Data Protection Statements, Compliance Management System and Code of Conduct
Data Protection Statement
§ 1 Principles
(1) Thank you for visiting the website of ASCO Carbon Dioxide Ltd. (hereinafter: "ASCO") and for showing your interest in our company and our products. Below, we want to briefly show you the scope, manner and purpose for which we process your Personal Data, how we protect your Personal Data and what it means for you if you use our online offers.
Personal Data are any information that permits a conclusion to you personally, e.g. your name, address, email addresses, phone numbers or user behaviour. Purely technical data that can be associated with you are to be viewed as Personal Data as well.
(2) The controller in accordance with Article 4 para. 7 EU General Data Protection Regulation (GDPR) is:
ASCO Carbon Dioxide Ltd.
Industriestrasse 2
8590 Romanshorn
Switzerland
info@ascoco2.com
+41 71 466 80 80
(3) You can contact our data protection officer at:
or
ASCO Carbon Dioxide Ltd.
-Data protection-
Industriestrasse 2
8590 Romanshorn
Switzerland
(4) When you contact us by email or through a contact form, the complete data disclosed by you (your email address, possibly your first and last name and phone number) will be stored by us in order to answer your questions. The information within the context of contacting is processed based on Article 6 para. 1 lit. f GDPR. The authorisation permits processing of Personal Data in the scope of "legitimate interest" of the controller, provided that your fundamental rights, fundamental freedoms or interests are not overriding. Our legitimate interest is in processing your contact. You may object to his processing activities at any time if there are any reasons in your special situation that oppose processing activities. An email to the data protection officer is enough for this.
(5) If we use any charged service providers for individual functions of our offer, or if we want to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also indicate the specified criteria for the respective storage duration in this context.
(6) Processing of your Personal Data shall in principle take place by Messer Information Services GmbH, a subsidiary of Messer Group GmbH (hereinafter: "MIS"), which we charged with contract processing. MIS has been carefully selected and charged for this, furthermore is bound to the instructions of Messer and subject to regular control.
§ 2 Your rights
(1) You have the following rights towards us regarding the Personal Data concerning you:
Right to information
Right to rectification or erasure
Right to restriction of processing
Right to objection to processing
Right to data portability
(2) You have the right to be informed by us at any time about the data stored regarding you, as well as their origin, recipients, their origin, recipients or categories of recipients to whom these data are passed on and the purpose of storage. If you ask us, your contact at Asco or our data protection officer in writing to rectify your Personal Data, not to use them any further or to delete them, we will, of course, do this without delay.
(3) We will further inform you that provision of your Personal Data on this website is generally neither required by law nor by contract. You are not obligated to indicate any Personal Data on this website, except if we state this for individual cases in this data protection statement. Nevertheless, provision of the functions of this website and execution of an order will require processing of your Personal Data.
(4) You also have the right to complain to a data protection supervisory authority about processing of your Personal Data by us.
§ 3 Collection of Personal Data during a visit to our website
(1) If you use our website for information only, i.e. if you do not register or otherwise transmit any information to us, we will only collect the Personal Data your browser transmits to our server. If you want to view our website, we will collect the following data that we require technically in order to show you our website, administrate it and to ensure its stability and security. The legal basis for this processing shall be Article 6 para. 1 lit. f GDPR. The authorisation permits processing of Personal Data in the scope of "legitimate interest" of the controller, provided that your fundamental rights, fundamental freedoms or interests are not overriding. Our legitimate interest is in easier administration and the ability to recognise and prosecute hacking. You may object to his processing activities at any time if there are any reasons in your special situation that oppose processing activities. An email to the data protection officer is enough for this.
Automatically collected Personal Data:
Internet protocol address
Date and time of the query
Time zone difference from Greenwich Mean Time (GMT)
The search term if you come to our page via a search engine
Files that you have downloaded from our page (e.g. PDF or Word documents)
Content of the request (specific page)
Access status /HTTP-status code
The respective data volume transferred
Website sending the request
Browser
Operating system and its interface
Language and version of the browser software
The server log files with the above data will be deleted automatically after 30 days. We reserve the right to store the server log files for longer if there are any facts that suggest that there has been an unauthorised access (such as attempted hacking or a DDOS attack).
