HERMES_REGISTRATION_DOCUMENT_2017

CORPORATE GOVERNANCE

ETHICS – COMPLIANCE

3.2.3.3 Personal data and respect for privacy The Hermès Group has adopted binding corporate rules (BCR) for mana- ging the personal data of its customers. The BCRs were validated in 2012 by the European authorities in charge of the protection of personal data, and have since been integrated by all Group companies dealing with customer data. They ensure an adequate level of protection for cus- tomers’ personal data when transferred within the Group. In addition, to meet the requirements of the European Union’s General Data Protection Regulation of 27 April 2016, a working group has been set up to perform a diagnosis and to establish a compliance plan around the following themes: s internal organisation and governance: roles and responsibilities in respect of data protection; s respect for the rights of people: consent, information provided to the people concerned, exercise of their rights; s compliance of processing: registers of processing, identification and classification of processing, duration for which data are kept, contract management; s data security: procedures and controls, management of security breaches, impact analysis and privacy by design/privacy by default mechanisms; s continuous improvement: monitoring, internal control and certification.

3.2.4.2 Sanctions system The sanctions system in place for compliance programmes corres- ponds to the system of sanctions described in the rules of procedure, any breach of ethics and integrity being contrary to the Group’s intrinsic values and internal rules laid down in this area. Audit of the application of ethical values Internal and external audits of the Group’s companies and its main sup- pliers and partners are conducted regularly on questions relating to the application of the Group’s procedures. Among other areas, these audits cover the fight against corruption, the combat against money laundering, the protection of personal data, respect for the environment, respect for human rights and fundamental freedoms, and employee health and safety. Training on ethical issues An “Ethics, Integrity and Anti-Corruption” training module for in-store sales staff was rolled out widely in 2017, particularly in France, Belgium, Germany, Spain, Russia, Switzerland, Greece, Italy, the United Kingdom, Japan, Middle East and South Asia (Australia, Singapore, etc.), and for staff working in the travel retail network. The programme’s rollout is set to continue in 2018 in the United States, India, Thailand, Korea, and China among others. Training programmes for the staff most at risk, such as buyers, sales teams in contact with intermediaries and the executive committees of the main subsidiaries are also being reinforced and increased. 3.2.4.3 3.2.4.4

3

CONTROL

3.2.4

3.2.4.1 Professional alert line The Group has established a central alert system to anticipate and control its risks called Parlons-en ! (“Speak Up!”). Described in the Code of Business Conduct, it is regularly updated in line with regulatory, legis- lative, economic, societal, geopolitical and competitive developments. Local alert systems are also in place in major subsidiaries such as the United States, the United Kingdom and China.

Network of compliance liaison officers within the Group

3.2.4.5

Legal teams located internationally, in particular in the United States, China, Japan, Singapore and India, constitute the network of com- pliance personal data protection liaison officers, acting with the Group Compliance Officer and with the Data Protection Officer to develop, faci- litate and coordinate compliance programmes within the Group. Internal controllers also play a role in the implementation of procedures on these subjects (see Risk Factors on page 35).

2017 REGISTRATION DOCUMENT HERMÈS INTERNATIONAL

179