates a corresponding link and QR code for you, which allows you to continue communicating and sharing additional information. The “Chat” function is available for this purpose. Registration and/or setting up your own mailbox is not required. You also do not need to disclose any contact information later on. Simple. Secure. Report.

The reporting platform is not intended for asking general questions and/or submitting personal complaints (e.g., about the quality of food in the cafeteria, etc.). For this purpose, managers and/or the relevant departments are directly available to you.

The Whistleblower Protection Act (HSchG) grants you (as a whistleblower) protection against retaliation by the company, provided that you report legitimate violations or misconduct primarily through the reporting platform. Deliberately making false reports and/or slandering colleagues is always a compliance violation and may, under certain circumstances, lead to legal consequences.

Our reporting platform guarantees your anonymity as a whistleblower and ensures that your identity cannot be traced through technical means. The .LOUPE server infrastructure is hosted on external, ISO 27001-certified high-security servers. These servers do not store any IP addresses, location data, device specifications, or other data that could identify you as a whistleblower.

The data is encrypted using AES-256 when stored.

To further protect your anonymity, please note the following:

• If possible, do not create your report from a computer belonging to your employer.
• Do not use a PC that is connected to the company’s network or intranet.
• Do not include any personal information in your report, and make sure that uploaded files do not contain any personal information either.
• Metadata is automatically removed from the files you upload to prevent any conclusions about the author’s identity.

The purpose of this reporting platform is to uncover misconduct and prevent financial losses for APG. We have no interest in the individual as a whistleblower, but solely in the reported information.

Data protection is our top priority. The data you provide to us via this reporting platform is protected in a high-security center with the highest security standards. The data is encrypted and routed through .LOUPE’s secure server infrastructure.

Only specially authorized APG personnel have access to this data.

Only you know the incident code or QR code; if you lose it, neither we nor our system provider .LOUPE can recover it. 

For more details on the protection of your data, please refer to our privacy policy.

Every report is treated confidentially, and the identity of the whistleblower—provided they have provided their information—is protected. This means that your identity will only be disclosed if it is absolutely necessary for the investigation of the reported incident or required by law.

In accordance with legal requirements (Whistleblower Protection Act, Federal Law Gazette I 6/2023, and EU Directive 2019/1937 on the protection of persons reporting on breaches of Union law, known as the EU Whistleblowing Directive), you must not suffer any disadvantage as a result of submitting your report, unless you are yourself culpably involved in the violation or have submitted the report against your better judgment to harm another person.

Your report is transmitted via .LOUPE’s secure server infrastructure to the responsible personnel at APG. Depending on the subject matter, either our Compliance Officer together with another employee, the Complaints Office for reports regarding sexual harassment and bullying, or the Diversity Officers in the Human Resources department for reports related to diversity/discrimination are responsible.

Every report requires review and undergoes an initial assessment. If the report is deemed relevant, communication between you and the case handlers is essential and is facilitated by the reporting platform—specifically via the “Chat” function; this only requires the incident code or QR code.

The investigation may take longer, particularly in complex cases. For data protection reasons, detailed information about the outcome of the investigation may not be disclosed to the reporter; however, you will receive general information about the outcome and the steps we have taken.

No. Reports have no negative consequences for you as a whistleblower, provided you submit the report in good faith and, at the time of submission, are convinced or have good reason to believe that the reported incident actually occurred and that a violation of legal or internal regulations took place. Consequences are only to be feared if you yourself are or were culpably involved in this incident.

An investigation may reveal that no violation or misconduct has occurred. If this is determined following our investigation, we will close it. This will have no adverse effect on you as a whistleblower if, at the time of the report, you were convinced or had good reason to believe that the reported incident actually occurred and that a violation of legal or internal regulations had taken place.

The responsible case handlers (Compliance Officer, Complaints Office, Diversity Officer) will coordinate and lead the investigation.

You will receive confirmation that your report has been received.

You can subsequently use the reporting platform to provide additional details regarding your report, ask questions, or upload further documents. We will also contact you via this channel if we have any questions or information for you. Please check the reporting platform from time to time using your incident code or QR code; this is the only way we can stay in touch with you. If you provided us with an email address during the reporting process, you will be notified of any new messages in the reporting platform.

No later than three months after you submit your report, we will inform you via the reporting platform about the follow-up actions we have taken or intend to take, or the reasons why we cannot pursue the report further.

It helps us investigate potential misconduct or wrongdoing if you disclose your identity. That is why it is important that whistleblowers also enjoy special protection.

As a whistleblower, you are protected by legal provisions from any adverse consequences of your report. Without your express consent, your identity as a whistleblower will not be disclosed to anyone other than the authorized employees responsible for receiving and processing the report. This also applies to other information that could identify you as a whistleblower.

Only if court proceedings or administrative proceedings take place may your identity as a whistleblower need to be disclosed to the court or the relevant authority. This is primarily to ensure the accused person’s right to a fair trial.

As a whistleblower, you are protected against retaliation and discrimination—your report must not result in any professional disadvantages (e.g., exclusion, bullying, discrimination, termination, etc.). Such behavior toward whistleblowers will not be tolerated and will be punished by APG.

You also have the option to submit reports anonymously. Please note, however, that you must not include any information in the report that could reveal your identity.

The person accused of alleged misconduct in a report is also protected. The presumption of innocence applies to them until our investigations have established culpable conduct. Exculpatory circumstances are also investigated.

Incidents are investigated with the utmost confidentiality, sensitivity, objectivity, and diligence, regardless of the person’s identity or position within the company, and are conducted in accordance with the principle of proportionality. In doing so, the severity of the violation and the circumstances of the individual case are taken into account.

Whistleblowers who, with malicious intent or against their better judgment, accuse another person of misconduct (defamation) are themselves committing a violation of the rules, which may result in an investigation and legal consequences.

You mustn't lose your login credentials for the reporting platform, as we will otherwise be unable to stay in contact with you.

If you have forgotten or lost your login credentials for the reporting platform, we unfortunately cannot assist you. Due to the high security standards of our reporting platform, neither we nor our system provider .LOUPE know your incident code or QR code and therefore cannot recover or have them recovered.

If you no longer have your incident code or QR code, your only option is to submit a new report with identical content, for which you will receive a new incident code or QR code. Please be sure to indicate in your report that you have already submitted a report with the same content so that we can link the two reports.

First, as a whistleblower, check whether the report can be submitted to an internal office. If this is not possible, not appropriate, or not reasonable, or if it has proven unsuccessful or futile, the report may be submitted to an external reporting office.

The Austrian Whistleblower Protection Act (HSchG) lists the following external reporting offices:

• Federal Office for the Prevention and Combating of Corruption
• Auditor Oversight Authority (pursuant to the Auditor Oversight Act)
• Financial Reporting Authority (pursuant to the Financial Reporting Act)
• Federal Competition Authority (pursuant to the Competition Act)
• Financial Market Authority (pursuant to the Financial Market Authority Act)
• Money Laundering Reporting Office (pursuant to the Federal Criminal Police Office Act)
• Chambers of Notaries (pursuant to the Notary Code)
• Bar Associations (pursuant to the Disciplinary Statutes for Attorneys and Attorney Trainees)
• Chamber of Tax Advisors and Auditors (pursuant to the Act on the Profession of Certified Public Accountants)