(2) Furthermore, we use cookies in order to put individual queries you have transmitted to our website into a shared context. Cookies are small text files that are stored on your hard disc associated with the browser you use and through which the party that sets the cookie (we, in this case) will receive certain information. Cookies cannot execute any programs or transfer any viruses to your computer. They only serve to make the internet offer as a whole more user-compatible and effective. The legal basis for this processing shall be Article 6 para. 1 lit. f GDPR. The authorisation permits processing of Personal Data in the scope of "legitimate interest" of the controller, provided that your fundamental rights, fundamental freedoms or interests are not overriding. Our legitimate interest consists of analysis of use of our website.
(3) Use of cookies:
a. This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies (see b)
Persistent cookies (see c)
Third-party cookies (see d)
b. Transient cookies are automatically deleted when you close the browser. This in particular includes the session cookies. They store a session ID with which various queries of the browser can be assigned to a shared session. This makes it possible to recognise your computer when you return to our website. The session cookies will be deleted when you log out or close the browser.
c. Persistent cookies are deleted automatically after a specified duration that may differ depending on cookie. You may delete the cookies in the safety settings of your browser at any time.
d. You may configure your browser settings according to your wishes and, e.g., refuse the acceptance of third-party cookies (cookies of third-party providers, such as YouTube) or all cookies. Please note that you may not be able to use all functions of this website.
e. Use of HTML5 storage objects can be prevented by using your browser in private mode. We also recommend regularly deleting your cookies and browser history manually.
§ 4 Objection to or withdrawal of processing of your data
(1) If you have consented to processing of your data, you can withdraw this consent at any time. This withdrawal will influence the admissibility of processing of your Personal Data after you have issued it towards us.
(2) As far as we base processing of your Personal Data on consideration of interests, you may object to processing. This is the case if processing in particular is not required for meeting a contract with you, which is presented by us in the following description of the functions. When exercising such an objection, please present the reasons why we should not process your Personal Data as performed by us. In case of your justified objection, we will review the situation and shall either cease processing activities or adjust it, or explain our mandatory grounds to be protected to you based on which we continue to process the data.
§ 5 Use of Piwik
(1) This website uses the web analysis service Piwik in order to analyse use of our website and regularly improve it. The statistics acquired enable us to improve our offer and to make it more interesting for you as the user. The legal basis for using Piwik is Article 6 para. 1 lit. f GDPR. The authorisation permits processing of Personal Data in the scope of "legitimate interest" of the controller, provided that your fundamental rights, fundamental freedoms or interests are not overriding. Our legitimate interest consists of analysis of use of our website. You may object to his processing activities at any time if there are any reasons in your special situation that oppose processing activities. An email to the data protection officer is enough for this.
(2) For this evaluation, cookies (for more details, see § 3) are stored on your computer. The controller stores the information collected in this manner only on its server in the EU. The evaluation can be set by erasing existing cookies and preventing storage of cookies. If you prevent the storage of cookies, please note that you may be unable to fully use this website. You can prevent the storage of cookies by making the settings in your browser. You can prevent use of Piwik by removing the following check mark and thus activating the opt-out plug-in.
(3) This website uses Piwik in a partially anonymised form. This causes internet protocol addresses to be abbreviated before further processing; direct reference to a person can be prevented by this. The IP address transmitted by your browser by Piwik will not be combined with any other data collected by us. The person reference is directly removed by partially deleting the internet protocol addresses, so that only statistical data will be stored.
The program Piwik is an open-source project. Information of the third-party provider for data protection can be found at http://piwik.org/privacy/policy.
§ 6 Use of Social-Media-Plug-ins
(1) We currently use the following Social-Media plug-ins: Facebook, LinkedIn. With these plug-ins, we enable you to interact and communicate with the social media and other users, so that we can improve our offer and make it more interesting for you as a user. We use the two-click solution for this. This means that when you visit our page, personal data in principle will not be passed on to the providers of the plug-ins initially. The provider of the plug-in is indicated by the mark on the box above its first letter or the logo. We enable you to communicate directly with the provider of the plug-in using the button. Only if you click the marked field and activate it this way will the plug-in provider be informed that you have called the corresponding website of our online offer. The data named in § 3 of this statement will be transmitted as well. Activation of the plug-in will therefore transmit personal data concerning you to the respective plug-in provider, where they will be stored (in the USA for US providers). Since the plug-in provider collects data in particular using cookies, we recommend that you delete all cookies via the safety settings of your browser.
