DSV Code of Conduct

DSV Code of Conduct12 DSV Code of Conduct DATA PRIVACY At DSV, we have an obligation to ensure that all personal data is stored and handled in a safe way that meets data privacy laws. This implies that DSV, and you as an employee of DSV, may only collect, transfer, use and otherwise process personal data if you have a legitimate reason to do so and if it is necessary for the services and the work we perform. There are two types of personal data: • Non-sensitive personal data is any information about individuals that can be used to identify them, directly or indirectly: name, photo, email address, phone number, bank details, employment information, GPS-location, a computer IP address, etc. • Sensitive personal data is any personal data that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sexual orientation, social security numbers etc. How to store personal data • Only store personal data in Outlook, OneDrive and on other personal drives for a short time until you have processed it. Then delete it from your personal drives. Show particular attention to sensitive personal data. • As soon as possible, move the personal data into a relevant IT-system, e.g. HR systems etc. When you have stored the data in a relevant IT-system, delete any copies of it from your personal files and Outlook. How to share personal data Only share personal data with your colleagues or with third parties when you have a legitimate reason to do so, e.g. if consent to sharing personal data has been given. We have implemented a set of ‘Binding Corporate Rules’ (BCR) to ensure that personal data is transferred in a safe and compliant way across borders within the DSV Group. The BCR is legally binding for all DSV entities mentioned in the BCR and for their employees. You can read DSV’s Binding Corporate Rules here. To read more about how to handle personal data in your daily work and how DSV protects personal data, please look in the DSV Privacy Handbook here. If you have any questions about the handling of personal data, please directed them to your Local Privacy Responsible or to Group Legal. You can read about how to find your Local Privacy Responsible here. • Messages or postings containing statements on any subject that could be mistakenly interpreted as the standpoint of DSV. • Publication of defamatory and/or knowingly false material about DSV, our employees and/or customers or suppliers. • Any form of fraud or piracy of copyrighted materials, such as films or music and/or commercial software or other proprietary materials. • Downloading of commercial software or any copyrighted materials belonging to a third party, unless downloading is covered by or permitted under an agreement concluded by DSV. This applies regardless of whether the communication occurs online or elsewhere, from a private or company-owned device, during the workday or outside office hours. RESPONSIBLE CONDUCT DSV encourages using social media and other online platforms for business communication and networking. However, remember that posts on personal social media accounts, such as LinkedIn, Facebook or X, are public and therefore must not include confidential DSV information. Posts and comments on social media should be formulated so that it is clear that they reflect personal views and not those of the company, unless posted by an authorised representative of DSV. When communicating in the public domain and when such communication could be perceived as being related to DSV, the following activities are not permitted: • Messages or postings, including comments or content about race, gender, disabilities, age, sexual orientation, pornography, religious beliefs and practices, political beliefs or national origin, irrespective of whether such message or posting is disclosed on an identified or anonymous user basis.Page 11Page 13