Integrity and Compliance

Business activities in line with statutory regulations and internal rules are an integral part of our corporate culture. Our aspiration to act with integrity stems from the values that were shaped by the history of ZEISS as a foundation-owned company.

The company stands for integrity, which customers, suppliers and business partners all trust. For this reason, legality, fair competition and the equitable treatment of business partners and employees are indispensable elements of successful business operations. This requires an open and respectful corporate culture which, along with an effective compliance management system, ensures that any deficiencies at ZEISS are detected, identified and corrected.

ZEISS Code of Conduct

What does the Code of Conduct state? The ZEISS Code of Conduct was first published in 2007. It is the globally applicable Code of Conduct that governs the day-to-day actions of all employees. It encompasses topics including, but not limited to, fair treatment of coworkers and business partners, product safety and environmental protection.

The ZEISS Code of Conduct can be downloaded in one of the following languages below:

Verhaltenskodex
(German)
page(s): 20
file size: 4,5 MB

行为准则
(Chinese)
page(s): 20
file size: 4,5 MB

Code of Conduct
(English)
page(s): 20
file size: 4,5 MB

Code de Conduite
(French)
page(s): 20
file size: 4,5 MB

Codice Etico
(Italian)
page(s): 20
file size: 4,5 MB

行動規範
(Japanese)
page(s): 20
file size: 4,5 MB

행동 강령
(Korean)
page(s): 20
file size: 4,5 MB

Kodeks postępowania
(Polish)
page(s): 20
file size: 4,5 MB

Código de Conduta
(Portuguese)
page(s): 20
file size: 4,5 MB

Código de Conduta
(Brazilian Portuguese)
page(s): 20
file size: 4,5 MB

Кодекс деловых взаимоотношений
(Russian)
page(s): 20
file size: 4,5 MB

Davranış Kuralları
(Turkish)
page(s): 20
file size: 4,5 MB

Kódex správania
(Slovak)
page(s): 20
file size: 4,5 MB

Código de Conducta
(Spanish)
page(s): 20
file size: 4,5 MB

Kodex chování
(Czech)
page(s): 20
file size: 4,5 MB

Magatartási Kódexe
(Hungarian)
page(s): 20
file size: 4,5 MB

The Compliance Management System

At ZEISS, the foundation for compliance management is the Code of Conduct, which was first published in 2007 and last updated in July 2020. It describes the risks inherent in business activities and provides specific recommendations on how to behave. As the basis for entrepreneurial activity, the Code of Conduct is mandatory for all employees and managers of the ZEISS Group worldwide. It contains rules on various issues, including data protection, product safety, environmental protection and combating corruption. More detailed company directives are available for all the topics addressed in the Code of Conduct.

At ZEISS, compliance is organized on three different levels. On the Group level, there is the chief compliance officer who reports to the Executive Board, and the head of corporate compliance, who is responsible for the compliance management system. This area of responsibility encompasses the design of the compliance management system and assists with the identification and rectification of significant compliance violations that might jeopardize the reputation of the entire ZEISS Group. Each strategic business unit has also appointed its own Group compliance officer, who coordinates compliance activities for a particular unit and its companies. In addition, each individual company has its own local compliance officer who is the on-site contact for employees and management for all compliance-related matters and can resolve any local compliance violations.

Ensuring that all ZEISS business activities conform with the prevailing rules is the collective responsibility of the Executive Board and the heads of the ZEISS companies. This includes observing data protection, customs and export provisions, laws pertaining to the environment as well as regulations on occupational and product safety, and combating corruption.

At ZEISS, compliance is organized on three different levels. On the Group level, there is the chief compliance officer who reports to the Executive Board, and the head of corporate compliance, who is responsible for the compliance management system. This area of responsibility encompasses the design of the compliance management system and assists with the identification and rectification of significant compliance violations that might jeopardize the reputation of the entire ZEISS Group.

Each strategic business unit has also appointed its own Group compliance officer, who coordinates compliance activities for a particular unit and its companies. In addition, each individual company has its own local compliance officer who is the on-site contact for employees and management for all compliance-related matters and can resolve any local compliance violations.