(2) We cannot influence the collected data and processing activities, and we do not know the full scope of data collection, purpose of storage, storage periods. We also have no information on deletion of the data collected by the plug-in provider. Contact the providers of the social media to that extent. In light of this, we recommend reading the respective current data protection notes of the providers of the social media named above.
(3) Data will be transmitted independently of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us may be associated directly with your account with the plug-in provider. We recommend that you regularly log out after using a social network, in particular before activating the button, since this may prevent assignment to your profile with the plug-in provider.
(4) We do not store the data. Information on the storage duration and further information on the purpose and scope of data collection and processing by the plugin provider is available in the following data protection statements of these providers. It also contains further information on your rights to that extent and setting options for protecting your privacy.
(5) Addresses of the respective plug-in providers and URL with their data protection notes:
Facebook Irland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Irland; http://www.facebook.com/policy.php more information on data collection: http://www.facebook.com/help/186325668085084. Facebook has subjected itself to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2 Ireland; www.linkedin.com/legal/privacy-policy. LinkedIn has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 7 Integration of YouTube videos
(1) We have integrated YouTube videos into our online offer that are stored on http://www.YouTube.com and that can be played directly from our website in order to make our website offer attractive and informative. All of these are integrated in the "expanded data protection mode", i.e. so that no data concerning you as user will be transmitted to YouTube if you do not play the videos. Only when you play the videos the data named in paragraph 2 will be transmitted. We cannot influence this data transmission.
(2) By your visit to the website of YouTube or by playing the videos, YouTube will be informed that you have called the corresponding sub-page of our website. The data named in § 3 of this statement will be transmitted as well. This is done no matter if YouTube provides a user account through which you are logged in or whether you have no user account. If you are logged in to Google, your data will be associated with your account directly. If you do not wish assignment to your profile at YouTube, we recommend logging out before you activate the play button.
We do not store the data. Information on the storage duration and further information on the purpose and scope of data collection and processing by YouTube is available in the following data protection statements of these providers. It also contains further information on your rights to that extent and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
§ 8 Integration of Google Maps
(1) We have integrated Google Maps into our online offer that are stored on http://www.google.com/maps and that can be used directly from our website in order to make our website offer attractive and informative. All of these are integrated in the "expanded data protection mode", i.e. so that no data concerning you as user will be transmitted to Google Maps if you do not use the map functions. Only when you use the map functions the data named in paragraph 2 will be transmitted. We cannot influence this data transmission.
(2) By your visit to the website of Google Maps or by using the map functions, Google Maps will be informed that you have called the corresponding sub-page of our website. The data named in § 3 of this statement will be transmitted as well. This is done no matter if Google Maps provides a user account through which you are logged in or whether you have no user account. If you are logged in to Google, your data will be associated with your account directly. If you do not wish assignment to your profile at Google Maps, we recommend logging out before you use the map functions.
(3) We do not store the data. Information on the storage duration and further information on the purpose and scope of data collection and processing by Google Maps is available in the following data protection statements of these providers. It also contains further information on your rights to that extent and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework
§ 9 Integration of Lead Forensics
This website uses Lead Forensics, a B2B sales and marketing enablement tool. It is operated by Lead Forensics, UK Headquarters, Communication House, 26 York Street, London, W1U 6PZ, UK.
The Lead Forensics tool uses a tracking code for identifying businesses visiting our websites based on their business IP addresses. This is not the same as cookies. The Lead Forensics tracking code only provides information that is readily available in the public domain. It does not, and cannot, provide personal or sensitive data regarding who has visited our website. Under no circumstances will the data be used for the personal identification of an individual visitor. If IP addresses are collected, they will be anonymised immediately after collection. The information generated by the Lead Forensics tracking code is transmitted to the Lead Forensics tool and processed and stored in the UK within a secure environment.
The Lead Forensics tool does not provide us with the IP addresses. It provides us information on what companies have visited our website, the date and duration of their visit, and the web pages that they visit. This information allow us to analyse the use of our website and eventually contact those companies about their experience or for sales purposes. As an international company, to be able to guaranty you the best service, we transmit this data to our subsidiaries and distributors as far as necessary. Beyond this purpose, there is no transmission of personal information to third parties.
