HUMAN RIGHTS POLICY

1. Foreword, objectives and voluntary commitment

SCANDIC FINANCE GROUP LIMITED and its affiliated brands recognise universal human rights as a binding framework for their global activities. Respect for human dignity and civil, political, economic, social and cultural rights is a fundamental prerequisite for our business activities and our commitment to being a responsible, sustainable company.

We are committed to

• implement the United Nations Guiding Principles on Business and Human Rights (UN Guiding Principles on Business and Human Rights)
• continuously identify, avoid, mitigate and, where they occur, appropriately remedy human rights risks in all global legal transactions in which we are involved,
• design our products and services in such a way that they do not contribute to or support human rights violations,
• pursue a consistent zero-tolerance policy towards forced labour, child labour, human trafficking, torture, exploitative working conditions, discrimination and other serious human rights violations.

This human rights policy specifies our existing compliance principles, our statement on the prevention of slavery and modern exploitation ("Modern Slavery Statement") and our internal guidelines on data protection, information security, anti-corruption, money laundering prevention and whistleblower protection.

2. Scope and framework of application

2.1 Personal and material scope

This human rights policy applies:

1. Company-wide for:
   • SCANDIC FINANCE GROUP LIMITED as the entity responsible for operations,
   • SCANDIC ASSETS FZCO, SCANDIC TRUST GROUP LLC and LEGIER BETEILIGUNGS GMBH as non-operational service providers,
   • all brands of the SCANDIC brand ecosystem as listed above.
2. For all persons working within our sphere of influence:
   • Members of the management and governing bodies,
   • all employees (permanent, temporary, part-time and full-time staff, temporary workers, interns),
   • service providers, consultants and other persons working on behalf of or on the instructions of the SCANDIC FINANCE GROUP LIMITED group.
3. For all relevant business relationships, as far as legally and factually possible:
   • suppliers,
   • subcontractors,
   • distribution partners,
   • other business partners, including financial intermediaries.

2.2 Reference to international and national standards

We strive to structure and continuously adapt our human rights due diligence in accordance with the following frameworks:

• United Nations Guiding Principles on Business and Human Rights,
• Universal Declaration of Human Rights,
• International Covenant on Civil and Political Rights and International Covenant on Economic, Social and Cultural Rights,
• Core labour standards of the International Labour Organisation (ILO core standards),
• OECD Guidelines for Multinational Enterprises,
• Relevant laws on corporate due diligence in supply chains, including the German Supply Chain Due Diligence Act,
• Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law (whistleblower protection),
• Relevant data protection and privacy regulations (e.g. General Data Protection Regulation of the European Union, relevant standards in the Special Administrative Region of the People's Republic of China Hong Kong and other jurisdictions).

Where national regulations fall short of these standards, the SCANDIC FINANCE GROUP LIMITED association strives to apply the higher human rights standards within the limits of what is legally permissible.

3. Principles and red lines

3.1 Basic principles

The SCANDIC FINANCE GROUP LIMITED association is particularly committed to:

• Respect for the human dignity of every person
• non-discrimination, regardless of gender, origin, skin colour, nationality, language, religion or belief, sexual orientation, disability, age, political or trade union activity,
• Respect for freedom of association and the right to collective bargaining,
• prohibition of forced and child labour, human trafficking and modern slavery,
• Safe, healthy and dignified working conditions,
• Protection of privacy, personal data and digital rights,
• Respect for freedom of expression, freedom of the press and freedom of assembly, as far as our sphere of influence extends.

3.2 Red lines (no-go areas)

The SCANDIC FINANCE GROUP LIMITED network does not enter into business relationships or terminates them if, despite reasonable influence, the following exists or cannot be credibly remedied:

• Use of our products or services to commit serious human rights violations
• Participation in illegal mass surveillance that is not controlled by the rule of law or in secret programmes that systematically undermine civil liberties,
• forced labour, child labour, human trafficking or other forms of modern slavery,
• systematic torture, cruel, inhuman or degrading treatment,
• demonstrable involvement in ethnic cleansing, apartheid, genocide or comparable serious international crimes,
• continued destruction of the livelihoods of indigenous communities without adequate consultation and compensation,
• sanctioned individuals or organisations, as well as actors with documented serious violations who have not demonstrated credible remediation.

4. Governance, organisation and responsibilities

4.1 Overall responsibility of the management bodies

• The management and supervisory bodies of SCANDIC FINANCE GROUP LIMITED bear overall responsibility for this human rights policy.
• They approve the annual implementation and improvement plans, receive regular reports and make decisions on particularly high-risk or strategically relevant cases.