Ensuring that all ZEISS business activities conform with the prevailing rules is the collective responsibility of the Executive Board and the heads of the ZEISS companies. This includes observing data protection, customs and export provisions, laws pertaining to the environment as well as regulations on occupational and product safety, and combating corruption.

The Compliance Management Process

ZEISS divides the compliance management process into four phases: prevent, detect, respond and correct.

 

Prevent

  • Prevention and avoidance of employee compliance incidents through training 
  • Mix of face-to-face events and modern learning formats
  • Mandatory foundation course in Compliance/ZEISS Code of Conduct for ZEISS employees

Detect

  • Early recognition of erroneous conduct
  • Call to employees to report compliance issues

Respond

  • Appropriate reaction to individual misconduct
  • Systematic and consistent actions are top priority

Correct

  • Analysis to show possible organizational and process-related shortcomings
  • Achieve continuous improvement

In summary, these four phases can prevent systemic compliance infringements, correct wrongdoing and punish them as required. ZEISS understands zero tolerance as an obligation to stop all incorrect behavior detected and establish or adjust processes to eliminate the possibility of recurrence, as required.

Compliance information

The Whistleblower System

All ZEISS employees (including contractors) and all external business partners are encouraged to report compliance issues or reasonable suspicion of a compliance violation. Please tell us as soon as you believe a criminal offense has been committed, a law has been broken or there has been a case of discrimination based on serious information. As a basic rule, we ask that this is first reported to your ZEISS contact person or the responsible compliance officer. We take all reports seriously and have a system in place to process the information.

If you would prefer to share observations or alleged offenses, anonymously if need be, via a whistleblower system, there is a link to the Integrity Line here. You can submit your report in a number of languages here, and do so anonymously if you prefer. In any event, we will ensure that the information you provide is kept strictly confidential, regardless of whether you share the information openly or anonymously.

However, there is always a risk that people are able to guess where the information came from throughout the course of the investigations. So the company is committed to protecting whistleblowers acting in good faith from possible harm. This, however, does not apply to mala fide allegations, in other words accusations that are noticeably incorrect or that aim to unfairly harm someone. This kind of information does not deserve attention, nor their "whistleblower" protection.

Anyone accused is presumed innocent until the inquiries resulting from the allegation are complete. This is all part of treating others with fairness. You can find more information on this in the FAQs below and on the Integrity Line website.

1. What should I report?

Knowledge or observations of a possible or actual violation of compliance rules. This pertains to all acts which infringe, or may infringe, on applicable laws or internal regulations such as the Code of Conduct and to all acts which are or may be in gross contravention of ethical behavior. The manner in which the knowledge of the suspicion arose is irrelevant – whether it was through observations at first hand, an anonymous or openly-declared indication or purely by chance.

Of particular relevance are instances which may indicate criminal offences (e.g., theft, fraud, disloyalty, bribery, environmental crimes, disclosing trade secrets, discrimination, etc.), intentional, systematic violations of regulations which are in force (e.g., non-compliance with production or safety standards on a long-term basis).

2. When should I report a suspicion/incident?

In all cases where an objective and reasonable person believes a violation exists or is sufficiently likely, based on legitimate indications (credible whistleblower).

Employees must not report suspicions for personal reasons such as revenge. This is the case if no grounds for suspicion exist.

3. What happens with my allegation?

The encrypted data pass through a secure server from Integrity Line's host, rather than a ZEISS server. As soon as your report has been submitted, the Chief Compliance Officer and Corporate Compliance are informed via an automated email. Only they can log in and access these messages.

The issue will then be resolved based on this content, in other words your allegation, with the involvement of the relevant departments if this is deemed necessary.

4. Will my allegation really remain anonymous?

The encrypted data pass through a secure server from Integrity Line's host EQS, rather than a ZEISS server. Your allegation submitted via the website will remain anonymous, unless you have decided to disclose your name with the information you provide.

The Integrity Line provides anonymous communication via an encrypted connection. Use of this will mean that your IP address and your location when you submit the allegation are not stored at any time. Once you have submitted the allegation, you will receive a personal code and be assigned a password. Using this data to log in to the Integrity Line, you can continue to be protected as you communicate with the responsible people at Carl Zeiss AG. 