§ 10 Links
The websites of Asco partially contain links or references to other websites. We review these direct links with the reasonable care. We are, however, not responsible for contents of website that we link to. We are also not responsible for the contents of website that refer to us.
§ 11 Questions and comments
We take data protection very seriously. If you have any questions or suggestions on data protection at Asco, you may email our data protection officer under the email address indicated in § 1.
We reserve adjusting and updating this data protection statement on demand. Updates of this data protection statement will be published on our website. Changes shall apply from the time of their publication on our website. We therefore recommend that you visit this page at regular intervals in order to learn about any updates that were made.
§ 12 Integration of reCaptcha
We use the Google service reCaptcha to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website that you visit with us and on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the data processing described is Art. 6 (1) lit. f of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).
Version: 1.2
Romanshorn (Switzerland), 08 May 2023
Introduction
This document serves to inform you as a business contact, business partner or customer ASCO CARBON DIOXIDE LTD (hereinafter “ASCO”) about the processing of your personal data.
Personal data
Personal data means any information that can be related to you as a natural person. This also includes information that can only be related to you, indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. A natural person is also considered to be identifiable if it can be identified on the basis of one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
This document serves to inform you as a business contact, business partner or customer ASCO CARBON DIOXIDE LTD (hereinafter “ASCO”) about the processing of your personal data.
1. Scope of application: responsible entity for your data
ASCO is responsible for the processing of your business contact information and contracts-related data within the context of the business relationship with your employer / your company.
2. Contact details of the controller, the data protection officer (DPO) and the agent in the European Union
a) Contact details of the controller
ASCO CARBON DIOXIDE LTD
Represented by the management
Industriestrasse 2
CH 8590 Romanshorn
Phone: +41 71 466 80 80
E-Mail: infoascoco2com
b) Contact details of the protection officer
ASCO CARBON DIOXIDE LTD
Data Protection Officer
Industriestrasse 2
CH 8590 Romanshorn
Phone: +41 466 80 80
E-Mail: datenschutzascoco2com
c) Contact details of the agent in the European Union
Messer SE & Co. KGaA
General Management Messer-Platz 1
DE 65812 Bad Soden
E-Mail: infomessergroupcom
3. Which data is ASCO processing
In the normal course of business relationship and the contractual business, ASCO will process the following types of personal information:
a) Business contact information
- Name and surname, business telephone number, business e-mail address, business postal address.
- Further information on your position in your company and activities with respect regard to ASCO.
- if necessary, personal CRM information, such as information concerning your gender.
- Information needed for compliance and risk management, including quality assessments of products and services of your employer / your company.
This data is hereinafter referred to as „business contact information“.
b) Contract-related data
- Name, surname, address, telephone number, fax number, e-mail address of business partners, customers and suppliers.
- Personal data of natural persons in connection with an order for products.
- Personal data as bank details, tax number, booking number and other relevant data on invoice or accounting.
This data is hereinafter referred to as „contract-related data”.
4. What does ASCO do with the data?
In the normal course of customer relationship and the contractual business, ASCO will conduct the following processing activities (purpose):
- Business contact data and contract relevant data is processed in order to conclude, execute, fulfill and terminate contracts with you as our business partner or with the entity you represent. This includes the contract processing in order to provide or delivery of products, including a functioning customer management.
- Business contact data is stored in ASCO’s CRM system and processed to establish and maintain a business relationship with you and your company.
- Business contact data and contract-related data may be processed for the purposes of internal reporting.
- Business contact data and contract-related data is processed within the frame of supplier management.
- Business contact data and contract-related data is processed for the purpose of compliance and risk management, including quality assessments of the products and services of your company.
- Business contact information is used to send newsletters.
5. General information
a) Your rights
FADP (Federal Act on Data Protection)
Upon request, you have the right to obtain information about your stored personal data. (Art. 8 FDAP).
You also have the right to demand correction of incorrect personal data in accordance with Art. 5. cl. 2 FDAP.
We also draw your attention to your right to object to the data processing in section b below (processing of business contact data) (Art. 4 und Art. 12 para. 2 lit. B FDAP).
You can exercise your rights by sending an e-mail to the following address: datenschutzascoco2com.
