Whistleblower Protection Policy

Tyk Technologies Ltd – 29th May 2025

This document sets out Tyk’s formal policy and procedure for whistleblowing, ensuring concerns can be raised safely and in line with international best practices and UK law.

1. Purpose and Commitment

Tyk Technologies Ltd (“Tyk”) is committed to conducting business with integrity, transparency, and accountability. This policy provides a dedicated channel for stakeholders to report misconduct – such as legal violations, corruption, fraud, or serious ethical breaches – without fear of retaliation. It is designed to complement Tyk’s Grievance Policy, which covers broader operational or interpersonal concerns.

This policy applies globally but is tailored to comply with UK standards such as the UK Public Interest Disclosure Act 1998 (PIDA). It applies to all employees and workers (including agency staff, trainees, and contractors) as defined under UK law – along with all other stakeholder groups as specified below.

This policy also supports early detection and prevention of potential harm to individuals, the company, and society

2. Scope

This policy applies to all stakeholders, including:

  • Employees, contractors, and freelancers
  • Former team members
  • Suppliers, vendors, and consultants
  • Clients, partners, and customers
  • Civil society and community members connected to Tyk’s operations

Any stakeholder may report wrongdoing occurring within, or related to, Tyk’s business.

3. Reportable Concerns

You should use this policy to report:

  • Fraud, bribery, or corruption
  • Breach of legal or regulatory obligations
  • Retaliation against whistleblowers or others who raise concerns
  • Criminal conduct
  • Breach of audit standards or financial controls
  • Environmental, human rights, or safety violations
  • Unethical behaviour by staff, leadership, or business partners

If your concern relates to interpersonal or operational issues (e.g., service dissatisfaction, workplace fairness), please use the Grievance Policy.

Note: To be protected under UK law, the concern must be made in the public interest – meaning it must reasonably impact others, not just the individual whistleblower.

4. How to Report a Concern

Stakeholders may report via:

  • Email: [email protected]
  • Secure anonymous form: grievance form
  • Direct contact with the VP Operations: [email protected]
  • Senior leadership (if conflict exists with listed contacts)
  • External legal or regulatory bodies, if internal options are not viable

Where appropriate, disclosures may also be made to specific bodies. In the UK, this may be bodies such as the Financial Conduct Authority (FCA), Information Commissioner’s Office (ICO), or Health and Safety Executive (HSE), in line with PIDA guidance. A full list is available at gov.uk.

We encourage whistleblowers to provide sufficient detail, but you may remain anonymous. Reports will be acknowledged within 5 working days.

When using the secure anonymous form, a case ID will be provided for follow-up and reference.

5. Review and Investigation Timeline

Once a report is received:

  1. Acknowledgement – Within 5 working days
  2. Initial review – Within 7 working days
  3. Investigation – Completed within 20 working days (complex cases may take longer – but you will be notified of timelines at this point)
  4. Outcome communication – Summary of findings and any action taken, or a rationale if not upheld

In complex or high-risk cases, investigations may take longer. Whistleblowers will be notified of revised timelines and reasons for delays.

Where appropriate, we may refer concerns to another internal policy, legal body, or regulatory authority. Complainants will be informed if their concern is deemed out of scope and why.

6. Anti-Retaliation Guarantee

Tyk prohibits retaliation against anyone reporting in good faith. Acts of retaliation may themselves be reported under this policy and will be treated with the same seriousness. Prohibited retaliation includes:

  • Dismissal, demotion, or pay cuts
  • Harassment or intimidation
  • Negative performance reviews or contract terminations

Protection applies even if the report is found to be unsubstantiated, provided it was made in good faith.

If you believe you are experiencing retaliation, contact VP Operations at [email protected] Reports of retaliation will be investigated immediately and separately.

7. Consequences of Retaliation

Retaliation is a serious violation. Sanctions may include:

  • Termination of employment or contract
  • Legal reporting
  • Suspension from operations or removal from projects

Tyk will act decisively to protect whistleblowers.

8. Confidentiality and Consent

Tyk commits to:

  • Maintaining confidentiality throughout the process
  • Seeking your consent before sharing any personally identifying information
  • Limiting internal access to whistleblower reports
  • Supporting anonymous disclosures

Data is stored in accordance with GDPR policy, for full details, please see our Privacy Policy. Access to whistleblower reports is restricted to designated personnel on a need-to-know basis.

9. Independent Oversight

In high-risk or complex cases, Tyk may appoint an independent third-party investigator to:

  • Ensure impartiality
  • Protect whistleblower anonymity
  • Support a neutral review process

10. Training and Awareness

Tyk will train relevant staff to:

  • Handle disclosures confidentially and fairly
  • Prevent and respond to retaliation
  • Recognise reportable offences vs grievances

Training will be reviewed annually in light of legal and operational changes.

Policy awareness will be embedded in onboarding and annually reinforced.

11. Policy Review

This policy is reviewed annually or following major regulatory or operational changes.