1 minute read
1.2 Corporate Governance and Compliance
As a globally active group of companies in the healthcare sector, HARTMANN is subject to numerous regulations, some of which differ greatly depending on location. Compliance with ethical and legal principles of conduct is a fundamental part of the Group’s selfimage and corporate culture. In its Code of Conduct HARTMANN sets out these principles and makes them binding for all employees.
The Compliance Management System ensures compliance with standards, laws and internal requirements through processes, guidelines, training, controls, and audits. As part of the global Compliance Program, local Compliance Officers are specifically responsible for managing country-specific risks and the local implementation of the Compliance Program. The Corporate Compliance Department holds central responsibility for managing the implementation and further development of the global Compliance Management system. The globally responsible Chief Compliance Officer oversees the implementation, adherence to and further development of the Program in all business areas. A unified system for reporting compliance violations is readily accessible to employees and external parties, and also provides the option of submitting reports anonymously.
Advertisement
Information on Opportunity and Risk Management can be found in the Opportunity and Risk Report within the current Annual Report.
Data protection
For HARTMANN, the digitization of healthcare systems creates significant new opportunities in supporting customers and developing additional services. However, this entails managing an increasing volume of sensitive personal data that is strongly protected by legislation. HARTMANN approaches this through prevention measures implemented by its Data Protection Department. The data protection organization is managed globally. The Group Data Protection Officer monitors the further development and implementation of the Data Protection Management System as well as its integration in the divisions. In the respective national companies and subsidiaries, Data Protection Coordinators are appointed who serve as contact persons for the specialist departments, bundle topics, and direct these accordingly to the designated Data Protection Officers responsible or to the Group Data Protection Officer. There were no known violations of applicable national data protection laws during the reporting period.