If a large number of persons are affected, the Federal Data Protection Agency may decide to protect their personal data. And public officers may be asked for clarification (Art. 29 FADP). Upon request, private individuals who violate the right to information (Art. 8 - 10 FADP), the duty to provide information (Art. 14 FADP) or the regulations for the cross-border disclosure of personal data (Art. 6 FADP) will be fined (Art. 34 FADP).
GDPR (General Data Protection Regulation)
On request, you have the right to obtain information on your stored personal data (Art. 15 GDPR).
Additionally, you have the right to obtain the rectification of inaccurate personal data, the right to obtain a restriction of excessively processing of personal data as well as the right to obtain the erasure of unlawfully processed personal data or data which is stored too long (as far as there are no legal obligations and no other reason according to Art. 17 para. 3 GDPR to store the data).
Furthermore, you have the right to receive your personal data, which you have provided to ASCO in case you have provided your data to ASCO within your consent or to fulfill a contract. The data will be given to you (or a third party you name), in a structured, commonly used and machine-readable format (right to data portability).
We draw your attention to your right to revoke your consent to the publication of photographs and receipt of newsletters in section (b) below (processing of business contact data) at any time with effect for the future.
We also refer to your right to object the data processing (right of objection) in the section below b) (processing of Business Data). In order to exercise your rights you can write an e-mail to: datenschutz@ascoco2.com.
Additionally, you have the right to complain to a regulating authority in charge of protection of data privacy concerning the handling of your personal data by us (Art. 77 GDPR).
b) General Information about our legal basis of all listed processes
• Processing of business contact data
FDAP
The processing of your personal data by ASCO is based on Art. 13 clause 2 lit. (a) FADP. According to Art. 13 clause 2 lit. (a) FADP the processing of personal data is lawful if the 4 processing is necessary for the purpose of the legitimate interests pursued by ASCO. ASCO‘s legitimate interest consists in the use and maintenance of the contact details of contractual partners for the processing of an contract or of potential future partners in direct connection with the conclusion of an agreement.
GDPR
The processing of your business contact data by ASCO is based on Art. 6 para. 1 lit. (f) GDPR. According to Art. 6 para. 1 lit. (f) GDPR the processing of personal data is lawful if the processing is necessary for the purpose of the legitimate interests pursued by ASCO, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. ASCO‘s legitimate interest consists in the use and maintenance of the contact details of contractual partners or potential future partners.
You can object to this data processing for marketing purposes at any time without giving any reason.
Furthermore, you can generally object to this data processing if there are reasons which exist in your particular situation and which speak against the data processing. In order to do so you can write an e-mail to the data protection officer.
Processing of business contact data for the purpose of sending newsletters to you will only take place if you have given us consent for this in the context of a registration procedure in accordance with Art. 6 para 1 lit. (a) GDPR. According to this, the processing is lawful if the data subject has given his/her consent to the processing of personal data concerning him/her for one or more specific purposes.
In order for you to subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide a name for the purpose of personal address in the newsletter. The registration takes place via a so-called. "Double-Opt-In-Procedure". After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no third party can register with a foreign e-mail address. We log the registrations for the newsletter and store the registration and confirmation time (including any changes) as well as the IP address in order to be able to prove the registration process in accordance with the legal requirements. This logging of the registration process is based on Art. 6 para 1 lit. (f) GDPR. Our legitimate interest is the verifiability of the consent to receive newsletters.
You can revoke your consent at any time with effect for the future and thereby switch off the receipt of the newsletter. You will find a link to revoke your consent in the newsletters.
Personal data is also used for the purpose of advertising, provided that we have either received your explicit consent or we can rely on a legitimate interest according to Art. 6 para. 1 lit. (f) GDPR. Such advertising can be made through various channels, in particular by e-mail, by post or by telephone. You have the opportunity to revoke your consent at any time or to object to the advertising (the objection is not associated with any costs other than the usual postage or telephone costs).
• Processing of contract-related data
DSG
The processing of contract-related data by ASCO is based on Art. 13 clause 2 lit. (a) FADP. According to Art. 13 clause 2 lit. (a) FADP the processing of personal data is lawful if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. ASCO processes contract related data to execute a contract with their customers to supply 5 and provide gases, other items or products, including related customers and service performances.
