Risk management and trainings

Introduction

Risk management is an essential component of the corporate governance of blueplanet Investments AG. blueplanet Investments AG operates a two-sided risk management system. On the one hand, risks must be identified, classified and monitored. On the other hand, however, it must be ensured that opportunities are not missed. Risks are therefore not only those actions and events which have a clearly negative influence on financial development, reputation or long-term development of the company, but also those which prevent opportunities from being seized.

Risk assessment must be done on a variety of levels, both in-house and externally. blueplanet Investments AG maintains an internal risk management system in order to map all potential threatss and to control appropriate risk management measures. Contingency plans have been drawn up to ensure the continued operation of the company in the event of serious incidents. These include backup systems in the IT infrastructure, alternative options in the real estate sector and personnel redundancies. A quarterly risk report is prepared by the Management Board on the basis of a traffic light system. The report is presented to the Supervisory Board and describes the development of risks in the various areas.
The following describes only those risks that also pose a threat to external stakeholders. Other documents deal with the corporate structure as well as the requirements and guidelines of HR policy, supply chain and logistics management, product stewardship and ethical principles in order to minimize risks in these areas.

The major risk sources for blueplanet Investments AG and its participations are explained in the following and conduct guidelines for avoiding such risks are presented in order to ensure the identification of stakeholder risks and proper handling of these risks by the staff. This also includes staff training and education.

The risk management of blueplanet Investments AG and its participations must be designed in such a way that the staff only have to make decisions about risks that are proportionate to their position. Each type of risk has a risk owner who is responsible for monitoring the assigned risks, as well as for creating measures in the event of a risky situation. In addition, the risk owner must ensure that the persons in whose area of responsibility a risk falls are capable to identify it and take appropriate risk management actions. This does not mean that no risks should be taken, but they should be managed in such a way that a negative impact on elementary organizational processes is excluded.

The Management Board is responsible for the allocation of decision-making powers and the basic identification of the associated processes. They must review the allocation of the positions as well as the associated decision-making powers and risks at regular intervals and, if necessary, intervene to correct a situation and reassign powers. This regulatory activity requires the active monitoring of all risks and the assessment of employees' approaches to solutions. If risks are identified in this context that are not adequately managed by the solution approaches chosen by the risk owner, the Management Board must identify an appropriate risk management solution in cooperation with the Supervisory Board.

Contingency plans must be drawn up which ensure that the company's core processes will continue to function in the event of a risk of any magnitude.

Risks

Intellectual property and confidential information

Intellectual property is an important source of value for blueplanet Investments AG and its participations. For this reason, the blueplanet Group will enforce its intellectual property rights and take technical as well as legal action against the unauthorized, non-licensed use of its technologies or other industrial or intellectual property rights (e.g. trademarks, designs, registered designs, etc.). In return, the blueplanet group will respect the intellectual property rights of other companies, organizations and individuals and will only use them if authorized to do so (e.g. license). It is also ensured that property rights are not forfeited, that they are adequately documented and protected against unauthorized access. This also includes that intellectual property of employees of blueplanet Investments AG and their participations, which is created on the basis of their employment, becomes the property of the respective company.

Managers and employees should consider the following when dealing with intellectual property of blueplanet Investments AG and affiliated companies:

  • Appropriate and responsible conduct with respect to the property and resources of the company
  • Prompt reporting of any improper use of company property and resources so that appropriate action can be taken
  • Consultation with superiors if there is uncertainty about the handling of intellectual property of the blueplanet Group or external entities
  • Inclusion of the legal department in all contractual matters involving a material right, obligation or liability

In addition to intellectual property, blueplanet Investments AG and its partners also protect confidential information and documents. This means that access to information is only granted if it is necessary or helpful in the performance of the job duties in the company. The release of or access to confidential information to external companies and subjects is prohibited. This also applies to persons who are no longer with the blueplanet Group. All employees have a duty to protect confidential information. The information systems of blueplanet Investments AG are protected and safeguarded at all times against unauthorized use, damage, disclosure, diversion or removal, whether by accident, improper action or breach of trust. blueplanet Investments AG and its affiliates place themselves under the obligation not to use or disseminate confidential information and documents of other entities without obtaining their consent.