4.2 Operational responsibilities

The following roles and committees have been established for implementation:

1. Chief Compliance and Human Rights Officer (CCHRO)
   • Overall coordination of human rights due diligence obligations,
   • responsibility for risk analyses, preventive and remedial measures,
   • Annual reporting and recommendation of improvement measures,
   • Interface with data protection officers, information security, money laundering prevention and internal audit.
2. Human Rights, Privacy and Ethics Committee (HRPEC)
   • Interdisciplinary committee (compliance, legal, purchasing, human resources, IT security/data protection, product management, operations, communications),
   • evaluation of high-risk cases, dual-use applications and sensitive projects,
   • Deciding on "go/no-go" for complex customer, country or sector constellations,
   • Escalation of special cases to management.
3. External Advisory Board for Human Rights and Civil Liberties
   • Independent experts from the fields of human rights, data protection, financial market regulation and civil society
   • Advice on difficult decisions (e.g. dual-use risks, borderline cases in cooperation with state actors),
   • Support in aligning with international best practices.
4. Functional officers in the business areas
   • Designated contact persons in the SCANDIC PAY, SCANDIC FLY, SCANDIC ESTATE, SCANDIC DATA, SCANDIC SEC brands, etc.
   • Responsibility for implementing policy in the respective processes, products and supply chains.

4.3 Reporting culture ("speak up") and role model function

The management bodies promote a corporate culture in which:

• the reporting of violations is expressly encouraged and protected,
• no reprisals against whistleblowers are tolerated,
• managers act as role models by exemplifying and actively supporting ethical behaviour.

5. Human rights due diligence processes

5.1 Risk analysis

A systematic risk analysis is carried out at least once a year and on an ad hoc basis (e.g. market entry into new countries, new product categories, changes in the geopolitical situation):

• Identification of human rights risks in our own business activities, in products and services, and in the supply and value chain.
• Assessment according to severity, probability of occurrence and potential influence
• Special consideration for vulnerable groups: children, migrants, indigenous populations, human rights defenders, journalists.

The results are incorporated into risk registers, action plans and portfolio and customer scoring.

5.2 Prevention and risk mitigation

We take the following measures, among others, to avoid and mitigate risks:

• Integration of "human rights by design" and "privacy by design" into the design of products and services (e.g. payment, data, media and security solutions)
• Technical and organisational protective measures (access control, logging, data minimisation, security testing of systems)
• Human rights design reviews for new or modified products
• Clear codes of conduct and supplier codes with human rights requirements
• contractual assurances, audit and information rights,
• training and awareness programmes for employees and relevant business partners.

5.3 Assessment of new customers, products and businesses

Before entering into a business relationship or introducing new products, the following are carried out:

• Customer and supplier checks (know-your-customer, anti-money laundering and sanctions checks, transparency of ownership structure, politically exposed persons),
• assessment of the intended use and end users, particularly for financial, payment, data, aviation, security and media products,
• Assessment of country-specific risks (conflict areas, systemic rule of law deficits, known human rights issues),
• Assignment of risk categories, decision on enhanced due diligence and, if necessary, HRPEC approval.

5.4 Reactive measures, remedies and exit strategies

If risks or violations become known, graduated measures apply:

1. Investigation of the facts, hearing of those affected, involvement of relevant departments.
2. Immediate measures, for example temporary suspension of deliveries or services if there is an acute risk of damage.
3. Remedial agreements with clear deadlines (corrective measures, training, organisational adjustments).
4. In the event of serious violations and a lack of cooperation: suspension or termination of the business relationship (exit strategy) and, if necessary, cooperation with authorities.

5.5 Effectiveness monitoring, documentation and reporting

• Regular review of the effectiveness of preventive and remedial measures.
• documentation of all essential steps (risk assessment, decisions, measures and results),
• regular reports to management and supervisory bodies,
• Preparation of an annual report on human rights due diligence, modern slavery and supply chain risks, adapted to the respective legal requirements of the relevant jurisdictions.

6. Business partner and customer due diligence (including "no-go" rules)

6.1 Standard checks

• Identity and ownership checks on customers, suppliers, distribution partners and trust structures,
• Sanctions and embargo checks, checks for politically exposed persons,
• Checks on sources of financing and beneficial owners.

6.2 Enhanced due diligence for high-risk constellations

Enhanced due diligence obligations apply in particular to:

• Business relationships in countries or regions with systemic human rights risks
• Sectors with increased risk (security and surveillance technologies, raw material extraction, construction, transport to crisis areas),
• products and services with dual-use risk (civilian and potentially military or repressive use),
• Transactions with particularly vulnerable groups (e.g. small investors, refugees, people in precarious employment).