DS-GVO
The processing of contract-related data by ASCO is based on Art. 6 para. 1 lit. (b) GDPR. According to Art. 6 para. 1 lit. (b) GDPR the processing of personal data is lawful if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. ASCO processes contract related data to execute a contract with their customers to supply and provide gases, other items or products, including related customers and service performances.
c) General Information about IBM Deutschland GmbH as a recipient of data
The IT-systems with which your data is processed are hosted by IBM Deutschland GmbH Frankfurt. In this context, IBM does only carry out data processing activities on behalf and according to the instructions of Messer.
d) Recipients or categories of recipients of data
ASCO only transfers data to third parties if there is a legal basis for this, such as in particular consent to transfer to third parties, the execution of a contract requires this, a balancing of interests justifies this or to fulfill legal requirements, under which we are required to provide information, reporting or disclosure of data. Otherwise, data will only be transferred to external service providers who process the data exclusively on our behalf.
Within the ASCO, the internal departments and organizational units who need your data in order to fulfill their tasks will receive personal data.
e) General information about storage period
Data of business contacts and contract-related-data is generally only deleted if you object to the further processing. All personal data of business contacts, business partners and customers that was processed within the frame of the conclusion and the execution of an agreement is stored according to the applicable national storage regulations (especially tax- and commercial law) for a period of up to 10 years.
Photographs will be deleted as soon as there is no more consent and/or no other justification for data processing.
Data of business contacts, which are processed for the dispatch of newsletters, are deleted, if you revoke your consent to the receipt of newsletters.
f) Information according to Art. 13 Abs. 2 clause2 lit. (a) FADP / Art. 13 para. 2 lit. (e) GDPR
The business contact data and contract-related data is necessary to enter into and execute a contract/a business relationship. You are not obliged to provide your personal data. There are no consequences, if you fail to provide your personal data. However, using your personal data as the contact person of your company facilitates the business relationship between Messer and your company respectively your employer.
Romanshorn, 14. December 2021
Version 2.0
Preamble
The value system of the Messer Group is used with the aim to achieve a relationship based on fairness, solidarity and confidence with the customers, as well as within the Messer group, their managers and employees, to deal with conflicts of interest and to ensure the required compliance with applicable laws, regulatory requirements and inter- and intra-company rules and regulations in all business areas of the Messer group. The Messer Compliance Management System developed for this is supported by a clear commitment of the Managing Directors and the executives to this organisational concept. It generally defines the respective responsibilities and supports the persons in charge in establishing and implementing the organisational concept The organisational concept aims to prevent violations of the Messer Code in advance.
Messer Code
The Management Body of Messer Group GmbH has summed up the principles of the organisational concept in a set of rules ("Messer Code"). The Messer Code stands for an active corporate governance and is intended to serve all employees as an orientation for their daily work in conformity with the Messer's corporate mission statement. The Managing Directors have to ensure through appropriate measures that all employees have free access to the Messer Code and are informed about where and how the Messer Code can be looked at.
The Messer Code of Conduct is the key document of the Messer Code. It is complemented and substantiated by the Group Guidelines and the other group-wide or locally applicable guidelines, manuals and other internal regulations. The Messer Code takes into account the results of regular risk analysis for the determination of specific risks, to which the company is generally exposed.
The professional competence and the entrepreneurial spirit of our employees form our most important resource to achieve our corporate objectives. We appreciate the commitment and the passion with which the employees contribute to the company's success. While exercising their activities, the employees must follow the relevant laws and the rules of the Messer Code.
We also expect from our business partners, customers and other parties, with whom Messer works, that they observe the applicable law and the principles of the Messer Code.
Compliance officers
The Management Body of Messer Group GmbH is responsible for monitoring the Messer Compliance Management System. This organisational concept is binding for all Managing Directors, managers and employees of the Messer group.
In accordance with the applicable legal provisions, the Managing Directors are responsible for implementing this organisational concept in their own local company and for ensuring its compliance, For supporting the Managing Directors and the supervisory bodies, the Management Body of Messer Group GmbH has nominated a Corporate Compliance Officer (CCO). There are also local Compliance Officers (LCOs), who are designated by the regional managers in agreement with the respective local Managing Directors. The group of compliance officers is complemented by the heads of departments in the corporate office, who deal with departments, as so-called department/area-related compliance officer (BCO). The Management Body of Messer Group GmbH has established the tasks, rights and duties of the compliance officers in compliance officer guidelines.