Managers and employees must observe the following when handling information and documents of blueplanet Investments AG and affiliated companies:

  • Classification and retention of information so that it is accessible only to those persons who have a justified need to access it
  • Consultation with superiors if there is any uncertainty regarding the handling of confidential information of the blueplanet Group or external entities
  • Ensuring that confidentiality agreements are in place with parties with whom confidential information is shared
  • Use of confidential information only for the benefit of the blueplanet Group and not for personal gain

Conflicts of interest and insider information

Managers and employees of blueplanet Investments AG must ensure that their decision-making ability is in the interest of the company and not interfered with by personal interests. Resources, information, reputation and power of the blueplanet group must not be misused to pursue personal goals. This means that managers and staff must disclose personal interests that conflict with those of the company or might conflict with them in the future.

Managers and staff must observe the following in relation to potential conflicts of interest:

  • Disclosure of holdings in contracting partners or other associates of blueplanet Investments AG as well as their participations
  • Application of a dual-control principle when hiring new staff
  • Obtaining approval from the Board of Directors to hold positions in other companies or organizations, such as supervisory boards or advisory committees
  • No acceptance of benefits in the form of gifts, discounts, or otherwise designed privileges aimed exclusively at the accepting person
  • Use of any resources of blueplanet Investments AG only in accordance with the objectives of the position within the company

Data protection and privacy

blueplanet Investments AG and its subsidiaries attach great importance to the protection of the data of the staff of blueplanet Investments AG and its participations. The group of companies is guided by the General Data Protection Regulation of the European Parliament and Council and its implementation in German law. blueplanet Investments AG and its partners will only collect data from natural persons that is necessary for interaction and the execution of business processes and will respect the privacy of their employees.

Those whose data are stored and processed are given access to the data stored about them. There is a right to request the erasure of data. Unauthorized persons are not granted access to personal data. Subjects are explained which data is collected and how it is processed. This applies in particular to customers who are informed about their rights by blueplanet Investments AG and its participations. The blueplanet Group is committed to protecting its networks, systems, devices and information. It adheres to the principle that information should only be used for legitimate purposes and should be secured by adequate access controls.

The following must be observed by managers and staff with regard to data protection and privacy:

  • Assurance of data security in the development of new products and processes
  • Education of the various stakeholders on cyber security
  • Regular vulnerability testing of products and processes
  • Possibility for customers and employees to report vulnerabilities
  • Use of strong passwords
  • No use of external data carriers without prior anti-virus checks in a secure environment

Environment and social responsibility

blueplanet Investments AG and its participations attach great importance to the protection of the environment and to social responsibility. The blueplanet Group therefore strives to keep risks to people and the environment as low as possible along the entire value chain. It starts with the the application of strict criteria by blueplanet Investments AG with regard to environmental protection, eco-effects, social commitment and general sustainability when selecting its investments, and goes on to include the active, continuous improvement of the investments with regard to sustainability criteria. This goal is reached by introducing international environmental standards, sustainability certifications and staff training.

Potential risks (not exclusive) exist in the following areas:

Environment

  • Access to resources/raw materials
  • Management of natural resources
  • Disposal/cleaning of hazardous waste/poisonous chemicals
  • Measurement and reporting of CO² emissions
  • Risks linked to climate change

Social

  • Labor practices (e.g. different levels of minimum wages, discrimination, child labor or forced labor)
  • Occupational health and safety
  • Product safety
  • Diversiy

Corporate Governance

  • Regulatory violations/penalties
  • Shareholder rights
  • Structure and independence of corporate bodies
  • Management compensation
  • Accounting standard, independent audit

The blueplanet Group therefore has appropriate guidelines in place to ensure that the value chain of our investments is as environmentally friendly as possible. This includes product development, the entire supply chain including logistics and product recycling after the product lifecycle has expired.

blueplanet Investments AG and its partners work to identify, mitigate and monitor existing and emerging environmental risks in connection with our business activities. This also applies to risks to which our employees are exposed. Any form of chemical, biological, physical or other injury shall be excluded. To make this possible, appropriate reporting systems are installed to record accidents, injuries, severe illnesses, discrimination and environmental damage. blueplanet Investments AG and its participations will take measures on the basis of the reports received through this system to exclude similar events in the future. In addition, immediate measures are taken to solve urgent problems and support affected parties.

The following must be observed by managers and staff with regard to environmental protection and social responsibility:

  • Compliance with all occupational safety regulations
  • Awareness of the effects of own actions on the environment and the society
  • Participation in energy saving and waste prevention programs
  • Reporting of incidents constituting a risk to humans and the environment

Trainings

Regular training sessions on the risk areas are held to ensure that all managers and staff develop awareness for the above-mentioned risks and are in a position to actively reduce them. The organization has so-called risk owners who are responsible for the various risk areas. These risk owners conduct the training sessions or hire suitable external trainers.
New employees receive initial training in all areas to ensure that they have an understanding of the risks of their activities.