Compliance at LEG

Our Declaration of Core Values contains the objective and strategy of our Company as well as the values that form the basis of our dealings with customers, employees, investors, business partners and society.

LEG is committed to respecting human rights for all employees and all those on whom its business activities have an impact. We are aware of our responsibility in society and our human rights and environmental due diligence obligations. Violations of human rights and national and international environmental protection regulations are not tolerated. LEG organises its business activities accordingly and expects the same from its business partners.

LEG has a Compliance Management System (CMS) that bundles measures for compliance with legal regulations and internal company guidelines. The CMS measures include regular and ad hoc training for our employees. We organise training courses for all new employees in which our Code of Conduct and internal regulations and guidelines are explained, information and complaints procedures are outlined and questions are answered. This is supplemented by classroom training in sensitive areas and after compliance-relevant events. Our employees also complete annual refresher training sessions using a digital training tool.

Responsibility for LEG's CMS lies with the Management Board, while organisational and technical responsibility for the CMS lies with the Legal & Compliance Department, Internal Audit Department (for investigating compliance violations) and Tax Department (for the Tax CMS). Our Compliance Officer, who is part of the Legal & Compliance Department, reports regularly to the Chairman of the Management Board and the Audit Committee of the Supervisory Board. A compliance team headed by the Compliance Officer advises on issues, develops structures and measures as part of the CMS and informs the Company Management about changes to the legal framework.

In the area of data protection, an external Data Protection Officer advises on existing data protection regulations and monitors compliance with them. In addition, an internal Data Protection Management Team is responsible for implementing data protection at LEG and advising the specialist departments. The Data Protection Officer and the internal Data Protection Management Team are available as contact persons for LEG's management, employees, tenants and business partners as well as the supervisory authority.

The CMS is reviewed as part of an annual risk inventory. In addition, compliance risks and countermeasures are recorded and evaluated by the risk management system on a quarterly basis. The CMS is also certified in accordance with the certification system of the Institute for Corporate Governance in the German Property Industry.

If, despite the measures taken, a compliance violation occurs that falls within LEG's area of responsibility, LEG offers both its employees and external persons the opportunity to contact the Compliance Officer or to submit information anonymously and confidentially around the clock via LEG's digital whistleblower system (www.bkms-system.com/LEG). All confirmed compliance cases are dealt with appropriately and regardless of the position of the person concerned within the Company. In addition, the "principle of equal treatment" applies, whereby the same rule violations are treated equally. Whistleblowers are particularly protected by the Whistleblower Protection Act and our Code of Conduct. They do not have to fear any disadvantages or penalties as a result of their report. Of course, this does not apply if the system is misused. Details on this are set out in the "Rules of Procedure for the Compliance Whistleblower System and the Complaints Procedure under the Supply Chain Due Diligence Act".

Measures in the event of misconduct are documented in the legal department. For data protection reasons, the documentation of possible steps under labour law takes place in the HR department.