A model role is assigned to the Managing Directors, Managers, the CCO, the LCOs and BCOs. A high degree of social and ethical competence is expected of them. The Managing Directors and Managers have to orient their actions to an appropriate organisation, leadership, communication, selection, supervision and guidance. Furthermore, they are committed to the protection of customers, employees and the environment. In this context, their clear commitment to clean, legally compliant economies is just as essential as preventing and sanctioning illegal practices.
Risk analysis
Potential weak points within the Messer group have been defined through a detailed risk analysis, including all regional subsidiaries and Corporate departments.
Training program
In addition to classroom trainings, webinars and e-learnings can be arranged on selected topics concerning the Messer Code. The Corporate departments, and the local Management bodies and departments basically determine the training contents and the employees to be trained. They adopt the design and implementation of the trainings, if necessary, supported by outside service providers, and ensure their proper documentation, The Management Body of the Messer group can specify mandatory trainings and training contents, as well as the group of employees to be trained.
Reporting and autiting
Through the Group Guidelines, the largely unified articles of associations, the rules of procedure for the Management Body of the (local) companies, the signature rules which follow the four eyes principle and the individual requirements of the central departments, various items are subjected to a defined approval and reporting.
Further topics are discussed and agreed, experiences and information are exchanged and reported in regular meetings at the local or regional level or in departmental meetings.
The essential processes have been defined at Messer and often certified (e.g. ISO, GMP).
In order to comply with the Messer Code, the existing organisational structures should be resorted to. The individual departments, the persons responsible at the regional level, and the management bodies are directly responsible This ensures the personally accountable implementation and compliance with the Messer Code for the respective area of responsibility.
With the support of Corporate Legal, the Internal Audit carries out reviews lasting several days at regular intervals in all local companies. Thus, facts (e.g. articles of associations, business rules, signature rules, trainings provided, observance of reporting, etc.) relevant for the Messer Code are subjected a closer checking. Besides, individual departments also carry out detailed audits (e. SHEQ, Medical, IT), Remarks and improvement proposals are recorded in a report, which is forwarded to the Management Body of the Messer Group. The implementation of improvement proposals is checked through followup audits within a given time frame.
Pending and potential/threatened litigations based on a certain value/risk are centrally queried every three months where the details regarding facts, litigation value, case status, process risk and, if necessary, reserves built or to be built are entered.
The Managing Directors/LCOs and BCOs are obliged to notify the CCO about suspected any case of a serious violation of the Messer Code. All the processes relevant for the Messer Code within the respective regional subsidiary or within the respective department must be reported to the CCO for the preceding year as part of an annual compliance report at the latest by 31 January.
The CCO reports to the Management Body of Messer Group GmbH regularly and in individual cases, on request, promptly about any serious violations of the Messer Code reported to him otherwise reports'once in a year.
Once a year, all local subsidiaries and central departments report to the EVP Strategy relevant facts for the risk report. This is discussed in the Management Body of the Messer Group, which will decide further on the required measures, if necessary. The Supervisory Board of the Messer Group receives this report and, if necessary, also detailed clarifications on it by way of information.
Once a year the Messer Group summarizes all activities in a sustainability report and gets it certified within the framework of the global reporting initiative (GRI).
Reporting compliance violations and established suspected cases.
The Managing Directors and executives must organise their responsibility in such a way that reports of employees about the violation of applicable law or the Messer Code ("compliance violations") as well as reasonably suspected cases can be brought to their notice any time in order to ensure an immediate remedy.
The Guideline for reporting and handling rule violations at Messer describes how information on rule violations or on misconduct can be reported and how these are need to be dealt with. The Whistleblower platform www.messer.ethicspoint.com , a hotline (Phone number for your country can be found on the website) and the Email-address: compliancemessergroupcom are available for messages.
As part of reporting, a report has to be created, which will list the response to identified compliance violations. This should include a description of how the incident was investigated, the determination of the consequences of the identified wrongful conduct and the decision on further action.
The Managing Directors have to ensure through appropriate measures that all employees are informed about how and to whom the Messer Code violations should be reported, including the public notification of the hotline and compliance email address.
Bad Soden, 01. July 2023
Messer SE & Co. KGaA
Bernd Eulitz, Chief Executive Officer *
Helmut Kaschenz, Chief Financial Officer *
Virginia Esly, Chief Operating Officer Europe *
* Management Board of Messer Management SE as General Partner and extended management of KGaA