6.3 "No-go" criteria

The SCANDIC FINANCE GROUP LIMITED network does not enter into business relationships and terminates them if:

• end users demonstrably use or intend to use our products for serious human rights violations,
• our solutions would become an integral part of illegal mass surveillance programmes,
• partners are proven to engage in forced labour, child labour or human trafficking and do not take credible, verifiable measures to remedy the situation,
• Business partners or end users are included in relevant sanctions lists or are subject to binding embargo measures under international law,
• there is no way to reduce the risk to an acceptable level.

7. Product-specific human rights commitments (excerpt)

7.1 SCANDIC TRADE / SCANDIC COIN / SCANDIC FINANCE

• Protection of investors through transparent disclosure of risks,
• Appropriate suitability and appropriateness checks, especially for complex products
• avoidance of abusive structures (e.g. for money laundering or terrorist financing),
• Compliance with relevant financial market, consumer and data protection regulations.

7.2 SCANDIC PAY / SCANDIC CARDS

• Transparent fee and charge models,
• special consideration for vulnerable customer groups (e.g. people with low financial literacy),
• Measures to prevent fraud, identity theft and financial exploitation,
• barrier-free complaint and support processes.

7.3 SCANDIC FLY / SCANDIC CARS / SCANDIC YACHTS

• Prioritisation of the safety, health and dignity of all passengers and crew members,
• Compliance with working hours and rest periods, fair employment conditions for staff,
• zero tolerance for harassment, discrimination or violence on board,
• Compliance with international aviation and maritime law standards, flag and port state controls.

7.4 SCANDIC ESTATE

• Respect for housing and land rights,
• fair, transparent contract and rental conditions,
• Avoidance of forced evictions without due process of law,
• consideration of accessibility and humane living conditions.

7.5 SCANDIC DATA

• Special protection of freedom of the press and freedom of expression
• Protection of journalists, sources and editorial independence
• separation of editorial content and advertising,
• Responsible data collection and processing in media and IT services.

7.6 SCANDIC SEC

• Security services based on proportionality and de-escalation,
• Training of personnel in human rights-compliant behaviour,
• Avoidance of assignments that would disproportionately restrict democratic rights and freedoms.

8. Employee rights and working conditions

The SCANDIC FINANCE GROUP LIMITED association is committed to the following for all employees:

• Freedom of association and the right to collective bargaining within the framework of the respective legal system,
• equal treatment and equal opportunities,
• fair pay and working conditions,
• Healthy working conditions and accident prevention
• effective prevention and prosecution of discrimination, harassment, bullying and gender-based violence,
• prohibition of all forms of forced labour, debt bondage or involuntary labour,
• special protective measures for minors (no employment of children below the legal minimum age, strict limits on hazardous activities).

Training on human rights, anti-discrimination, diversity, data protection and information security is a mandatory part of the annual training programme.

9. Data protection, privacy and civil liberties

In the area of data processing and technology development, we are guided by the principles of

• data minimisation and purpose limitation,
• privacy by design and security by design,
• transparent information about data processing,
• Appropriate technical and organisational measures to protect against unauthorised access, loss or misuse
• Careful consideration in automated decisions, with the possibility of human review in cases of significant impact on data subjects.

Where our services may have an impact on freedom of expression, freedom of the press and freedom of assembly (e.g. media, data or security products), these rights are explicitly included in the risk analysis and special protective measures are developed.

10. Complaint mechanisms, whistleblower system and access to redress

10.1 Complaint channels

The SCANDIC FINANCE GROUP LIMITED association is setting up multilingual, accessible complaint channels that are open to employees, business partners and external stakeholders, including:

• a secure online reporting portal (anonymous reporting possible),
• dedicated email addresses and postal addresses,
• an ombudsman service or hotline, where applicable.

These channels can be used to report human rights violations, legal violations, violations of internal guidelines and other misconduct.

10.2 Protection of whistleblowers

• Strict prohibition of any reprisals against persons who report in good faith
• Confidentiality of the identity of whistleblowers
• Documentation and appropriate processing of all reports.
• Feedback to whistleblowers within the legally permissible framework.

10.3 Access to redress

If the SCANDIC FINANCE GROUP LIMITED group contributes to a human rights violation through its own actions or omissions, or through our failure to exert appropriate influence, measures for redress and reparation will be considered, for example:

• Correction of the affected service or contractual relationship,
• financial or other compensation where appropriate,
• structural measures to prevent future violations (process, organisational or technical changes),
• Measures against business partners (including termination of the business relationship).

