68 About Strategy and Governance Our People Our Business Our Outcome AppendixData Privacy and ProtectionOur Management and Governance StructureData theft, leakage, and security have become genuine concerns for all companies in today%u2019s digital and interconnected world. Our business operations inevitably handle large amounts of data related to products, services, customers, and business partners. Moreover, DKSH may need to collect personal data about employees, contractors, and others. Since we serve clients who are also competitors, ensuring confidentiality is critical. Bearing all of this in mind, we have taken action to prevent data loss in order to reduce the potential negative impact that this might have on companies and individuals and their human rights. For instance, data privacy and protection form part of our corporate strategy. As our Code of Conduct states, we are fully committed to processing and protecting personal data with due care. In addition, our Data Protection Policy manages privacy and data security issues and covers all personal data that DKSH collects, transfers, or uses. The Policy applies to all DKSH entities and employees. We pledge to comply with applicable data protection laws and to adhere to our principle of protecting confidentiality. Our Information Security Program and Cyber Security Strategy are endorsed and supported by the Executive Committee and the Board of Directors. The Group%u2019s Chief Information Officer is responsible for implementing the Security Program and the Cyber Security Strategy. This Officer reports directly to the CEO. Our cybersecurity team manages data security issues and reports to the Chief Information Officer. Our Legal Function is subordinated to the General Counsel, who is a member of the Executive Committee and is responsible for data privacy initiatives. In addition, DKSH has a Data Governance Committee. Staffed by representatives from each Business Unit, Function, Legal and IT, this Committee is responsible for all data governance topics, such as data quality, accessibility, and integrity. Our strategy focuses on countermeasures to prevent cyber threats, developing an organization-wide information security maturity model, and running Group-wide cybersecurity awareness programs. Under this strategy, we continue to mature our cybersecurity capabilities.How We Handle Personal DataOur data privacy department trains our employees and conducts awareness campaigns globally to provide the best possible security for the personal data we handle. We constantly review our internal procedures and update these procedures in accordance with new data protection laws around the world. Our access control procedure also protects personal and sensitive personal data. At DKSH, access is automatically provided when employees join the company and is removed when they leave. Such access is typically limited based on the %u2018least-privileged principle%u2019, meaning that employees are only granted access to the areas required for their role. We inform all data subjects before we collect their personal data and only process personal data in keeping with the law. As stipulated by our Data Protection Policy and in keeping with the %u2018data minimization%u2019 principle, we process personal data only for the purpose for which it is collected. We retain personal data for as long as local law requires. We delete personal data from systems and servers once this timeframe is reached. DKSH does not sell or provide personal data to third parties for purposes other than completing transactions/services. We explicitly seek consent in cases where we do need to use third-party data for other purposes. It is essential to us that our suppliers and business partners, in turn, protect personal data in accordance with our standards. Since 2022, as part of our due diligence processes, we have required our vendors to comply with our cybersecurity and data protection standards and include such requirements in their own contracts. Before entering into a business relationship, we screen new vendors on their cybersecurity and data protection procedures. As in previous years, DKSH received no complaints related to data breaches from data subjects (customers, clients, or vendors) or data protection authorities in 2023. Similarly, DKSH is not aware of any identified leaks, thefts, or losses of customer data.