Key Performance Indicators to criteria 20

Key Performance Indicator GRI SRS-205-1: Operations assesed for risks related to corruption
The reporting organization shall report the following information:

a. Total number and percentage of operations assessed for risks related to corruption.

b. Significant risks related to corruption identified through the risk assessment.

As part of the group-wide risk analysis, all companies which are employers of Dussmann Group employees (22 = 100%) were checked for corruption risks.

Compliance risks were identified at the Dussmann Service companies mainly in the purchasing processes, especially in the commissioning of subcontractors.

Key Performance Indicator GRI SRS-205-3: Incidents of corruption
Die berichtende Organisation muss ├╝ber folgende Informationen berichten:

a. Total number and nature of confirmed incidents of corruption.

b. Total number of confirmed incidents in which employees were dismissed or disciplined for corruption.

c. Total number of confirmed incidents when contracts with business partners were terminated or not renewed due to violations related to corruption.

d. Public legal cases regarding corruption brought against the organization or its employees during the reporting period and the outcomes of such cases.

Potential cases of corruption would be prosecuted under labor and criminal law by the Compliance department or under the leadership of Compliance. There are no cases of corruption known.

Key Performance Indicator GRI SRS-419-1: Non-compliance with laws and regulations
The reporting organization shall report the following information:

a. Significant fines and non-monetary sanctions for non-compliance with laws and/or regulations in the social and economic area in terms of:
i. total monetary value of significant fines;
ii. total number of non-monetary sanctions;
iii. cases brought through dispute resolution mechanisms.

b. If the organization has not identified any non-compliance with laws and/or regulations, a brief statement of this fact is sufficient.

c. The context against which significant fines and non-monetary sanctions were incurred.

During the reporting period 2019, there were five reportable incidents in Germany within the context of data protection (no penalties). Following the incident reports, risk evaluations are carried out and action taken.