Human rights policy of the LEGIER Group and SCANDIC brands

Valid for: LEGIER Beteiligungs mbH ("LEGIER") and the associated brands (including SCANDIC PAY, SCANDIC TRADE, SCANDIC ESTATE, SCANDIC FLY, SCANDIC YACHTS, SCANDIC DATA, SCANDIC GROUP, SCANDIC SEC).

1. 1) Foreword & Commitment

LEGIER is fully committed to respecting all internationally recognized human rights along the entire value chain - in our own activities, in our products and services and in our business relationships. We align our due diligence processes with the UN Guiding Principles on Business and Human Rights (UNGP) and see respect for human rights as a basic prerequisite for sustainable corporate success.

This policy complements and deepens our existing Compliance framework and our Declaration on the Prevention of Slavery and Human Exploitation ("Modern Slavery Statement").

1. 2) Scope of application & reference to standards

Scope of application. This policy applies Group-wide to all units, brands and employees (including management, management functions, employees, work contracts, temporary employees) as well as to suppliers and other business partners, where applicable.

External frameworks. Implementation in line with:

UN Guiding Principles on Business and Human Rights (UNGP),

Universal Declaration of Human Rights (UDHR),

International Covenant on Civil and Political Rights (ICCPR) & on Economic, Social and Cultural Rights (ESCR),

OECD Guidelines for Multinational Enterprises,

relevant EU and national regulations, in particular Supply Chain Due Diligence Act (LkSG) in Germany and EU Directive 2019/1937 (whistleblower protection).

1. 3) Governance & Responsibilities

Top view & sound from above.

Supervisory and management bodies have overall responsibility for this policy, approve annual plans and reports and monitor progress.

The Management Board provides the financial and human resources.

Roles.

Chief Compliance & Human Rights Officer (CCHRO): Responsible for implementation, risk analyses, remedial action, reporting (at least annually).

Human Rights, Privacy & Ethics Committee (HRPEC): interdisciplinary committee (Compliance, Legal, Purchasing, HR, Data Protection/IT Security, Product, Operations, Communication). Tasks: Prioritization of risks, approvals for sensitive cases/deals, escalation to management.

External Advisory Panel for Human Rights & Civil Liberties (Advisory Panel): Independent experts provide support with complex considerations and dual-use issues (based on the model of external PCL advisory bodies).

Reporting culture & protection. We promote an open speak-up culture without retaliation, with internal and external, including anonymous, reporting channels (see section 10).

1. 4) Due diligence processes (Human Rights due diligence)
2. 4.1 Risk analysis (at least annually / on an ad hoc basis).

Identification, assessment and prioritization of human rights and selected environmental risks in own business activities, products/services and in the supply chain (severity, probability, potential impact).

Focus on high-risk cases (e.g. protection of vulnerable groups, security & privacy, labor rights, forced and child labor, discrimination, freedom of assembly/expression, land rights, health rights).

1. 4.2 Prevention & mitigation.

"Privacy & human rights by design" in products/services; technical and organizational protective measures; auditability; data minimization; human rights design reviews. (Approach based on PCL engineering with systemic accountability).

Supplier and business partner requirements (Code of Conduct, contractual assurances, audit rights, training, corrective measures).

1. 4.3 Evaluation of new Use-Cases / Deals.

Pre-contractual risk scans (sector, country, end use, customer type, funding sources, sanctions/PEP check).

"Go/No-Go" criteria (see section 6) and documented decision in HRPEC. (Inspiration: proactive client scoping & boundaries / "walk-away" practice).

1. 4.4 Reactive measures.

Procedure for suspected cases of misuse/damage: Investigation, temporary restrictions, remedial agreements up to and including Suspension/termination of the relationship. (Guiding principle: use all available means up to and including termination).

1. 4.5 Effectiveness monitoring & reporting.

KPIs (see section 12) and annual reports in the LkSG/modern slavery context.

1. 5) Principles & red lines

Zero tolerance against forced/child labor, human trafficking, torture, cruel/degrading treatment, systematic discrimination, severe restrictions on freedom of expression/press/assembly, mass illegal surveillance without legal basis and rule of law control mechanisms.

Obligations in the supply chain. We fulfill the duties of care in accordance with the LkSG (appropriate risk analysis, preventive/remedial measures, complaints procedure, reporting).

1. 6) Business partner & customer care (incl. "No-Go" regulations)
2. 6.1 Onboarding-obligations.

KYC/AML, sanctions and embargo checks, PEP screening; ownership transparency; intended use/end user checks (esp. for financial/payment, security, aviation and data products).

1. 6.2 Increased testing for high risk.

Countries/regions with systemic serious human rights risks, sensitive sectors (security, surveillance, extraction), vulnerable groups (children, migrants, indigenous communities), dual-use applications.

1. 6.3 "No-Go" criteria (not exhaustive).

FinalUseProven use for serious rights violations; illegal mass surveillance that cannot be verified in court; abusive profiling/scoring procedures without guarantees; forced evictions without due process of law; covert surveillance/forceful interventions without safeguards.

End userSanctioned persons/organizations; actors with documented serious violations without credible remediation.

ConsequencesRejection of the transaction; suspension/termination in the event of violations.

1. 7) Product & service-specific commitments (excerpt)

SCANDIC TRADE (financial/trading services).

Commitment to Investor Investorsinternal protection, fair marketing, transparency, market integrity; special protection mechanisms for Vulnerable customers (e.g. suitability/appropriateness checks, clear risk warnings, low-barrier communication).

Compliance with relevant financial market and consumer protection standards; CySEC regulation of the underlying platform where applicable; strict AML/CFT processes.