5. Will my anonymity be protected during the investigations?

We pledge to keep the concerns of all whistleblowers strictly confidential. While investigating any report, we ensure that anonymity is protected, if requested.

However, there is always a risk that the accused is able to guess where the information came from throughout the course of the investigations. So the company is committed to protecting whistleblowers acting in good faith from possible harm. This, however, does not apply to mala fide allegations, in other words accusations that are noticeably incorrect or that aim to unfairly harm someone. This kind of information does not deserve attention, nor their "whistleblower" protection.

With this in mind, ZEISS does not tolerate any discrimination or sanctions against employees who, in good faith, indicate a possible violation of the code of conduct. We will actively protect any individual who gives such an indication in good faith.

6. How is data privacy guaranteed?

We consider the protection of personal information a very serious matter. We ensure that the applicable data privacy provisions are observed through applicable technical and organizational measures. The unit responsible for processing personal data is Carl Zeiss AG. You can get in touch with the contact person responsible for questions relating to data privacy at dataprivacy .internal @zeiss .com. The corresponding data subject rights on data privacy can also be exercised via these channels.

The technical implementation of the Integrity Line is done on our instructions through EQS Group AG, Karlstraße 47, 80333 Munich, Germany ("EQS"). Specific data privacy regulations are agreed with EQS by contract. The Integrity Line enables you to contact us and report any allegations of compliance or statutory violations. The confidentiality of the information you provide takes top priority here.

The data you provide are saved in a highly secure database hosted by EQS. All data stored on the database are encrypted by EQS using state-of-the-art technology. The data stored here can only be inspected by responsible people at Carl Zeiss AG or administrators at EQS who are authorized for this specific purpose. Any person specifically authorized to inspect the data is explicitly obligated to keep the information confidential.

The responsible people at Carl Zeiss AG will verify the information you have provided and conduct further investigations into the matter, if appropriate. During this process, it may be the case that we have questions for you. For information submitted anonymously, we will communicate via Integrity Line's Safe Channel.

It is possible to use this feature without entering your personal data. However, you may provide identifying information, if you wish. In this case, you would need to consent to these personal data being processed. In this case, we are once again obligated to ensure confidentiality. The information on your identity will be solely processed by Carl Zeiss AG.

We only store personal data for as long as we require it to process the information or as long as is required by law. All personal data are then either deleted or made anonymous. For the technical implementation of this, we transfer personal data to EQS in the scope outlined above. We have signed a data processing agreement with EQS to ensure data privacy.

7. Does reporting an incident make me an informer?

No, on the contrary. Please bear in mind that violations of our regulations jeopardize the company. Offenses against corporate values, such as theft or breaches of trust, harm all of us. Offenses such as corruption, antitrust violations or environmental crimes, for which the company may be punished with high fines and which cause long-term damage to our reputation, threaten the economic situation of our company and thus, ultimately the security of all of our jobs.

Other violations such as bullying, harassment or discrimination in the workplace, however, have far-reaching disadvantageous consequences for both the employees and the department in question. Therefore, it is not a question of "informing". It is rather in all of our interests that any concerns or suspicions in relation to unlawful behavior are reported immediately. Turning a blind eye out of fear is the wrong thing to do! Reporting a suspicion/incident is an expression of moral courage.

8. Does my information have direct consequences for the person in question?

Anyone accused is presumed innocent until the inquiries resulting from the allegation are complete. This is all part of treating others with fairness.

9. Who else can I contact if (I suspect) an incident has occurred?

If you ever have knowledge or a suspicion of a violation of a legal or corporate regulation, you must always bring this to the attention of your contact person at ZEISS immediately. If this option seems inappropriate (e.g., because you suspect that the contact person could be implicated in the incident), please contact Corporate Compliance (compl iance @zeiss .com).

ZEISS Code of Conduct

Proceed to the English Code of Conduct here

Corporate Compliance Contact Information

If you have any questions or comments, please write to us at compl iance @zeiss .com

Whistleblower System

Proceed to the whistleblower system here