Risks identified Risk mitigation and prevention measures Each country has set up a crisis unit (on permanent standby) and a national policy. The aim is to contain epidemics and/or pandemics while maintaining quality of life and quality of care. Vaccination campaign aimed at both our residents and employees are designed to protect hem and Risk mitigation and prevention measures Epidemic/pandemiclimit the risk of epidemics and/or pandemics or their spread. Risk identified Each site has a stock of personal protective equipment (PPE), which it manages independently. Awareness raising campaign are held on a regular basis, focusing in particular on our quality and Our Code of Ethics applicable in all our territories stipulates zero tolerance for corruption. It describes medical policies, the usefulnesss of vaccinations and the correct use of PPE. our values and the fundamental principles that guide our employees and stakeholders in the fight against corruption and influence peddling and provides rules and tools to determine the behaviour We are subject to multiple health and safety regulations. Each home has a health and safety plan, the Integrity to adopt to preserve DomusVi’s values, image, assets and reputation. proper implementation of which is ensured by quality audits and external controls (laboratories and A code of corruption prevention is incorporateinto the internal regulations applicable to the countryd regulatory authorities). and establishments. Countries implement awareness campaigns and report back to the Group. Food contamination,Quality audits also cover food safety, water qualityand potability, and air quality. The hotel and water or air quality accommodation teams are trained in food handling, allergens and analysis to limit the risk of food contamination. Each country implements policies and processes to identify and prevent occupational, psychological Any anomalies are dealt with immediately, via the required processes, supervised by the crisis unit if and physical risks. Country teams are responsible for health and safety at work and, in accordance with necessary. A follow-up visit confirms that everything is back to normal. national regulations, draw up a prevention plan. This topic is included in the social dialogue. Country teams develop training programmes on the prevention of psychological risks (RPS) and Our establishments are inspected in accordance with national regulations by our internal safety and/orOccupational risksmusculoskeletal disorders (MSDs) and offer psychological support measures (PsyFrance in France). maintenance teams. Our establishments are also subject to external inspections, for example by safety Innovations are implemented to reduce the risk of MSDs. commissions and technical auditors. Any non-compliance findings trigger a remediation plan, which is The employee engagement survey and social dialogue enable us to raise at country and Group level supervised by the national crisis unit where necessary. the questions our employees are asking and the issues they are facing (first survey in 2023) and to put Failure to ensure safetyA maintenance agent is present in each establishment. action plans in place. in establishments They oversee the safety of the establishment with the help of external service providers to ensure an optimal level of safety (boilers, air conditioning, lifts, fire extinguishers, etc.). Each establishment has an evacuation plan in case of fire or any event that could endanger the building DomusVi is committed to an SBTi decarbonisation pathway, aligned with the Paris Agreement, by 2030. or residents (see climate risk prevention). The completion of an annual carbon footprint assessment (since 2021) has enabled us to define action plans to reduce our GHG emissions in scopes 1, 2 and 3. The main sources of emissions are our purchases, real estate, energy consumption, waste production Each country has implemented a policy to enforce applicable regulations on personal data protection Environmental impactand mobility. Our decarbonisation action plans, combined with our field actions aimed at optimising and has appointed a Data Protection Officer (DPO) (either internal or external). of the company’s our energy consumption, reducing and recycling our waste and strengthening our short supply chain A dedicated governance structure has been put in place: the Group Ethics, Legal & CSR Director activities, its purchases (responsible purchasing policy), are designed to reduce the environmental impact of our and the Group DPO ensure the independence of the country DPOs and their access to the highest levelsubsidiaries and its activities. of management in each country. A data governance committee supervises their work. The country partners in its business DPO manages requests and reports on their activities (including data breaches) to the chain At the same time, our action plans for water management, effluent reduction, responsible purchasing national data (short supply chains, biodegradable products, food labels, etc.) and the preservation and regeneration Breach of personal datacontroller and the Group DPO. of biodiversity contributetreducing thisimpact. o protection regulationsEach employee signs the IT charter applicable in their country; this charter incorporates We pass on these strategies and policies to our suppliers by entering into partnerships that help the requirements of the GDPR. reduce our respective impacts and/or by incorporating them into the contracts we sign with them. Compliance with personal data protection regulations also applies to our stakeholders, primarily our suppliers. All our suppliers who may have access to personal data (collection, processing or storage) undertake to comply with the GDPR. Our data is stored with service providers offering security guarantees, and health data is stored We have launched an assessment of the exposure and vulnerability of our facilities to the by entities certified as ‘health data authorised’. Climate risk mitigationconsequences of climate change (climate change adaptation) and have committed to a decarbonisation trajectory (climate change mitigation, see ‘Environmental impact’). The Group has appointed a Chief Information Security Officer (CISO), who reports to the Director of Digital Transformation, assuming Group functions, and functionally to the Group Ethics, Legal & CSR Director. A Cyber Security Policy(see Directive NIS2 2022/2555 of 16 January 2023) has been issued by the Our alert system allows anyone to raise an alert, in accordance with the applicable rules on whistleblower protection. Cyber-security Group, applicable in all geographical areas, setting out the technical measures to be implemented, password change policies, incident review and cyber-attack simulation, and requirements for our partners. Four projects have been integrated: ( a ) mapping cyber risks, ( b ) evaluating the value chain, ( c ) developing appropriate action plans, and ( d ) implementing measures to evaluate their effectiveness, identifying key performance indicators monitored by the Group Data Governance Committee. 124 125 4202 TROPER YTILIBANIATSUSSEGNELLAHC ECNANREVOG RUO