20. Conduct that Complies with the Law and Policy

The company discloses which measures, standards, systems and processes are in place to prevent unlawful conduct and, in particular, corruption, how they are verified, which results have been achieved to date and where it sees there to be risks. The company depicts how corruption and other contraventions in the company are prevented and exposed and what sanctions are imposed.

The entire executive board is responsible for compliance at the Dussmann Group. Within the board of directors as a whole, there is a board member responsible for compliance. This board has set up the compliance organization as follows. The Dussmann Group has a central compliance department at group level which defines group-wide minimum standards and processes to ensure behavior in accordance with the law and guidelines and monitors their implementation. There are also local compliance coordinators in the individual subsidiaries and national companies who support the implementation of compliance standards in the company and are available as local compliance contacts.

As part of the annual update process, compliance risks recorded in the areas of corruption and antitrust law are reviewed in terms of their relevance and evaluation, and potential new risks are identified. Compliance risks were identified at the Dussmann Service companies mainly in the purchasing processes, especially when subcontractors were commissioned. To reduce the identified risks, measures such as guidelines, process adjustments or internal controls are defined and implemented. The effectiveness of the implemented measures and controls is verified by audits of the Internal Audit Department and by external audits of the Integrated Management System.

Corporate-wide corruption guidelines, training and accompanying communication as well as preventative measures are managed centrally; management and employees are instructed and sensitized within the scope of communication initiatives and training. This is done through classroom training and e-learning (see performance indicator GRI SRS-404-1 for Criteria 16). A procedural instruction on how to deal with benefits such as gifts, invitations and donations has been rolled out in every subsidiary and country organization.

As part of the Group-wide whistleblower system, possible violations can be reported confidentially. An external lawyer of confidence is available. The information received is carefully examined and documented and any deviations are followed up. Standard and regular audits are carried out by Compliance and the Internal Audit department. Violations are penalized either under employment law or, if necessary, under criminal law. We intend to set up uniform standards for the sanctioning of compliance violations.

In addition to the risk area of corruption, the security and protection of data and information within the context of the Dussmann Group's business activities is an important aspect. A group-wide data protection guideline has therefore been implemented which specifies the data protection requirements to be implemented. Furthermore, adherence to the data protection guidelines and the applicable data protection laws is regularly reviewed through internal and external data protection audits. Employees are obliged to report violations of the data protection guidelines or legal data protection requirements. Reported incidents are processed centrally.

It is part of the implementation strategy described in Criteria 3 to develop specific parameters, objectives and timetables for their implementation also for the Compliance department.