11. Implementation, training and embedding in processes

• The human rights policy is integrated into internal guidelines, process descriptions and contract templates.
• New employees receive an introduction to human rights principles as part of their onboarding, and existing employees receive regular training.
• Role- and function-specific training (e.g. purchasing, sales, product development, compliance, human resources) will deepen the relevant aspects.
• Compliance with the requirements is part of target agreements, performance appraisals and audit programmes.

12. Monitoring, key performance indicators and reporting

To monitor effectiveness, the following key performance indicators, among others, are collected and evaluated:

• Proportion of business areas and supply chains with current risk analysis
• Number, type and processing time of complaints and suspected cases
• Percentage of audits carried out on business partners and corrective measures taken
• Participation rates in training courses,
• Progress in implementing defined improvement measures.

The results are incorporated into:

• an annual report on human rights due diligence, modern slavery and supply chain responsibility,
• quarterly reports to management and supervisory bodies,
• any statements published in accordance with statutory transparency requirements.

13. Dialogue, cooperation and further development

The SCANDIC FINANCE GROUP LIMITED network strives for open dialogue with:

• affected parties and their representatives,
• non-governmental organisations,
• Industry initiatives and standard setters,
• academia and the professional community

in order to learn from experience, understand expectations and continuously improve our human rights policy.

14. Escalation and consequences of violations

Violations of this human rights policy and the guidelines derived from it may have consequences, depending on their severity and culpability:

• labour law measures against employees,
• warnings, conditions, suspension or termination of business relationships with suppliers, customers or other partners,
• assertion of claims for damages,
• support for government law enforcement or supervisory authorities, where appropriate and legally required.

15. Entry into force, review and publication

This Human Rights Policy:

• shall enter into force upon its adoption by the management of SCANDIC FINANCE GROUP LIMITED,
• will be reviewed at least once a year and as required (e.g. in the event of significant changes in the legal situation, business model or risk situation) and amended as necessary,
• will be communicated and made available to employees, business partners and the public in an appropriate manner (e.g. via websites and internal platforms).

Appendix A: Minimum requirements for suppliers and business partners

1. Compliance with laws and standards
   • Compliance with all relevant national laws,
   • Respect for the UN Guiding Principles on Business and Human Rights, the ILO core labour standards and the relevant requirements of supply chain law.
2. Labour and social standards
   • Prohibition of forced, child and compulsory labour,
   • no discrimination, harassment or abuse,
   • safe and healthy working conditions,
   • fair pay and working hours that comply with the law.
3. Complaints procedure
   • Establishment of effective, accessible and, where possible, anonymous channels,
   • protection against reprisals,
   • Cooperation with the SCANDIC FINANCE GROUP LIMITED network in investigations.
4. Transparency
   • Disclosure of relevant production sites, subcontractors and supply chain stages,
   • Appropriate documentation and cooperation in audits.
5. Data and privacy protection
   • Protection of personal data in accordance with applicable data protection laws,
   • implementation of privacy-by-design elements where appropriate.
6. Escalation and Remediation
   • Commitment to implement agreed corrective measures within clearly defined deadlines,
   • Acceptance that, in the event of insufficient remedy, the business relationship may be terminated on human rights grounds.

Appendix B: "Go/No-Go" decision grid

A decision grid is used to structure decisions in high-risk cases, which includes the following elements, among others:

1. Risk screening
   • Sector, country, customer type, end use, financing structure,
   • human rights history of the potential partner.
2. Risk assessment
   • Classification into risk categories (low, medium, high, unacceptable),
   • consideration of the influence of the SCANDIC FINANCE GROUP LIMITED network.
3. Protective measures
   • Contractual requirements, technical and organisational controls,
   • increased monitoring, regular reviews and audits.
4. Residual risk
   • Assessment of whether remaining risks are acceptable
   • if the residual risk is unacceptable: no-go decision or – in the case of existing relationships – an orderly exit plan.
5. Documentation
   • Written record of the assessment and decision,
   • involvement of the HRPEC and the external advisory board, if applicable.

With this comprehensive human rights policy, SCANDIC FINANCE GROUP LIMITED, together with its cooperating companies and all brands in the SCANDIC brand ecosystem, reaffirms its commitment to acting in a manner that complies with human rights, is transparent and responsible in global legal transactions, and to continuously fulfilling and further developing its due diligence obligations.