Responsible corporate governance
We are aware of the risks that can arise from a lack of shared values or a weak corporate culture. These include lower employee engagement, increased strain and a higher risk of legal violations. Insufficient protection for whistleblowers may also result in misconduct going unreported, allowing unethical behaviour to lead to legal and reputational consequences. Integrity and responsible conduct are therefore core elements of our sustainable corporate governance. We promote a values-based corporate culture and emphasise transparency and ethical behaviour throughout our value chain to strengthen the trust of employees, customers, business partners and investors.
A particular focus is placed on the prevention of corruption and bribery, compliance with legal requirements and fair, partnership-based relationships with our suppliers. The foundation is a Group-wide compliance management system that includes a binding Code of Conduct, regular training and a whistleblowing system. In this way, we reduce risks such as legal violations, reputational damage and loss of trust. As our business model is based on multi-tier supply chains and high public visibility, misconduct can have direct economic consequences. Clear governance structures, responsible supplier management and Group-wide compliance processes help us mitigate risks while strengthening stable relationships and maintaining a positive market reputation.
Impact, risk and opportunity management
We continuously develop our corporate culture as the foundation for responsible conduct, trust and sustainable success – including through binding internal policies aligned with the UN Convention against Corruption, for example on the prevention of corruption and anti-money laundering. In doing so, we are guided by the core principles of integrity, respect, responsibility and transparency. Our Code of Conduct serves as the central reference point for Group-wide values and binding compliance standards and goes beyond legal requirements. New employees receive the Code upon joining the company and confirm their awareness of it. Violations of these principles are not tolerated.
Our Code of Conduct is complemented by our Anti-Corruption Policy. It provides clear guidance on the handling of gifts, invitations and other benefits. To prevent misconduct, we systematically monitor business expenses. Any such benefits – whether offered or received – must be disclosed and approved by supervisors to ensure transparency and compliance. In addition, we promote an open speak-up culture and provide reporting channels through which potential misconduct can be reported confidentially. The protection of whistleblowers is a key element of our system. Employees, business partners and other stakeholders are explicitly encouraged to report possible violations. Our procedures are aligned with international standards and ensure confidentiality, fairness and protection. Reports are reviewed by authorised compliance functions, and confirmed violations are consistently addressed.
These principles also shape our cooperation with suppliers and business partners. By continuously enhancing our compliance processes, we strengthen a transparent and resilient corporate culture.
Actions
Based on our Code of Conduct and Anti-Corruption Policy, we systematically embed the prevention of corruption and bribery in our governance and compliance structures. Our compliance functions monitor adherence to the requirements, investigate potential violations and manage risk-based audits and internal controls. The necessary resources are provided at both Group and local level and their effectiveness is reviewed at least annually. As corruption prevention is firmly integrated into our governance structures, we do not implement separate action plans but instead continuously assess the effectiveness of our measures through audits, monitoring and the evaluation of incidents.
Mandatory training supports implementation, strengthens risk awareness and promotes a culture of integrity. All new employees complete compliance training covering key aspects of corruption prevention, our ethical standards, potential consequences of violations and available reporting channels. Anti-corruption training is mandatory for all employees every two years, while managers receive additional in-depth training annually through classroom sessions or live formats.
Data protection
The protection of personal data and the right to privacy are key sustainability topics for us, as we process large volumes of customer data in the course of our retail activities and digital services. Consumers and end users are at the centre of our focus, as the Customer Experience is one of the strategic pillars of our company. Potential risks are closely linked to our digital and customer-centric business model. As a leading omnichannel retailer, we process personal data from customer accounts, online purchases, loyalty programmes and service interactions, among other sources, which exposes us to increased data protection and cyber risks. One possible consequence is a violation of the right to privacy, for example through unauthorised access, data loss or misuse. This can directly harm affected individuals and may also result in fines, reputational damage or customer churn for our company.
To address these risks, we have firmly embedded data protection and cybersecurity into our digital strategy and operational processes. By proactively managing data protection risks, we minimise negative impacts on individuals and safeguard the long-term resilience of our business as well as the trust of our stakeholders. We integrate data protection into our risk management and governance structures and continuously invest in IT security, employee training and compliance measures in line with all applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR). Key elements include strong data governance, regular risk assessments and technical safeguards such as encryption and secure authentication. For us, protecting data and privacy is not only a regulatory obligation but also a critical success factor for customer trust, digital growth and business resilience.
In addition to selling consumer electronics, we offer a wide range of additional services, including financing solutions, device insurance, purchase advice, installation services, contract brokerage and loyalty programmes. These services require the processing of different types of personal data. In principle, this affects all consumers and end users who interact with us in a non-anonymous way and are therefore affected by our data processing to varying degrees.
Impact, risk and opportunity management
In an increasingly digital world, the protection of personal data is becoming ever more important. Modern electronic devices collect and process a wide range of usage data. While this connectivity creates new opportunities for innovation and customer service, it also increases the requirements for protecting privacy. Customers, employees and business partners entrust us with sensitive information every day. Data protection is a core element of our commitment to acting with integrity and placing people at the centre of our activities. We have therefore established comprehensive policies and clear responsibilities for data protection as well as for video surveillance.
We process personal data in compliance with the GDPR, the German Federal Data Protection Act and applicable national data protection regulations. Data is collected only for clearly defined and legitimate purposes, processed only to the extent necessary and protected against unauthorised access, loss or misuse through comprehensive technical and organisational measures. We regard personal data as an expression of each individual’s privacy and dignity. The relevant requirements are set out in our Cybersecurity Policy.
We view data protection as a continuous process. Based on the Plan-Do-Check-Act approach, we systematically plan, monitor and improve our measures and pursue a zero-tolerance policy towards unlawful data processing.
Actions
To proactively minimise data protection risks, we pursue a strategy that combines preventive and reactive measures with continuous monitoring. We consistently comply with all applicable data protection regulations and continuously adapt our practices to new legal requirements. The implementation of all measures is monitored on an ongoing basis and regularly reviewed internally. We also use feedback from consumers and end users to continuously improve our processes.
To proactively minimise data protection risks, we pursue a strategy that combines preventive and reactive measures with continuous monitoring. We consistently comply with all applicable data protection regulations and continuously adapt our practices to new legal requirements. The implementation of all measures is monitored on an ongoing basis and regularly reviewed internally. We also use feedback from consumers and end users to continuously improve our processes. An important foundation is our Group-wide Code of Conduct and our Data Protection Policy. These define binding requirements for the handling of personal data and ensure compliance with legal obligations, in particular the GDPR. In addition, cross-functional and specific policies as well as procedural guidelines structure and standardise data processing activities.
Regular training strengthens employees’ awareness of the responsible handling of data and supports consistent compliance with the requirements. At the same time, we implement technical and organisational safeguards, including encryption, firewalls, systematic vulnerability management and clearly defined roles and access rights.
Transparency towards our customers is another key element of our approach. We provide clear information on how personal data is collected, used and stored, and enable individuals to easily exercise their rights, such as access, rectification or erasure. Customer service and the data protection function support the handling of such requests.
In addition, we operate a Group-wide data protection management system to monitor compliance and drive continuous improvement. Measures relating to documentation, accountability, information obligations and data subject rights are implemented systematically. A central element is the principle of “privacy by design and by default”, ensuring that data protection is systematically integrated into the development of new services from the outset.
Questions or ideas?
Sustainability
MediaMarktSaturn
sustainability@mediamarktsaturn.com