Integrity and Compliance

• to prevent compliance issues through employee training
• mix of classroom-based sessions and modern learning formats
• mandatory foundation course on Compliance/ZEISS Code of Conduct for ZEISS employees

• early identification of misconduct
• call to employees to report compliance issues

• appropriate reaction to individual misconduct 
• systematic and consistent actions are top priority

• perform analysis to show possible organizational and process-related shortcomings
• achieve continuous improvement

Findings or observations about a possible or actual breach of the compliance mandate. This means all actions that could or do violate applicable law or internal rules (such as the Code of Conduct), or actions that are or could be in gross contradiction to ethical conduct. The source of your knowledge or suspicion is irrelevant. It may be the result of your own observations, an anonymous or open reference, or mere coincidence.

Of particular relevance are actions that indicate a criminal offence (e.g. theft, fraud, breach of trust, embezzlement, bribery, environmental crime, breach of trade secrets, etc.), or the deliberate, systematic violation of applicable rules (e.g. continued non-compliance with manufacturing or safety standards).

Whenever an objective, reasonable person considers a violation to be sufficiently probable due to clear indicators (a bona fide whistleblower).

A report must not be made for personal reasons such as revenge. This is the case if there is no evidence of a violation.

The encrypted data does not pass through a ZEISS server, but through a secure server from the Integrity Line provider EQS. Once a message is received, an automatic notification email will be sent to the Chief Compliance Officer and the Director Corporate Compliance. Only they can log in and access the messages.

On the basis of this content, i.e. your tips and information, the facts will then be clarified. If necessary, appropriate specialist departments will be involved.

The encrypted data does not pass through a ZEISS server but through a secure server from the Integrity Line provider EQS. The message you submit via the website remains anonymous, unless you have decided to include your name. We cannot identify from which computer the message was sent. Nor can we see the IP address of the sender or similar information, ensuring anonymity.

The Integrity Line allows you to communicate anonymously via an encrypted connection. When you use the Integrity Line, neither your IP address nor your current location are saved at any time. After you have submitted a report, you will receive login details for the Integrity Line that enable you to continue to communicate with the person responsible at Carl Zeiss AG via the protected channel.

We want to assure all whistleblowers that we treat their concerns with strict confidentiality. In all investigations or notifications, we ensure that anonymity – if desired – is maintained.

In the course of investigations, however, it is possible the person concerned may be identified from clues which arise during the investigation. Therefore, the company undertakes to protect bona fide whistleblowers against possible discrimination. This does not apply to bad-faith allegations, however, which are allegations that are clearly wrong or are raised with the aim of wrongfully harming someone. These types of tips do not merit investigation, and such whistleblowers are not protected by this policy.

For this reason, ZEISS does not tolerate any discrimination or sanctions against persons who make good-faith reports about possible violations of applicable law or the ZEISS Code of Conduct. We will actively protect the bona fide whistleblower from being personally disadvantaged.

We take the protection of personal data very seriously. This data privacy statement describes the personal data we collect when using the Integrity Line and how we use it. We have taken suitable technical and organizational measures to ensure that all applicable data protection regulations are observed.

The contact responsible for processing personal data is Carl Zeiss AG. Contact persons for questions on data protection can be reached at dataprivacy .internal @zeiss .com. You can also exercise the relevant data protection rights through these channels.

The technical implementation of the Integrity Line is performed by EQS Group AG, Karlstraße 47, 80333 Munich, Germany (“EQS”) on our behalf. Special data protection regulations have been contractually secured with the provider.

The Integrity Line enables you to contact us and submit reports relating to possible compliance and statutory violations. The information you provide is confidential.

The data you provide is stored by EQS in a specially-secured database. EQS uses state-of-the-art technology to encrypt all data stored in the database.

The stored data can be viewed only by those specifically authorized individuals responsible at Carl Zeiss AG or authorized administrators at EQS. All individuals who have the authorization to review data are under an express obligation to maintain confidentiality.

The specially authorized individuals responsible at Carl Zeiss AG will check all submitted reports and, if needed, investigate the matter further. We may have questions for you through the course of this process. To clarify these questions, we prefer communicating via the safe channel of the Intergrity Line.

You may use this safe channel without providing your personal data. However, you may choose to provide information on your identity voluntarily in some cases. If so, you must consent to the processing of this personal data. Our extremely important obligation to maintain confidentiality also applies in these cases. Any personal information is processed by the authorized individuals responsible at Carl Zeiss AG.

We store personal data only for the time we need to process your report, or for the period required by law. All personal data is then deleted or anonymized.

For the purpose of technical implementation, we transfer personal data to EQS within the scope described above. To ensure that data protection is observed, we have concluded an order data processing agreement with EQS.

No, on the contrary. Please keep in mind that rule violations endanger the company. Crimes against corporate assets, such as theft or embezzlement, harm us all. Offenses such as corruption, antitrust violations, and environmental crimes are punishable by severe penalties for the company, can permanently damage the reputation, jeopardize the company’s economic situation, and ultimately threaten job security.

But violations such as bullying, harassment, or discrimination in the workplace also have far-reaching negative consequences for the employees and departments concerned. It is therefore in the best interest of all of us if maladministration or suspicion of unlawful behaviour is reported immediately. Turning a blind eye out of fear of reprisals is the wrong approach! Reporting your suspicions and the violations you observe is an expression of civil courage in action!

The presumption of innocence applies to all accused persons until the tip-based investigation is complete. This is also a component of fair dealings with one another.

As a matter of principle, you should first contact your ZEISS contact person if you are aware of or suspect a violation of legal or internal company regulations. If this seems inappropriate (e.g. because you suspect that he or she might be involved in the incident), you should contact Corporate Compliance.