SCANDIC PAY (payment services & crowdfunding).

Clearly regulated Complaints management and procedures for Vulnerable customers (barrier-free channels, prioritized processing, verification management).

Transparent remuneration models; care against financial abuse and exploitation of vulnerable groups.

SCANDIC FLY (aviation/jet charter).

Priority of Security, Non-discrimination and dignity of all passengers/employees; crew labor rights, duty/rest periods, protection against harassment; route and airspace compliance; respect for passenger rights.

SCANDIC YACHTS (yacht sales/charter).

Safety, flag and area rulesCrew labor rights (fair contracts, wages, accommodation), child protection, anti-harassment; informed customers (safety/skipper obligations).

SCANDIC ESTATE (real estate).

Respect from Residential/land rightsfair resettlement/compensation processes, access for people with disabilities, participation of local communities.

SCANDIC DATA (Media/IT Services).

Protection of Freedom of the press & opinionsafety of journalists/sources; editorial independence; clear separation of advertisements/content; protection of personal data. (Context: Media activities of the LEGIER Group.)

SCANDIC GROUP (trust/trustee services).

Fiduciary duties, conflict of interest management, AML/CTF compliance, protection of beneficiaries and assets.

SCANDIC SEC (security solutions).

Human rights-compliant security concepts (proportionality, de-escalation, training, documentation); special protection of privacy and freedom of assembly during operations.

1. 8) Employee rights & working conditions

Freedom of association & collective bargaining rights, Non-discrimination, Equality, fair wages, reasonable working hours, Occupational safety.

Zero tolerance against forced/child labor, human trafficking and gender-based violence.

Training on human rights, anti-discrimination, harassment prevention and diversity-sensitive leadership.

1. 9) Data-, Privacy- & Principles of civil liberty

Privacy-by-DesignData minimization, separation of access, purpose limitation, logging, regular DPIAs/FRIAs (Fundamental Rights Impact Assessments), Human-inthe-Loop for sensitive decisions.

Transparency towards affected parties; robust security architecture; clear roles (responsible parties/processors). (Approach inspired by PCL engineering and "accountability & oversight").

10) Grievance mechanisms, whistleblower protection & access to remedy

Channels (multilingual, barrier-free):

Online portal (also anonymous), dedicated e-mail, postal address, ombudsman / hotline; possibility of external reporting in accordance with EU Directive 2019/1937.

Protection against reprisals, confidentiality, prompt confirmation of receipt and proper investigation; documented results and notification.

Remedy. Measures range from apology, correction/performance adjustment and financial compensation to structural changes (processes, training, technology), including measures in the supply chain.

11) Implementation: processes, contracts, training

ContractsHuman rights clauses (audit rights, remedy, termination), supplier code of conduct, subcontractor flow-downs.

Training courses (annual, role-specific): Human rights, data protection/security, AML/CTF, product ethics, complaints procedure. (Comparable to mandatory training programs from best practice models).

12) Monitoring, KPIs & reporting

Key figures (examples):

Percentage of risk analyses covered (business units/supply chains),

Number/type/reporting time of complaints & suspected cases,

Audit coverage & remediation successes,

Training quota,

Degree of implementation of technical protective measures (auditability, logging, DPIAs).

Reports. Annual human rights/LkSG/modern slavery report; internal quarterly updates to management/supervision.

13) Transparency & stakeholder dialog

Proactive dialog with stakeholders, civil society, industry initiatives and experts (including via the external advisory board; guiding principle: continuous thought leadership and exchange).

14) Escalation & consequences

Depending on their severity, violations will lead to Corrective measures, Suspension or Termination of employee, supplier or customer relationships; criminal prosecution is supported. (Comparable practices, including the termination of customer relationships, are internationally recognized).

15) Entry into force, review & publication

This policy comes into force upon publication, will at least annually and on an ad hoc basis (e.g. changes in legislation, new risks) and published throughout the Group.

Context excerpts on brands & already published voluntary commitments (supporting documents)

Compliance framework & complaint channels LEGIER (incl. contact person, ombudsperson, contact details).

Modern Slavery Statement of the LEGIER Group (including activity profile, supply chain assessment, annual update).

SCANDIC TRADE - Trading instruments/offer, reference to CySEC regulation of the underlying platform.

SCANDIC PAY - Complaint management & protection of "vulnerable customers"

SCANDIC FLY - Aviation/charter focus (security, discretion, global availability).

SCANDIC YACHTS - Yacht sales/charter, integrated brand network, services & safety focus.

SCANDIC DATA - Media activities (reference to 115 own newspapers in the Group context).

SCANDIC SEC - Security solutions (mission statement).

UN Guiding Principles / LkSG / EU-Whistleblowing-Guideline - frame of reference for this policy.

Appendix A: Minimum requirements for suppliers & business partners (short version)

Legal & standard compliance: Compliance with applicable laws, UNGP, ILO core standards, LkSG-compliant processes.

Labor rights: Prohibition of forced/child labor, discrimination; health & safety; legally compliant working hours/remuneration.

Complaints procedure: Effective, anonymous channels; protection against reprisals; cooperation in investigations.

Transparency: Disclosure of relevant production sites/subcontractors; participation in audits.

Data/privacy: Protection of personal data; privacy by design; security standards.

Escalation: Remedy within defined deadlines; in case of refusal Suspension/termination.

Appendix B: Decision grid "Go/No-Go"

Sector/country/end use → Risk score → HRPEC approval required?

Protective measures (contractual/technical/organizational) sufficient?

Residual risk justifiable? If no → No-Go / exit plan if applicable; if Yes → Conditions, monitoring, review times. (Based on proven scoping processes.)