Activity and sustainability report 2023

5. Ethics All Group entities are required to comply with these rules and principles in addition to whatever local regulations are in force. Three internal lines of defense play a part in protecting the Group’s data: ● security operations, led by the technical departments, which ensure the implementation and maintenance in operational condition of risk mitigation resources; ● governance, risk and compliance, led by the Group’s head of cybersecurity, managing risks, global strategies, policies and major transformation plans; ● internal/external auditors monitoring their implementation and any potential deviation. To supplement this organization, the Group is supported by a network of committed partners and a significant catalog of tools enabling it to tackle the five pillars as described by the National Institute of Standards and Technology (NIST). 1. Identify risks by classifying assets, partners and potential threats that could impact the confidentiality, availability or integrity of GEODIS data. 2. Protection of these assets and promotion of cyberculture by regularly raising awareness among users, who are the primary players in the Company’s security, through training and attack simulation campaigns. More than 25,000 users are called on to take part every month. 3. An ability to detect weak signals and deviations from compliance indicating potential areas of compromise on over 32,000 active devices. 4. The means of responding to alerts and incidents, represented by its Security Operation Center and intervention teams around the world providing 24/7 coverage. 5. Crisis procedures and exercises to manage any major incidents more smoothly. GEODIS is represented on leading cyber working groups involving major French companies, including the CESIN (Club des Experts de la Sécurité de l’Information et du Numérique), the CLUSIF (Club de la Sécurité de l’Information Français) and the CIGREF (Club Informatique des Grandes Entreprises Françaises). Personal data protection Following the implementation of the General Data Protection Regulation (GDPR), applicable data protection laws and regulations have been steadily developing, both in France and internationally, with the aim of further increasing the obligations and responsibilities of data holders. For GEODIS, protecting the personal data of its employees and customers is a priority. Beyond the regulatory compliance aspects, personal data protection is a guarantee of trust for stakeholders and a factor in attracting business partners. This priority is reflected in the Group’s Code of Ethics, where the Group undertakes “to treat personal data as confidential and to protect such data to the utmost in compliance with the applicable laws.” To achieve this, GEODIS has set up an organization based on central management and a network of experts in its lines of business and regions, and it has established data protection principles applicable to all Group entities, incorporating a “privacy by design” approach. Training program GEODIS has set up an e-learning program dedicated to personal data protection so that employees are made more aware of the risks inherent to personal data management and can test their knowledge of security risks in the digital age. This training is mandatory for all GEODIS employees. It must be carried out in the month following the arrival of new employees, and must be refreshed every two years. A final test validates the training, and a certificate is awarded. In 2023, online training on data protection was completed by 1,867 Group employees, i.e., 26% of those assigned to this training module. This training campaign will continue in 2024. 5.4 Promoting CSR to our stakeholders The fundamental role of logistics is to provide links between all the players in the economic chain, relying on international and regional networks. With a global presence spanning some 170 countries, 81,500 customers and as many suppliers and subcontractors, GEODIS ranks fifth worldwide in its sector. This is why promoting social and environmental principles to our stakeholders and getting involved in industry bodies and working groups to defend sustainable initiatives and policies are part of the Group’s responsibilities, in line with our Golden Rule to “be a good citizen.” The materiality analysis carried out in 2023 (see section 2.1.1) confirms how important it is for GEODIS to promote sustainable practices among its stakeholders. Not only is this a source of significant positive impact on the environment, but also on society as a whole, as it is a lever for cooperation and the construction of CSR projects with the various stakeholders. By working together on these issues, especially with subcontractors and customers, the Group seeks to address priority issues relating to climate, health and safety, and human rights throughout the value chain. In so doing, GEODIS is demonstrating its proactive approach to sustainability and building business relationships based on trust. GEODIS goes beyond simply meeting the needs of its current and potential customers, who have a wide variety of requirements in terms of social and environmental criteria. 88 - 2023 ACTIVITY AND SUSTAINABILITY REPORT

RkJQdWJsaXNoZXIy NzMxNTcx