Integrity and Compliance

• Prevention and avoidance of employee compliance incidents through training 
• Mix of face-to-face events and modern learning formats
• Mandatory foundation course in Compliance/ZEISS Code of Conduct for ZEISS employees
  

• Early recognition of erroneous conduct
• Call to employees to report compliance issues
  

• Appropriate reaction to individual misconduct
• Systematic and consistent actions are top priority
  

• Analysis to show possible organizational and process-related shortcomings
• Achieve continuous improvement
  

Knowledge or observations of a possible or actual violation of compliance rules. This pertains to all acts which infringe, or may infringe, on applicable laws or internal regulations such as the Code of Conduct and to all acts which are or may be in gross contravention of ethical behavior. The manner in which the knowledge of the suspicion arose is irrelevant – whether it was through observations at first hand, an anonymous or openly-declared indication or purely by chance.

Of particular relevance are instances which may indicate criminal offences (e.g., theft, fraud, disloyalty, bribery, environmental crimes, disclosing trade secrets, discrimination, etc.), intentional, systematic violations of regulations which are in force (e.g., non-compliance with production or safety standards on a long-term basis).

In all cases where an objective and reasonable person believes a violation exists or is sufficiently likely, based on legitimate indications (credible whistleblower).

Employees must not report suspicions for personal reasons such as revenge. This is the case if no grounds for suspicion exist.

The encrypted data pass through a secure server from Integrity Line's host, rather than a ZEISS server. As soon as your report has been submitted, the Chief Compliance Officer and Corporate Compliance are informed via an automated email. Only they can log in and access these messages.

The issue will then be resolved based on this content, in other words your allegation, with the involvement of the relevant departments if this is deemed necessary.

The encrypted data pass through a secure server from Integrity Line's host EQS, rather than a ZEISS server. Your allegation submitted via the website will remain anonymous, unless you have decided to disclose your name with the information you provide.

The Integrity Line provides anonymous communication via an encrypted connection. Use of this will mean that your IP address and your location when you submit the allegation are not stored at any time. Once you have submitted the allegation, you will receive a personal code and be assigned a password. Using this data to log in to the Integrity Line, you can continue to be protected as you communicate with the responsible people at Carl Zeiss AG. 

We pledge to keep the concerns of all whistleblowers strictly confidential. While investigating any report, we ensure that anonymity is protected, if requested.

However, there is always a risk that the accused is able to guess where the information came from throughout the course of the investigations. So the company is committed to protecting whistleblowers acting in good faith from possible harm. This, however, does not apply to mala fide allegations, in other words accusations that are noticeably incorrect or that aim to unfairly harm someone. This kind of information does not deserve attention, nor their "whistleblower" protection.

With this in mind, ZEISS does not tolerate any discrimination or sanctions against employees who, in good faith, indicate a possible violation of the code of conduct. We will actively protect any individual who gives such an indication in good faith.

We consider the protection of personal information a very serious matter. We ensure that the applicable data privacy provisions are observed through applicable technical and organizational measures. The unit responsible for processing personal data is Carl Zeiss AG. You can get in touch with the contact person responsible for questions relating to data privacy at dataprivacy .internal @zeiss .com. The corresponding data subject rights on data privacy can also be exercised via these channels.

The technical implementation of the Integrity Line is done on our instructions through EQS Group AG, Karlstraße 47, 80333 Munich, Germany ("EQS"). Specific data privacy regulations are agreed with EQS by contract. The Integrity Line enables you to contact us and report any allegations of compliance or statutory violations. The confidentiality of the information you provide takes top priority here.

The data you provide are saved in a highly secure database hosted by EQS. All data stored on the database are encrypted by EQS using state-of-the-art technology. The data stored here can only be inspected by responsible people at Carl Zeiss AG or administrators at EQS who are authorized for this specific purpose. Any person specifically authorized to inspect the data is explicitly obligated to keep the information confidential.

The responsible people at Carl Zeiss AG will verify the information you have provided and conduct further investigations into the matter, if appropriate. During this process, it may be the case that we have questions for you. For information submitted anonymously, we will communicate via Integrity Line's Safe Channel.

It is possible to use this feature without entering your personal data. However, you may provide identifying information, if you wish. In this case, you would need to consent to these personal data being processed. In this case, we are once again obligated to ensure confidentiality. The information on your identity will be solely processed by Carl Zeiss AG.

We only store personal data for as long as we require it to process the information or as long as is required by law. All personal data are then either deleted or made anonymous. For the technical implementation of this, we transfer personal data to EQS in the scope outlined above. We have signed a data processing agreement with EQS to ensure data privacy.

No, on the contrary. Please bear in mind that violations of our regulations jeopardize the company. Offenses against corporate values, such as theft or breaches of trust, harm all of us. Offenses such as corruption, antitrust violations or environmental crimes, for which the company may be punished with high fines and which cause long-term damage to our reputation, threaten the economic situation of our company and thus, ultimately the security of all of our jobs.

Other violations such as bullying, harassment or discrimination in the workplace, however, have far-reaching disadvantageous consequences for both the employees and the department in question. Therefore, it is not a question of "informing". It is rather in all of our interests that any concerns or suspicions in relation to unlawful behavior are reported immediately. Turning a blind eye out of fear is the wrong thing to do! Reporting a suspicion/incident is an expression of moral courage.

Anyone accused is presumed innocent until the inquiries resulting from the allegation are complete. This is all part of treating others with fairness.

If you ever have knowledge or a suspicion of a violation of a legal or corporate regulation, you must always bring this to the attention of your contact person at ZEISS immediately. If this option seems inappropriate (e.g., because you suspect that the contact person could be implicated in the incident), please contact Corporate Compliance (compl iance @zeiss .com).